Azure Monitor, Security Center, Sentinel Infrastructure as Code with Bicep

When deploying resources to Azure, you have several options, the Azure Portal, PowerShell, Azure Resource Management (ARM) Templates, and now we have Bicep templates. In this post I’ll share a Bicep template I’ve made to help you deploy Log Analytics, the backbone of Azure Monitor, Sentinel and Security Center. For the operations monitoring Application Insights, …

Read more

Kusto Make-Series vs Summarize

You already know summarize in Kusto is pretty magical right? Well if not I’ll be going over some of its awesome sauce. In addition this post is going to talk about make-series and how it compares to summarize and when you might want to use each. Per the usual, my examples will be in Log …

Read more

Kusto Evaluate Operator and its Plugins

The evaluate operator is fantastic tool in your Kusto tool belt. So much so that I have requested several times that it get added to Azure Resource Graph. However, the Evaluate Operator itself won’t run anything. You have to add one of its Plugins behind it. In this post I’ll show you how to use …

Read more

Windows Virtual Desktop (WVD) Azure Monitor Workbook

Today I’ve got another Azure Monitor Workbook, this time for Windows Virtual Desktop (WVD). This workbook uses exclusively Log Analytics data IaaS data, so it will work with both WVD 1.0 and 2.0. Though there are some nice logs available in the diagnostic settings for WVD 2.0. If this is your first time on my …

Read more

Calculate WVD Profile Load Time

In my previous post I showed you how to collect and parse the FSLogix event log with Log Analytics. In this post I will show you how to use that event log to calculate WVD profile load time. Calculating logon time is one of those things that can provide value into our users experience. And …

Read more

Collect and Parse FSLogix Event Log

I’ve been doing more and more with Windows Virtual Desktop (WVD) lately. From building custom images with Azure Image Builder and putting custom software on it. But as always I come back to monitoring. In trying to create some KPIs for the environment, we decided we wanted to collect the FSLogix Event log. Collect FSLogix …

Read more