Diversified Cloud Spot
Microsoft Defender for cloud is a comprehensive cloud security solution offer from Microsoft. Cloud security posture management (CSPM) and cloud workload protection platform (CNAPP). It provides security management and threat protection for resources deployed in Microsoft Entra as well as resources in other clouds such as AWS and Google Cloud Platform.
Take a look at this video to explore this feature
Hope you enjoyed this video !
Regards
Sathish
This video gives you an overview of the log analytics workspace and how to get started with it.
Hope you enjoyed the video !
Regards
Sathish
Its been almost a year that Microsoft has announced the new release in Azure Sentinel which provides us the opportunity to integrate MS Teams related activities that are recorded in the audit logs to Azure Sentinel. Enabling this feature benefits organization where there is a separate SOC team monitoring and analyzing the security posture as an ongoing operational procedure.
We still have the Microsoft native cloud app security which benefits in creating the alerting mechanism for MS-Teams related activities.But with the Log Analytics and Azure Sentinel we can do a lot more than it can be done from the Cloud App Security. We can further fine tune the alerting, create workbooks and dashboards for Microsoft Teams related activities which will be useful for Teams Monitoring.
To start with this new feature ,we need to enable this new option to ingest Teams Data into Azure Sentinel Work Spaces. This article can be followed to start with connecting office 365 with the Microsoft Cloud native SIEM Azure Sentinel.
Continue readingWith Microsoft PowerBI we can gather more details from the call quality dashboards. As of now Microsoft have released 7 power BI desktop templates to accumulate more details on the Microsoft teams call quality dashboard.
PowerBI being a very potential platform for data gathering and analysis these new templates for Microsoft Teams have been more outstanding in terms of analyzing the Microsoft Teams data.
We will go through the overview of the reports and the configuration on this post.
Firstly the PowerBI Query Templates for Microsoft Teams needs to be downloaded.
We have below 7 templates report:
These are customizable templates which can be used to analyze data. These above are PBIT file formats which can be used from PowerBI desktop which has the data source configured. If we need to open them directly from the powerbi portal they need to be renamed as pbix. If we are importing them from the powerbi desktop the following file MicrosoftCallQuality.pqx needs to be imported to the location [Documents]\Power BI Desktop\Custom Connectors folder.
Continue readingIn the previous post we had a look at how to group multiple azure log analytics queries ,group them and display them in one screen. There are few real challenges in displaying the queries directly from the workbook. Firstly they are not having the capability to auto refresh the live data until we reload the workbook. There is no option to fit the dashboard and customize them as per our requirement. Finally there is no option to set the refresh rate, setting up the local time zone and sharing them to the required persons to view them with read access.
Creating the dashboards is much easier and there are multiple ways to do them. In this post we will have a look at creating one from the workbook.
Inorder to create a workbook navigate to Azure Log Analytics Workspace – Click on WorkBooks – Select the workbook that needs to be created in dashboard.
Continue readingIn the previous post we looked on how to configure Azure Monitor Alerts for Critical events that occurs on Microsoft Windows Devices which can be used for monitoring the Teams Room Systems. With Azure Log Analytics we could leverage few more components that will help us to visualize the status of the systems which are monitored through selected event logs and the performance counters.
Creating the Workbooks and making them visualize purely depends on the data that is been ingested on the corresponding log analytics workspace. So at the first stage its very important that we are sending all the required logs and counters which is mandatory for visualizing the metrics.
Firstly before creating the workbooks we need to devise a strategy on how to build a skeleton for the dashboard. This is very important since there are multiple options available and need to understand what important data that needs to be projected on the dashboard.
Continue readingIn the previous post we had an overview of how to create Azure Log Analytics and configure them to collect data from windows systems. Once the information is ingested in the workspace we currently have a choice to make alarms and notify the responsible team dependent on various signal logics which will be useful on monitoring these devices.
These alerts are scoped to each log analytics workspace. It will be a smart thought to isolate the services ,group them on singular workspace and create separate alerts for critical events happening on these monitored devices.
In order to create the alerts Navigate to alerts on the same workspace – Click on New Alert Rule
Navigate to signal logic and choose the signal logic. There are multiple we need to see if any more interesting which suits our requirement can be added over here.
Now we have the required critical signals based on which the alert needs to be triggered. Usually the signal type will be from the collected events and the performance counters. In our scenario we could go with some default events from the list and also custom log search.
Continue readingMicrosoft Teams being the best collaborative solution there are lots of supported smart devices which are equipped with Microsoft teams App for providing the smart meeting room systems with modern cameras, microphones and display screens. The nicest aspect of Teams room application is that it can function well in all ranges of supported devices as stated here with a support of basic hardware and running on a windows 10 IOT operating system running in appliance mode.
While there are numerous approaches to monitor the Microsoft Teams room systems this article we will go through the steps to monitor them through Azure Log Analytics.Like other applications Microsoft Teams App running on room devices will write all the events on the event logs.Through the Microsoft Monitoring agent in Microsoft Teams it allows these events to be collected in Azure log Analytics.
Prerequisites:
Since we are going to leverage Azure Log Analytics as a monitoring solution for our room systems the first step here is to Create Azure Log Analytics and integrate them with Microsoft windows agent.
Continue readingExPerfWiz 1.4 has been released on October 25th 2014
Following are the recent updates in the Experfwiz 1.4
Fixed Circular Logging bug in Windows 2008+
Added ability to convert BLG to CSV for 3rd party application analysis (does not need to be run from EMS, just Powershell 2.0+)
Updated maxsize for Exchange 2013 to default to 1024MB
Fixed filepath bug on Windows 2003
Added/Removed various counters
Fixed location of webhelp
Updated -help syntax
ExPerfWiz is a script developed by Microsoft to to collect the performance data together on Servers running Exchange 2007,2010 and 2013.
In the earlier version we have the option of running -nofull switch by which it will collect only the role based counters.The current version runs in full mode meaning which it collects all the performance counters related for Exchange troubleshooting purposes.
Below is the example to run the perfmon for a duration of 4 hours
Set duration to 4 hours, change interval to collect data every 5 seconds and set Data location to d:\Logs
.\experfwiz.ps1 -duration 04:00:00 -interval 5 -filepath D:\Logs
If it finds previous data of Perfwiz logs it prompts for an option to delete the old entries, Stops the data collector sets, creates a new data collector sets and then it starts collecting the data.
Note: This script will take the local server name and will run locally on the serve  if no  remote server parameter  is specified.
More Examples can be found at –Â http://experfwiz.codeplex.com/
Source of Information  – https://social.technet.microsoft.com/Forums/exchange/en-US/f8aa3e90-d49f-479f-b00b-c8444afefa65/experfwiz-14-has-been-released?forum=exchangesvrgeneral
ThanksÂ
Sathish Veerapandian
MVP – Exchange ServerÂ
At times we might run into scenarios where user unable to do  access any Exchange ,Lync,Mobility or any related External User Access functionalities. This might happen in multiple scenarios like in a new deployment, a firewall upgrade, a switch replacement or a network change etc.,
Microsoft has this Graphical User Interface of tool called PortQueryUI which can be used to troubleshoot these kind of scenarios with port connectivity issues.
Below explained is the functionality of this tool PortQueryUI.
Download the tool from the below link –
http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe
Accept the license agreement and proceed. Now we will be directed to unzip the files and choose a location to unzip.
Now we can open portquery UI application. There is no need to install this app and it opens up the GUI interface as shown below.
Its better to run this tool from the affected machine/server where we are experiencing the issues and then specify the destination IP of the server where we are experiencing the connectivity issues.
We could see there are 2 types of query.
1) Query Predefined Service – Which has few predefined services like, SQL,Web Service ,Exchange etc., .When we choose any predefined service it queries all the required ports and provides us the output of the result.
2) Manually input Query ports – Which can be used to query any specific ports on UDP ,TCP or both as shown below.
Also we have an option called predefined services  in the help tab which helps us to see the list of ports that it queries for any specific service that we choose.
Below is an example for set of predefined services that it queries for Exchange.
It has an option to save the query result as shown below. Also it allows the end user to customize config.xml or provide a config input file for list of query that defines their own services. The config file should follow the same format as config.xml since it accepts only xml inputs.
This tool can be used to query open ports during any kind of troubleshooting scenarios.
Also published in – http://social.technet.microsoft.com/wiki/contents/articles/27661.portqueryui-gui-tool-that-can-be-used-for-troubleshooting-port-connectivity-issues.aspx
References –Â http://windowsitpro.com/windows/gui-tool-displays-status-tcp-and-udp-ports
ThanksÂ
Sathish Veerapandian
MVP – Exchange Server
Tej Pratap
Ewald Hollestelle
rsujiraja
Sathish Veerapandian
EzCloudInfo 