# Connecting Azure Log Analytics Workspace ## Overview RealmJoin Portal can display possible issues with Windows updates like [Windows Update SafeGuard Holds](https://docs.microsoft.com/en-us/windows/deployment/update/safeguard-holds) by integrating with [Windows Update for Business Reports](https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-overview). Also, RealmJoin Portal will use Log Analytics to store Audit Log information and archive Runbook execution data past the default limits of Azure Automation (currently 30 days). ## Components ### Azure App Registration RealmJoin will interact with both Log Analytics workspaces via an [Entra ID application registration](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals). {% hint style="info" %} You can reuse the App Registration "RealmJoin Runbook Management" which is created when [onboarding runbooks](https://docs.realmjoin.com/automation/connecting-azure-automation). {% endhint %} This app will be authenticated using a ClientId and ClientSecret. Using a certificate or Managed Identity is currently not supported. Please grant the app "**Monitoring Reader**" permissions on the Log Analytics accounts used for [Windows Update for Business Reports Integration](#windows-update-for-business-reports-integration) and "**Monitoring Contributor**" for the [RealmJoin Audit logs](#realmjoin-audit-logs) Log Analytics account. RealmJoin will also use the [Customer Workspace Key](#customer-workspace-key) to write data directly into [RealmJoin Audit Logs](#realmjoin-audit-logs). ### Windows Update for Business Reports Integration [Windows Update for Business Reports](https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-overview) needs to be configured in your environment in order to leverage this feature. It will write update-related events into an [Azure Log Analytics Workspace](https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview). RealmJoin can read the events from this Log Analytics Workspace and display them on the[ device's details page](https://docs.realmjoin.com/ugd-management/user-list/device-details). {% hint style="info" %} You can use the same Log Analytics Account for both [Windows Update for Business Reports](https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-overview) and [RealmJoin Audit Logs](#realmjoin-audit-logs). Please assign "**Monitoring Contributor**" permissions in this case. {% endhint %} ### RealmJoin Audit Logs RealmJoin can use a Log Analytics workspace to store its own audit logs as well as archive runbook logs after the maximum retention in Azure Automation (currently 30 days). Please be aware, in order to store logs for longer than 30 days, you will need to modify the [workspace's default data retention](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2), which is also set to 30 days by default. ## Setup ### Part 1 - Authentication using Azure App Registration 1. In the Azure Portal, navigate to Microsoft Entra ID > Manage > App Registrations. 2. Select the All Applications tab. 3. Choose your next step. {% tabs %} {% tab title="Existing Runbook Integration" %} If you have already [integrated with Azure Runbooks](https://docs.realmjoin.com/automation/connecting-azure-automation), you can re-use your existing App Registration. 1. Select the "RealmJoin Runbooks Management" App Registration. 2. Navigate to Manage > Certificates & Secrets. 3. Select the "Client Secrets" tab. 4. Create a new client secret. * Set description and expiration according to your internal naming and security policies. {% endtab %} {% tab title="New App Registration" %} If you have not integrated runbooks or prefer a separate app registration, do the following: 1. Select "New Registration" 2. Provide a Name

3. Register the application 4. Select the application 5. Navigate to Manage > Certificates & Secrets 6. Select the "Client Secrets" tab 7. Create a new client secret * Set description and expiration according to your internal naming and security policies {% endtab %} {% endtabs %} 8. Securely note down the secret value to use in [Part 5](#part-4-connecting-realmjoin-and-azure-log-analytics-workspace). {% hint style="warning" %} Navigating away from the Certificates & Secrets page will cause Azure to obfuscate the secret. The secret will not be retrievable and a new secret will need to be created. {% endhint %} ### Part 2 - Creating a Log Analytics Workspace 1. In the Azure Portal, navigate to Log Analytics Workspace 2. Select Create 3. Provide a Resource Group, Name and Region as required 4. Navigate to the "Overview" tab 5. Note the following for [Part 5](#part-5-connecting-realmjoin-and-azure-log-analytics-workspace) 1. Resource Group Name 2. Workspace Name 3. Workspace ID ### Part 3 - Enabling Windows Update for Business Reports 1. In the Azure Portal, navigate to Monitor > Workbooks 2. Search for "Windows Update for Business reports"

3. Set your Subscription and the Workspace previously create. If a separate Workspace is preferred for RealmJoin logs and Windows Update for Business reports, create a separate Workspace and link instead.\ ![](https://2868468309-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MkrcM7cKOpXKri1kVrh%2Fuploads%2FbpoMlLuJrekhPZpWKdM1%2Fimage.png?alt=media\&token=10a65dd5-fa55-413a-9e5c-7d6b93e09acd) 4. Save Settings {% hint style="warning" %} Windows Update for Business reports may take up to 24 hours to apply {% endhint %} ### Part 4 - Azure Permissions 1. Navigate to the subscription your Log Analytics Workspace resides in 2. Select Access Control (IAM) 3. Add a role assignment 4. Provide your App Registration with Monitoring Contributor permissions

5. Review and Save the role assignment ### Part 5 - Connecting RealmJoin and Azure Log Analytics Workspace

1. In the RealmJoin Portal, navigate to Settings ![](https://2868468309-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MkrcM7cKOpXKri1kVrh%2Fuploads%2Fl6TAH9RuBosqjIz3daJa%2Fimage.png?alt=media\&token=3dcb87a7-4647-4733-acdb-66196a3e73d2) > Log Analytics 2. Fill in the fields:\ Tenant Details * **TenantId:** Please provide your Entra ID's tenant ID. Find this in the Entra ID Overview page

Azure App Registration Details * **ClientId:** RealmJoin will interact with the LogAnalytics workspace via an [Azure App Registration](#azure-app-registration). Please provide the app's ClientId/AppId and Secret, so that RealmJoin can authenticate.

* **ClientSecret:** Used with the ClientId to provide access to RealmJoin. This is the secret made in [Part 1](#part-1-authentication-using-azure-app-registration).

Windows Update for Business Workspace Details * **Update Compliance Workspace Id:** Please provide the [Windows Update for Business Reports](#windows-update-for-business-reports-integration) Log Analytics Workspace's ID from which to collect data. Workspace Details * **Subscription ID:** Please provide the Subscription ID from the [RealmJoin Audit Logs](#realmjoin-audit-logs) Log Analytics account. The subscription ID is viewable in the Subscription Overview page. * **Resource Group**: Please provide the Resource Group Name from the [RealmJoin Audit Logs](#realmjoin-audit-logs) Log Analytics account. * **Workspace Name:** Please provide the Workspace Name from the [RealmJoin Audit Logs](#realmjoin-audit-logs) Log Analytics account. * **Customer Workspace Id:** Please provide / create a Log Analytics workspace to store [RealmJoin audit log and runbook log data](#realmjoin-audit-logs).

* **Customer Workspace Key:** RealmJoin will act as an agent to Log Analytics. Please provide the "Primary Key" to this workspace, as to allow writing data to the workspace. * "The Primary Key" can be obtained via different methods: * [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/monitor/log-analytics/workspace?view=azure-cli-latest#az-monitor-log-analytics-workspace-get-shared-keys):\ `az monitor log-analytics workspace get-shared-keys --resource-group MyResourceGroup --workspace-name MyWorkspace` * [PowerShell](https://learn.microsoft.com/en-us/powershell/module/az.operationalinsights/get-azoperationalinsightsworkspacesharedkey?view=azps-14.6.0):\ `Get-AzOperationalInsightsWorkspaceSharedKey -ResourceGroupName "MyResourceGroup" -Name "MyWorkspace"` * [RestAPI](https://learn.microsoft.com/en-us/rest/api/loganalytics/shared-keys/get-shared-keys?view=rest-loganalytics-2025-07-01\&tabs=HTTP):\ `POST https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/sharedKeys?api-version=2025-07-01` 3. Press **Save** after filling out all fields. The system will give you feedback if everything worked. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.realmjoin.com/logs/log-analytics.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.