Connecting Azure Log Analytics Workspace

Overview

RealmJoin Portal can display possible issues with Windows updates like Windows Update SafeGuard Holds by integrating with Windows Update for Business Reports.

Also, RealmJoin Portal will use Log Analytics to store Audit Log information and archive Runbook execution data past the default limits of Azure Automation (currently 30 days).

Components

Azure App Registration

RealmJoin will interact with both Log Analytics workspaces via an Entra ID application registration.

You can reuse the App Registration "RealmJoin Runbook Management" which is created when onboarding runbooks.

This app will be authenticated using a ClientId and ClientSecret. Using a certificate or Managed Identity is currently not supported.

Please grant the app "Monitoring Reader" permissions on the Log Analytics accounts used for Windows Update for Business Reports Integration and "Monitoring Contributor" for the RealmJoin Audit logs Log Analytics account.

RealmJoin will also use the Customer Workspace Key to write data directly into RealmJoin Audit Logs.

Windows Update for Business Reports Integration

Windows Update for Business Reports needs to be configured in your environment in order to leverage this feature. It will write update-related events into an Azure Log Analytics Workspace. RealmJoin can read the events from this Log Analytics Workspace and display them on the device's details page.

You can use the same Log Analytics Account for both Windows Update for Business Reports and RealmJoin Audit Logs. Please assign "Monitoring Contributor" permissions in this case.

RealmJoin Audit Logs

RealmJoin can use a Log Analytics workspace to store its own audit logs as well as archive runbook logs after the maximum retention in Azure Automation (currently 30 days).

Please be aware, in order to store logs for longer than 30 days, you will need to modify the workspace's default data retention, which is also set to 30 days by default.

Setup

Part 1 - Authentication using Azure App Registration

In the Azure Portal, navigate to Microsoft Entra ID > Manage > App Registrations.
Select the All Applications tab.
Choose your next step.

If you have already integrated with Azure Runbooks, you can re-use your existing App Registration.

Select the "RealmJoin Runbooks Management" App Registration.
Navigate to Manage > Certificates & Secrets.
Select the "Client Secrets" tab.
Create a new client secret.
- Set description and expiration according to your internal naming and security policies.

Securely note down the secret value to use in Part 5.

Navigating away from the Certificates & Secrets page will cause Azure to obfuscate the secret. The secret will not be retrievable and a new secret will need to be created.

Part 2 - Creating a Log Analytics Workspace

In the Azure Portal, navigate to Log Analytics Workspace
Select Create
Provide a Resource Group, Name and Region as required
Navigate to the "Overview" tab
Note the following for Part 5
1. Resource Group Name
2. Workspace Name
3. Workspace ID

Part 3 - Enabling Windows Update for Business Reports

In the Azure Portal, navigate to Monitor > Workbooks
Search for "Windows Update for Business reports"
Save Settings

Windows Update for Business reports may take up to 24 hours to apply

Part 4 - Azure Permissions

Navigate to the subscription your Log Analytics Workspace resides in
Select Access Control (IAM)
Add a role assignment
Provide your App Registration with Monitoring Contributor permissions
Review and Save the role assignment

Part 5 - Connecting RealmJoin and Azure Log Analytics Workspace

Fill in the fields: Tenant Details
- TenantId: Please provide your Entra ID's tenant ID. Find this in the Entra ID Overview page
Azure App Registration Details
- ClientId: RealmJoin will interact with the LogAnalytics workspace via an Azure App Registration. Please provide the app's ClientId/AppId and Secret, so that RealmJoin can authenticate.
- ClientSecret: Used with the ClientId to provide access to RealmJoin. This is the secret made in Part 1.
Windows Update for Business Workspace Details
- Update Compliance Workspace Id: Please provide the Windows Update for Business Reports Log Analytics Workspace's ID from which to collect data.
Workspace Details
- Subscription ID: Please provide the Subscription ID from the RealmJoin Audit Logs Log Analytics account. The subscription ID is viewable in the Subscription Overview page.
- Resource Group: Please provide the Resource Group Name from the RealmJoin Audit Logs Log Analytics account.
- Workspace Name: Please provide the Workspace Name from the RealmJoin Audit Logs Log Analytics account.
- Customer Workspace Id: Please provide / create a Log Analytics workspace to store RealmJoin audit log and runbook log data.
- Customer Workspace Key: RealmJoin will act as an agent to Log Analytics. Please provide the "Primary Key" to this workspace, as to allow writing data to the workspace.
Press Save after filling out all fields. The system will give you feedback if everything worked.

Last updated 6 months ago

Was this helpful?

Connecting Azure Log Analytics Workspace

Overview

RealmJoin Portal can display possible issues with Windows updates like Windows Update SafeGuard Holds by integrating with Windows Update for Business Reports.

Also, RealmJoin Portal will use Log Analytics to store Audit Log information and archive Runbook execution data past the default limits of Azure Automation (currently 30 days).

Components

Azure App Registration

RealmJoin will interact with both Log Analytics workspaces via an Entra ID application registration.

You can reuse the App Registration "RealmJoin Runbook Management" which is created when onboarding runbooks.

This app will be authenticated using a ClientId and ClientSecret. Using a certificate or Managed Identity is currently not supported.

RealmJoin will also use the Customer Workspace Key to write data directly into RealmJoin Audit Logs.

Windows Update for Business Reports Integration

You can use the same Log Analytics Account for both Windows Update for Business Reports and RealmJoin Audit Logs. Please assign "Monitoring Contributor" permissions in this case.

RealmJoin Audit Logs

RealmJoin can use a Log Analytics workspace to store its own audit logs as well as archive runbook logs after the maximum retention in Azure Automation (currently 30 days).

Please be aware, in order to store logs for longer than 30 days, you will need to modify the workspace's default data retention, which is also set to 30 days by default.

Setup

Part 1 - Authentication using Azure App Registration

In the Azure Portal, navigate to Microsoft Entra ID > Manage > App Registrations.
Select the All Applications tab.
Choose your next step.

If you have already integrated with Azure Runbooks, you can re-use your existing App Registration.

Select the "RealmJoin Runbooks Management" App Registration.
Navigate to Manage > Certificates & Secrets.
Select the "Client Secrets" tab.
Create a new client secret.
- Set description and expiration according to your internal naming and security policies.

Securely note down the secret value to use in Part 5.

Navigating away from the Certificates & Secrets page will cause Azure to obfuscate the secret. The secret will not be retrievable and a new secret will need to be created.

Part 2 - Creating a Log Analytics Workspace

In the Azure Portal, navigate to Log Analytics Workspace
Select Create
Provide a Resource Group, Name and Region as required
Navigate to the "Overview" tab
Note the following for Part 5
1. Resource Group Name
2. Workspace Name
3. Workspace ID

Part 3 - Enabling Windows Update for Business Reports

In the Azure Portal, navigate to Monitor > Workbooks
Search for "Windows Update for Business reports"
Set your Subscription and the Workspace previously create. If a separate Workspace is preferred for RealmJoin logs and Windows Update for Business reports, create a separate Workspace and link instead.
Save Settings

Windows Update for Business reports may take up to 24 hours to apply

Part 4 - Azure Permissions

Navigate to the subscription your Log Analytics Workspace resides in
Select Access Control (IAM)
Add a role assignment
Provide your App Registration with Monitoring Contributor permissions
Review and Save the role assignment

Part 5 - Connecting RealmJoin and Azure Log Analytics Workspace

In the RealmJoin Portal, navigate to Settings > Log Analytics
Fill in the fields: Tenant Details
- TenantId: Please provide your Entra ID's tenant ID. Find this in the Entra ID Overview page
Azure App Registration Details
- ClientId: RealmJoin will interact with the LogAnalytics workspace via an Azure App Registration. Please provide the app's ClientId/AppId and Secret, so that RealmJoin can authenticate.
- ClientSecret: Used with the ClientId to provide access to RealmJoin. This is the secret made in Part 1.
Windows Update for Business Workspace Details
- Update Compliance Workspace Id: Please provide the Windows Update for Business Reports Log Analytics Workspace's ID from which to collect data.
Workspace Details
- Subscription ID: Please provide the Subscription ID from the RealmJoin Audit Logs Log Analytics account. The subscription ID is viewable in the Subscription Overview page.
- Resource Group: Please provide the Resource Group Name from the RealmJoin Audit Logs Log Analytics account.
- Workspace Name: Please provide the Workspace Name from the RealmJoin Audit Logs Log Analytics account.
- Customer Workspace Id: Please provide / create a Log Analytics workspace to store RealmJoin audit log and runbook log data.
- Customer Workspace Key: RealmJoin will act as an agent to Log Analytics. Please provide the "Primary Key" to this workspace, as to allow writing data to the workspace.
Press Save after filling out all fields. The system will give you feedback if everything worked.

Last updated 6 months ago

Was this helpful?