Log Analytics

Overview

RealmJoin Portal can display possible issues with Windows updates like Windows Update SafeGuard Holds by integrating with Windows Update for Business Reports.

Also, RealmJoin Portal will use Log Analytics to store Audit Log information and archive Runbook execution data past the default limits of Azure Automation (currently 30 days).

Azure App Registration

RealmJoin will interact with both Log Analytics workspaces via an Entra ID application registration. You can create one here, alternatively you can reuse RealmJoin Runbook Management which is created when onboarding runbooks.

This app will be authenticated using a ClientId and ClientSecret. Using a certificate or Managed Identity is currently not supported.

Please grant the app "Monitoring Reader" permissions on the Log Analytics accounts used for Windows Update for Business Reports Integration and "Monitoring Contributor" for the RealmJoin Audit logs Log Analytics account.

RealmJoin will also use the Customer Workspace Key to write data directly into RealmJoin Audit Logs.

You can use the same Log Analytics Account for both Windows Update for Business Reports and RealmJoin Audit Logs. Please assign "Monitoring Contributor" permissions in this case.

Windows Update for Business Reports Integration

Windows Update for Business Reports needs to be configured in your environment in order to leverage this feature. It will write update-related events into an Azure Log Analytics Workspace. RealmJoin can read the events from this Log Analytics Workspace and display them on the device's details page.

Use the Log Analytics Settings page to configure access to this workspace.

RealmJoin Audit Logs

RealmJoin can use a Log Analytics workspace to store its own audit logs as well as archive runbook logs after the maximum retention in Azure Automation (currently 30 days).

Please be aware, in order to store logs for longer than 30 days, you will need to modify the workspace's default data retention, which is also set to 30 days by default.

Parameters

You configure both features in the same UI in RealmJoin Portal.

TenantId

Please provide your Entra ID's tenant ID.

ClientId and ClientSecret

RealmJoin will interact with the LogAnalytics workspace via an Azure App Registration. Please provide the app's ClientId/AppId and Secret, so that RealmJoin can authenticate.

Update Compliance WorkspaceId

Please provide the Windows Update for Business Reports LogAnalytics workspace's ID from which to collect data.

Subscription ID

Please provide the Subscription ID from the RealmJoin Audit Logs Log Analytics account.

Resource Group

Please provide the Resource Group Name from the RealmJoin Audit Logs Log Analytics account.

Workspace Name

Please provide the Workspace Name from the RealmJoin Audit Logs Log Analytics account.

Customer Workspace Id

Please provide / create a Log Analytics workspace to store RealmJoin audit log and runbook log data.

Customer Workspace Key

RealmJoin will act as an agent to Log Analytics. Please provide the "Primary Key" to this workspace, as to allow writing data to the workspace.

Press Save after filling out all fields. The system will give you feedback if everything worked.

Last updated