At Ignite the Azure Monitor team has announced that you can now send subscription activity logs to Log Analytics. Wait? What? Isn’t that already available? And the answer yes it was available before but if we look closer you will see that the previous implementation was not very native to Azure. With the new implementation besides making the API better there are also other improvements like faster ingestion, ability to send different categories, etc.
Right before Ignite Microsoft has released a new SKU for Log Analytics. With that SKU the model of usage does not change but it is rather discount you get for committing certain usage in your Log Analytics workspace. To me it is similar to reserved instances but on a monthly bases. This SKU is also related to Azure Sentinel as it is the recommended SKU when you have onbarded Log Analytics workspace to Azure Sentinel.
MP University is free 1 day online training event that focuses on SCOM and Azure. As you know for the past several weeks I have been blogging about Azure Monitor Alerts so when I was offered the opportunity to do online session on that topic – I was all in. Besides blogging I also like presenting. Being able to do that online is good for me due to my busy schedule (both personal and work one). So if you are interested on that topic and seeing more of what I have blogged or any of the other sessions in the event please go here and sign up.
We are getting to one of the last blog post of these series. I still haven’t decided how much more I will publish but this one won’t be the last one. If not else there will be at least another one after this one. Today we will cover Azure Sentinel alerts. To be honest I was not sure if I will cover these alert types. I have tons of feedback for Azure Sentinel in general and specifically for their alerts. That feedback focuses more on APIs and alignment with other Azure teams. I am sure that from security functionality perspective the service is doing great. But let’s start looking at Azure Sentinel alerts and I will express my feedback trough the blog post.
Alerts are important part of our monitoring and probably the most important one. Getting data and visualizing it is the foundation for alerts but in order to move to actual monitoring you need alerts. I can tell you nobody sits all day in front of dashboard and looks at visualized data. Alerts are also our knowledge of our applications and infrastructure gathered to help us when things are not going as planned. I wanted to write this blog post series for quite some time and I think this is the right time to do it. The reason for that is Classic Azure alerts are being deprecated and the vision of unified alerting capabilities is coming together and becoming more powerful… sort of. I will comment on parts that I think could and should be improved and hopefully they will be. I also expect some new features around Ignite as usually that is when Microsoft reveals some new stuff. They actually do it all the time it just the end development of some features matches Ignite conference time frame.