Exploring Ways to Collect Specific Event IDs from Internet-Based Machines with Azure Monitor Agent: Insights from Intune’s CSA Bindusar

Posted by

Bindusar, a CSA at Intune, discusses how to collect specific event IDs from internet-based client machines using Azure Monitor Agent. He explores several options, including running a local script on client machines and using “Send-OMSAPIIngestionFile” for uploading to Log Analytics Workspace.

Introducing Azure Monitor Agent: A New Way to Collect Event IDs

Microsoft is constantly innovating and enhancing its tech offerings. One such recent development is the Azure Monitor Agent, a tool designed to collect specific event IDs from internet-based client machines.

What’s New?

The Azure Monitor Agent offers a fresh approach to collecting logs from client machines. It allows for the collection of specific event IDs from internet-based client machines, either with Microsoft Entra ID or Hybrid Joined, and uploads them to Log Analytics Workspace for further use cases.

Major Updates

Previously, collecting logs required running a local script on client machines and then using “Send-OMSAPIIngestionFile” to upload the required information to Log Analytics Workspace. This method presented a significant challenge: allowing client machines to authenticate directly in Log Analytics Workspace.

“The biggest challenge with this API is to allow client machines to authenticate directly in Log Analytics Workspace.”

However, the Azure Monitor Agent simplifies this process, making it easier for tech-savvy users to collect and analyze data.

Why is it Important to Know?

Understanding how to use the Azure Monitor Agent is crucial for anyone working in the tech industry, especially those who regularly work with Microsoft’s suite of products. It’s a powerful tool that can significantly streamline the process of collecting and analyzing data, making it an essential skill for tech professionals.

“I have received multiple requests from customers asking to collect specific event IDs from internet-based client machines.”

With the Azure Monitor Agent, Microsoft continues to innovate and improve its offerings, making it easier for tech professionals to do their jobs effectively.

  • Bindusar is a CSA working with Intune.
  • He received multiple requests to collect specific event IDs from internet-based client machines.
  • One of the options discussed is running a local script on client machines.
  • Another option is using “Send-OMSAPIIngestionFile” to upload required information to Log Analytics Workspace.
  • Challenges include allowing client machines to authenticate directly in Log Analytics Workspace.
  • From the Core Infrastructure and Security Blog



    Related Posts
    Unlock New Possibilities with Windows Server Devices in Intune!

      Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more

    Unlock the Power of Microsoft Intune with the 2210 October Edition!

    Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more

    Unlock the Power of Intune with the 2.2.12 December Update!

    Microsoft Intune is a cloud-based service that helps organizations manage and secure their mobile devices and PCs. The December edition Read more

    Unlocking the Power of Azure: Kate Baroni’s Journey as a Contributor

    Kate Baroni is a software engineer and Microsoft MVP who has been contributing to the Azure Developer Community since 2017. Read more