Create an Azure Log Analytics workspace and add a Virtual Machine

Reading Time: 4 minutes

This blog post will go through the process of creating an Azure Log Analytics workspace and connecting a test azure virtual server to the Log Analytics workspace. We will then setup the work space to collect System event logs from the test Azure VM.

1) Login to the Azure Portal

2) Search and select Log Analytics workspaces

3) Click Create Log Analytics workspace

4) Configure:
– Give your new Log Analytics workspace a name
– Select your subscription
– Select a Resource Group
– Select Location
– Pricing Tier (Only one pricing Tier exists as of the year 2018). At the time of writing this blog post, the one available Tier was named Pay-as-you-go (Per GB 2018)

5) Click OK

6) Now that you have created your Log Analytics workspace, let’s join a VM to this new work space

Note that adding servers to the work space will automatically deploy a monitoring extension (agent) to the server

7) Click your new Log Analytics workspace

8) From the left pane under Workspace Data Sources, click Virtual Machines. As you can see from the screenshot, you can also connect other resources to your workspace

Note: Workspaces work across different regions, so you could add servers to a workspace no matter what region they are located in.

9) As you can see from the right pane, I have two virtual servers and the Log Analytics Connection is showing as not connected

10) Click a VM you wish to add to this work space (Ensure the VM is powered on)

11) As you can see from the below screen shot, the server is not connected to the work space, but we have the option to connect.

12) Click Connect

13) Wait for the virtual server to connect (A monitoring agent (Extension) is being deployed to the virtual server)

14) Now that the machine is connected to your workspace, the status is displayed as below. If you wish to disconnect, click disconnect.

Note: Now that the extension agent is deployed, you will find that the monitoring agent has been deployed to the VM. Locate the VM under virtual machines and click extensions from the left pane. The screenshot below shows the MicrosoftMonitoringAgent has been provisioned successfully.

15) If we go back to our workspace, we’ll find the server is now showing as a connection of this workspace along with a green tick.

16) Now, let’s enable logging for this workspace. Note that these logs will apply for all resources attached to this resource, so if you have different logging requirements for different resources, create different work spaces. You could also complete this step straight after the Logs Analytics Workspace has been deployed.

17) Click on your Log Analytics Workspace, and click Advanced Settings from the left pane.

18) The screen below will appear

Note: If you wish to connect physical servers to your Log Analytics Workspace, you can do so by downloading the required agent.

19) Click Data

20) A few different options appear which may be of interest to you. For this demo let’s click Windows Event Logs. Click the plus icon (blue box) to the right of the screen

21) For this demo, we will monitor the system logs, type system into the text box, select system and click the plus icon located within the blue box.

22) All logs are selected by default. You can select the logs as per your requirements.

23) Click Save and OK

Hope this helps 🙂

How to enable Azure VM System Identity

Reading Time: < 1 minute

A system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based-access-control.

To enable system assigned identity within a Azure VM:

1) Click the VM within Azure
2) From the left pane, click identity

3) Change status to On and click save

4) Click yes to confirm

5) Once enabled, you’ll find an additional message appears confirming what this feature will enable:

‘This resource is registered with Azure Active Directory. You can control its access to services like Azure Resource Manager, Azure Key Vault, etc.’

How to configure Azure Bastion

Reading Time: 3 minutes

The Azure Bastion service is a great new fully platform managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address! So, you can basically connect to your virtual servers from the portal securely and internal to Azure. What a cool feature from Microsoft. The feature does require some pre-work before it can be used, such as an AzureBastionSubnet

At the time of writing this blog post, this feature was only available at the below regions:

  • West US
  • East US
  • East US 2
  • West Europe
  • South Central US
  • Australia East
  • Japan East

Below is a diagram demonstrating how Bastion works:

To try out this feature, I deployed a test VM in the East US 2 region

How to configure Azure Bastion:

1) Login to your Azure Portal
2) Click Bastions

3) Configure your Bastion service. As you can see from the screenshot below, the service is not available at all regions but Microsoft are working to push out this feature to all regions

4) If you have not created a AzureBastionSubnet with a prefix of at least /27, you will receive the below error. Ensure you have created a Subnet within your VNET.

5) Click create. It took approx. 5 minutes to deploy this service after clicking create

If you attempt to connect to your virtual server using Bastion whilst the service is still deploying, you will receive the below error

6) Now that we have deployed the service, lets connect to a VM located in the same VNET as the BastionSubnet. Because the Bastion service was not available within the UK region, I created a test VM in the East US 2 region.

7) Locate your VM, click Connect and select Bastion. Login with your credentials

Information: You may see a prompt to enable just-in-time access on this VM. This is a useful feature which is currently available as part of Security Center standard. If you have VM’s which are open to RDP, you can configure Just in Time so that RDP is always denied but opened for a small amount of time if an admin needs to logon to perform management tasks. Just In Time will automatically create an allow rule within your NSG/Azure Firewall when access is required. The rule will be removed when Just In Time access expires. A good feature you may want to look into at a later date.

8) Let’s continue with the demo. So once you have inputted your credentials, the VM will connect to the Bastion service

7) and we’re logged on securely!

How to enable Azure VM Disk Encryption

Reading Time: 3 minutes

As part of enabling Azure Disk Encryption you will be prompted to connect to or create a new Azure Key Vault. We will go through the process of enabling Azure Encryption and allowing the server access to a Key Vault.

Ensure your VM is powered on. A reboot of the VM will be required after disk encryption. Finally, ensure you have a back up of your server.

ok, let’s go through the process. Below is a screenshot of a 2019 virtual server I built earlier

Click on the VM and then click disks located on the left hand pane

Click encryption

If you receive the error below, ensure the virtual server is powered on. I had the VM set to power down every day at 7pm. Forgot to power it back on but I guess it’s good to demonstrate what you’ll see if the VM was powered down
Now that the VM is powered on, lets drop down and encrypt one of the disks. In this demo, I will be encrypting the OS disk

In the screenshot below you’ll be prompted for Key Vault details. Click ‘Select a key vault and key for encryption’

Select your Key Vault and click select

If the key vault has not been enabled for disk encryption, you will receive the message below and prompted to enable key vault for disk encryption. Click the button labelled ‘Enable key vault for disk encryption’ and click save

Note: Clicking the ‘Enable key vault for disk encryption’ button above will enable a policy within your key vault. To locate the policy, click key vaults or search from the search menu, locate and click your key vault, click access policies within the left hand pane. The option ‘Azure Disk Encryption for volume encryption’ is enabled as shown in the screenshot below. You could also enable this manually.

Click yes to confirm disk encryption process

Reboot the server when encryption has completed

Azure Site Recovery (ASR) no longer requires storage accounts

Reading Time: < 1 minute

As of March 2019, you can now replicate your VMWare virtual machines and physical servers directly to managed disks within Azure

In the past, when you deployed ASR you would have created a storage account when configuring replication. You’ll find this option is no longer available, as the data is now replicated to Azure Managed disks. The type of managed disk you select would depend on data change rate on your source disk.

What about virtual machines which were configured to replicate to a storage account in the past?
These storage accounts will still exist and your VM’s will continue to replicate to storage accounts

What is the benefit of Azure Managed disks?
You don’t need to track and manage multiple target storage accounts anymore. Azure Managed Disk will create the replica disks at the time of enabling replication. An Azure Managed Disk is created for every virtual machine disk at on premises and managed by Azure

What if I select standard managed disks but decide that I need to upgrade to premium?
You can switch to your required managed disk without disabling and enabling replication. However, once you change the Managed Disk type, please be sure that you wait for fresh recovery points to be generated if you need to do test failover or failover post this activity.