In this post i will explain how to onboard your SCOM data to Azure Log Analytics and do a health check on your SCOM management group.
We first need to have a Log Analytics workspace available. You can use an existing one or simple create a new workspace.
A nice start is to read the Best practices for designing an Azure Sentinel or Azure Security Center Log Analytics workspace post by Tiander Turpijn.
In this example i will create a new workspace using the Azure portal because i do not have one active yet.
Login to the Azure portal and go to Log Analytics workspaces.
Now open to the SCOM console go to administration Azure Log Analytics Connection. Then on the right select register to log analytics.
Log in with the correct account and select the Workspace you want to use for storing the SCOM data:
Apply these settings and you are done!
You can check the connection in the Azure portal:
We now need to load the solution that will do the health check for us. Go to the marketplace and look for System Center Operations Manager Health Check.
The solution will inform you that extra configuration is needed. When you click on this link it will show a download for a Powershell script called SCOMAssessmentConfigure.ps1 and some instructions how to run it in your SCOM environment.
I created a new service account for this action and configured it in the Run As account used in this setup:
It can take up to 4 hours before data will be available in Azure.
And there it is:
Zooming in gives you more specific information:
I think this solution is awesome and very helpfull giving insight in the technical configuration on your SCOM management group.
Monitoring rules!!