Step by step tutorial to configure Microsoft Monitoring Agent on Azure Virtual Machine and Send Login Failure Security Events from Azure Virtual Machine to Microsoft Sentinel.
#azure
#microsoft
#sentinels
#microsoftsentinel
Welcome back to my KZbin channel. Good to see you back. In this video, we learn these steps to configure security events in Microsoft Center. So, how the security events are going to help us? As we're going to take all the security events from the Azure virtual machine and it will send all the security events to Microsoft Sentinel. There's a prerequisite to configure security events and Microsoft Sentinel which is to deploy either the Azure monitoring agent on top of the Azure virtual machine or we need to deploy the Microsoft monitoring agent on top of azure virtual machine.
So, to do the same, let's create a virtual machine and then we're gonna install Microsoft monitoring agent on top of our Azure virtual machine. And then, we're gonna configure security events in Microsoft Sentinel so that it will start capturing all the security events from our Azure virtual machine. So, without further Ado, let's start now.
Let's create a virtual machine in azure. All select virtual machine. I'll click on create. Click on as your virtual machine. We'll select the existing Resource Group that we have. Will give the name to the virtual machine as vm01. Will leave this machine in the Australia east region availability Zone. Will select no for OS. Will select Windows Server 2022. Will give the username and password for inbound ports. Well allow 3389 and Port 80. Click on next, click on next, click on next, click on next, click on next and then click on review and create. Click on create to create the virtual machine.
So, as we can see that our virtual machine is created. So, click on go to resources. So, let's go back to log analytics workspace. We are back to login text workspace. So, click on our index workspace that we have created. We'll hide this. Scroll down on the left hand side. We'll see an option of workspace data sources and here we we will see an option of virtual machines.
So, now the virtual machine that we have created we need to connect this virtual machine with the log analytics workspace. Until unless we connect this with the VM we will not be able to see any of the logs from VM to log analytics workspace. And before that, I wanted to show you one more thing. If we go back to our virtual machine and go to install applications. We'll type app with DOT CPL hit enter. So, this is where we can see all the installed applications. So we, as we can see that we have installed IIs. That's the reason we can see that the esp.net and other components are installed. And we also have Microsoft Edge log analytics workspace agent is known as Microsoft monitoring agent which we don't see. So, once we install that agent that agent will send all the logs and events from the virtual machine to log and text workspace.
So, let's go back to log analytics workspace now. As we are back to log analytics workspace, so we need to connect the virtual machine with a log analytics workspace for that. Click on virtual machine. Click on connect. It will take few minutes. The moment we click on connect and the background it goes uninstall the Microsoft monitoring agent on the virtual machine. So, we'll give it few minutes and then we'll go back to our virtual machine to check whether the Microsoft monitoring agent is installed or not. So, I'll pause the video and we'll be back once the installation is completed.
Okay, so the agent is deployed. Uh we just got the message successfully connected VM. So, now let's close this one and out here we can see that our virtual machine is connected with log analytics workspace. After that, what we need to do is we'll scroll up while go to the agent management. Out here, we are not able to see the windows machine on which the agent is deployed. So, let's go to the virtual machine to confirm if the agent has been deployed or not. So, here we are on our virtual machine. Let's refresh. Okay, so now we can see that the Microsoft monitoring agent is successfully installed on this virtual machine. Let's go back to log analytics workspace. We'll give it a few minutes. Okay, so we are back after a few minutes. Let's refresh the console and see if the VM reported to log analytics workspace.
Once the virtual machine is connected and the agent is installed, we can start configuring security events in Microsoft Sentinel. This will allow us to capture all the security events from the Azure virtual machine and send them to Microsoft Sentinel for analysis and monitoring. With the security events configured, we can ensure the security of our virtual machines and take appropriate actions in case of any security breaches.