thanks Team, a very good explanation about the AMA and supported scenario

[02:55] Contents [04:50] Why a new agent ? [09:00] Azure Monitor Agent Supportability [10:00] Azure arc as a requirement for non-azure machines [11:26] Azure arc (what is...) [14:15] Feature gap analysis between LAG and AMA [16:50] Microsoft Sentinel collection with AMA [19:55] Security Events before and now [26:16] Windows Forwarded Events [32:27] Data collection Rules [38:20] Deploying Azure Arc and AMA at scale [45:58] Should I migrate now? [48:33] Useful resources [48:58] Questions

Awesome presentation!

Great overview. Thanks very much!

Many thanks, a very useful presentation!

Loved it ❤️

Thank you! Very informative ! One Q: When will the workbook be available ?

I've seen no updates on how the AMA agent will work with 'regular' windows workstations (non-servers). All I can find is a link to download the AMA agent (after creating a collection rule) but no details on configuring the agent for a specific workspace, etc. I see that workstations will need to be domain connected and synced with Azure AD. Will WEC be a requirement for non-domain connected workstations?

As this webinar was recorded some time ago, I am wondering stuff mentioned in this entire video, are they still valid? Like Windows DNS/Firewall, Syslog, CEF or Sysmon not supported by AMA. Is this still valid?

Hi, thanks for the informative video. Just need some clarification around the two connectors you mentioned. Firstly, what is the difference between the Windows Forwarded Events and Windows Security Events via AMA collectors? I see you used Windows forwarded events for getting events from your DC to Sentinel, can the Windows Security Events also be used to get events from your DC? or is it that it collects 'Security events' only. Thank you

It's a shame some of these high level architectural overviews (images) are not to be found on your website. Would help to understand it

thanks