Data Integration with SQL2022

Integration - time to integrate data sources to data lake — Integration – time to integrate data sources to data lake

Ready for a single pane of glass? Ready to have your insights in a common location? Let’s discuss Data Integration with SQL2022.

Let’s start with some background on SQL2022 and similarly SQL2025, start with the learn site link. SQL2022 by design is Azure enabled with multiple capabilities like ‘Bi-directional HA/DR to Azure SQL’ and ‘Azure Synapse Link’. Basically, Synapse link is the key.

Utilize the PowerBI Cloud Service with today’s hybrid environments. SQL2022 allows integration with other Azure capabilities like Azure Data factory/data lake, and Azure Synapse. Another reason to upgrade SQL 2022, is design simplification. However, PowerBI data gateway adds a potential break point (single point of failure). While PowerBI data gateway centralizes all premise data to a central location. In the same way, consolidating data sent to the cloud. When PowerBI data gateway fails, insights and visualizations have stale data (i.e. data NOT transferred for a near real-time display).

Why SQL2022 then?

Connect insights and visualization to justify ‘Data Integration with SQL2022’ scenarios.

SQL2022 built in capability to Azure Synapse Analytics

Use SQL2022 to configure SQL agent jobs which pull SQL scripts from your cloud environment. DevOps and common Azure Storage repository are great advantages for speed of execution.

SQL STIGMonitor

Seriously, dream on! End the STIGma is a good thing, but STIGs can be a burden. Hit the easy button, if you’re not already using it. Contact your SQL Data and AI Cloud Solutions Architect for the latest SQL STIG Monitor 2024 Q4 build!

Latest SQL STIG monitor 31 Oct 2024 release includes

DISA UPDATES – see link
MS SQL Server 2016 Instance STIG, V3R2:

(NOTE: DISA has been contacted to remove related CCI STIGID for AzureSQLDB that was overlooked: ASQL-00-010700)

POWERSHELL MODULE
Updated version to 1.23
Added STIGID parameter to Invoke-StigMonitor allowing granular control over STIGID scanning.

DATABASE CHANGES
Updated Checklist Templates for Q4 Revisions.
Updated Instance & Database STIG for Q4 benchmark date.
Script updates include:

CNTNMIXDB: Not A Finding if using Windows Auth
FORCENRYPT: NA if using Windows Auth
PWDCMPLX: Updated Finding to remove OS STIG reference
AZDBPERMISS: Revised script with new version.
DBPERMISS: Revised script with new version.
ENFCACCSS: Revised script with new version.
PSERRPERM: Revised script with new version.
UNQSVCACC: Removed code stripping out port number.
AZAUDITSTATE: Properly returns No Finding when audit setup is correct.
Fixed bug in vDocumentation view causing POAMs to not display custom comment in exported documentation.
Added usp_RemoveInstance stored procedure to easily clean up a specific Instance from StigMonitor that no longer exists.

DOCUMENTS
Updated checklist templates, Approvals scripts, and Documentation Templates for Q4 Revisions.
Removed Set-CEIPRegKeys.ps1, Set-FIPSCompliance.ps1, and Set-SqlRegKey.ps1 in favor of Module commands.
Updated InfoPage with new StigMonitor logo and text references.
Documentation updated with new examples of Invoke-StigMonitor STIGID parameter.
Updated documentation to add Azure DB Permission for MS_SecurityDefinitionReader.
Added DatabaseName to CSV Export of Export-StigDocumentation.

REPORTS
Updated Report banner to display new StigMonitor logo and latest report versions.
Removed Adhoc scanning to Policy Management Report in favor of Invoke-StigMonitor parameter.
Removed references to Sunset 2012 and 2014 STIGs.
Added AzureSQLMI for future use.
Combined NF and Approved in Total Findings summary
Reduced Recent Scans to latest 6.

Also please send us your feedback if you get a chance to check this out.
If you want to be added/removed from this, click here (Subscribe /Unsubscribe) or send us an email.

Check your delegation settings

Sometimes as the monitoring admin, you may be responsible to secure your servers, being told from Security/Cyber Teams about new vulnerabilities. The vulnerabilities may be from Tanium, ACAS, Tenable or other security tools. This article is how to help you secure related SCOM web console, and SSRS reporting sites against Unconstrained Delegation vulnerabilities CVE-2020-17049, also AD STIG V-36435.

First we need to identify IF this is a true finding.

Typically this comes from Server/SystemsAdmin with domain admin access:

From PowerShell run:

Get-ADComputer -LDAPFilter
“(userAccountControl:1.2.840.113556.1.4.803:=524288)”

After identifying SCOM servers with unconstrained delegation (scope of blog post is focused on SCOM in a hybrid scenario (prem/cloud), we need to resolve.

With domain administrator rights, open the Active Directory Users and Computers MMC snap-in.

In ADUC, change Find drop-down to Computers
In the Computer name text box, enter <SCOMServer> and click search

Right click the server in the results box > Select Properties.

Select the Delegation tab.

ADUC view of lab server delegation setting

Select Trust this computer for delegation to specified services only > Use any authentication protocol.

Under Services to which this account can present delegated credentials, select Add.

In the new dialog box, select Users or Computers.

Enter <SCOMServer>, and then select OK.

Click the Add button to add services

Select the w3svc and www processes

Select OK.

ADUC GUI adding services for delegation on SCOM server

Once set in AD, reboot server. Running ‘gpupdate /force’ may not apply AD changes to the server object.

After reboot, reach out to SCOM Admins to test webconsole authentication

From edge browser, go to SCOM web console, typically @ https://<SCOMServer>/OperationsManager

On the Monitoring tab, click on Active Directory dashboard on left

Verify authentication works

Documentation

Pentestlab – Detecting Unconstrained Delegation Exposures in AD Environment

Petri.com find and block unconstrained delegation

Learn.Microsoft.com unconstrained kerberos article

Explanatory documents on what/why

Remove Unconstrained Kerberos Delegation

Mining Windows Event Log

Mining Ore from the Windows Event Log and finding a way to make it portable

Use Get-WinEvent to use XML and filters from event viewer, to mine an event, including examples for a specific string, from a specific event, in a specific event log?

Hopefully this post will help with a few tips to simplify monitoring for events, whether in AzMon, SCOM, or via PowerShell.

Let’s start with the Dr Scripto blog post from quite a while ago –

https://devblogs.microsoft.com/scripting/data-mine-the-windows-event-log-by-using-powershell-and-xml/

Not sure how many people use get-WinEvent, but this is one tool in PowerShell that can help an admin parse the XML side of an event.

Example 1

Query Application Event Log for Severity, Event, and Event Data contains lync.exe

$query = @”

<Select Path=”Application”>*[System[Provider[@Name=’Application Hang’]

and (Level=2) and (EventID=1002)]]

and *[EventData[Data=’lync.exe’]]</Select>

</Query>

</QueryList>

“@

Get-WinEvent -FilterXml $query

PowerShell output

Use Get-WinEvent to use XML and filters from event viewer

The Tip or Trick part of this – leverage your Event Viewer Filter as a query to use with get-WinEvent

Credit for this tip comes from Andrew Blumhardt!

See below for examples to ‘use Get-WinEvent to use XML and filters from event viewer’

Navigating via Event Viewer:

Hop onto your favorite server, or connect to another server via Event Viewer

Go to the Event Log > Click Filter Current Log

Build out your filter (i.e. choose specific Event Sources, exclude events, include severities, timeframe (start/end), etc.)

Switch to the XML tab (and note you can edit your query further!)

You can copy the query from the Event Viewer into your Get-WinEvent syntax

$query = @”

<QueryList>
<Query Id=”0″ Path=”Application”>
<Select Path=”Application”>*[System[Provider[@Name=’Microsoft.SystemCenter.VirtualMachineManager.2012.Monitor.UserRoleQuotaUsageMonitor’ or @Name=’Microsoft.SystemCenter.VirtualMachineManager.2012.Report.ServiceUsageCollection’ or @Name=’Microsoft.SystemCenter.VirtualMachineManager.2012.Report.VMUsageCollection’ or @Name=’Microsoft.SystemCenter.VirtualMachineManager.2016.EnableCredSSPClient’ or @Name=’Microsoft.SystemCenter.VirtualMachineManager.2016.Monitor.UserRoleQuotaUsageMonitor’ or @Name=’Microsoft.SystemCenter.VirtualMachineManager.2016.Report.ServiceUsageCollection’ or @Name=’Microsoft.SystemCenter.VirtualMachineManager.2016.Report.VMUsageCollection’] and (Level=2 or Level=3) and (EventID=25933)]]</Select>
</Query>
</QueryList>

“@

Get-WinEvent -FilterXml $query

PowerShell output

Example 3

Grab System Event Log, Event ID 5827 (NetLogon denied events)

get-WinEvent -FilterHashtable @{LogName=’System’; ID=’5827′;}

PowerShell output

Documentation:

Get-WinEvent https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-7.1

MSFT DevBlogs https://devblogs.microsoft.com/scripting/data-mine-the-windows-event-log-by-using-powershell-and-xml/

Gather Log Analytics/MMA agent version

Had some questions come up from the community to check the Log Analytics agent version.

Depending on how you are setup, the SCOM Integration makes this easy with Holman’s blog for the agent management pack.

If you have admin right in Operations Manager console then you can check this directly from SCOM server:

If you are an admin in SCOM, you can check from MS

$Server = “DC01.yourlabnamehere.net”
(Get-SCOMAgent -Name $ServerName).Version

Alternatively, from server registry:

(Get-ItemProperty “HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\setup”)

# Just the Agent version variable

(Get-ItemProperty “HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\setup”).AgentVersion

Log Analytics

Kusto query

// Servers and Versions

Heartbeat
| project Computer,Version

// Specific version

Heartbeat
| where Version == “8.0.10918.0”
| project Computer,Version

// Summarize by Version

Heartbeat
| summarize by Version

If you’re visual

From the Portal > Log Analytics > workspace > Workspace Summary > Agent Health

Scroll right to agent version

Monitor

Monitor > Overview > Agent Health Assessment

Scroll right to agent version

Azure Log Analytics for Windows Telemetry data

I blogged about this last year here

As best practice, the Upgrade Analytics script checks for far more than just injecting the workspace key and telemetry value.

FYI – This could also be managed in an SCCM Compliance setting.

Paul Fitzgerald – Platform PFE blogged about a non SCCM method here

Assess requirements for environment:

Barebones configuration requires Commercial ID, allow telemetry, and level of telemetry data to send

Optional – Create key for IEDataOptIn

Send data to Application Insights

Customer proxy setup

Script has 11 parameters specified, not all are needed (excerpt below from script)

Param(
# run mode (Deployment or Pilot)
[Parameter(Mandatory=$true, Position=1)]
[string]$runMode,

# File share to store logs
[Parameter(Mandatory=$true, Position=2)]
[string]$logPath,

# Commercial ID provided to you
[Parameter(Mandatory=$true, Position=3)]
[string]$commercialIDValue,

# logMode == 0 log to console only
# logMode == 1 log to file and console
# logMode == 2 log to file only
[Parameter(Mandatory=$true, Position=4)]
[string]$logMode,

#To enable IE data, set AllowIEData=IEDataOptIn and set IEOptInLevel
[Parameter(Position=5)]
[string]$AllowIEData,

#IEOptInLevel = 0 Internet Explorer data collection is disabled
#IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones
#IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones
#IEOptInLevel = 3 Data collection is enabled for all sites
[Parameter(Position=6)]
[string]$IEOptInLevel,

[Parameter(Position=7)]
[string]$AppInsightsOptIn,

[Parameter(Position=8)]
[string]$NoOfAppraiserRetries = 30,

[Parameter(Position=9)]
[string]$ClientProxy = “Direct”,

[Parameter(Position=10)]
[int]$HKCUProxyEnable,

[Parameter(Position=11)]
[string]$HKCUProxyServer

Simple method to update machines to send Windows telemetry data:

PowerShell script

From PowerShell as Administrator

Set-Location HKLM:

$registryPath = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies”

$Name = “DataCollection”

$Name2 = “AllowTelemetry”

$CommercialID = “00000000-0000-0000-0000-000000000000”

$value = “2” # Values from 0-3 accepted

$vIEDataOptInPath = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection”

$IEOptInLevel = “2” # Values from 0-3 accepted

If ( (Test-Path $registryPath\$Name) ) { write-host -f green “Registry keys already exist” }

If ( ! (Test-Path $registryPath\$Name) )

{

New-ItemProperty -Path $registryPath -Name $name

New-ItemProperty -Path $registryPath -Name $CommercialID

New-ItemProperty -Path $vIEDataOptInPath -Name IEDataOptIn -Type DWord -Value $IEOptInLevel

New-ItemProperty -Path $registryPath\$Name -Name $name2 -Value $value `

-PropertyType DWORD -Force | Out-Null

Write-host -f green “Registry keys added for Telemetry”

}

References

Configure telemetry

Get Started link

Win 7,8 Opt in link

Adding Management Solutions in Azure

Decoder ring applies!

OMS is Log Analytics is Azure Management Solutions.

Do you want to add solutions to your Azure subscription?

Pre-packaged visuals and insights on your data, whether azure or hybrid.

Adding Management Solutions

Click on All Services

Type ‘solutions’, hit enter

Click star icon to favorite Solutions

Drag Solutions higher in your preferences (wasn’t in above screenshot)

Click Solutions

Click + to Add

Click on Security and Compliance

Click Create

Don’t forget solutions require MMA agents connected to a workspace to render any data/insights!

References

The Docs article lists how to use the management solutions

MMA Agent and SCOM Agent version numbers

FYI – Updated 24 June 2022

What are the MMA Agent and SCOM Agent version numbers?

This idea sprung from a discussion with Sr. PFE Brian Barrington, and it got me wondering…See below for more details on OMS/MMA, and SCOM agent versions, as well as how to verify agent from PowerShell.

FYI – If you’re running a SCOM agent, 2016 or above, various Log Analytics solutions may have pre-reqs.

The Content Dev team under Brian Wren added this to the docs.microsoft.com site

SCOM 2022 https://docs.microsoft.com/en-us/system-center/scom/release-build-versions?view=sc-om-2022

SCOM 2019 https://docs.microsoft.com/en-us/system-center/scom/release-build-versions?view=sc-om-2019

SCOM 2016 https://docs.microsoft.com/en-us/system-center/scom/release-build-versions?view=sc-om-2016

Azure Monitor Agent

AMA (Azure Monitor Agent)/ALA/OMS/MMA Agent can run on Windows/Linux operations systems. Name has changed over the years, where AMA (Azure Monitor Agent) will be the name going forward for the cloud based offer. See docs article here.

This also has been updated on the Docs site

https://docs.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-extension-versions

Download installer files here

Review what operating systems are covered here

Previously known as Windows OMS/ALA/MMA agent

Unfortunately, there’s no github repo that I’ve found.

Examples:

As of 6 Sep 2018, MMA agent = 8.0.11103.0

As of 17 Oct 2018, MMA agent = 8.0.11136.0

Skipping forward to 2020, the MMA agent is 10.20.18040.0

[!WARNING] The Log Analytics agents are on a deprecation path and will no longer be supported after August 31, 2024.

OMS Gateway

Older product published in 2016 – Download link here

OMS Gateway requires Microsoft Monitoring Agent (MMA)

(agent version – 8.0.10900.0 or later)

Simple English, that means SCOM2016 RTM agent or above

OMSAgent for xPlat

OMS-Agent-for-Linux

(Linux/Universal Linux)

Sep 16, 2021 OMSAgent_v1.13.40-0
Mar 08, 2021 OMSAgent_v1.13.35-0
Nov 16, 2020 OMSAgent_v1.13.33-0
Support for Red Hat Enterprise Linux 8, CentOS 8, Oracle 8, Ubuntu 20.04, SLES…
Nov 14, 2019 OMSAgent_v1.12.15-0
Jun 17, 2019 OMSAgent_v1.11.0-9
Apr 23, 2019 OMSAgent_v1.10.0-1
Feb 12, 2019 OMSAgent_v1.9.0-0
Nov 05, 2018 OMSAgent_v1.8.1.256
Oct 30, 2018 OMSAgent_1.8.0-256
Sep 03, 2018 OMSAgent_v1.6.1.3

Windows SCOM Agent Version numbers

SCOM2016

Build Number	KB	Release Date	Description	Step-by-Step
8.0.10918.0	Evaluate	Oct 2016	SCOM 2016 RTM	Link
8.0.10931.0	KB3190029	Feb 2017	SCOM 2016 Update Rollup 1	Link
8.0.10949.0	KB3209591	March 2017	SCOM 2016 Update Rollup 2	Link
8.0.10970.0	KB4016126	May 2017	SCOM 2016 Update Rollup 3	Link
8.0.10977.0	KB4024941	Oct 2017	SCOM 2016 Update Rollup 4	Link
8.0.10990.0	KB4090987	April 2018	SCOM 2016 Update Rollup 5	None
8.0.11004.0	KB4459897	Oct 2018	SCOM 2016 Update Rollup 6	Link
8.0.11025.0	KB4492182	April 2019	SCOM 2016 Update Rollup 7	Link
8.0.11037.0	KB4514877	Sept 2019	SCOM 2016 Update Rollup 8	Link
8.0.11049.0	KB4546986	April 2020	SCOM 2016 Update Rollup 9	Link
8.0.11000.0	KB4580254	Dec 2020	SCOM 2016 Update Rollup 10	Link
7.2.12335.0	KB5006871	Oct 2021	SCOM 2016 Update Rollup 10 Hotfix	Link

SCOM1801
8.0.13053.0 RTM

SCOM1807

8.0.13067.0 General Availability release

SCOM2019

Build Number	KB	Release Date	Description	Step-by-Step
10.19.10050.0	Evaluate	March 2019	SCOM 2019 RTM	Link
10.19.10311.0	KB4533415	Feb 2020	SCOM 2019 Update Rollup 1	Link
10.19.10407.0	KB4558752	Sept 2020	SCOM 2019 Update Rollup 2	Link
10.19.10505.0	KB4594078	March 2021	SCOM 2019 UR3	Link
10.19.10550.0	KB5006871	Oct 2021	SCOM 2019 UR3 Hotfix	Link

@Larry LeBlanc – thank you for the SCOM Agent version updates!

Verify what version is installed

Via SCOM – use Holman’s Agent Version Addendum management pack

If you don’t have SCOM

From PowerShell

$Agent = get-itemproperty -path “HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup”

$Agent.CurrentVersion

Resources

SCOM Agent Version Addendum pack https://kevinholman.com/2017/02/26/scom-agent-version-addendum-management-pack/

SCOM Agent build numbers https://social.technet.microsoft.com/wiki/contents/articles/34312.system-center-operation-manager-momscom-list-of-build-numbers.aspx

Linux Agent can be downloaded from GitHub – github.com/Microsoft/OMS-Agent-for-Linux

Installing and configuring the MMA agent via Command line

GUI install option, see blog

PowerShell Agent configuration, see blog

Updated 1 Feb 2023

Pre-reqs to build out an install script/package

MMA agent executable

ALA Workspace ID

ALA Workspace Primary Key

Download MMA agent

Click on Windows Servers from Connected Sources to download Windows Agent

Click on Linux Servers from Connected Sources to download Linux Agent

Obtain WorkspaceID

From the Azure Portal (https://portal.azure.com)

Click on Log Analytics, <your subscription >

Click on Advanced Settings

My view defaulted to Connected Sources > Windows Servers

Save the workspace ID and workspace key to notepad/OneNote for later

Build out command line for setup file

(optionally to include in Application Deployment package)

Grab pre-reqs above: (saved from above to build the command line)

Exe/msi file

Workspace ID

Workspace key

Craft out your command line (MECM super installer code updated by Neal Smith

SCOM MECM Agent Package Installer Command Line

The setup.exe or MSI command line parameters to pass are:

MMA-specific options	Notes
NOAPM=1	Optional parameter. Installs the agent without .NET Application Performance Monitoring.
ADD_OPINSIGHTS_WORKSPACE	1 = Configure the agent to report to a workspace
OPINSIGHTS_WORKSPACE_ID	Workspace Id (guid) for the workspace to add
OPINSIGHTS_WORKSPACE_KEY	Workspace key used to initially authenticate with the workspace
OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE	Specify the cloud environment where the workspace is located 0 = Azure commercial cloud (default) 1 = Azure Government
OPINSIGHTS_PROXY_URL	URI for the proxy to use
OPINSIGHTS_PROXY_USERNAME	Username to access an authenticated proxy
OPINSIGHTS_PROXY_PASSWORD	Password to access an authenticated proxy

Example:

setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID=<your workspace id> OPINSIGHTS_WORKSPACE_KEY=<your workspace key> AcceptEndUserLicenseAgreement=1

Service Map SCOM pack configuration errors

Look for 6400 Event ID’s in the Operations Manager log on the management server if you do not have the correct information

Event ID 6400 in Operations Manager log helps show what’s missing with Azure AD error events

Follow steps outlined in the ‘Set up Azure Service Principal’ blog here

Sample 6400 event

Message: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS90002: Tenant XXXXXXXXX not found.

This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator.

Trace ID: 89abf27f-4884-4191-b577-de2fce100600

Correlation ID: c8a2470e-2383-4325-b91f-86b5e20ade57

Timestamp: 2018-08-06 20:34:49Z —> System.Net.WebException: The remote server returned an error: (400) Bad Request.

at System.Net.HttpWebRequest.GetResponse()

at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()

— End of stack trace from previous location where exception was thrown —

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.<SendPostRequestAndDeserializeJsonResponseAsync>d__0`1.MoveNext()

— End of inner exception stack trace —

at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)

at Microsoft.SystemCenter.ServiceMap.REST.Credentials.AdCredentials.GetToken()

at Microsoft.SystemCenter.ServiceMap.UI.SubscriptionData.TestConnection()

ErrorCode: invalid_request

StatusCode: 400

Inner Exception

Message: The remote server returned an error: (400) Bad Request.

Response URI: https://login.windows.net/XXXXXXXXX/oauth2/token

Headers:

Pragma: no-cache

Strict-Transport-Security: max-age=31536000; includeSubDomains

X-Content-Type-Options: nosniff

client-request-id: c8a2470e-2383-4325-b91f-86b5e20ade57

x-ms-request-id: 89abf27f-4884-4191-b577-de2fce100600

x-ms-clitelem: 1,90002,0,,

Cache-Control: no-cache, no-store

Content-Type: application/json; charset=utf-8

Expires: -1

P3P: CP=”DSP CUR OTPi IND OTRi ONL FIN”

Set-Cookie: esctx=AQABAAAAAADXzZ3ifr-GRbDT45zNSEFEzFrPhp_xcoXIlYw2iOqAFXkz7NO-Hm1hJdVAn6298A0ylDD5VvX2VosFiRVxTDzmRz24sbVUbhiTuyHJsmeIkR47y1MU3SafDlFp6xPo91BwZhRqoDPtP6YTBi5D6mHGqy2lkSAEVQtg9D4lsWTmKipm9iLaB2twBZcYR0VkDhIgAA; domain=.login.windows.net; path=/; secure; HttpOnly,x-ms-gateway-slice=004; path=/; secure; HttpOnly,stsservicecookie=ests; path=/; secure; HttpOnly

Server: Microsoft-IIS/10.0

Date: Mon, 06 Aug 2018 20:34:48 GMT

Content-Length: 508

Category: Azure

Data Integration with SQL2022

SQL STIGMonitor

Latest SQL STIG monitor 31 Oct 2024 release includes

Check your delegation settings

Mining Windows Event Log

Example 1

Use Get-WinEvent to use XML and filters from event viewer

Navigating via Event Viewer:

Example 3

Gather Log Analytics/MMA agent version

Log Analytics

Azure Log Analytics for Windows Telemetry data

Assess requirements for environment:

Adding Management Solutions in Azure

Adding Management Solutions

MMA Agent and SCOM Agent version numbers

FYI – Updated 24 June 2022

Azure Monitor Agent

Previously known as Windows OMS/ALA/MMA agent

OMSAgent for xPlat

OMS-Agent-for-Linux

(Linux/Universal Linux)

Windows SCOM Agent Version numbers

Verify what version is installed

Installing and configuring the MMA agent via Command line

Updated 1 Feb 2023

Pre-reqs to build out an install script/package

Download MMA agent

Obtain WorkspaceID

Build out command line for setup file

Other helpful links

Service Map SCOM pack configuration errors