What is Microsoft Operation Management Suite (OMS)
Oms (Microsoft Operations Management Suite) is Microsoft’s cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. In this case we will use OMS to monitor and sort of “manage” Azure AD connect and Azure AD identities.
Before we start with OMS
Bore we start there are some requirements.
- We need a Valid OMS Subscription – OMS has different level of subscriptions. It is depending on the OMS services you use and amount of data you uploaded. Ther is a free version which provides 500mb daily upload and 7-days of data retention.
- Direct Connection to Azure AD
- Domain Administrator Account in order to install the agent in the domain controllers we need to have Domain Administrator privileges.
- Global admin account to perform some actions in Azure AD
How to enable OMS as an AD Solutions
Log in to OMS https://login.mms.microsoft.com/signin.aspx?ref=ms_mms as OMS administrator
Click on Solution Gallery
By default, AD Assessment solution is enabled. In order to enable AD Replication Status click on the tile from the solution list and then click on Add.
Install OMS Agents
Next step of the configuration is to install monitoring agent in domain controllers and get them connected with OMS.
1. Log in to the domain controller as domain administrator
2. Log in to OMS portal
3. Go to Settings > Connected Sources > Windows Servers > click on Download Windows Agent (64bit). it will download the monitoring agent to the system.
4. Once it is download, double click on the setup and start the installation process.
5. In first windows of the wizard click Next to begin the installation.
6. In next window read and accept the licenses terms.
7. In next window, we can select where it should install. If there is on changes click Next to Continue.
8. In next window, it asks where it will connect to. In our scenario, it will connect to OMS directly.
9. In next window, it asks about OMS Workspace ID and Key. it can be found in OMS portal in Settings > Connected Sources > Windows Servers. if this server is behind proxy server, we also can specify the proxy setting in this window. Once relevant info provided click on Next to continue.
10. In next window, it asks how I need to check agent updates. It is recommended to use windows updates option. Once selection has made, Click Next.
11. In confirmation page, click Install to begin the installation.
12. Follow same steps for other domain controllers.
13. After few minutes, we can see the newly added servers are connected as data source under Settings > Connected Sources > Windows Servers
How to view analyzed Data
After a few minutes, OMS will start to collect data and virtualize the findings. To view this data, log in to OMS portal and click on relevant solution gallery tile in home page. You will find your analysed/ assessed servers there. You also get a quick overview and some recommendations for these servers.
Once click on the tile it brings you to a page where it displays more details about its findings. You will get a nice overview with all the collected data and it even provides you some fixes
How to collect Windows logs for Analysis
Using OMS, we also can collect windows logs and use OMS analyzing capabilities to analyze those. When this enabled, OMS space usage and bandwidth usage on organization end will be higher. In order to collect logs,
1. Log in to OMS portal
2. Go to Settings > Data > Windows Event Logs
3. In the box, you can search for the relevant log file name and add it to the list. We also can select which type of events to extract. Once selection is made click Save.
After few minutes, you can start to see the events under log search option. In their using queries we can filter out the data. Also, we can setup email alerts based on the specific events.