Cloud Computing

Deploy Azure OMS Log Analytics


This post will show you how to deploy an Azure Log Analytics workspace so that you can prepare the foundation of monitoring machines and services both on-premises, in (any) the cloud, and in Azure.


Create a Workspace

All management and monitoring is done within an OMS workspace, which you will need to create. Open the Azure Portal, click More Services, enter Log Analytics (OMS), and click Add. In the new OMS Workspace blade you will need to do the following:

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

  • Enter the desired name of the new workspace
  • Select the Azure subscription
  • Add the workspace to an existing resource group or create a new one (which is what I would do)
  • Select the region in Azure that you want to create the workspace in
  • Choose a pricing tier

Create a new Azure OMS Log Analytics workspace [Image Credit]
Create a new Azure OMS Log Analytics workspace [Image Credit]
Thanks to some confusing branding, it can be difficult to understand how OMS is priced. There are actually three pricing tiers for the OMS monitoring system (also known as Log Analytics):

  • Free: Limited to 500MB of monitoring data being gathered per day and retaining up to 7 days of data
  • Standard: Retaining up to 1 month of data
  • Premium: Retaining up to 12 months of data

Your search for “OMS pricing” might also turn up a page that describes the pricing of the OMS add-on for System Center, which is a bundle of discounted Azure pricing.

For testing, proof of concept, and training, start with the Free tier. As your monitoring needs grow, you will start to gather more than 500MB of data per day. At that point, monitoring will stop until the next day starts and your monitoring resets to 0MB for that day. You can monitor the implementation to determine when you will need to upgrade to the Standard tier.

Exploring OMS

Once your workspace is created, browse into the object in the Portal. In this blade, you can see how many Azure storage account logs and virtual machines are being monitored by OMS. You can also see details for your tier, such as how much of the Free tier 500MB per day is available for the current day.

If you want to start monitoring, click Settings > Quick Create. Here you will find shortcuts to:

  • Monitor Azure virtual machines or storage account logs
  • Download an agent for machines outside of Azure — on-premises, in AWS, or anywhere with Internet connectivity
  • Integrate System Center Operations Manager (SCOM) monitoring with OMS

Quickly get started with OMS [Image Credit: Aidan Finn]
Quickly get started with OMS [Image Credit: Aidan Finn]
You can change your OMS workspace pricing tier by going into Settings > Pricing Tier and selecting a new tier.

The operational work of OMS is done in another portal called the OMS portal. You can find a link to your OMS portal by clicking the button in the workspace blade.

The default Azure OMS portal [Image Credit: Aidan Finn]
The default Azure OMS portal [Image Credit: Aidan Finn]

This is where you can do the following:

  • Perform deep searches of gathered and retained data
  • Create your own custom dashboard with your own insights into the environment
  • Add solutions, the packs that add monitoring capabilities
  • Track the usage of OMS to determine how much data is being gathered
  • Configure the settings of OMS, including adding items to be monitored and enabling preview features
A configured Azure OMS Portal [Image Credit: Aidan Finn]
A configured Azure OMS Portal [Image Credit: Aidan Finn]

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: