[02:55] Contents [04:50] Why a new agent ? [09:00] Azure Monitor Agent Supportability [10:00] Azure arc as a requirement for non-azure machines [11:26] Azure arc (what is...) [14:15] Feature gap analysis between LAG and AMA [16:50] Microsoft Sentinel collection with AMA [19:55] Security Events before and now [26:16] Windows Forwarded Events [32:27] Data collection Rules [38:20] Deploying Azure Arc and AMA at scale [45:58] Should I migrate now? [48:33] Useful resources [48:58] Questions
As this webinar was recorded some time ago, I am wondering stuff mentioned in this entire video, are they still valid? Like Windows DNS/Firewall, Syslog, CEF or Sysmon not supported by AMA. Is this still valid?
I've seen no updates on how the AMA agent will work with 'regular' windows workstations (non-servers). All I can find is a link to download the AMA agent (after creating a collection rule) but no details on configuring the agent for a specific workspace, etc. I see that workstations will need to be domain connected and synced with Azure AD. Will WEC be a requirement for non-domain connected workstations?
Hi, thanks for the informative video. Just need some clarification around the two connectors you mentioned. Firstly, what is the difference between the Windows Forwarded Events and Windows Security Events via AMA collectors? I see you used Windows forwarded events for getting events from your DC to Sentinel, can the Windows Security Events also be used to get events from your DC? or is it that it collects 'Security events' only. Thank you
Hi Ken, All of the presentations from the Microsoft Security Community webinars can be found at aka.ms/SecurityCommunity The link is located in the webinars and recordings section. Thank you for watching!
thanks Team, a very good explanation about the AMA and supported scenario
Many thanks, a very useful presentation!
Great overview. Thanks very much!
Awesome presentation!
Thank you! Very informative ! One Q: When will the workbook be available ?
[02:55] Contents
[04:50] Why a new agent ?
[09:00] Azure Monitor Agent Supportability
[10:00] Azure arc as a requirement for non-azure machines
[11:26] Azure arc (what is...)
[14:15] Feature gap analysis between LAG and AMA
[16:50] Microsoft Sentinel collection with AMA
[19:55] Security Events before and now
[26:16] Windows Forwarded Events
[32:27] Data collection Rules
[38:20] Deploying Azure Arc and AMA at scale
[45:58] Should I migrate now?
[48:33] Useful resources
[48:58] Questions
Loved it ❤️
As this webinar was recorded some time ago, I am wondering stuff mentioned in this entire video, are they still valid? Like Windows DNS/Firewall, Syslog, CEF or Sysmon not supported by AMA.
Is this still valid?
I've seen no updates on how the AMA agent will work with 'regular' windows workstations (non-servers).
All I can find is a link to download the AMA agent (after creating a collection rule) but no details on configuring the agent for a specific workspace, etc.
I see that workstations will need to be domain connected and synced with Azure AD.
Will WEC be a requirement for non-domain connected workstations?
thanks
Hi, thanks for the informative video.
Just need some clarification around the two connectors you mentioned.
Firstly, what is the difference between the Windows Forwarded Events and Windows Security Events via AMA collectors?
I see you used Windows forwarded events for getting events from your DC to Sentinel, can the Windows Security Events also be used to get events from your DC? or is it that it collects 'Security events' only.
Thank you
It's a shame some of these high level architectural overviews (images) are not to be found on your website. Would help to understand it
Hi Ken, All of the presentations from the Microsoft Security Community webinars can be found at aka.ms/SecurityCommunity The link is located in the webinars and recordings section. Thank you for watching!
:)