Establishing connectivity to Azure Log Analytics

Use the following checklist to ensure all steps in this section are complete.

• Choose a connectivity option to support the assessment(s) being configured
• Deploy the connectivity option that fits best for your organization and for the assessment(s) being configured

There are four scenarios available to configure the assessment. Determine which scenario fits best for your organization.

• Agent Only Method
• Agent + Log Analytics Gateway Method
• SCOM Method
• Offline – Disconnected environment

The following illustration visually shows the above scenarios:

Agent Only Method

Decision points at a glance:

• When you want to install the Azure Log Analytics agent on the data collection machine, and have it connected to the Internet to upload recommendations and supporting details to your Log Analytics workspace
• When you are setting up one of the cloud assessments that collect and assess cloud specific data
• Ideal when you only have a single machine in your environment to be dedicated to this setup

This scenario can be used when the data collection machine contacts Log Analytics. It requires one computer that will be designated as the data collection machine which has to be able to access the Internet to upload data to log analytics. This scenario can be used in environments where the Internet connection is not restricted.

Important

This connectivity scenario must be used for any of the On-Demand cloud assessments. These include:

• Office 365 Exchange Online
• Office 365 Skype and Teams
• Office 365 SharePoint Online
• Microsoft Azure

Agent + Log Analytics Gateway Method

Decision points at a glance:

• When you don’t want to expose your data collection machine to the Internet and use a proxy configuration through the Azure Log Analytics gateway
• Ideal when you have 2 separate machines in your environment to be dedicated to this setup

This scenario is the most secure and recommended option to help protect privileged account credentials which are used on the scheduled task configured on the data collection machine needed to run the assessment. This scenario requires two computers. One will be designated as the data collection machine, and the second machine will be the Log Analytics Gateway. In this scenario, the data collection machine has no Internet connection and connects to the Log Analytics Gateway to upload recommendations and supporting data to log analytics. The Log Analytics Gateway must have Internet access.

Get more information about the Log Analytics Gateway

SCOM Method

Decision points at a glance:

• When you have a SCOM management server configured in your environment and connected to all the targets you wish to assess.

In this configuration SCOM will either act as the gateway itself, or it leverages the Log Analytics Gateway to send data to log analytics.

Offline – Disconnected environment

Decision points at a glance:

• There is zero connection allowed from the assessed environment to the Internet or to any other machine that has Internet access such as the Log Analytics Gateway or proxy.
• In this scenario we require two machines
• One is the data collection machine and needs to fulfill prerequisites from the assessment.
• The other is the machine that has Internet access and can upload data to Azure Log Analytics.
  • This machine can be running any supported version of Windows Server or Windows Client that can run the Microsoft Management Agent.

Important

This connectivity scenario cannot be used for any of the below On-Demand assessments. These include:

• Office 365 Exchange Online
• Office 365 Skype and Teams
• Office 365 SharePoint Online
• Microsoft Azure
• SharePoint Assessment

Continue getting started with On-demand Assessments by selecting the Log Analytics Gateway for Azure Monitor Setup article in the Table of Contents.