Photo by Julia Volk on Pexels.com

Background

Active Directory is one the top applications of mid to large organizations and keeping it secure is must. This is the reason, We are doing assessment of Active Directory Operations and Security using Microsoft’s on-demand assessment provided by Service Hub.

ServiceHub is replacement of Microsoft’s premier support. This configure is staright for

  • Pre-requisites.
    • Azure Subscription for Azure Log Analytics.]
    • Log Analytics Agent – Windows 2016 and above OS with 8 GB Ram, 4 COU Cores and 40 GB Free Space.
    • 1 Service Account with Domain Admin and Log on a batch Job rights.
    • Log Analytics Agent Server must have network access to all domain controllers.

Configure Assesment in ServiceHub

  • Navigate to IT Health > On-Demand Assessments
  • Scroll down and click on the specified assessment.
  • Click on Add Assessment
  • Connect you Azure Log Analytics Workspace. This will connect to your Azure Subscription and create this to store logs and dashboard.
  • Navigate to Agent Management and Download Agent and make note of workspace id, primary key and secondary key.
  • Login to the server where you will install this agent. make sure it has sufficient RAM and has connectivity to all your domain controllers. Follow these steps to install the agent.

https://docs.microsoft.com/en-us/services-hub/health/mma-setup

  • Once MMA agent is installed, you can run below command to initiate the assessment. I have mentioned commands for AD and AD Security Assessment.
Add-ADSecurityAssessmentTask -WorkingDirectory E:\ADSecurity -ScheduledTaskUsername ServiceAccountName

Add-ADAssessmentTask -WorkingDirectory E:\AD -ScheduledTaskUsername ServiceAccountName
  • Running above command will create task scheduler jobs, which you can initiate manually.
  • Once you manually run the job, It could take next 3-4 hours before data will be available in Azure Log Analyics Dashboard and Service Hub.
  • Sample Report will look like this.

Thank you for reading !