This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 78%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
I'm reviewing the documentation for the Azure Log Analytics Agent and I noticed something interesting. It states that one should disable HTTPS inspection for *.blob.core.windows.net . Disabling HTTPS inspection for all of Azure Blob storage introduces a significant security risk since anyone on the internet can host their own blob and put whatever files they want in Azure. Many adversaries leverage legitimate cloud services like Azure to host malicious content due to their established reputations which makes them inherently risky, but disabling HTTPS inspection increases that risk significantly because then network based preventative measures like next-gen firewalls are no longer able to inspect the traffic for threats.
Is Microsoft going to update this guidance, or is the Log Analytics Agent just going to be phased out in favor of the Azure Monitor Agent?
Hi,
Log Analytics agent is already phased out in favor of Azure Monitor Agent. You have until 31st of August to migrate. I would suggest start using Azure Monitor agent.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hello @Nigmenog
Your concerns about the security implications of disabling HTTPS inspection for *.blob.core.windows.net are valid. Microsoft is aware of the importance of data security and has implemented measures to ensure the security of data in transit to Azure Monitor.
We strongly encourage configuring the agent to use at least Transport Layer Security (TLS) 1.3.
Older versions of TLS/Secure Sockets Layer (SSL) have been found to be vulnerable and while they still currently work to allow backwards compatibility, they are not recommended.
As for the future of the Log Analytics Agent, we (Microsoft) have announced that it will be retired on August 31, 2024.
The Azure Monitor Agent (AMA) will replace it. The AMA collects monitoring data from the guest operating system of Azure and hybrid virtual machines and delivers it to Azure Monitor for use by features, insights, and other services.
It provides new features and capabilities, including centralized configuration for multiple VMs, data limits and filters at the source, and multiple destinations for data from a single agent.
Therefore, it’s recommended to start migrating to the Azure Monitor Agent before the retirement date of the Log Analytics Agent. This should help address your concerns about the security risk associated with the current configuration of the Log Analytics Agent.
I hope that this response has addressed your query and helped you overcome your challenges. If so, please mark this response as Answered. This will not only acknowledge our efforts, but also assist other community members who may be looking for similar solutions.