Centralized dashboards for system health and security information

Josep Marzo 0 Reputation points
2023-01-31T10:10:24.9566667+00:00

Hello all,

We have all our infrastructure in Azure and several third party programs which we'd like to monitor in one or two dashboards maximum.

For example, we want to monitor uptime of 2 or 3 critical Azure VM's and their resources, see if AD Sync Service is running, check if we have any security and integrate alerts from CrowdStrike we use for endpoints.

At the present moment we need to check every single VM, access the CrowdStrike portal, go to the Security and Defender Microsoft portals... we'd like to have these dashboards for one-sight status of all this and, if any alert arises, do deeper investigation.

We use Microsoft E3 licenses and we're considering migrating to E5 or E5 security licenses if we get more visibility from this side.

I don't know if it will be easier to implement all this setting up any of the existing Microsoft Dashboards or through a 3rd party solution.

Any help will be much appreciated.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,687 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,123 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,079 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,461 Reputation points Microsoft Employee
    2023-02-03T12:48:42.62+00:00

    Are you referring to the Azure portal or the Microsoft 365 Defender portal? This is possible but it will take a bit of effort.

    CS alerts can be forwarded using Syslog-CEF. They have a forwarder and Microsoft has a collection agent. So you can forward CS alerts to a Log Analytics Workspace.

    https://www.crowdstrike.com/blog/tech-center/integrate-with-your-siem/

    The following article describes the Microsoft forwarder. Sentinel is not required. The same instructions work with a standard workspace. You point the CS forwarder to this IP address.

    https://learn.microsoft.com/en-us/azure/sentinel/connect-log-forwarder

    The M365D portal does not have a custom dashboard option. You can query the M365D advanced hunting logs using an API. PowerBI is another option. You can also forward the M365D alerts to a log analytics workspace in Azure. Sentinel has a built-in M365D connector. The alerts can be sent to Sentinel for free.
    https://learn.microsoft.com/en-us/azure/sentinel/connect-microsoft-365-defender

    Once you have M365D and CS alerts in the same Log Analytics workspace, you can create custom workbooks and dashboards in the Azure portal. You could also call that workspace with PowerBI.

    1 person found this answer helpful.