Log analytics query to get specific version from windows workstation or server

Question

I am getting information from my MMA agent on workstations and server, all events selected
what is the query to get specific version from each equipment?

i found this link with the tables available but cant find Windows version as a column, only MMA agent version
https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/devicehealth

major and minor version is not detailed enough since three different OS have the same major/minor version

https://learn.microsoft.com/en-us/windows/win32/sysinfo/operating-system-version

Answer 1

It could be a query issue. Try using the following Query
Heartbeat | where TimeGenerated > ago(1h) | summarize dcount(Computer) by Computer,OSType,OSName,OSMajorVersion, OSMinorVersion

I am able to get the result as below:

Answer 2

i found the answer to my question on the DeviceInfo Log but this is associated with Azure Sentinel
I cant believe is not available from the Windows Device directly

https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/deviceinfo

Answer 3

Yes but that would give me three options for the final version
What I mean is that is major version 10 and major version 0 could be windows 10 windows server 2019 and Windows server 2016

Answer 4

I have the exact same issue.

I know that 6.3 is Windows Server 2012 R2, however 10.0 is 2016, 2019 or 2022.

After all this time, the Microsoft Monitoring Agent should be sending that info correctly.

The Azure Monitor Agent already gives the correct OS name in the OSName field.

Example:

Computer	Category	OSName	OSMajorVersion	OSMinorVersion
VM1	Azure Monitor Agent	Windows Server 2019 Datacenter	10	0
VM2	Azure Monitor Agent	Windows 10 Enterprise	10	0

I think they are really just focusing in AMA now, as MMA is going to be decommissioned next year