Installing MMA agent for large number of Windows Servers

Question

We are onboarding a new customer for Widows On-Premise server monitoring using Azure Sentinel. We need to ingest their windows server logs to Azure Sentinel. We are monitoring their Dev environment by installing MMA Agent on their servers.

For Production Environment, they have 300+ On-Premise Windows Servers, and installing MMA Agent on these number of machines is a challenge. Is there any other way by which we can monitor the Servers and Send the Logs to Azure sentinel?

Answer 1

@Gaurav Mourya If you customer is using Configuration management (SCCM) they can leverage that to deploy the agent.
If not, you can use a file share and group policy to deploy that using something like this : https://m365internals.com/2021/05/17/how-to-deploy-sysmon-and-mma-agent-to-receive-logs-in-azure-sentinel/

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

-------------------------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.