extract logs using azure analytics workspace

Question

extract logs using azure analytics workspace

FZ-KECH 41

Hello everyone,

Hope you're doing well,

We used to extract logs using analytics workspace with the credentials:
($ClientId = "" $ClientSecret = "" $TenantId = "" $WorkspaceId = "")

This part is used to access the data from the script without having to connect to log analytics.

qst:

Is it possible to use a certificate instead of client secret keys??

Do you have any idea?

thank you in advance.

Alistair Ross 7,476 Reputation points Microsoft Employee

2022-05-17T09:09:05.407+00:00

I would recommend tagging this question to azure-ad-authentication and azure-ad-graph as this isn't related to Log analytics specifically, but acquiring the access token for authentication.
FZ-KECH 41 Reputation points

2022-05-17T09:13:01.12+00:00

thank you
Givary-MSFT 35,771 Reputation points Microsoft Employee Moderator

2022-05-18T06:34:26.827+00:00

@fatimazahrahida-9743

Would request you to share the script which you are using to extract logs from LAW to 'AzCommunity@microsoft.com' with Sub - Attn: Givary.

Let me review the script and check if there is a option to use certificate instead of client secret keys.
FZ-KECH 41 Reputation points

2022-05-18T09:39:32.017+00:00

as requested, I sent the script to 'Az Community@microsoft.com'

please , can you take a close look at the script.

tha

Answer accepted by question author

1 additional answer

Your answer

Alistair Ross 7,476 Reputation points Microsoft Employee

2022-05-17T09:09:05.407+00:00

I would recommend tagging this question to azure-ad-authentication and azure-ad-graph as this isn't related to Log analytics specifically, but acquiring the access token for authentication.
FZ-KECH 41 Reputation points

2022-05-17T09:13:01.12+00:00

thank you
Givary-MSFT 35,771 Reputation points Microsoft Employee Moderator

2022-05-18T06:34:26.827+00:00

@fatimazahrahida-9743

Would request you to share the script which you are using to extract logs from LAW to 'AzCommunity@microsoft.com' with Sub - Attn: Givary.

Let me review the script and check if there is a option to use certificate instead of client secret keys.
FZ-KECH 41 Reputation points

2022-05-18T09:39:32.017+00:00

as requested, I sent the script to 'Az Community@microsoft.com'

please , can you take a close look at the script.

tha

Answer 1

@fatimazahrahida-9743

Reviewed the script which was sent yesterday and I see you are trying to authenticate Azure AD using Invoke-RestMethod with Client Credential flow ( below snipped from script for reference )

I came across this article with the similar requirement - https://stackoverflow.com/questions/71265186/how-do-i-authenticate-to-aad-using-invoke-restmethod-with-clientcredential-flow

You need to make few changes to your script to authenticate via Certificate, refer to the below article ( section: Acquire an Access token using a certificate ).
https://adamtheautomator.com/powershell-graph-api/#:~:text=RestMethod%20%40PostSplat-,Acquire%20an%20Access%20Token%20(Using%20a%20Certificate),-The%20authenticate%20to

Let me know if you have any questions.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

FZ-KECH 41

thank you that was very helpful

Share via

extract logs using azure analytics workspace

1 additional answer

Your answer