Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Assessments are available through Services Hub to help you assess and optimize the availability, security, and performance of your on-premises, hybrid, and cloud Microsoft technology environments. These assessments use Microsoft Azure Log Analytics, which is designed to give you simplified IT and security management across your environment.
Note
On average, it takes two hours to initially configure your environment to run an On-Demand Assessment. After you run an assessment, you can review the recommendations in Azure Log Analytics. This will provide you with a prioritized list of recommendations, categorized across six focus areas. This permits you and your team to quickly understand risk levels, the health of your environments, act to decrease risk, and improve your overall IT health.
An offline copy of the On-Demand Assessment Setup Guide may be downloaded for reference.
Use the following checklist to ensure all steps in this section are completed before moving onto the next section.
Subscription
On-Demand Assessments ingest their recommendations and supporting details into Log Analytics. The Azure Log Analytics service requires an Azure subscription owned by the organization. If there is already an Azure subscription, then a customer representative (their registered email address) with the required Azure Log Analytics access and/or Azure Subscription access will need to be invited to Services Hub workspace by the CSAM.
To utilize On-Demand Assessments (ODAs), customers must have access to an Azure subscription. The following options are available:
- Use an existing Azure subscription (Our guidance) Customers may leverage their current Azure subscription to run On-Demand Assessments.
- Create a new Azure subscription for ODAs under the customers EA agreement (Our guidance) Customers can provision a dedicated Azure subscription specifically for On-Demand Assessments if they do not want to use one that they already have.
- Explore other Azure trial offering (Credit Card required) Customers may consider alternative trial options available at Create your Azure Free Account or Pay as you Go
Note
Customers can choose to use any Azure Subscription for this purpose as long as the user has the required Azure Subscription and/or Log Analytics role to perform the required actions. The Azure Subscription can be an EA or Pay-As-You-Go or trial Azure subscriptions. Azure subscriptions created merely due to the presence of Office 365 licenses cannot be used as they don't have active azure credits.
Note
If you don’t know the Azure owner or other roles of your Azure subscriptions, please follow this link: Role assignments in Azure Subscriptions.
Services Hub Registration
The user in your organization, who is the Microsoft Azure subscription owner must be invited to Services Hub workspace and complete their registration on Services Hub. Additionally, if the assessment will include a Microsoft engineer lead delivery, then the Microsoft engineer must also be invited to Services Hub workspace and complete their registration on Services Hub. Invites to Services Hub can be started by your organization’s Services Administrator, existing Services Hub users, or your Microsoft representative. To provide users access to On-Demand Assessments in Services Hub, your organization’s Services Administrator must grant these permissions by selecting the Health and Programs checkboxes in the Invite users dialog.
CSAM tasks
The CSAM invites customer and CSA (for engineer led assessment deliveries). Log in to Services Hub using Microsoft Edge and go to Customer workspace then Manage Users.
Add customers' email addresses and CSA with alias@Microsoft.com and ensure the Health and Programs options are selected to permit the user to see the assessment tab and create a remediation plan.
Linking of the Azure Subscription and Log Analytics workspace to Services Hub workspace
Log into Services Hub with the Azure subscription owner's credentials. In the Primary Navigation, select IT Health then select On-Demand Assessments.
"Get Started with Assessment."
- Select the desired Azure subscription from the list and choose next.
Organizations that have an Azure subscription but lack the required permissions will need to work with your company's Services Admin, CSAM, or Support Account Coordinator to have the customer representative with the required permissions within Azure register on Services Hub and pre-configure your assessments.
- Choose the Azure Log Analytics workspace that the assessment(s) you choose will be added in or use "Create New" to create a dedicated workspace for the assessment(s) if desired. Then select next.
Note
An Azure Log Analytics workspace may also be created from Azure using the steps documented in the How to Create new Azure Log Analytics Workspace from Azure article.
- At the conclusion of the linking process, select “View assessments."
Note
If you have some policy definitions setup on Subscription, make sure you have allowed Microsoft.OperationalInsights and Microsoft.OperationsManagement resource types for linking to work. Select all checkboxes under these options.
Add the Assessments in Services Hub
Warning
Follow the setupassessment.pdf document's instructions before proceeding to add the assessment.
To configure an assessment, go to Services Hub, IT Health, and On-Demand Assessments. Browse through the assessment catalog and select "Add Assessment" to add the assessment that best fits your organization’s needs.
Select an assessment of your choice from the list of available assessments and select "Add Assessment."
You will be able to see the assessment tile added to AMA on top navigation section of assessment. You are now all set for next steps
Providing Access to Azure Log Analytics workspace
Granting access to the Log Analytics workspace to Microsoft personnel is necessary for CSA led deliveries of On-Demand Assessments and must be completed by the Azure subscription owner. We recommend you add users as a Log Analytics Reader role at Azure Subscription level to grant @microsoft.com users access to your Azure Log Analytics workspace to view your assessments. In case of any security concerns with subscription, please provide both Log Analytics Reader at Azure Arc/VM level and Log Analytics Reader at Log Analytics workspace level explicitly.
Note
This step is not required for self-consumption of assessments without CSA led delivery.