Azure Log Analytics Workspace – Ensuring Compliance, Centralizing and Streamlining Monitoring

Posted on April 18th, 2024 by Sania Afsar

In the realm of cloud computing, the ability to monitor, analyze, and respond to IT environment anomalies is crucial for maintaining system integrity and compliance with regulatory standards. Azure Log Analytics Workspace (LAW) is a powerful service that enables businesses to aggregate, analyze, and act on telemetry data from various sources across their Azure and on-premises environments. This article delves into LAW, its alignment with SOC 2 compliance, and the practicalities of Azure Monitoring and diagnostic settings, offering insights from a recent project implemented for a software development company.

Azure Log Analytics Workspace (LAW): A unique environment within Azure Monitor that allows for the collection and aggregation of data from various sources. It provides tools for analysis, visualization, and the creation of alerts based on telemetry data.

SOC 2 Compliance: A framework for managing data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy. It is essential for businesses that handle sensitive information.

Azure Monitoring: A comprehensive solution that provides full-stack monitoring, from infrastructure to application-level telemetry, facilitating the detection, analysis, and resolution of operational issues.

Diagnostic Settings: Configurations within Azure that direct how telemetry data is collected, processed, and stored. It includes logs and metrics for auditing and monitoring purposes.

Why LAW should be used?

LAW plays a pivotal role in operational and security monitoring, offering several benefits:

Centralized Log Management: It consolidates logs from various sources, making it easier to manage and analyze data.

Compliance and Security: Helps organizations meet regulatory standards like SOC 2 by providing tools for continuous monitoring and alerting on security and compliance issues.

Operational Efficiency: Streamlines troubleshooting and operational monitoring, reducing the time to detect and resolve issues.

Cost-Effectiveness: Offers scalable solutions for log data ingestion and storage, providing flexibility and control over costs.

Configuration Process and Technical Details

Creating and Configuring Log Analytics Workspace

1. Azure Portal:

  1. Navigate to the Azure portal.
  2. Go to “All services” > “Log Analytics workspaces”.
  3. Click “Add”, select your subscription, resource group, and specify the workspace name and region.
  4. Review and create the workspace.

Same can be achieved using Powershell cmdlet New-AzOperationalInsightsWorkspace.

New-AzOperationalInsightsWorkspace -ResourceGroupName “YourResourceGroup” -Name “YourWorkspaceName” -Location “Region”

2. Enabling Diagnostic Settings

Azure Portal:

  1. Navigate to the resource (e.g., a VM, database).
  2. Select “Diagnostic settings” > “Add diagnostic setting”.
  3. Choose the logs and metrics to send to the Log Analytics workspace.
  4. Select the workspace created earlier and save the setting.

Azure CLI:

There is no corresponding powershell cmdlet however the same can be achieved using azure cli. It is advised that this step be done using the Azure portal unless it needs to be automated, In case of large number of targets consider using a bash script and an csv file for input

az monitor diagnostic-settings create –resource /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/ResourceProvider/ResourceType/ResourceName –workspace /subscriptions/YourSubscriptionId/resourcegroups/YourResourceGroup/providers/microsoft.operationalinsights/workspaces/YourWorkspaceName –name “YourDiagnosticSettingName” –logs ‘[{“category”: “CategoryName”, “enabled”: true}]’ –metrics ‘[{“category”: “CategoryName”, “enabled”: true}]’

 Integrating Data Sources

To configure agents and services to send data to LAW:

1. Windows and Linux Servers:

Install the Log Analytics agent on each server.

During the agent configuration, specify the workspace ID and primary key to connect the agent to your workspace.

2. Azure Resources:

Many Azure services offer built-in integration with Log Analytics.

Use the Azure portal to enable integration by selecting the Log Analytics workspace as the target for logs and metrics.

3. Application Insights:

For application telemetry, integrate Application Insights with your application.

Configure the Application Insights SDK to send data to the Log Analytics workspace by setting the instrumentation key.

Insights on a case study from a Software Development Company Perspective

In a recent project for a software development company, LAW was leveraged to enhance operational visibility and ensure SOC 2 compliance. The focus was on automating log collection and analysis to proactively address system anomalies, secure sensitive data, and streamline the development lifecycle. By integrating LAW, the company achieved:

  • Enhanced Security Posture: Through real-time monitoring and alerting capabilities.
  • Operational Excellence: Improved system reliability and availability by quickly identifying and addressing issues.
  • Compliance Assurance: Simplified compliance reporting and auditing processes, ensuring adherence to SOC 2 requirements.


Azure Log Analytics Workspace is an indispensable tool for organizations looking to enhance their monitoring capabilities and ensure compliance with standards like SOC 2. Its ability to aggregate and analyze data from a multitude of sources provides a comprehensive view of an organization’s IT environment, facilitating informed decision-making and operational efficiency. The integration of LAW, coupled with Azure Monitoring and diagnostic settings, offers a robust solution for maintaining system integrity, security, and compliance.

Azure Stack HCI 3-node Cluster Configuration – Switchless Storage Network

Posted on April 17th, 2024 by Sania Afsar

Mismo Systems implemented a 3-node Azure Stack HCI cluster for one of the clients. The cluster was configured with a dual-link full mesh storage network interconnect (Switchless).

This blog provides an overview of the Azure Stack HCI design, high-level implementation steps, network connectivity of the servers, IP configurations and cluster configuration.

Azure Stack HCI Design

Below is the high-level detail of the above Design diagram:

  • 03 Nos. DELL EMC AX-740dx servers, installed with Azure Stack HCI 21H2 Operating System.
  • Azure Stack HCI cluster will be created using the three servers.
  • The cluster will be created and managed using a Windows Admin Center instance.
  • The cluster will be registered with Azure.
  • Azure storage account-based cloud witness will be used for the cluster.

High-Level Configuration Steps

Below are the high-level steps performed to complete the cluster configuration:

S. No.Task
1Server Racking and Cabling
2iDRAC Configuration on the servers
3BIOS Configuration for QLogic NIC configuration
4Initial network configuration and domain join the servers
5Azure Stack HCI cluster configuration:
– Prerequisite check, feature installation and updates installation
– Network and Virtual Switch configuration
– Cluster validation and creation – Storage validation and Enable Storage Space Direct
6Post cluster creation configuration
7Cloud Witness Quorum configuration
8Azure Stack HCI registration to Azure
9Storage volumes creation
10Virtual Machines creation

Network Interfaces

There were 3 Azure Stack Certified servers – DELL EMC AX-740dx, installed with Azure Stack HCI 21H2 Operating System. The servers had the following network interfaces:

Each of the servers has the following network interfaces:

  • 1 iDRAC network port
  • 2 QLogic FastLinQ 41262 Dual Port 10/25GbE SFP28 Adapter, PCIe Low Profile
  • 1 Intel X710 Dual Port 10GbE SFP+
  • 1 i350 Dual Port 1GbE, rNDC

Network Interface Connectivity

The diagram below describes the connectivity of network interfaces and their configuration.

Below tables provides low-level detail of the Azure Stack HCI Implementation:

Network Interface | PurposeNode | IP Address | vSwitch | Team Configuration
Azure Stack HCI – Network Configuration
i350 Dual Port 1GbE, rNDC | Management NetworkNODE1 | | MgmtSwitch | SET Team <NIC 1 and NIC 2> NODE2 | | MgmtSwitch | SET Team <NIC 1 and NIC 2> NODE3 | | MgmtSwitch | SET Team <NIC 1 and NIC 2> Gateway – Subnet –
Intel X710 Dual Port 10GbE SFP | VM NetworkNODE1 – | VMNetworkSwitch | SET Team <NIC 3 and NIC 4> NODE2 – | VMNetworkSwitch | SET Team <NIC 3 and NIC 4> NODE3 – | VMNetworkSwitch | SET Team <NIC 3 and NIC 4> Gateway: Subnet –
QLogic FastLinQ 41262 Dual Port 10/25GbE SFP28 Adapter | Storage NetworkNODE1 – NIC 5 || Storage 1 <Node 1 – Node 2>
NODE1 – NIC 6 || Storage 2 <Node 1 – Node 3> NODE1 – NIC 7 | | Storage 4 <Node 2 – Node 1>
NODE1 – NIC 8 | | Storage 5 <Node 3 – Node 1>

NODE2 – NIC 5 || Storage 1 <Node 1 – Node 2>
NODE2 – NIC 6 || Storage 3 <Node 2 – Node 3> NODE2 – NIC 7 || Storage 4 <Node 2 – Node 1>
NODE2 – NIC 8 || Storage 6 <Node 3 – Node 2>   NODE3 – NIC 5 || Storage 2 <Node 1 – Node 3>
NODE3 – NIC 6 || Storage 3 <Node 2 – Node 3> NODE3 – NIC 7 || Storage 5 <Node 3 – Node 1>
NODE3 – NIC 8 || Storage 6 <Node 3 – Node 2>   Subnet –

Azure Stack HCI Cluster Detail

Configuration ItemDetail
Azure Stack HCI – Initial Configuration
Azure Stack HCI OS21H2
Time zoneCentral time (US & Canada) UTC -6:00
Joined AD DS Domain
Windows Admin Center
Azure Stack HCI – Cluster Configuration
Cluster TypeStandard
Cluster Name and IPCluster01 |
Cluster Quorum DetailCloud Witness | Storage Account – <storageaccountname>
Azure Stack HCI – Registration to Azure
Azure Subscription Name and ID<Azure Subscription Name and ID>
Resource Group<Resource Group Name>
Azure Region for registrationWest Europe

Microsoft update: Chat with users with Teams personal accounts

Posted on October 4th, 2023 by admin@mismo2023

Chat with Teams will extend collaboration support by enabling Teams users to chat with team members outside their work network with a Teams personal account. Customers will be able to invite any Teams user to chat using an email address or phone number and remain within the security and compliance policies of their organization. 

Will rollout on the web, desktop, and mobile.

How this will affect your organization:

With this update Teams, users in your organization will be able to start a 1:1 or a group chat with Teams users who are using their personal accounts and vice-versa. IT Admins will have the option to enable/disable this at a tenant and individual user level with two possible controls:

  1. Control to enable or disable the entire functionality. If disabled neither users in your organization and users in their personal accounts will be able to chat with each other.
  2. Control to define if Teams users with a personal account can start a chat or add users from your organization to a chat. If disabled, only users in your organization will be able to start a chat or add users with their personal accounts.

Note: Settings will rollout default on.

What you need to do to prepare:

If you would like to opt-out from this functionality you would be able to do so via the Teams admin portal under the External Access section. Optionally you could use PowerShell commands to opt-out all users or individual users from this functionality. 

Settings to update:

Tenant level: CsTenantFederationConfiguration

  • AllowTeamsConsumer
  • AllowTeamsConsumerInbound

User level: CsExternalAccessPolicy

  • EnableTeamsConsumerAccess
  • EnableTeamsConsumerInbound

AWS vs Azure

Posted on December 1st, 2022 by admin@mismo2023

The cloud service providers AWS and Azure are truly miraculous helping millions across the globe creating a virtual space with a plethora of benefits. This article will delve deep into their pros and cons and look at the wide array of services, benefits and advantages they have. We will consider factors like: the cloud storage cost, the loss rate of data transfers, availability of data and so on.

AWS: It all began with the Amazon’s team recognizing the stagnation and complexity of their IT infrastructure. In order to improvise on their efficiency, Amazon’s team replaced the pre-existing infrastructure into well documented APIs. By the year 2003, Amazon had a moment of realization about their skills that is important for creating scalable and effective data centres. This is how Amazon Web Services came into existence. AWS is one of the leading providers of requirement basis cloud solution providing an IT infrastructure to companies of varying sizes. For companies that run on non-windows services, AWS works most efficiently for them and is a highly customisable podium. Netflix, Spotify, and such eminent companies use AWS.

AWSs’ services remained unparalleled as Google, their first competitor only came up beyond 2009 and Microsoft stepped up by 2010 as they did not believe in the potential of the cloud infrastructure. It is only after Amazon’s successful system that made Microsoft enter the world of cloud. Azure was launched by Microsoft, but their entry was not welcomed pleasantly as it faced several challenges. AWS had already become a giant as it had a lead of 7 years over Azure and provided ample scalable services.

It was about time that Microsoft stepped up and set its firm footing by adding support to various programming languages and operating systems. They got along with Linux and also made their services more scalable. With this redemption, Azure made its name to the top in the list of cloud providers.

Today AWS and Azure have become two prominent names when it comes to cloud service providers. They introduce the world with a virtual infrastructure with Azure holding about 29.4% of the workloads of installed applications, AWS holds a good 41.5% and Google only has about 3%.

There are a few differences between AWS and Azure, and both have their respective pros and cons. These two top players have their list of unequivocal set of advantages as they are great at what they provide.


Azure and AWS extends on premise data centre into firewall and cloud. VPC or Amazon Virtual Private Cloud helps users to create subnets, Private IP address range, network gateways and route tablets in the areas of networking services when compared to Microsoft Virtual Network which has similar services. When we talk of computing services Azure provides services like App Services, Azure Virtual Machine, Container services, Azure Functions while AWS provides: Elastic Beanstalk, ECS, AWS Lambda, EC2 and so on. Both these services are quite similar as well. While in the case of storage services, AWS provides temporary storage that is specified with the beginning of the instance and automatically dissolves with its termination. They also provide block storage that can either be attached or separated. Azure provides storage such as Blob, Disk Storage and Standard Archives.


Pricing of computing services depends upon the differences in configuration, the measurement of the computing units and the various range of services: storage, databases, computing and traffic.

AWS follows a pay as you go structure of pricing where there is an hourly charge while Azure charges per minute. An AWS m3. large instance is estimated at $0.133 per hour (21 CPU and 3.75 GB memory), somewhat similar pricing is followed by Microsoft in the Medium VM (2×1.6Ghz CPU, 3.5 GB RAM) that costs about $0.45 per hour. Azure can be deemed more expensive as compared to AWS regarding computing, but it provides for good discounts in case of long-term payments. AWS is also known for supporting the Hybrid cloud environment better. Meanwhile the security provided by AWS via user defined roles is unparalleled as it provides security by giving permissions on the entire account.

Open-Source Integration:

AWS employs tools such as Jenkins, GitHub, Docker and Ansible for their open-source integration as Amazon highly supports the Open-Source sect. Azure on the other hand provides native integration for windows development tools namely: Active Directory, SQL databases and VBS. On instances when Microsoft fails to support open source, Amazon is always open to it. Azure works great alongside NET developers and AWS with Linux Services.


In order to save your information, a database is required and both our cloud service providers AWS and Azure relational database (SQL) or NoSQL. Microsoft provides their user with an SQL database while Amazon provides RDS (Relational Database Service) and Amazon DynamoDB. These databases provide automatic replication and are extremely efficient and durable.

Advantages of AWS certification:

AWS is the largest cloud computing service provider and has extra weightage to their certification as they have additional marketability because a large number of companies are using their services. AWS certification also gives you access to AWS certified LinkedIn and other certifications for professionals and developers. These include AWS Developer Associate, AWS SysOps, Cloud Architect Certification, gcp certification and so on.

The advantages of Azure Certification:

Azure also renamed as Microsoft Azure in the year 2014 provide additional benefits to those who are aware of their in-house data platforms. 55% of major Fortune 500 companies go for the services provided by Azure, and hence its certification opens a career opportunity for the candidates in these companies. It has been estimated that around 365,000 companies opt Azure every year which creates demand for Azure professionals. Their certification include Architect Microsoft Azure, Developing Microsoft Azure, Cloud Solution Architect, Cloud Architect, Implementing Microsoft Azure and so on.

Azure and AWS: Making the world a better place

Both AWS and Azure have made huge contributions trying to make this globe a better place to be in. AWS is used to scale flood alerts in Cambodia saving millions of lives and is cost effective. Other risky zones now replicate this technology to detect calamities beforehand.

NASA with the use of AWS platform has created a virtual Storehouse of videos, pictures and audio files that can be accessed easily in one centralized space.

The Weka Smart Fridge that has been created using the Azure IoT suite, helps store vaccines helping medical support to make vaccinations available to people easily.

Both AWS and Azure are reliable sources making lives easy for people around the globe.

Contact Us for Free Consultation

Tags: ,

The need for a hybrid solution – Azure Stack HCI

Posted on April 25th, 2022 by admin@mismo2023

Microsoft’s Azure Stack HCI is a hyper-converged infrastructure with virtualization, software-defined networking, and more. What separates it from the rest is it seamlessly integrates with Microsoft Azure. It’s never been easier to unify your on-premises infrastructure with the power of Azure.

We have listed below a few points for why you need this new & exciting hybrid solution for your business:-

Azure Hybrid by design

Extend your datacentre to the cloud and manage Azure Stack HCI hosts, virtual machines (VMs) and Azure resources side by side in the Azure portal. Make your infrastructure hybrid by seamlessly connecting it to Azure services such as Azure Monitor, Azure Backup, Azure Security Centre, Azure Site Recovery etc.

Enterprise-scale and great price-performance

Get infrastructure modernisation, consolidate virtualised workloads, and gain cloud efficiencies on-premises. Take advantage of software-defined compute, storage, and networking on a broad range of form factors and brands. With the new feature update, get powerful host protection with a Secured-core server, thin provisioning and intent-driven networking. Optimize your costs based on your needs with a flexible per-core subscription.

Familiar management and operations

Simplify your operations by using an easy-to-manage HCI solution that integrates with your environment and popular third-party solutions. Use Windows Admin Centre with a built-in deployment GUI to leverage your existing Windows Server and Hyper-V skills to build your hyper-converged infrastructure. Automate completely scriptable management tasks using the popular cross-platform Windows PowerShell framework.

Deployment flexibility

Select the deployment scenario that is best for your environment, such as an appliance-like experience, a validated node solution from one of more than 20 hardware partners or repurposed hardware. Choose optimized solutions that are available on a broad portfolio of x86 servers and hardware add-ons. Manage your solution using Azure or familiar management tools and choose from a wide selection of utility software options within the enhanced ISV partner ecosystem.

Contact us for more information!

Azure Virtual Desktop vs Windows 365

Posted on January 10th, 2022 by admin@mismo2023

Azure Virtual Desktop (AVD) is a Desktop as a Service (DaaS) solution offered on Microsoft Azure, previously named Windows Virtual Desktop (WVD) only offers multi-session capabilities. It allows organizations to provide virtual desktops to their users without implementing and managing a Virtual Desktop Infrastructure (VDI).

There are many use cases for AVD, and it has had a lot of traction since its availability. The common use cases of AVD are to provide a secure working environment in highly regulated industries like finance & insurance, part-time employees, short term workers, BYOD scenarios and specialized workloads.  

The heavyweight components of AVD infrastructure are managed by Microsoft. Still, it requires technical expertise to implement and manage AVD. It also requires supporting services like AD DS and storage to work.

AVD is billed as part of Azure subscription and billing is as per usage. This includes computing, storage, networking, and other components. Every user must be licensed with Windows Enterprise.

Windows 365 is Software as a Service (SaaS) offering from Microsoft, wherein you can provide cloud PCs to users without the overhead of managing any infrastructure. It provides dedicated cloud PCs to individual users. It is offered in two editions Business and Enterprise.

Windows 365 Business is for small-medium organizations or for personal use wherein users can have a PC running in the cloud with their data and apps. It provides basic management capabilities and users are an admin on their PCs.

Windows 365 Enterprises is for organizations who want to have fully managed cloud PCs for the users. It requires AD DS, Azure AD and Microsoft Endpoint Manager (MEM). Cloud PCs can be managed using MEM, Group Policies (GPO) and other organization tools.

Windows 365 is billed per cloud PC on a fixed monthly cost based on the configuration. Business edition doesn’t require any other license and supports a maximum of 300 users. Enterprise edition requires Windows Enterprise, Azure AD P1, MEM license and supports unlimited users.

With the advent of cloud computing, there are a lot of options for organizations of all sizes to choose from. We at Mismo Systems are consultants and can help you decide what’s best for your needs based on our industry knowledge and expensive experience. We help organizations implement these technologies and manage them for them.

Contact us for a free consultation!

AWS Update:- Amazon EC2 now supports access to Red Hat Knowledgebase

Posted on November 16th, 2021 by admin@mismo2023

Starting today, customers running subscriptions included Red Hat Enterprise Linux on Amazon EC2 can seamlessly access Red Hat Knowledgebase at no additional cost. The Knowledgebase is a library of articles, frequently asked questions (FAQs), and best-practice guides to help customers solve technical issues. 

Previously, subscriptions included RHEL customers on AWS who had to contact AWS Premium Support in order to access Red Hat Knowledgebase. Now, AWS has partnered with Red Hat to provide one-click access to Knowledgebase for all subscriptions included RHEL customers. Customers can access Knowledgebase content in one of the three ways: by clicking on a link inside the Fleet Manager functionality in AWS System Manager, by using sign-in with AWS option on Red Hat Customer Portal, or via a link provided by AWS support. 

This Red Hat Knowledgebase feature on Amazon EC2 is available in all commercial AWS Regions today except the two regions in China.

Contact us for more information.

AWS Update:- Amazon SNS now supports token-based authentication for APNs mobile push notifications

Posted on November 16th, 2021 by admin@mismo2023

For sending mobile push notifications to Apple devices, Amazon Simple Notification Service (Amazon SNS) now enables token-based authentication. You may now choose between token-based (.p8 key file) and certificate-based (.p12 certificates) authentication when creating a new platform application in the Amazon SNS dashboard or API. 

Stateless communication between Amazon SNS and the Apple Push Notification service is enabled using token-based authentication (APNs). Because stateless communication does not require APNs to look up certificates, it is faster than certificate-based communication. You had to renew the certificate and the endpoint once a year while using .p12 certificates. You may now lessen your operational burden by eliminating the need for yearly renewals by employing a .p8 key file. Amazon SNS uses token-based authentication to deliver messages to mobile applications for platform applications produced with .p8 certificates. 

You can use token-based authentication for APNs endpoints in the following AWS regions where Amazon SNS supports mobile push notifications: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), and South America (São Paulo). 

Contact us for more information.

AWS Update:- Amazon ECS now adds container instance health information

Posted on November 16th, 2021 by admin@mismo2023

Customers may now see the health of their compute infrastructure using Amazon Elastic Container Service (Amazon ECS). The customers running their workloads using Amazon ECS on Amazon EC2 or on-premises with Amazon ECS anywhere can now examine the health status of the container runtime (i.e Docker) for their container instances directly from the Amazon ECS API. This would help customers to improve application resiliency.  

In a very rare scenario, problems might arise with the host infra or Docker runtime which will eventually prevent new containers from starting or may even affect the existing containers. Amazon ECS automatically monitors the runtime of containers for responsiveness on the customer’s behalf. Customers can use the ECS Describe-Instances API with the include Health Status option to view the health information for their Amazon ECS Tasks. 

Customers can check the health of all their Amazon ECS container instances that are running version 1.57.0 or above of the Amazon ECS container agent. This version is pre-installed with the Amazon ECS-optimized AMI version 20211103. Amazon ECS is available in all AWS regions that are open to the public.  

Contact us for more information.

Microsoft 365 Update:- Viva Connections is now generally available!

Posted on November 16th, 2021 by admin@mismo2023

Viva Connections, part of Microsoft Viva, is your entry point to a modern employee experience. You get an all-in-one experience with the customized dashboard, the feed, and other relevant resources with the Viva connections app in Microsoft Teams mobile, web & desktop.  

This GA (general availability) provides you with the ability to: – 

  • Set a SharePoint home site from the SharePoint admin center 
  • Create, author, and manage a dashboard from the home site 
  • Use the new Dashboard and Feed web parts on the home site 
  • Brand the Viva Connections app for the desktop and mobile experiences for Android and iOS 
  • Use Video news links to communicate announcements 

It is to be noted that the Viva connections require admin configuration in the Teams admin center to enable as it is in the “Blocked” state by default. Once the home site in SharePoint is generated & the dashboard gets published, the Teams admin can enable & customize the Viva connections app in the Teams admin center. This feature is available now. 

Contact us for more information.