Walking in the right direction: DataYork

By Rob Litjens

May 26, 2023

Welcom back. Yesterday I created the LAW and added a sentinel solution to it. Next to that we also configured some values which you should do.

As promised I would continue my preparation today. Not to difficult but it had to be done. I have fresh Windows 11 NUC on which I do work on a daily base. The nuc is capable enough, i7 and 16 GB. So I decided to add Hyper-V to it.

Next step was to download a few Windows (2019/2022) editions from the Microsoft Website. I also downloaded the SQL2019 and 2022 installers and SSMS. Within 10 minutes both VM’s are running on my PC and I decided to put a litle to load into it. I downloaded the Bikestore example from this website. I used it in the past for some testing. It is a simple database which can be used to create some load. Not sure if I can make that before thursday next week, but if possible, I will do.

For your information. I have two servers now, one with WIndows and SQL2019 and BikeStore2019 and one with Windows and SQL2022 with bikestore2022. Just for the record.

As you might have read in one of the previous posts, it is possible to add a server to the LAW by installing an Agent on it.. the Azure Management Agent. But.. Where do you get that?

Not as difficult as we might think. We need to go to the LAW in the Azure Portal. In the left menu there is an Agents link. If you press on it, you will see the following page, after expanding the Log Analytics agent Instructions:
Portal Agent

From this page you can download the agent. I have copied the file to my fresh VM’s and pressed install.

The installation is straight forward. you press a few times enter, select some settings like OMS(seen this before?) and copy the WorkspaceID and the Password in. Select if you want to use MS update or not and wait a few seconds before it completes.

After checking I can find the server in the LAW… That is a good sign.

Validating if the server is actually using a Defender for SQL package shows me it is not even dealing with Defender for Endpoint. I Decided to enable it on the workspace. It will cost a few bucks.. but.. It enables me to reach my end goal.. Running and nailing a PR on the presentation in DataYork. But getting back to the Defender thingies.. it might take a while before it is set according the rules. I will get back to you tomorrow or after.