Share via

Getting started with On-Demand Assessments

  • Article

Assessments are available through the Services Hub to help you assess and optimize the availability, security, and performance of your on-premises, hybrid, and cloud Microsoft technology environments. These assessments use Microsoft Azure Log Analytics, which is designed to give you simplified IT and security management across your environment.

Note

On average, it takes two hours to initially configure your environment to run an On-Demand Assessment. After you run an assessment you can review the recommendations in Azure Log Analytics. This will provide you with a prioritized list of recommendations, categorized across six focus areas. This allows you and your team to quickly understand risk levels, the health of your environments, act to decrease risk, and improve your overall IT health.

An offline copy of the On-Demand Assessment Setup Guide may be downloaded for reference.

Use the following checklist to ensure all steps in this section are completed before moving onto the next section.

Subscription

On-Demand Assessments ingest their recommendations and supporting details into Log Analytics. The Azure Log Analytics service requires an Azure subscription owned by the organization. If there is already an Azure subscription, then a customer representative (their registered email address) with the required Azure Log Analytics access and/or Azure Subscription access will need to be invited to the Services Hub workspace by the CSAM.

If there is no Azure subscription, Microsoft will sponsor one for the customer. The ideal owner for the sponsored subscription is the main point of contact IT professional that will be working with the assessment results. There are a couple of options to have a sponsored Azure subscription provisioned.

The preferred option is to share an organizational email address to be provisioned as owner of a no-cost Azure sponsorship with the organization's CSAM. Once the Azure sponsorship is created, an email with an invitation to activate the subscription will be sent to the provided organizational email address. Activate the Azure subscription through the link provided in the email. This account will be invited to the Services Hub workspace by the CSAM.

Note

Customers can choose to use any Azure Subscription for this purpose as long as the user has the required Azure Subscription and/or Log Analytics role to perform the required actions. The Azure Subscription can be an EA or Pay-As-You-Go or trial Azure subscriptions. Azure subscriptions created merely due to presence of Office 365 licenses cannot be used as they don't have active azure credits.

Note

No-cost sponsored Azure subscriptions requested from Azure by default have a validity of 1 year. You can read more about the subscription offer details and any request to roll over your Azure Sponsored Subscription to an EA agreement or renewal reach out to your CSAM to understand your options.

Note

If you don’t know the Azure owner or other roles of your Azure subscriptions, please follow this link: Role assignments in Azure Subscriptions.

Services Hub Registration

The user in your organization who is the Microsoft Azure subscription owner must be invited to the Services Hub workspace and complete their registration on the Services Hub. Additionally, if the assessment will include a Microsoft engineer lead delivery, then the Microsoft engineer must also be invited to the Services Hub workspace, and complete their registration on the Services Hub. Invites to the Services Hub can be initiated by your organization’s Services Administrator, existing Services Hub users, or your Microsoft representative. To enable users access to On-Demand Assessments in the Services Hub, your organization’s Services Administrator must grant these permissions by clicking the Health and Programs checkboxes in the Invite users dialog box.

CSAM tasks

  1. The CSAM invites customer and CSA (for engineer led assessment deliveries). Log in to Services Hub using Microsoft Edge and go to Customer workspace then Manage Users.

  2. Add customers' email addresses and CSA with [email protected] and ensure the Health and Programs options are selected to allow the user to see the assessment tab and create a remediation plan.

The Manage Users dialog box.

The Invite Users dialog box.

Linking of the Azure Subscription and Log Analytics workspace to Services Hub workspace

  1. Log into Services Hub with the Azure subscription owner's credentials. In the Primary Navigation, click on IT Health then select On-Demand Assessments.

  2. Click "Click Get Started with Assessment."

The On-Demand Assessments page with the Preconfigure Assessments button highlighted.

  1. Select the desired Azure subscription from the list and choose next.

The Preconfigure Assessments page with the Choose Your Azure Subscription step highlighted.

Organizations that have an Azure subscription but lack the required permissions will need to work with your company's Services Admin, CSAM, or Support Account Coordinator to have the customer representative with the required permissions within Azure register on Services Hub and pre-configure your assessments. Organizations without an Azure subscription refer to Azure Subscriptions to get your Microsoft sponsored subscription.

  1. Choose the Azure Log Analytics workspace that the assessment(s) you choose will be enabled in or use "Create New" to create a dedicated workspace for the assessment(s) if desired. Then click next.

The Create New workspace page.

Note

An Azure Log Analytics workspace may also be created from Azure using the steps documented in the How to Create new Azure Log Analytics Workspace from Azure article.

  1. At the conclusion of the linking process, click “View assessments."

The View Assessments button.

Note

If you have some policy definitions set up on Subscription, make sure you have allowed Microsoft.OperationalInsights and Microsoft.OperationsManagement resource types for linking to work. Select all checkboxes under these options.

The Allowed Resource Types menu with selectable options.

Add the Assessments in Services Hub

Warning

Follow the document setupassessment.pdf before proceeding with adding the assessment.

To configure an assessment, go to Services Hub, IT Health, and On-Demand Assessments. Browse through the assessment catalog and click "Add Assessment" to add the assessment that best fits your organization’s needs.

Select an assessment of your choice from the list of available assessments and click on "Add Assessment."

The Available On-Demand Assessments page with the Active Directory assessment highlighted.

The Active Directory assessment dialog box with the Add Assessment button highlighted.

You will be able to see the assessment tile added to AMA on top navigation section of assessment. You are now all set for next steps

Providing Access to Azure Log Analytics workspace

Granting access to the Log Analytics workspace to Microsoft personnel is necessary for CSA led deliveries of On-Demand Assessments and must be completed by the Azure subscription owner. We recommend you add users as a Log Analytics Reader role at Azure Subscription level to grant @microsoft.com users access to your Azure Log Analytics workspace to view your assessments In case of any security concerns with subscription, please provide both Log Analytics Reader at Azure Arc/VM level and Log Analytics Reader at Log Analytics workspace level explicitly.

Note

This step is not required for self-consumption of assessments without CSA led delivery.