How To Use Azure Change Tracking And Inventory To Track Software, Registry And File Changes

With Azure Automation’s Change Tracking and Inventory solution, you can collect and inventory information on installed software, files, Linux daemons, Windows Services and Windows Registry keys on Azure and non-Azure machines. In this Snip, Matt will demonstrate how to enable the Change Tracking and Inventory solution for an Azure Automation Account. Once enabled, we will walk through the steps for onboarding both Azure VMs and non-Azure machines. Then we will move on to configuring the Inventory items that we will be tracking changes for (Windows Registry, Windows Files, File Contents and Windows Services). Finally, we will use a Log Analytics query to return inventory results based on certain criteria.

Prerequisites include: Azure Subscription Azure Storage Account Azure VMs or Non-Azure Machines for onboarding

Recommended Snips: How To Crate An Azure Automation Account

Hello and Welcome to how to use the Azure change, tracking and inventory solution to track software registry and file changes. I have already created in Azure Automation account called Change Management. The first thing we do is enable change tracking inventory. Under configuration management let's click on inventory. Here we will be prompted to either select an existing workspace or create a new one. I'm going to select create a new workspace. Then click enable. This may take a minute or 2 once we get the information message that the change tracking inventory solution was enabled we need to go back and reload the inventory page. Next let's go ahead and on board some machines that we would like to track. Here we have 2 options. We can either. Add Azure VMS or non Azure machines. Let's start with Azure VM's. From my list of available Azure VMS. I'm going to select the nodes. I wish to track. Here, I'm going to select my 2 Windows VMS I've already created. And then click enable. This will submit a deployment to install the software needed for change in inventory tracking and connect the VM to this automation account. Now that those VMS have been enabled I'm going to go back and reload the inventory page. It may take some time for the machines to register themselves and start reporting so I'm going to move on to on boarding a non Azure machine. If we click on add non Azure machine. This will open a page with the instructions on connecting a computer to Azure and I'm going to walk through the steps necessary. Let's go back to the automation account and scroll down to linked workspace. From this screen click on go to workspace. This will take us to the log. Analytics workspace, we created when we enable change tracking an inventory. Here will need to go under connect a data source and click on Windows Linux and other sources. From this page select the operating system of your computer and download the corresponding agent. I have already downloaded the 64 bit agent to my local server. Then make sure you copy the workspace ID in primary key to use later. Now I've switched over to my local server that I want to on board. I'm going to run the installer that I just downloaded. Click on next then I agree and then click next to accept the installation folder. On the next screen check off connect the agent to Azure Log Analytics. Then click next. Now paste both the workspace ID and workspace key from earlier. If you need to configure proxy settings click advanced. Otherwise, just click next. I'm going to choose not to use Microsoft update, but the choice is yours here. And finally let's click install. Once that completes click on finish. And let's switch back to the Azure portal. I'm now back to my automation account and it's been a little while since installing the monitoring agent locally. You can see that my 2 Azure. VMS are now reporting and information alert has popped up, saying that a machine does not have change tracking enabled. So let's go ahead and click on manage machines. For this demo, I'm going to select enable on selected machines. You could enable on all available machines or all available in future machines. If you select future machines, you will not need to run this step. When onboarding new machines. I'm going to click add to add my local server and click enable. It will take a little while for that machine to start reporting so let's continue with the rest of the demo. On the inventory page. We have links for software files Windows Registry Windows Services Linux Daemons and machine groups. Let's start with software here, we can see a list of software installed on our reporting machines. We can see the name version publisher and number of machines at the software is installed on. You may also notice that Google Chrome is installed on one of the machines. You may want to use change tracking to monitor your servers for rogue software like this in your environment. If I click on Google Chrome. It will show a list of the properties for that software as well as which machines the software is installed on. Both files and registry have no data yet. That's because they have not been configured. Under Windows services, we can see the services running on our machines as well as what state they are in. Now let's go ahead and set up some files to monitor to do this click on edit settings. And first we will see a list of registry keys that are monitored by default. These are not enabled by default in each one would need to be enabled in order to track these changes. Before I configure files to monitor let's click on file content. This is where we will specify a storage account for storing the monitored files so we can compare changes to the file contents. We need to go ahead and link to an existing storage account with the files will be stored. Going to select my subscription. Then I'm going to select the storage account. I want to use. And I'm also going to make sure upload file content for all settings. This will allow us to view the changes to the content later. Now click on save. Let's go ahead and configure the files now. Click on windows files. And then click on ADD. First, I'm going to add a test text file that I want to monitor this will be located on the C drive. After entering the name and path. I'm going to set up load file content to true. This will allow us to view the changes to the content later now click on save. Now I'm going to click on add again and this time, I'm going to add a test folder on the C drive to monitor. I'm also going to set upload file content to true. We can also follow the same steps for files on Linux machines by default. It is set up to monitor configuration files in the at C folder OK. Now we can close the workspace configuration and wait for the machines to report in. I have waited and refreshed the inventory page and you can see that there are changes that have been reported. You can see from the machines list at my local server is now reporting as an an Azure machine. By click on files. You can see the test file and test folder that I created. Those are both reporting on my Windows 01 machine. Now let's go back to my Azure, VM where. I'm going to make some changes to the text files. First, I'm going to open the test text file. I'm just going to add some content. Going to save that file and close it. Now I'm going to go into my test folder and change the contents of the text file in there. I'm also going to add a new file to this folder. Now let's switch back to Azure and wait for the changes to be reported. Now, if I go to change tracking I can see recent changes to the machines in this list, including the file changes. Here, I can click on the test text file. And then click on view file content changes. This will show you the changes that were made to that file side by side or in line. Inventory data is also sent to Azure Log Analytics. We can search these logs by selecting log Analytics. At the top of the inventory or change tracking window. By default there is a query that is pulling the configuration data in ordering it by the time generated. I'm going to paste in a query that's going to look for software where the publisher is Google Inc. This will show us. The machines where any Google software is installed such as Chrome. You can also use the fields on the left hand side to narrow down your search is as well. And that was how to use the Azure change, tracking an inventory solution to track software registry and file changes.