In this release webinar, Bruce Cullen, Director of Engineering at SquaredUp, will present Dashboard Server 6.2’s latest enhancements including:

• Donut love
• SCOM Task improvements
• Tasks on alert tile

Register now to join the webinar on 8 May 2024.

Don’t worry if you miss the live webinar, we will send out a recording to all registrants!

The post Release webinar: Dashboard Server 6.2 appeared first on SquaredUp DS.

Improvements and updates include:

• Trend lines on line graph
• EAM-X alert description improvements
• Undo / Redo
• Auditing improvements
• 24h time formatting
• Number formatting options
• Performance tile drilldown options
• Alignment for Scalar tile
• Performance improvements

For the complete list of updates, check out the latest release notes.

Read on for a quick overview of the main feature improvements or click into the items that interest you in the contents list above.

Release webinar – watch the replay

Alternatively you can watch the recording of the release webinar presented by our Director of Product and Engineering Bruce Cullen.

Trend lines on line graph

The line graph is an important feature – being the bread and butter of seeing performance data from SCOM and other sources. We are excited to share that trend lines are now available on the line graph!

In the display panel, there is a new checkbox for trend lines, and we can adjust how far into the future we’d like the projected trend to extend.

This is a helpful change for understanding why something is in the state it’s in, and where things could potential go, rather than just displaying the data.

EAM-X: Alert description improvements

We have also improved the context provided in alerts for EAM-X. For those who are unfamiliar, EAM-X is the tier of Dashboard Server that brings you the benefits of both our cloud product (SquaredUp Cloud), and Dashboard Server. Our cloud product connects to over 100 data sources, extending your reach far beyond SCOM. Via a management pack, we are then able to pull down the cloud product’s notifications into SCOM – giving you the best of both worlds.

This is what an email notification from the cloud product looks like – it includes a preview screenshot and links to drill down into the data in question. Very helpful!

However, up until this release, while it worked fine, the SCOM alert we would raise from this SquaredUp Cloud alert didn’t look great. You’d have to infer or drill down into SquaredUp Cloud to get the answer.

In 6.1, alerts in SCOM pulled from your cloud notifications are a lot more helpful. We’ve sanitized the names for monitors and titles, and added helpful descriptions. All of the context is displayed in the SCOM UI, which means you don’t have to drill down into SquaredUp Cloud to understand what’s going on.

Before

In 6.1

Undo / Redo

Haven’t we all accidentally made changes to a dashboard? This new feature allows all page edits to be undone or redone. A small but mighty feature update!

Auditing improvements

In 6.0 we released auditing as a new feature. In 6.1 we have continued to make a few further quality of life improvements.

Ability to search for folder

In the initial launch of the Auditing feature, you could search for a user, some content, enterprise applications, or team folders – but you could not search for folders. We received feedback that this wasn’t ideal as sometimes users knew the folder in which a dashboard was saved, but not necessarily the name of the dashboard itself. We’ve now added the ability to search for a folder!

Team folder name

In 6.0, the team folder name wasn’t always displayed for a piece of content. As per the screenshot below, sometimes “default user-created” would be displayed instead. This wasn’t helpful in cases where it was important to see the team folder name – perhaps when you had moved the dashboard between team folders, and needed to see the change.

With 6.1, you can now see the team folder name when looking at your audit events.

Multiple filter options

In 6.0 you could only filter by a single event type at a time. Now, you can add as many different types as you like, giving you a lot more control without having to fall back to the raw SQL data. This makes sifting through audits a lot easier.

24h time formatting

This is perhaps one of our most-requested features over the last 4-5 years. While it is a seemingly minor change, it’s no doubt going to have a significant impact for some customers.

Up until this release, we displayed time in the 12h clock format. However, in some countries, a 12h clock format simply isn’t used. This change will help improve the user experience for people in those regions, especially in cases where the dashboards are shared with the wider business, beyond the core admin team.

Number formatting options

Up until this release, si units were the only option for number formatting. We have now added options for both small numbers and large numbers.

Large numbers – added separator option

A large number like 600,000 would previously have been displayed as 600k by default. Users can now select to display the number with a separator. This also adds a larger degree of precision, as we’d no longer be rounding to the nearest 1,000.

Small numbers – added decimals option

Small numbers refers to anything smaller than 1. Previously, a milli or a micro unit would have been displayed, which may or may not be the most helpful for your use case. The new option of decimals could be significantly more meaningful way of presenting and consuming your data, depending on what it is.

Performance tile drilldown options

We’ve added a Settings box found in the top right that now houses a few new options – such as the ability to toggle on / off the trend line and the ability to manipulate the data range.

We now also show more min, max and average details in the right hand column. If you click into one of the values, you can overlay a line onto the graph for easier reference.

The two new orange buttons next to the right hand column let you reset the trend line or go further into the future. Handy!

Alignment for Scalar tile

While it is a minor change, improved alignment options for the Scalar tile has been a highly requested feature. Perhaps it is not so surprising, given that dashboards are highly visual and often shared with all sorts of stakeholders!

In 6.1, you now have the ability to align left, right, or center.

General performance improvements

We’ve also made a few general performance improvements.

This includes some updates to VADA analyze mode which mean a lower overhead on SCOM servers, and a much lower change of locking up your browser.

We’ve also made some initial page size / speed load improvements.

Demo

Watch the demo by our Director of Engineering and Product, Bruce Cullen, for an in-product tour of the above features.

Download 6.1 now and get more info

Once you’re ready, you can download the latest version here. For a step-by-step guide on how to update your Dashboard Server SCOM Edition deployment to the latest version, see How to upgrade Dashboard Server SCOM Edition.

For the full set of details on other improvements in this release, read the Release Notes.

To get started with 6.1 if you’re new to SquaredUp, see How to install Dashboard Server SCOM Edition.

Thanks, and Happy Dashboarding!

The post SquaredUp Dashboard Server 6.1 is here appeared first on SquaredUp DS.

At the release webinar, Bruce presented 6.1’s latest enhancements including:

• 24-hour time format option
• Trend lines in time-series graphs
• EAM-X alert description improvements
• Undo/redo for draft dashboard editing
• Performance drill-down page improvements

And many more!

Watch the recording embedded above if you missed the live webinar!

The post Release webinar: Dashboard Server v6.1 appeared first on SquaredUp DS.

We’re excited to announce two brand new native integrations to DS for SCOM: SolarWinds Orion and Prometheus.  

You’ll now be able to surface both your SolarWinds and Prometheus metrics alongside your SCOM data for even deeper IT infrastructure insights.  

Get connected in seconds and start building dynamic dashboards for the ultimate single pane of glass. 

Read on to learn more about:  

• SolarWinds Orion integration
• Prometheus integration
• How to add a new integration

SolarWinds Orion integration

As one of the most widely used monitoring tools, SolarWinds is regarded as “best in class” for networking monitoring.  

With 30% of our Big SCOM survey 2022 respondents using it alongside SCOM day-to-day, it was about time we added it to our arsenal of powerful integrations. 

This highly requested update will now enable you to connect directly to SolarWinds via DS for SCOM to surface your most important metrics.

Visualize relationships, objects, health and more in 10 compatible visualizations, including the brand-new column graph!  

Like our other integrations (PowerShell, WebAPI, SQL/ODBC), our SolarWinds integration is totally UI driven, and only requires you to input a SolarWinds query string in SolarWinds Query Language (SWQL).   

See here to learn how to use the SolarWinds tile, or watch this short demo by Bruce Cullen, Director of Engineering here at SquaredUp.  

Prometheus integration

Over the last few years, we’ve seen an increase in the adoption of Prometheus, and to better support our customers, we’ve introduced the native Prometheus integration.   

You can now visualize your time-series Prometheus data alongside SCOM and SolarWinds with the use of Prometheus Query Language (PromQL).   

View your data in centralized dashboards for a holistic view of your entire IT infrastructure, and simplify troubleshooting, incident response, and overall management. 

While visualizations available natively in Prometheus are limited, the Prometheus integration we offer in Dashboard Server is fully UI driven and compatible with almost all of our visualizations:  

Learn more about our new Prometheus integration here, and check out the short video to see it in action: 

How to add a new integration

If you don’t already have a Prometheus or SolarWinds provider, you’ll need to create one before you can configure a tile. A provider only needs to be set up once and can then be used when creating tiles on a dashboard. 

Just follow these simple steps:

1. Log on to SquaredUp DS and navigate to the right-hand menu ☰ > system > Integrations 
2. Under integrations, select your chosen integration.   
3. Enter a name for the integration. This name will be shown in the select provider drop-down in the tiles.  
4. Enter the URL to your instance in the format:  
   • SolarWinds: https://solarwinds.contoso.com:17778/  
   • Prometheus: https://prometheus.contoso.com:9090/ 
5. Choose a username and password

If you are using a SolarWinds/Prometheus user account: Enter the username and password of the user account you want to use for authentication. The credentials will be Base64 encoded automatically. 

If you are using your integration with Windows authentication: Leave username and password blank. You need to log in to Prometheus/SolarWinds  and add the SquaredUp DS application pool account (meaning the SquaredUp DS application pool identity) to the list of authorized users.  

If the app pool identity is not a user account, you need to add the computer account as a user to your chosen integration.  

For more info, see How to check and modify the application pool identity. 

6. Ignore invalid ssl: Turn the on/off switch to on if you are using a self-signed certificate. 
7. Click save. The integration is now saved and can be used as a provider in all compatible tiles.

Download 6.0 now and get more info

To get started with 6.0 if you’re new to SquaredUp, see How to install Dashboard Server for SCOM. 

You can download the latest version here and read the Release Notes for details on other improvements in this release. 

For a step-by-step guide on how to update your Dashboard Server SCOM Edition deployment to the latest version, see How to upgrade Dashboard Server for SCOM. 

Happy dashboarding! 

The post New integrations in Dashboard Server 6.0: SolarWinds Orion and Prometheus  appeared first on SquaredUp DS.

Headlining as one of the biggest updates in 6.0 is the highly requested Auditing feature, which allows you to explore how your users interact with DS for SCOM.  

Track logins, dashboard & perspective changes, lifecycle events and more in centralized dashboards for the whole team.

Watch this short video to see it in action, or read on to learn about:

• Effortlessly tracking activity with the Audit Explorer
• Out-of-the-box dashboards
• Super easy set-up

Effortlessly track activity

If you’ve ever wondered “what happened to that critical dashboard that disappeared?”, then wonder no more. Auditing seeks to answer this question and more by recording all changes made to DS for SCOM.  

Particularly useful for those working in a high-compliance environment, you’ll now have full visibility of: 

• Who changed the permissions on a restricted Team Folder 
• Who modified an important Enterprise Application 
• Which dashboards are the most frequently used 
• Which users without a named user license trying to log into Dashboard Server 

It allows you to streamline your environment by cleaning up underutilized dashboards, folders, and users, and improve security by tracking all user actions including logins etc.  

Audit explorer

The Audit explorer is a super easy way to create custom Auditing graphs on the fly by searching, filtering, and visualizing all audit events.  

Let’s dive into a step-by-step walkthrough of how easy it is to create your own Auditing dashboards and reports.

Start by clicking the ‘explore’ button at the bottom of the ≡ > System > Auditing page or the ‘explore audit events’ button at the top of the auditing dashboards. 

You’ll then land on this audit explorer page: 

You can filter all audit events by user, content, enterprise application or folder, and search specific keywords i.e a dashboard name. If you have multiple things with the same name, then you’ll see multiple entries.

Because all audit events are stored in a separate SQL database, even if a dashboard or team folder has been deleted, you’ll be able to find it within the Audit explorer!  

As an example, let’s try and find the SCOM self-maintenance dashboard that seems to have disappeared.

To start, filter by ‘content’ and search the dashboard name.

Once selected, you’ll see a table on the right that shows all events related to the dashboard, including when it was unpublished, where it is now, and who made the change.  

If you want to see what else a specific user has been up to, filter by user, and search the user name to see a full list of audit events:  

All of this data can be taken from the SQL database itself, or you can export it to excel by clicking the excel icon in the top right of the Audit explorer view. 

For a more appealing view, you can customize the visualization by clicking on the ‘visualize’ drop down. Here’s a summary of Bruce’s activity over the last 24 hours: 

You can explore Audit event data even further by filtering by specific event types, i.e., dashboard deletion, and changing the timeframe to show events within set periods. 

Out-of-the-box dashboards

The Auditing dashboard pack includes five fully customizable out-of-the-box dashboards that allow you to view auditing information for users, dashboards and perspectives, Enterprise Applications and more.  

1. Administration event summary

A high-level summary of all audit events made within your environment, shown in a donut and table visualization.  

2. Dashboards and perspectives

This shows all changes made to dashboards and perspectives including events over time, most viewed dashboards, and event summaries.  

3. Enterprise Applications

Track which users created or modified an Enterprise Application, and when the change was made. 

4. Folders

Visualize all team folder events including created, deleted or modified.  

5. Users

Track all user login activity such as most active users, all log in events and log ins over time.  

Super easy set-up

To use the Auditing dashboard pack, you’ll need access to a new, empty SQL Server database (2016 and above). DS for SCOM will then write all audit entries to a table which is automatically created in the database. 

1. In DS for SCOM browse to ≡ > System > Auditing 
2. Specify your connection string, in this format: Server=
   <SQLservername>;Database= 
<AuditingDatabaseName>;Trusted_Connection=True; 
3. Click apply changes > Enable > confirm
4. Add the Auditing dashboard pack by clicking the Import Audit Pack button at the bottom of the System > Auditing page. 

When Auditing is enabled for the first time, a new SQL provider is added to the ≡ > System > Integrations page named Audit. This allows you to then create SQL tiles targeting the auditing database.  

Admins will also find five out-of-the-box dashboards automatically added to the navigation bar. These dashboards can be customized to your liking, or you can easily create your own dashboards from scratch.  

For more information on configuring Auditing, check out this knowledge base article.  

Download 6.0 now and get more info

To get started with 6.0 if you’re new to SquaredUp, see How to install Dashboard Server for SCOM.

You can download the latest version here and read the Release Notes for details on other improvements in this release.

For a step-by-step guide on how to update your Dashboard Server SCOM Edition deployment to the latest version, see How to upgrade Dashboard Server for SCOM.

Happy dashboarding!

The post Dashboard Server 6.0: Auditing appeared first on SquaredUp DS.

• The ability to track any changes made to your environment with the highly requested Auditing
• Two brand new native integrations: SolarWinds and Prometheus 
• A new Column Graph visualization  
• Significant Date Heatmap tile improvements

Catch the full release webinar recording at the bottom of the blog for a detailed demo by Bruce Cullen, Director of Engineering and Jason Beaudreau, VP of Product and Marketing.  

Auditing

This brand new, highly requested feature allows you to streamline your environment and improve security by tracking all changes made to your SquaredUp environment in centralized dashboards.  

Particularly useful for users working in a high-compliance environment, you can improve transparency by answering questions including: 

• How many users have logged into the server at different times of the day? 
• What happened to that critical dashboard that disappeared? Has it been moved, deleted, or renamed? 
• Which dashboards are the most frequently used? 

The Auditing dashboard pack comes with five out-of-the-box, fully customizable dashboards to get you started. Just point DS for SCOM at a new, empty SQL database (2016 and above), and all sessions will be automatically recorded as audit events. 

You can then search and filter all activity to find what you’re looking for.  

To see what you can track, and for more details on how to configure Auditing, check out the knowledge base.  

Watch this short video to see it in action:

SolarWinds integration

SolarWinds is known as the bread and butter of network monitoring, and according to our 2022 Big SCOM Survey, over 30% of our customers use it alongside SCOM.  

That’s why we’re delighted to introduce our new native SolarWinds integration.  

You can now effortlessly surface your SolarWinds metrics alongside your SCOM data for the ultimate single-pane-of-glass. View objects, relationships, health and more in the same rich visualizations you know and love.  

Like our other integrations (PowerShell, WebAPI, SQL/ODBC), our SolarWinds integration is totally UI driven, and only requires you to input a SolarWinds query string in SolarWinds Query Language (SWQL).  

For everything you need to know about this new tile, read this article or watch the video: 

Prometheus integration

Over the last few years, we’ve seen an increase in the adoption of Prometheus, and to better support our customers, we’ve introduced the native Prometheus integration.  

This will enable you to visualize your time-series Prometheus data alongside SCOM and SolarWinds with the use of Prometheus Query Language (PromQL).  

Whilst visualizations in Prometheus are limited, the DS tile is fully UI driven and compatible with almost all of our visualizations (including our new one: Column Graph!). 

Learn more about our new Prometheus integration here, and check out the short video to see it in action:

New Column Graph visualization

It wouldn’t be a major release without a cool new visualization, would it? Not to be confused with the bar graph, the column graph shows various bars stacked up against eachother, and slightly overlayed so you can see how events overlap over time.  

You can hover over various components for more information, and set the visualization to either solid (default) or transparent columns.  

Date Heatmap improvements

This popular visualization was originally introduced in 5.9, and shows a calendar like view that allows you to quickly spot patterns and trends by date and time. 

With a quick glance, the new and improved date heatmap doesn’t look too different, but we’ve made significant behind the scenes changes.  

Until now you could only view simple, unaggregated timestamp data pulled from SQL. But with 6.0, you can now quickly surface aggregated data for the Web API, SQL, SolarWinds and PowerShell tiles.  

With no more client-side data crunching, this tile is not only faster, but much more scalable for production-scale systems.  

Watch the webinar on demand

Download 6.0 now and get more info

To get started with 6.0 if you’re new to SquaredUp, see How to install Dashboard Server for SCOM. 

You can download the latest version here and read the Release Notes for details on other improvements in this release. 

For a step-by-step guide on how to update your Dashboard Server for SCOM deployment to the latest version, see How to upgrade Dashboard Server for SCOM. 

The post New release: Dashboard Server 6.0 just landed appeared first on SquaredUp DS.

Join Bruce Cullen, Director of Engineering, and Jason Baudreau, VP of Product, as they take you through 6.0’s latest enhancements:

• Auditing: Track any changes made within SquaredUp and visualize them in centralized dashboards. Improve security and streamline your environment. 
• SolarWinds intgeration: Connect to SolarWinds and monitor your network in the same rich visualizations you know and love. Objects, relationships, health, and more. 
• Prometheus integration: Surface your Prometheus data in a range of dynamic visualizations, alongside your SCOM data for that single-pane-of-glass view.

All webinar registrants will receive the full recording, and get early access to the release candidate.

The post Release webinar: Dashboard Server v6.0 appeared first on SquaredUp DS.

Ruben Zimmermann is an Infrastructure Architect at a large manufacturing company who likes Azure, KQL, PowerShell and, still, SCOM. In this article, he shares the Azure Active Directory dashboard he created in SquaredUp to analyze sign-in activity and walks us through how to use KQL to pull and visualize valuable data.

This Azure AD dashboard covers the following and more:

• Unique sign-ins
• Unique sign-ins over time
• Operating systems
• Password issues
• Risky sign-ins
• MFA successful sign-ins
• Top applications
• Guest users
• Guest domains

Introduction

There are some great benefits of using KQL with Azure AD to help you understand your sign-ins.

Having Azure AD as identity provider offers convenient Single Sign On experience for users. Plus, you get increased security due to MFA and other identity protection features.

Enabling auditing and storing the results in a Log Analytics Workplace allows detailed analysis about application usage, sign-in experience, user behavior and overseeing guest activity in your tenant.

Shortly after enabling logging, events are logged in the SigninLogs table.

Note: Nearly all queries I use in this blog are against the table shown in the image below.

(Find links about learning KQL in the appendix at the end of the blog. Also, suggestions for better queries are appreciated! )

Configuration & Code

I created a powerful Azure AD dashboard in SquaredUp Dashboard Server and throughout the blog, I’ll explain most of the visualizations in detail. The queries are written in KQL.

Unique SignIns Total

This first donut diagram shows the proportion of Guests to Members (here called Employees) with concrete numbers. Each Guest or Member login is only counted once.

SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| extend UserLoginType = iif(UserType == "Member","Employees","Guests")

| project UserLoginType, UserPrincipalName

| summarize dcount(UserPrincipalName) by UserLoginType

Azure -Log Analytics (Donut) is the best fit here.

Unique Sign Ins over Time

This diagram shows Guests and Members (here Employees) sign in count, summarized by day. Each day counts individually.

SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| extend UserLoginType = iif(UserType == "Member","Employee","Guest")

| project TimeGenerated, UserLoginType,UserPrincipalName

| summarize Employees = dcountif(UserPrincipalName,UserLoginType=="Employee"), Guests = dcountif(UserPrincipalName,UserLoginType=="Guest") by bin(TimeGenerated, 1d)

Azure – Log Analytics (Line Graph) is the visualization choice here.

Operating Systems

Used operating systems are mostly correctly identified and this visualization shows clearly where Azure AD applications are consumed.

SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| extend OSStrg = iif(isempty(tostring(DeviceDetail.operatingSystem)),"Unknown OS",tostring(DeviceDetail.operatingSystem))

| extend OSType = case (OSStrg matches regex "Windows", "Windows"
  , OSStrg matches regex "iOS", "iOS"
  , OSStrg matches regex "MacOs", "MacOs"
  , OSStrg matches regex "Android", "Android"
  , OSStrg matches regex "Linux", "Linux", "Unknown OS"
)

I picked the Azure – Log Analytics (Bar Graph) for this visualization.

Password Issues

Users failing to login due to password issues or other errors are shown here. Only the last day is considered in the query.

For the donut, use the following KQL query:

SigninLogs

| where TimeGenerated between (ago(1d) .. now())

| where ResultType in(50144,50133,50126,50053)

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| summarize arg_max(TimeGenerated, *) by UserPrincipalName

| extend IssueType = case (
  ResultType == 50126, "Invalid username or bad password",
  ResultType == 50133, "Session invalid due to recent password change",
  ResultType == 50144, "Password expired",
  ResultType == 50133, "Account locked", "Unknown"
  )

| where IssueType !in("Unknown","Session invalid due to recent password change","Invalid username or bad password")

| extend readableDate = format_datetime(TimeGenerated,"yyyy-MM-dd HH:mm")

| summarize Users = dcount(UserPrincipalName) by IssueType

The table overview is built with the lines below.

SigninLogs

| where TimeGenerated between (ago(1d) .. now())

| where ResultType in(50144,50133,50126,50053)

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| summarize arg_max(TimeGenerated, *) by UserPrincipalName

| extend IssueType = case (
  ResultType == 50126, "Invalid username or bad password",
  ResultType == 50133, "Session invalid due to recent password change",
  ResultType == 50144, "Password expired",
  ResultType == 50133, "Account locked", "Unknown"
  )

| where IssueType !in("Unknown","Session invalid due to recent password change","Invalid username or bad password")

| extend readableDate = format_datetime(TimeGenerated,"yyyy-MM-dd HH:mm")

| extend Day = format_datetime(TimeGenerated,"yyyy-MM-dd")

| extend Time = format_datetime(TimeGenerated,"HH:mm")

| summarize by IssueType, readableDate, UserDisplayName,UserID=onPremisesSamAccountName, Day, Time

Risky Sign-ins

One of Azure ADs most famous protection features is Risky Sign-Ins. An algorithm here checks for possible malicious sign in attempts that occur when credential theft has occurred.

I store this information in the AADUserRiskEvents table.

AADUserRiskEvents

| where TimeGenerated between (ago(1d) .. now())

| where RiskState != "dismissed"

| where RiskState != "remediated"

| extend readableDate = format_datetime(TimeGenerated,"yyyy-MM-dd HH:mm")

| extend Day = format_datetime(TimeGenerated,"yyyy-MM-dd")

| extend Time = format_datetime(TimeGenerated,"HH:mm")

| summarize arg_max(TimeGenerated, *) by UserPrincipalName

| project User = replace_string(UserPrincipalName,"@mydomain.com",""), readableDate, RiskLevel, RiskEventType, RiskState, tostring(Location.city), Day, Time

I used the Azure – Log Analytics (grid) for the table. Conditional formatting helps us spot the most serious events.

MFA Successful Sign Ins

Details about usage and preference of MFA can be obtained from the Sign-In logs.

SigninLogs

| where TimeGenerated between (startofday(ago(7d)) .. now())

| where ResultType == 0 and ConditionalAccessStatus == 'success' and Status.additionalDetails == "MFA completed in Azure AD" and ConditionalAccessPolicies[0].result == "success" and parse_json(tostring(ConditionalAccessPolicies[0].enforcedGrantControls))[0] == "Mfa"

| where UserType == "Member"

| project Identity, MFAType = iif(isempty(tostring(MfaDetail.authMethod)),"unknown",tostring(MfaDetail.authMethod))

| summarize TotalUsers = dcount(Identity) by MFAType

| sort by TotalUsers desc

Top 5 Non-MS Applications

I also wanted to retrieve usage trends for non-Microsoft applications. Microsoft recently released a website which lists many of its applications. Unfortunately, it doesn’t list them all and it’s a static website. But I created a visualization for the top 5 non-MS apps used.

See: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in

let MicrosoftApps = datatable (AppName: string, AppId: string )

[
  "ACOM Azure Website","23523755-3a2b-41ca-9315-f81f3f566a95",

  "AEM-DualAuth","69893ee3-dd10-4b1c-832d-4870354be3d8",

  "ASM Campaign Servicing","0cb7b9ec-5336-483b-bc31-b15b5788de71",

  "Azure Advanced Threat Protection","7b7531ad-5926-4f2d-8a1d-38495ad33e17",

  "Azure Data Lake","e9f49c6b-5ce5-44c8-925d-015017e9f7ad",

  "Azure Lab Services Portal","835b2a73-6e10-4aa5-a979-21dfda45231c",

  "Azure Portal","c44b4083-3bb0-49c1-b47d-974e53cbdf3c",

  "AzureSupportCenter","37182072-3c9c-4f6a-a4b3-b3f91cacffce",

  "Bing","9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7",

  "CPIM Service","bb2a2e3a-c5e7-4f0a-88e0-8e01fd3fc1f4",

  "CRM Power BI Integration","e64aa8bc-8eb4-40e2-898b-cf261a25954f",

  "Dataverse","00000007-0000-0000-c000-000000000000",

  "Enterprise Roaming and Backup","60c8bde5-3167-4f92-8fdb-059f6176dc0f",

  "IAM Supportability","a57aca87-cbc0-4f3c-8b9e-dc095fdc8978",

  "IrisSelectionFrontDoor","16aeb910-ce68-41d1-9ac3-9e1673ac9575",

  "MCAPI Authorization Prod","d73f4b35-55c9-48c7-8b10-651f6f2acb2e",

  "Media Analysis and Transformation Service","944f0bd1-117b-4b1c-af26-804ed95e767e",

  "Media Analysis and Transformation Service2","0cd196ee-71bf-4fd6-a57c-b491ffd4fb1e", 

  "O365 Suite UX","4345a7b9-9a63-4910-a426-35363201d503",

  "Office Delve","94c63fef-13a3-47bc-8074-75af8c65887a",

  "Office Online Add-in SSO","93d53678-613d-4013-afc1-62e9e444a0a5",

  "Office Online Client AAD- Augmentation Loop","2abdc806-e091-4495-9b10-b04d93c3f040",

  "Office Online Client AAD- Loki","b23dd4db-9142-4734-867f-3577f640ad0c",

  "Office Online Client AAD- Maker","17d5e35f-655b-4fb0-8ae6-86356e9a49f5",

  "Office Online Client MSA- Loki","b6e69c34-5f1f-4c34-8cdf-7fea120b8670",

  "Office Online Core SSO","243c63a3-247d-41c5-9d83-7788c43f1c43",

  "Office Online Search","a9b49b65-0a12-430b-9540-c80b3332c127",

  "Office.com","4b233688-031c-404b-9a80-a4f3f2351f90",

  "Office365 Shell WCSS-Client","89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",

  "OfficeClientService","0f698dd4-f011-4d23-a33e-b36416dcb1e6",

  "OfficeHome","4765445b-32c6-49b0-83e6-1d93765276ca",

  "OfficeShredderWacClient","4d5c2d63-cf83-4365-853c-925fd1a64357",

  "OMSOctopiPROD","62256cef-54c0-4cb4-bcac-4c67989bdc40",

  "OneDrive SyncEngine","ab9b8c07-8f02-4f72-87fa-80105867a763",

  "OneNote","2d4d3d8e-2be3-4bef-9f87-7875a61c29de",

  "Outlook Mobile","27922004-5251-4030-b22d-91ecd9a37ea4",

  "Partner Customer Delegated Admin Offline Processor","a3475900-ccec-4a69-98f5-a65cd5dc5306",

  "Password Breach Authenticator","bdd48c81-3a58-4ea9-849c-ebea7f6b6360",

  "Power BI Service","00000009-0000-0000-c000-000000000000",

  "SharedWithMe","ffcb16e8-f789-467c-8ce9-f826a080d987",

  "SharePoint Online Web Client Extensibility","08e18876-6177-487e-b8b5-cf950c1e598c",

  "Signup","b4bddae8-ab25-483e-8670-df09b9f1d0ea",

  "Skype for Business Online","00000004-0000-0ff1-ce00-000000000000",

  "Sway","905fcf26-4eb7-48a0-9ff0-8dcc7194b5ba",

  "Universal Store Native Client","268761a2-03f3-40df-8a8b-c3db24145b6b",

  "Vortex [wsfed enabled]","5572c4c0-d078-44ce-b81c-6cbf8d3ed39e",

  "Yammer","00000005-0000-0ff1-ce00-000000000000",

  "Yammer Web","c1c74fed-04c9-4704-80dc-9f79a2e515cb",

  "Yammer Web Embed","e1ef36fd-b883-4dbf-97f0-9ece4b576fc6",

  "Windows Sign In","38aa3b87-a06d-4817-b275-7a316988d93b",

  "PowerApps - apps.powerapps.com","3e62f81e-590b-425b-9531-cad6683656cf",

  "make.powerapps.com","a8f7a65c-f5ba-4859-b2d6-df772c264e9d",

  "Microsoft Azure Information Protection","c00e9d32-3c8d-4a7d-832b-029040e7db99",

  "Microsoft Edge Enterprise New Tab Page","d7b530a4-7680-4c23-a8bf-c52c121d2e87",

  "Microsoft Account Controls V2","7eadcef8-456d-4611-9480-4fff72b8b9e2",

  "SharePoint Online Client Extensibility Web Application Principal","f7f708bc-b136-4073-b000-e730786c986e",

  "Power BI Desktop","7f67af8a-fedc-4b08-8b4e-37c4d127b6cf",

  "Office Online Print SSO","3ce44149-e365-40e4-9bb4-8c0ecb710fe6",

  "PowerApps","4e291c71-d680-4d0e-9640-0a3358e31177",

  "My Profile","8c59ead7-d703-4a27-9e55-c96a0054c8d2",

  "Apple Internet Accounts","f8d98a96-0999-43f5-8af3-69971c7bb423",

  "My Signins","19db86c3-b2b9-44cc-b339-36da233a3be2",

  "My Apps","2793995e-0a7d-40d7-bd35-6968ba142197"

];

let MicrosoftAppIdList = MicrosoftApps | summarize MicrosoftAppIds = make_list(AppId);

let AllMembers = materialize(SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserType == "Member"

| where UserPrincipalName matches regex @"\w+@\w+\.\w+");

AllMembers

| project TimeGenerated, Location, AppDisplayName, LoginCity=tostring(LocationDetails.city), UserPrincipalName, OSType = tostring(DeviceDetail.operatingSystem), AppId, UserType

| where tostring(AppId) !in (MicrosoftAppIdList)

| where AppDisplayName !startswith("Microsoft")

| where AppDisplayName !startswith("Office")

| where AppDisplayName !startswith("Windows")

| summarize UserCount = dcount(UserPrincipalName) by AppDisplayName

| sort by UserCount desc

| top 5 by UserCount

Top 5 MS Applications (OneDrive, Teams, SharePoint excluded)

This query focusses on Microsoft Applications. As every user uses OneDrive, SharePoint, and Teams those are excluded.

let MicrosoftApps = datatable (AppName: string, AppId: string )

[

  "ACOM Azure Website","23523755-3a2b-41ca-9315-f81f3f566a95",

  "AEM-DualAuth","69893ee3-dd10-4b1c-832d-4870354be3d8",

  "ASM Campaign Servicing","0cb7b9ec-5336-483b-bc31-b15b5788de71",

  "Azure Advanced Threat Protection","7b7531ad-5926-4f2d-8a1d-38495ad33e17",

  "Azure Data Lake","e9f49c6b-5ce5-44c8-925d-015017e9f7ad",

  "Azure Lab Services Portal","835b2a73-6e10-4aa5-a979-21dfda45231c",

  "Azure Portal","c44b4083-3bb0-49c1-b47d-974e53cbdf3c",

  "AzureSupportCenter","37182072-3c9c-4f6a-a4b3-b3f91cacffce",

  "Bing","9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7",

  "CPIM Service","bb2a2e3a-c5e7-4f0a-88e0-8e01fd3fc1f4",

  "CRM Power BI Integration","e64aa8bc-8eb4-40e2-898b-cf261a25954f",

  "Dataverse","00000007-0000-0000-c000-000000000000",

  "Enterprise Roaming and Backup","60c8bde5-3167-4f92-8fdb-059f6176dc0f",

  "IAM Supportability","a57aca87-cbc0-4f3c-8b9e-dc095fdc8978",

  "IrisSelectionFrontDoor","16aeb910-ce68-41d1-9ac3-9e1673ac9575",

  "MCAPI Authorization Prod","d73f4b35-55c9-48c7-8b10-651f6f2acb2e",

  "Media Analysis and Transformation Service","944f0bd1-117b-4b1c-af26-804ed95e767e",

  "Media Analysis and Transformation Service2","0cd196ee-71bf-4fd6-a57c-b491ffd4fb1e", 

  "O365 Suite UX","4345a7b9-9a63-4910-a426-35363201d503",

  "Office Delve","94c63fef-13a3-47bc-8074-75af8c65887a",

  "Office Online Add-in SSO","93d53678-613d-4013-afc1-62e9e444a0a5",

  "Office Online Client AAD- Augmentation Loop","2abdc806-e091-4495-9b10-b04d93c3f040",

  "Office Online Client AAD- Loki","b23dd4db-9142-4734-867f-3577f640ad0c",

  "Office Online Client AAD- Maker","17d5e35f-655b-4fb0-8ae6-86356e9a49f5",

  "Office Online Client MSA- Loki","b6e69c34-5f1f-4c34-8cdf-7fea120b8670",

  "Office Online Core SSO","243c63a3-247d-41c5-9d83-7788c43f1c43",

  "Office Online Search","a9b49b65-0a12-430b-9540-c80b3332c127",

  "Office.com","4b233688-031c-404b-9a80-a4f3f2351f90",

  "Office365 Shell WCSS-Client","89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",

  "OfficeClientService","0f698dd4-f011-4d23-a33e-b36416dcb1e6",

  "OfficeHome","4765445b-32c6-49b0-83e6-1d93765276ca",

  "OfficeShredderWacClient","4d5c2d63-cf83-4365-853c-925fd1a64357",

  "OMSOctopiPROD","62256cef-54c0-4cb4-bcac-4c67989bdc40",

  "OneDrive SyncEngine","ab9b8c07-8f02-4f72-87fa-80105867a763",

  "OneNote","2d4d3d8e-2be3-4bef-9f87-7875a61c29de",

  "Outlook Mobile","27922004-5251-4030-b22d-91ecd9a37ea4",

  "Partner Customer Delegated Admin Offline Processor","a3475900-ccec-4a69-98f5-a65cd5dc5306",

  "Password Breach Authenticator","bdd48c81-3a58-4ea9-849c-ebea7f6b6360",

  "SharedWithMe","ffcb16e8-f789-467c-8ce9-f826a080d987",

  "SharePoint Online Web Client Extensibility","08e18876-6177-487e-b8b5-cf950c1e598c",

  "Signup","b4bddae8-ab25-483e-8670-df09b9f1d0ea",

  "Skype for Business Online","00000004-0000-0ff1-ce00-000000000000",

  "Sway","905fcf26-4eb7-48a0-9ff0-8dcc7194b5ba",

  "Universal Store Native Client","268761a2-03f3-40df-8a8b-c3db24145b6b",

  "Vortex [wsfed enabled]","5572c4c0-d078-44ce-b81c-6cbf8d3ed39e", 

  "Windows Sign In","38aa3b87-a06d-4817-b275-7a316988d93b", 

  "Microsoft Edge Enterprise New Tab Page","d7b530a4-7680-4c23-a8bf-c52c121d2e87",

  "Microsoft Account Controls V2","7eadcef8-456d-4611-9480-4fff72b8b9e2",

  "SharePoint Online Client Extensibility Web Application Principal","f7f708bc-b136-4073-b000-e730786c986e", 

  "Office Online Print SSO","3ce44149-e365-40e4-9bb4-8c0ecb710fe6",

  "My Profile","8c59ead7-d703-4a27-9e55-c96a0054c8d2",

  "Apple Internet Accounts","f8d98a96-0999-43f5-8af3-69971c7bb423",

  "My Signins","19db86c3-b2b9-44cc-b339-36da233a3be2",

  "My Apps","2793995e-0a7d-40d7-bd35-6968ba142197"

];

let MicrosoftAppIdList = MicrosoftApps | summarize MicrosoftAppIds = make_list(AppId);

let AllMembers = materialize(SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserType == "Member"

| where UserPrincipalName matches regex @"\w+@\w+\.\w+");

AllMembers

| project TimeGenerated, Location, AppDisplayName, LoginCity=tostring(LocationDetails.city), UserPrincipalName, OSType = tostring(DeviceDetail.operatingSystem), AppId, UserType

| where tostring(AppId) !in (MicrosoftAppIdList)

| where AppDisplayName matches regex "(?i)Power|make|yammer|dataverse"

| where AppDisplayName !contains("PowerShell")

| extend AppType = case (AppId in("3e62f81e-590b-425b-9531-cad6683656cf", "a8f7a65c-f5ba-4859-b2d6-df772c264e9d", "4e291c71-d680-4d0e-9640-0a3358e31177","065d9450-1e87-434e-ac2f-69af271549ed"), "Power Apps"
  , AppDisplayName matches regex "Power BI|PowerBI" , "Power BI"
  , AppDisplayName has "Yammer", "Yammer"
  , AppDisplayName
  )

| summarize UserCount = dcount(UserPrincipalName) by  AppType

| top 10 by UserCount

| sort by UserCount desc

Guest Users Total

This SquaredUp visualization shows the total number of individual Guest accounts who are signed in.

SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| where UserType == "Guest"

| project TimeGenerated, UserPrincipalName

| summarize DomainCount = dcount(UserPrincipalName)

Guest Domains Total

This query groups guests by their domain name and counts them as Guest-Domain.

SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| where UserType == "Guest"

| project TimeGenerated, UserPrincipalName

| extend MailDomain = replace_string(extract("@\\S+$",0,UserPrincipalName),"@","")

| summarize DomainCount = dcount(MailDomain)

Top 5 Users of Guest Domains

This next chart shows which Guest Domains show up most.

SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| where UserPrincipalName !endswith("mydomain.com")

| where UserType == "Guest"

| project TimeGenerated, AppDisplayName, UserPrincipalName

| extend MailDomain = replace_string(extract("@\\S+$",0,UserPrincipalName),"@","")

| summarize GuestCount = dcount(UserPrincipalName) by MailDomain

| top 5 by GuestCount

Top 5 Applications by Guests

The final visualization – a donut chart – shows which applications are used most by guests. I excluded the most popular Microsoft Applications.

let MicrosoftApps = datatable (AppName: string, AppId: string )

[

  "ACOM Azure Website","23523755-3a2b-41ca-9315-f81f3f566a95",

  "AEM-DualAuth","69893ee3-dd10-4b1c-832d-4870354be3d8",

  "ASM Campaign Servicing","0cb7b9ec-5336-483b-bc31-b15b5788de71",

  "Azure Advanced Threat Protection","7b7531ad-5926-4f2d-8a1d-38495ad33e17",

  "Azure Data Lake","e9f49c6b-5ce5-44c8-925d-015017e9f7ad",

  "Azure Lab Services Portal","835b2a73-6e10-4aa5-a979-21dfda45231c",

  "Azure Portal","c44b4083-3bb0-49c1-b47d-974e53cbdf3c",

  "AzureSupportCenter","37182072-3c9c-4f6a-a4b3-b3f91cacffce",

  "Bing","9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7",

  "CPIM Service","bb2a2e3a-c5e7-4f0a-88e0-8e01fd3fc1f4",

  "CRM Power BI Integration","e64aa8bc-8eb4-40e2-898b-cf261a25954f",

  "Dataverse","00000007-0000-0000-c000-000000000000",

  "Enterprise Roaming and Backup","60c8bde5-3167-4f92-8fdb-059f6176dc0f",

  "IAM Supportability","a57aca87-cbc0-4f3c-8b9e-dc095fdc8978",

  "IrisSelectionFrontDoor","16aeb910-ce68-41d1-9ac3-9e1673ac9575",

  "MCAPI Authorization Prod","d73f4b35-55c9-48c7-8b10-651f6f2acb2e",

  "Media Analysis and Transformation Service","944f0bd1-117b-4b1c-af26-804ed95e767e",

  "Media Analysis and Transformation Service2","0cd196ee-71bf-4fd6-a57c-b491ffd4fb1e",

  "O365 Suite UX","4345a7b9-9a63-4910-a426-35363201d503",

  "Office Delve","94c63fef-13a3-47bc-8074-75af8c65887a",

  "Office Online Add-in SSO","93d53678-613d-4013-afc1-62e9e444a0a5",

  "Office Online Client AAD- Augmentation Loop","2abdc806-e091-4495-9b10-b04d93c3f040",

  "Office Online Client AAD- Loki","b23dd4db-9142-4734-867f-3577f640ad0c",

  "Office Online Client AAD- Maker","17d5e35f-655b-4fb0-8ae6-86356e9a49f5",

  "Office Online Client MSA- Loki","b6e69c34-5f1f-4c34-8cdf-7fea120b8670",

  "Office Online Core SSO","243c63a3-247d-41c5-9d83-7788c43f1c43",

  "Office Online Search","a9b49b65-0a12-430b-9540-c80b3332c127",

  "Office.com","4b233688-031c-404b-9a80-a4f3f2351f90",

  "Office365 Shell WCSS-Client","89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",

  "OfficeClientService","0f698dd4-f011-4d23-a33e-b36416dcb1e6",

  "OfficeHome","4765445b-32c6-49b0-83e6-1d93765276ca",

  "OfficeShredderWacClient","4d5c2d63-cf83-4365-853c-925fd1a64357",

  "OMSOctopiPROD","62256cef-54c0-4cb4-bcac-4c67989bdc40",

  "OneDrive SyncEngine","ab9b8c07-8f02-4f72-87fa-80105867a763",

  "OneNote","2d4d3d8e-2be3-4bef-9f87-7875a61c29de",

  "Outlook Mobile","27922004-5251-4030-b22d-91ecd9a37ea4",

  "Partner Customer Delegated Admin Offline Processor","a3475900-ccec-4a69-98f5-a65cd5dc5306",

  "Password Breach Authenticator","bdd48c81-3a58-4ea9-849c-ebea7f6b6360",

  "Power BI Service","00000009-0000-0000-c000-000000000000",

  "SharedWithMe","ffcb16e8-f789-467c-8ce9-f826a080d987",

  "SharePoint Online Web Client Extensibility","08e18876-6177-487e-b8b5-cf950c1e598c",

  "Signup","b4bddae8-ab25-483e-8670-df09b9f1d0ea",

  "Skype for Business Online","00000004-0000-0ff1-ce00-000000000000",

  "Sway","905fcf26-4eb7-48a0-9ff0-8dcc7194b5ba",

  "Universal Store Native Client","268761a2-03f3-40df-8a8b-c3db24145b6b",

  "Vortex [wsfed enabled]","5572c4c0-d078-44ce-b81c-6cbf8d3ed39e",

  "Yammer","00000005-0000-0ff1-ce00-000000000000",

  "Yammer Web","c1c74fed-04c9-4704-80dc-9f79a2e515cb",

  "Yammer Web Embed","e1ef36fd-b883-4dbf-97f0-9ece4b576fc6",

  "Windows Sign In","38aa3b87-a06d-4817-b275-7a316988d93b",

  "PowerApps - apps.powerapps.com","3e62f81e-590b-425b-9531-cad6683656cf",

  "make.powerapps.com","a8f7a65c-f5ba-4859-b2d6-df772c264e9d",

  "Microsoft Azure Information Protection","c00e9d32-3c8d-4a7d-832b-029040e7db99",

  "Microsoft Edge Enterprise New Tab Page","d7b530a4-7680-4c23-a8bf-c52c121d2e87",

  "Microsoft Account Controls V2","7eadcef8-456d-4611-9480-4fff72b8b9e2",

  "SharePoint Online Client Extensibility Web Application Principal","f7f708bc-b136-4073-b000-e730786c986e",

  "Power BI Desktop","7f67af8a-fedc-4b08-8b4e-37c4d127b6cf",

  "Office Online Print SSO","3ce44149-e365-40e4-9bb4-8c0ecb710fe6",

  "PowerApps","4e291c71-d680-4d0e-9640-0a3358e31177",

  "My Profile","8c59ead7-d703-4a27-9e55-c96a0054c8d2",

  "Apple Internet Accounts","f8d98a96-0999-43f5-8af3-69971c7bb423",

  "My Signins","19db86c3-b2b9-44cc-b339-36da233a3be2",

  "My Apps","2793995e-0a7d-40d7-bd35-6968ba142197"

];

let MicrosoftAppIdList = MicrosoftApps | summarize MicrosoftAppIds = make_list(AppId);

let AllMembers = materialize(SigninLogs

| where TimeGenerated between (startofday(ago (7d)) .. now())

| where ResultType == 0

| where UserPrincipalName matches regex @"\w+@\w+\.\w+"

| where UserType == "Guest");

AllMembers

| project TimeGenerated, Location, AppDisplayName, UserPrincipalName, AppId

| where tostring(AppId) !in (MicrosoftAppIdList)

| where AppDisplayName !startswith("Microsoft")

| where AppDisplayName !startswith("Office")

| where AppDisplayName !startswith("Windows")

| summarize UserCount = dcount(UserPrincipalName) by AppDisplayName

| top 5 by UserCount

| sort by UserCount desc

Conclusion

These queries demonstrate the power of KQL to visualize your Azure Active Directory. In combination with SquaredUp dashboards, you can powerfully visualize all your Azure AD utilization.

Appendix

KQL is a very interesting query language. Best training resources in my opinion are:

• https://www.pluralsight.com/courses/kusto-query-language-kql-from-scratch

• https://www.pluralsight.com/courses/microsoft-azure-data-explorer-starting

The post Understand your Azure Active Directory SignIns with KQL appeared first on SquaredUp DS.

You’ll find updates and additions including:

• Support for SCOM MI (beta)
• New date heat map visualization
• Personalized dashboards for all users (including read-only)
• Vertical bar graph
• Copy and paste tiles using your clipboard
• Home and favorited dashboards
• SquaredUp Cloud Management pack enhancements for EAM-X
• And more!

For the complete list of updates and improvements, check out the latest release notes.

Here’s a quick overview of the main features of SquaredUp Dashboard Server 5.9.

Beta support for SCOM MI

SquaredUp now offers beta support for SquaredUp Dashboard Server for SCOM Managed Instance (MI) – the new Microsoft offering of SCOM in the cloud. You can easily switch to using SCOM MI in SquaredUp and see all the data and metrics that you could for SCOM.  

Date heat map

We have a brand new visualization for 5.9 – date heat maps. These give you a calendar-like view with dates down the left and times across the top for alerts. You can use this with SQL, PowerShell and Web API too, so you can hook it up to custom sources. This new visualization lets you quickly see patterns and trends by date and time.

As with other SquaredUp visualizations, you can scope it to what you want. For example, you could create the visualization for a SQL group only. Plus, you can filter on severity, priority, source, owner, and state; adjust the timeframe; and edit the date property. You can also adjust the display to toggle on and off weekends or weekdays and change the heat map color palette and shape.

As always, hovering over a data point shows you the details and you can drill down to see the specific alerts or events that caused the time squared on the heat map to get hot.

Personal dashboards

In previous versions, you used to have to have an author permission over a team folder to modify dashboards within that team folder. However, some customers want the ability for even read-only users to be able to create or modify their own dashboards for troubleshooting purposes. This is now possible in 5.9!

Read-only users can’t edit existing dashboards but they can create a new, personal dashboard that’s only visible to them. This is great if they need access to see a very specific set of data.

Vertical bar graph

Another new addition is the vertical bar graph. The vertical bar graph lets you see a lot more data at once. You don’t have to scroll or filter to show only the top 10. You can see a large number of bars across the dashboard instead.

Select the usual bar graph tile and simply adjust it from horizontal to vertical in the settings. You can still use all the same bar graph features, like conditional colors, and even change the bar width.

Copy and paste tiles with clipboard

Although possible before by editing a tile and copying its JSON , it wasn’t so easy to copy and paste a tile. Now, you can copy a tile with your local clipboard to paste it into any dashboard. This lets you reuse tiles anywhere with ease. You can even tweak tiles without breaking the existing one by creating a copy to experiment on.

Home dashboard and favorite dashboards

Use one dashboard constantly? Select a Home dashboard to appear when you log into Dashboard Server or click on the SquaredUp logo. Simply click the ‘Set Home Dashboard’ button on the top right of a dashboard. As a note, you can only have one home dashboard but you can replace it whenever you need. This is set per user, not by an admin, so the home dashboard is tailored to each user.

Want more dashboards at your fingertips? You can also add dashboards to the new favorites category. This is super useful for busy SCOM deployments with hundreds of dashboards run by multiple teams if you’re only interested in a subset. Simply click the Favorites button on the top right of a dashboard and you can find all your favorites in the star menu.

SquaredUp Cloud MP enhancements for EAM-X

SquaredUp Dashboard Server EAM-X lets you plug in to the power of SquaredUp Cloud to surface the health of 60+ tools that have no affordable, native management pack for SCOM. 

If you have EAM-X, you’ll enjoy the new tighter integration with SquaredUp Cloud management pack (MP). This now pulls SquaredUp Cloud objects from SquaredUp Cloud down to SCOM so you can see their health alongside other objects you already have from the native SCOM MPs.  

This is a significant improvement on previous versions, which were only able to sync health for Workspaces, Dashboards, and Tiles. Previously, if you had a tile containing 20 VMs and one was unhealthy, there was no way to tell which one that was without clicking through to SquaredUp Cloud to see the tile in question. This is now accomplished through a new MP.  

In addition, the 5.9 version of the MP adds support for SquaredUp Cloud in the EU region.

A new tile makes it easier to set up SquaredUp Cloud. Simply click on the More tile option, which will show you if the SquaredUp Cloud MP is detected. If it isn’t you’ll get info on how to get it. If it is detected, you can then import the dashboard pack and get instant access to the full range of objects.  

You can discover scopes to see their state. The updated MP lets you click through into SquaredUp Cloud to get more details on the health of that object to figure out why it’s red.  

SquaredUp Cloud MP enhancements

• Shipping around GA
• Requires MP upgrade
• Object health
• Scope health
• More relationships between the objects SCOM discovers
  • Discovers objects from SquaredUp Cloud
  • Shows health of objects
  • Enabled by default for all your manually created scopes

Download 5.9 now and get more info

To get started with 5.9 if you’re new to SquaredUp, see How to install Dashboard Server SCOM Edition.

You can download the latest version here and read the Release Notes for details on other improvements in this release.

For a step-by-step guide on how to update your Dashboard Server SCOM Edition deployment to the latest version, see How to upgrade Dashboard Server SCOM Edition.

The post SquaredUp Dashboard Server 5.9 out now appeared first on SquaredUp DS.

Introducing Dashboard Server for SCOM v5.9!

Experience new ways to visualize your SCOM data, with the new date heatmap and more!

• Date heatmap tile to surface data counts across date ranges 
• New export + import flows for all tiles
• Major improvements to user personalization
• and more!

The post Dashboard Server 5.9 appeared first on SquaredUp DS.

The new release has some much-requested new features and functions that will help you visualize your SCOM data better.

Here’s what’s new:

• New visualization: Stack tile
• Conditional custom colors on more tiles
• Monitor tile: grouping improvements
• Plus many more enhancements

Catch the full release webinar recording at the bottom of the blog for a detailed demo by Bruce Cullen, Director of Advanced Products at SquaredUp. 

Visualize health status of any SCOM object – Stack tile

The new(ish) Stack tile lets you instantly visualize the health status of any object in SCOM. This tile has been available before but you can now add it to any dashboard or perspective to quickly see the upstream impact of an outage on a low-level object.

Just select the hosting stack tile when building a dashboard. You don’t need JSON for this tile. Scope to a single monitored object and it will show you the object. Now, with the Stack tile, you can see the whole gist of an application without VADA.

An all-new feature for the tile is its ability to show the power state of objects and when something is in maintenance mode. Plus, you can drill down into each object for more details to discover root causes of any issues.

Never miss a monitor in error state – new groupings

5.8 now lets you group monitors by health state in the icons tile!

This was a highly requested feature. Now you can see any monitors in error state at the top of your tile without having to scan through the whole list.

You can also order by object name alphabetically – ascending or descending. And, as before, you can filter your objects to show only the objects relevant to that dashboard.

Block tiles can now be sorted by health state and availability too. This lets you quickly see which machines are off or on, when availability is switched on. Just switch on the sorting in the edit settings of the tile.

Highlight the most important objects – more conditional coloring

Conditional coloring is now available on more tiles than ever! You can add conditional coloring on line, spark, and bar graphs, as well as on donuts, to highlight what’s most important on the dashboard. Color code based on values or labels.

For example, you could show disks with less than 20% free space in red, or color code by department so each department’s data is easy to pick out across every visualization on the dashboard.

To add a conditional color based on a value, use the new mustache control to set one or more thresholds, and choose a specific color per threshold, to highlight what’s most important to you and your audience on a dashboard.

Additional updates in 5.8

We’ve not stopped there. Further improvements to SquaredUp Dashboard Server include:

• Data points now able to be shown on line graphs
• The ability to manage perspectives in the Admin Settings
• Hide group links in VADA so you see the red and green lines more easily
• Speed increased by 10-20% in high load environments

Those are all the best new features and improvements in SquaredUp Dashboard Server 5.8. You can always check out the release notes to find out more about these features and other improvements.

All your data from on-prem and cloud in one place

Have you heard about SquaredUp Dashboard Server EAM-X?

EAM-X lets you plug SCOM’s blind spots.

SCOM is only as good as your MPs but there’s so much more you want to be able to monitor (and monitor better).

The EAM-X tier of SquaredUp Dashboard Server lets you pull into SCOM all the additional data you need, like Elasticsearch, Azure Log Analytics, SolarWinds, VMware, and so much more.

SquaredUp now has a cloud offering and the EAM-X tier lets you have the best of the plugins from SquaredUp for cloud in SquaredUp Dashboard Server, so you can keep SCOM at the center of your monitoring universe.

We’ve just added some new plugins too, like CISCO DNA, Jira Service Management, and Jenkins plugin. So, check it out!

Download 5.8 now and find out more

To get started with 5.8, see How to install Dashboard Server SCOM Edition.

You can download the latest version here and read the Release Notes for details on other improvements in this release.

For a step-by-step guide on how to update your Dashboard Server SCOM Edition deployment to the latest version, see How to upgrade Dashboard Server SCOM Edition.

Watch the full 5.8 demo

Now you’ve got all the highlights, you can see the full demo by Bruce Cullen for a detailed walkthrough of the new features and improvements in SquaredUp Dashboard Server 5.8.

Play YouTube video

The post New release: Dashboard Server 5.8 is here appeared first on SquaredUp DS.