Introduction
To use Machine Groups in our Automation Account inventory we must first create a group by saving a kql query as a function.
Requirements
– Azure Subscription – if you do not already have a subscription, you can get a free trial here
– Log Analytics workspace configured (See here)
– Automation Account configured (See here)
In this example we will create a computer group based on Active Directory group membership.
Preparation
To be able to query for Active Directory group membership we must make sure we collect the information. To do so we enable import of “Active Directory group membership from computer” under Computer groups in our Log Analytics workspace.
Create Computer group query
To create our query, we click the log icon, and this will take us to a predefined query that we can edit or built on
The default query looks as follows and shows us the groups we have in Active Directory
Now we can modify it slightly and we can get all the machines in a particular group:
Once we have the right query we save it as a function
NOTE: To be able to save the function as a computer group the distinct operator must be set to computer
Once the query is saved, we are done.
Summary
We should now be able to see our new computer group available under Machine Groups in the Automation Account inventory
More information about computer groups can be found here:
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/computer-groups
Happy testing!
