I stumble on some error in the detection. For example :

OSName,RuleSetting,ExpectedResult,ActualResult
Windows Server 2016 Datacenter,"Privilege Rights : SeTrustedCredManAccessPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeTcbPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeCreateTokenPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeCreatePermanentPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeLockMemoryPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeRelabelPrivilege",0,"No One"

These user right should according the baseline no have an user of group assigned but detection expects 0 instead on "No One"

Or do I need to make a support call for this?

Will there be a OMS Gateway as a PaaS offering instead of I setup my own infra, further reduce my CAPEX

OMS Gateway PaaS should
- Include load balancing features
- Abstract the need of the OMS firewall requirement when working with Firewall
- Only allow secure OMS data to pass through the gateway for security control and compliance needed

For example, in a 3-tier deployment of a web service (IIS front end, middle tier job processing and SQL backend), I would like to see the results of network performance monitoring in the Service Map solution. This could be very useful when troubleshooting slowness to the SQL server, but using Service Map to visualize the 3 tiers as a group.

Unable to use REST according to the documentation https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces/getsharedkeys for API Version 2015-11-01-preview to obtain primarySharedKey and secondarySharedKey values.

Please advise. Thank you.

Any chance to release the Microsoft.OperationalInsights/workspaces/datasources schema properties for the following kinds?

- ChangeTrackingPath
- ChangeTrackingDefaultPath
- ChangeTrackingDefaultRegistry
- ChangeTrackingCustomRegistry
- CustomLog
- CustomLogCollection
- GenericDataSource

I have tried the following below and gets a Bad Request response back.
{
"apiVersion": "2015-11-01-preview",
"type": "datasources",
"name": "WindowsChangeTrackingRegistry-CopyHookHandlers",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
],
"kind": "ChangeTrackingDefaultRegistry",
"properties": {
"enabled": true,
"keyName": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Shellex\\CopyHookHandlers",
"recurse": true
}
}

We need to have a way to send SNMP data for network devices (snmp get or snmp traps) to OMS directly from gateway servers instead of implementing UNIX machine in the middle. this will help us a lot in measuring availability and performance of our network devices as well as define some security baselines for monitoring. we should not have to depend on unix to do this!!

Ability to create exceptions for some raised alerts.

Ex. some antivirus components are not enabled because some applications need it to be configured like that, such as real time protection.
Every day we have a alert referring that. We would like to create an exception for that query and that server (thse alerts are displayed in security and update management solutions.

I would like the possibility to add additional baseline checks and override the default baseline checks.

For example I have additional groups in my denylogon user right assignments which now result in "failed" check.

In the Table "Type=ContainerInventory ContainerState=Failed | measure Count(ContainerState) by Computer, Image", it is very difficult to identify which node belongs to which cluster. Appreciate if we can get a ACS cluster name colum in this table

I'm glad the Computer Group addition was add but if the grouping can be taken a step further and show high level view with connections between defined computer groups that contain computers that are communicating. Then clicking a group within this view would take you to your computer group for drill-down details. But the relationship between groups would be beneficial to see.

We would like to integrate OMS with the Jakarta version of ServiceNow

you have round() and floor(), why not ceiling()?

In most cases when you are looking at the Alert Management Solution you do not care about the instances of an alert - especially if you have been notified by runbook/webhook/email.

I'd wager that most people care about the data in the search query that caused that alert and the data it returned. Having to copy and paste the LinkToSearchResults is quite time consuming. The UX on this should be improved to allow jumping directly to the search results that caused the alert, would save time on training too!

Please provide option to directly map blob storage (for custom logs) in log analytics. Now the limitation is that, custom log files saved in a blob storage location (using log4net) can not be mapped directly in log analytics. Also the concept of installing agent is not required in this context.

For any Azure web site with custom logs stored in azure blob storage(format like .txt), should be possible to map directly to log analytics and get the data in OMS. Here there is no VM exists hence please provide an easy option for this requirement.
Thanks

I would like to filter service health alerts based on the region of the alert. Is this possible currently? Or something you will add to the solution shortly?