I’m a BIG fan of Microsoft’s Operations Management Suite (OMS) platform, especially the Log Analytics function.
Today, I’m going to walk you through how to use OMS to track Unplanned changes, such as software changes occurring outside of a maintenance window.
First, let’s fire up our OMS Dashboard.
I’ve already gone ahead and connected this to my on-premises SCOM deployment as you can see.
Fear not though! If you don’t have SCOM, you can also deploy agents independently as well. Did I mention there’s a FREE tier!? There’s no reason NOT to test this out!
Let’s take a look at the Change Tracking solution in the Solution Gallery, add it if you haven’t already.
Now, once added, it may take some time to start generating data, but once it does…
You can see that it is tracking all software and service changes within my environment!
Let’s see what’s changed recently and click the 3rd tile over for application changes.
We can quickly and easily see what software has changed
Choose one of the options to see what machine is the affected object
This is GREAT for me to track what’s happening in my enterprise environment, now let’s put this data to use.
For example, I have a maintenance window planned every 3rd Saturday of the month for updates, patches, reboots, etc. Let’s say that because of my stringent change control, no software changes/updates are allowed outside of that approved time. But how can I easily track this!?
We’ll, with OMS, we can use the alerting function to alert our admins when an unplanned software change occurs.
First, let’s go back to the main change query
Choose Alert in the top ribbon
Let’s configure our alert to check every 60 minutes, alert when there is ANY change (hence greater than 0) and look since the last 60 minutes so we’re not missing anything.
Then configure our e-mail information and choose Save
Let’s see it in action!
Last night there was some maintenance in our environment and we received the following e-mail alert:
Now every month, you would simply disable this alert at the beginning of your change window and then re-enable it 60 minutes after the change windows has been completed. And all other times, you would get alerts every hour (or whatever time frame you choose).