SCOM gets Auditing for Admin activities and SCOM's future after 2019 UR2
There were a raft of announcements at SCOMathon 2020 from Aakash Basavaraj from the SCOM Product Team and one of the most exciting things was a sneak peek at what to expect after SCOM 2019 UR2 is out of the door:
PowerBI Dashboards – being developed in partnership with Silect, experts in this area, this will be launched in SCOM 2019 UR2. No info was given on what to expect here, but as Silect's PowerBI dashboards are already public, we expect this to look similar.
Auditing/Change Tracking for Admin Activities – Aakash also treated us to preview of this feature, which adds auditing capabilities to track changes and updates to MPs (in-built or imported) and then visualizes these in three different reports:
MP History – illustrating who did what and when.
MP Objects – providing the ability to review what’s changed inside each imported MP, from monitoring to rules, and see what changes have been made, by who and when.
Overrides Tracking – enables you to track which overrides were added/changed, their target and when the override was modified, this one is likely to be a big deal for most SCOM Administrators!
This image has an empty alt attribute; its file name is AuditingMPExtraReports-1024x529.png
Management Pack History Report
As you can see from the below screen shot, the MP History Report shows you which version of each MP was imported, when and by who. You will get this same info for MP deletes too - a long overdue feature of SCOM.
This image has an empty alt attribute; its file name is AuditingMPHistoryReport-1024x650.png
Management Pack Object Report
This report will show you the objects added to SCOM through importing/deleting a MP (for example the monitors and discoveries themselves) to be clear, this report does not show you the objects a Discovery has found and added to SCOMs Discovered Inventory. Check out the screen shot below.
This image has an empty alt attribute; its file name is AuditingMPObjectReport-1024x743.png
When you expand a discovered object you can see the objects target, the type of object (unit monitor/rule, etc) its parent (availability) and the version of the MP that added the object. From here you can click through to the added object itself (super useful for looking at defaults of the object and setting overrides for it),
This image has an empty alt attribute; its file name is AuditingMPObjectReport2-1024x326.png
Override Change Tracking Report
As you have probably guessed by now, the crowning jewel of the auditing MP is the ability to see changes made to overrides. You can see, the override that was changed, the overrides old value, its new value, who made the change, when the change was made, the target of the change and more:
This image has an empty alt attribute; its file name is AuditingMPOverrideTrackingReport-1024x710.png
We've also been told you can expect to see future versions of SCOM with the ability to monitor RunAs accounts and patches, so SCOM Administrators can get a complete view of what’s happening in their environment.
To see the live demo of this feature check out Aakash’s EMEA Keynote speech at SCOMathon: SCOM Roadmap Update
To hear more about the Microsoft SCOM team's plans, check out our other blogs