Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.
Count all AD reccomendations by focus area.
ADAssessmentRecommendation
| summarize AggregatedValue = count() by FocusArea
Count AD recommendations with failed result by computer.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by Computer
Count AD recommendations with failed result by forest.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by Forest
Count AD recommendations with failed result by domain.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by Domain
Count AD recommendations with failed result by domain controller.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by DomainController
Count AD recommendations with failed result by affected object type.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by AffectedObjectType
Count AD recommendations with failed result by recommendation.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by Recommendation
Latest high priority security recommendation with result failed by recommendation Id.
ADAssessmentRecommendation
| where FocusArea == 'Security and Compliance' and RecommendationResult == 'Failed' and RecommendationScore>=35
| summarize arg_max(TimeGenerated, *) by RecommendationId