Merge pull request #278 from FehseCorp/scommidocs

SCOM MI FTA Live docs update

content/management/scom-mi/agents.md

@@ -0,0 +1,42 @@
+# SCOM MI Agents
+
+
+#### [Previous](setup.md) | [Home](readme.md) | [Next](newfeatures.md)
+
+Azure Monitor SCOM Managed Instance provides a cloud-based alternative for Operations Manager users providing monitoring continuity for cloud and on-premises environments across the cloud adoption journey.
+
+[Monitor Azure and Off-Azure Virtual machines with Azure Monitor SCOM Managed Instance](https://learn.microsoft.com/en-us/system-center/scom/monitor-off-azure-vm-with-scom-managed-instance?view=sc-om-)
+
+[Monitor Azure and Off-Azure Virtual machines with Azure Monitor SCOM Managed Instance (preview)](https://learn.microsoft.com/en-us/system-center/scom/monitor-arc-enabled-vm-with-scom-managed-instance?view=sc-om-2022)
+
+## Supported Scenarios
+
+The following are the supported monitoring scenarios:
+
+- Azure Windows VMs that have Line of sight connectivity to the Management Server
+- On-premise Windows & Linux Arc-enabled VMs that have Line of sight connectivity to Management Server.
+- On-premise Windows & Linux agent VMs that have Line of sight connectivity to Management Server.
+- On-premises Windows agents with no Line of sight connectivity (must use managed Gateway) to Azure
+
+## Diagram
+
+![alt text](SCOMMIAgents.png)
+
+>[!NOTE]
+>
+>- Linux VMs in Azure and Linux VMs that sit behind a gateway are not currently supported.
+>- Agent multi-homing isn't supported to multiple SCOM Managed Instances. However, it can have a multi-home configuration for on-premises System Center Operations Manager and a SCOM Managed Instance.
+>- Agents that are directly connected to the SCOM MI need to be able to reach region.workloadnexus.azure.com on port 443.
+>- .NET 4.7.2 and TLS 1.2 is required for agent install.
+
+## Managed Gateways
+
+Managed Gateways need to be Arc-enabled with the Gateway extension installed, it can be installed via the Managed Gateways page in SCOM MI.
+
+Note:
+
+- Currently, multi-homing for gateway servers isn't supported.
+- Arc-enabled Gateways require line of sight to region.workloadnexus.azure.com on port 443.
+- Initial authentication is performed by a managed identity, then certificates are used to manage Managed Gateways by Microsoft.
+
+#### [Previous](setup.md) | [Home](readme.md) | [Next](newfeatures.md)

content/management/scom-mi/intro.md

@@ -0,0 +1,31 @@
+# Introduction to SCOM Managed Instance
+
+### [Previous](readme.md) | [Home](readme.md) | [Next](setup.md)
+
+In this module, you will learn about SCOM Managed Instance (SCOM MI) and how it differs from SCOM.
+
+## What is SCOM MI?
+
+SCOM MI is a new deployment option for System Center Operations Manager (SCOM) that allows you to run SCOM in Azure. SCOM MI is a managed service that is fully managed by Microsoft. This means that Microsoft is responsible for the infrastructure, availability, and performance of the SCOM MI service. You are responsible for configuring and managing the SCOM MI service.
+
+## Diagram
+
+![alt text](image.png)
+
+## Comparison of SCOM on-premises with SCOM MI
+
+SCOM Managed Instance has all the capabilities of System Center Operations Manager on-premises in a cloud-native way.
+
+Comparison of SCOM on-premises with SCOM Managed Instance:
+
+<https://learn.microsoft.com/en-us/system-center/scom/operations-manager-managed-instance-overview?view=sc-om-2022#comparison-of-system-center-operations-manager-on-premises-with-scom-managed-instance>
+
+## Pricing and Benefits
+
+- [Azure Pricing Calculator](https://azure.microsoft.com/en-us/pricing/details/monitor/)
+- [Key Benefits](https://learn.microsoft.com/en-us/system-center/scom/operations-manager-managed-instance-overview?view=sc-om-2022#key-benefits)
+- [Benefits and Cost Breakdown](https://techcommunity.microsoft.com/t5/system-center-blog/benefits-of-moving-to-azure-monitor-scom-managed-instance/ba-p/4057882)
+
+#
+
+### [Previous](readme.md) | [Home](readme.md) | [Next](setup.md)

content/management/scom-mi/migration.md

@@ -1,10 +1,18 @@
 # Migration
 
-The process is technically simple, but it requires a lot of planning and testing. The migration process is not reversible, so it is important to plan and test the migration process before you start.
+### [Previous](newfeatures.md) | [Home](readme.md)
+
+The process is technically simple, but it requires planning and testing. It is a multi-step process and can be gradually implemented.
+
 It consists of the following steps:
 
 - Exporting Management Packs from the source management group
 - Importing Management Packs to the target management group
 
 ## Migrate to Operations Manager managed instance
-https://learn.microsoft.com/en-us/system-center/scom/migrate-to-operations-manager-managed-instance?view=sc-om-2022&tabs=mp-overrides
+
+<https://learn.microsoft.com/en-us/system-center/scom/migrate-to-operations-manager-managed-instance?view=sc-om-2022&tabs=mp-overrides>
+
+### [Previous](newfeatures.md) | [Home](readme.md)
+
+[Kevin Holman's SCOM Management MP](https://kevinholman.com/2017/05/09/scom-management-mp-making-a-scom-admins-life-a-little-easier/)

content/management/scom-mi/newfeatures.md

@@ -1,7 +1,58 @@
 # New Features
 
-## Log Analytics
-https://learn.microsoft.com/en-us/system-center/scom/configure-log-analytics-for-scom-managed-instance?view=sc-om-2022
+### [Previous](setup.md) | [Home](readme.md) | [Next](migration.md)
 
-## Power BI
-https://learn.microsoft.com/en-us/system-center/scom/configure
+# Features
+
+### SCOM Managed Instance functionality allows you to:
+
+- Configure an E2E System Center Operations Manager setup (SCOM Managed Instance) on Azure.
+- Manage (view, delete) your SCOM Managed Instance in Azure.
+Connect to your SCOM Managed Instance using the System Center Operations Manager Ops console.
+- Monitor workloads (wherever they're located) using the Ops, and while using your existing management packs.
+- Incur zero database maintenance (Ops database and Data warehouse database) because of the offloading of database management to SQL Managed Instance (SQL MI).
+- Scale your instance immediately without the need to add/delete physical servers.
+- View your SCOM Managed Instance reports in Power BI.
+- Patch your instance in one click with the latest bug fixes and features.
+
+## New Features
+
+### Manage
+
+- [Monitored Resources (preview)](https://learn.microsoft.com/en-us/system-center/scom/monitor-arc-enabled-vm-with-scom-managed-instance?view=sc-om-2022)
+
+- [Managed Gateways (preview)]()
+
+### Monitoring
+
+- [Configure Log Analytics for Azure Monitor](https://learn.microsoft.com/en-us/system-center/scom/configure-log-analytics-for-scom-managed-instance?view=sc-om-2022)
+
+- [SCOM Alerts in Azure Monitor](https://learn.microsoft.com/en-us/system-center/scom/view-operations-manager-alerts-azure-monitor?view=sc-om-2022)
+
+- [Logs (preview)](https://learn.microsoft.com/en-us/system-center/scom/configure-log-analytics-for-scom-managed-instance?view=sc-om-2022#view-logs)
+
+![alt text](image-2.png)
+
+- [Workbooks (preview)]()
+
+### Dashboards and Reporting
+
+- [Create PowerBI Reports](https://learn.microsoft.com/en-us/system-center/scom/operations-manager-managed-instance-create-reports-on-power-bi?view=sc-om-2022)
+
+- [Microsoft SCOM Managed Instance Reports](https://appsource.microsoft.com/en-us/product/power-bi/microsoftcorporation1664440972680.9c257347-1dd6-4440-ab56-4392609cd1c8)
+
+- [Grafana Dashboards](https://learn.microsoft.com/en-us/system-center/scom/dashboards-on-azure-managed-grafana?view=sc-om-2022)
+
+- [Query SCOM MI from Grafana Dashboards](https://learn.microsoft.com/en-us/system-center/scom/query-scom-managed-instance-data-on-grafana?view=sc-om-2022)
+
+Note: Grafana is still in preview
+
+## What is not available in SCOM MI
+
+- Web Console
+- Linux Azure VMs support
+- Deployment of SCOM agents from the Console
+- Network devices monitoring
+- Reporting Services (SSRS)
+
+### [Previous](setup.md) | [Home](readme.md) | [Next](migration.md)

content/management/scom-mi/readme.md

@@ -1,9 +1,10 @@
 # Welcome to the FastTrack for Azure SCOM Managed Instance call
+
 ## We will start 3-4 minutes after the scheduled time to accommodate those still connecting
 
 > This call will not be recorded due to the wide audience and to encourage questions.
 
-**Questions?** Feel free to type them in the chat window at any time. Note that questions you post will be public. 
+**Questions?** Feel free to type them in the chat window at any time. Note that questions you post will be public.
 
 **Slideless** No PowerPoint, we promise! As we update this content you will get the changes straight away.
 
@@ -13,29 +14,43 @@
 
 In this session you will learn more about SCOM MI. The engineering team will cover details of the setup steps, the migration process and how to leverage the improvements made to SCOM when running as a managed instance in Azure.
 
+### Audience
+
+This session is most useful for IT administrators and architects responsible for managing SCOM or considering moving to SCOM MI.
+
 ## Agenda
 
-#### [Setup](setup.md) 
+### [Introduction to SCOM Managed Insance](intro.md)
+
+What is SCOM MI and how does it differ from SCOM?
+
+### [Setup](setup.md)
+
 Let's start with the business requirements and the setup process.
 
-#### [Migration](migration.md) 
-Migrating to SCOM MI.
-
-#### [New features](newfeatures.md) 
-What are the new features and how to leverage them?
+### [Agents](agents.md)
 
-### Audience
+How to deploy agents via SCOM MI
+
+- Automatically
+- Manually
 
-This session is most useful for IT administrators and architects responsible for managing SCOM. While this session does introduce technical concepts, no special knowledge is required other than a general familiarity with the Azure Portal.
+### [Features](newfeatures.md)
 
-### Goals
+What features does SCOM MI offer and how to leverage them?
 
-In this session you will learn how to:
+What are the features that are not available in SCOM MI?
 
-- Set up SCOM MI
-- Migrate to SCOM MI
-- Leverage the new features of SCOM MI
+### [Migration](migration.md)
+
+Migrating to SCOM MI.
 
 ### Additional learning resources
 
-[SCOM MI](https://docs.microsoft.com/en-us/azure/azure-monitor/insights/scom-mi-overview)
+[SCOM MI](https://learn.microsoft.com/en-us/azure/azure-monitor/vm/scom-managed-instance-overview)
+
+[About Operations Manager](https://learn.microsoft.com/en-us/system-center/scom/welcome?view=sc-om-2022)
+
+[SCOM MI FAQ](https://learn.microsoft.com/en-us/system-center/scom/faq?view=sc-om-2022)
+
+[SCOM MI Pricing](https://azure.microsoft.com/en-us/pricing/details/monitor/)

content/management/scom-mi/scripts/add-scommiadaccounts.ps1

@@ -0,0 +1,59 @@
+param (
+    [string]$gMSAAccountName,
+    [string]$LBFQDN,
+    [string]$SCOMMIServersGroupName,
+    [string]$SCOMMILocalDomainAccountName,
+    [securestring]$SCOMMILocalDomainAccountPassword,
+    [string]$LBAddress
+)
+# Sample usage
+# .\add-scommiaccounts.ps1 -gMSAAccountName "SCOMMIgMSA" -LBFQDN "SCOMMI-LB.contoso.com" -SCOMMIServersGroupName "SCOMMI-Servers" `
+# -SCOMMILocalDomainAccountName "SCOMMI-Local" -SCOMMILocalDomainAccountPassword (ConvertTo-SecureString -String "Password" -AsPlainText -Force) -LBAddress x.x.x.x"
+function set-Allow-ManagedBy-Permissions  {
+    param (
+        [string]$groupName,
+        [string]$userName
+    )
+    #Manager setzen
+    $user = Get-ADUser $userName 
+    #Set-ADGroup „VL_ManagerTest“ -Replace @{managedBy=$user.DistinguishedName}
+    #RightsGuid
+    $guid = [guid]'bf9679c0-0de6-11d0-a285-00aa003049e2'
+    #SID of the Managers
+    $sid = [System.Security.Principal.SecurityIdentifier]$user.sid
+    #ActiveDirectoryAccessRule 
+    $ctrlType = [System.Security.AccessControl.AccessControlType]::Allow 
+    $rights = [System.DirectoryServices.ActiveDirectoryRights]::WriteProperty -bor [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight
+    $rule = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($sid, $rights, $ctrlType, $guid)
+    $group = Get-ADGroup $groupName
+    $aclPath = "AD:\" + $group.distinguishedName 
+    $acl = Get-Acl $aclPath
+    $acl.AddAccessRule($rule) 
+    Set-Acl -acl $acl -path $aclPath
+}
+# create active direcoty local account
+# 
+if (!(Get-WindowsFeature RSAT-AD-PowerShell)) {
+    Install-WindowsFeature RSAT-AD-PowerShell -Confirm
+}
+# Import-Module ActiveDirectory
+new-aduser -Name $SCOMMILocalDomainAccountName -AccountPassword $SCOMMILocalDomainAccountPassword -PasswordNeverExpires $true -Enabled $true
+$domainAccount=Get-ADUser $SCOMMILocalDomainAccountName
+# Create AD Group
+New-adgroup $SCOMMIServersGroupName -GroupCategory Security -GroupScope Global
+# Set managed by permissions for the account to the group above
+$group=Get-ADGroup $SCOMMIServersGroupName
+Set-adgroup $group -ManagedBy $domainAccount
+# Set Allow-ManagedBy-Permissions
+set-Allow-ManagedBy-Permissions -groupName $SCOMMIServersGroupName -userName $SCOMMILocalDomainAccountName
+# Set DNS Entry
+$allPieces = $LBFQDN.Split(".")
+$shortLBName=$allPieces[0]
+$ZoneName = [string]::Join('.',$allPieces[1..($allPieces.Length - 1)])
+Add-DnsServerResourceRecordA -Name $shortLBName -ZoneName $ZoneName  -IPv4Address $LBAddress
+# Create gMSA
+New-ADServiceAccount $gMSAAccountName `
+                    -DNSHostName $LBFQDN `
+                    -PrincipalsAllowedToRetrieveManagedPassword $SCOMMIServersGroupName `
+                    -KerberosEncryptionType AES128, AES256 `
+                    -ServicePrincipalNames "MSOMHSvc/$LBFQDN", "MSOMHSvc/$shortLBName", "MSOMSdkSvc/$LBFQDN", "MSOMSdkSvc/$shortLBName"

content/management/scom-mi/setup.md

@@ -1,5 +1,39 @@
 # Setup
 
+#### [Previous](intro.md) | [Home](readme.md) | [Next](newfeatures.md)
 
+## Pre-requisites
 
-https://learn.microsoft.com/en-us/system-center/scom/tutorial-create-scom-managed-instance?view=sc-om-2022
+### Setup Process
+
+![alt text](image-4.png)
+
+[Step 1. Register the SCOM Managed Instance resource provider](https://learn.microsoft.com/en-us/system-center/scom/register-scom-managed-instance-resource-provider?view=sc-om-2022)
+
+[Step 2. Create separate subnet in a VNet](https://learn.microsoft.com/en-us/system-center/scom/create-separate-subnet-in-vnet?view=sc-om-2022)
+
+[Step 3. Create a SQL MI](https://learn.microsoft.com/en-us/system-center/scom/create-sql-managed-instance?view=sc-om-2022)
+
+[Step 4. Create a Key vault](https://learn.microsoft.com/en-us/system-center/scom/create-key-vault?view=sc-om-2022)
+
+[Step 5. Create a user assigned identity](https://learn.microsoft.com/en-us/system-center/scom/create-user-assigned-identity?view=sc-om-2022)
+
+[Step 6. Create a computer group and gMSA account](https://learn.microsoft.com/en-us/system-center/scom/create-gmsa-account?view=sc-om-2022)
+
+[Step 7. Store domain credentials in Key vault](https://learn.microsoft.com/en-us/system-center/scom/store-domain-credentials-in-key-vault?view=sc-om-2022)
+
+[Step 8. Create a static IP](https://learn.microsoft.com/en-us/system-center/scom/create-static-ip?view=sc-om-2022)
+
+[Step 9. Configure the network firewall](https://learn.microsoft.com/en-us/system-center/scom/configure-network-firewall?view=sc-om-2022)
+
+[Step 10. Verify Azure and internal GPO policies](https://learn.microsoft.com/en-us/system-center/scom/verify-azure-and-internal-gpo-policies?view=sc-om-2022)
+
+[Step 11. SCOM Managed Instance self-verification of steps](https://learn.microsoft.com/en-us/system-center/scom/scom-managed-instance-self-verification-of-steps?view=sc-om-2022)
+
+Step 12. Create a SCOM Managed Instance!
+
+- The virtual network must have a DNS server configured. This DNS server must be able to resolve the SCOM MI domain name.
+
+#### [Previous](intro.md) | [Home](readme.md) | [Next](agents.md)
+
+[Setup Docs](https://learn.microsoft.com/en-us/system-center/scom/tutorial-create-scom-managed-instance?view=sc-om-2022)