Open in app

Sign in

Write

Sign in

Workspace Manager PowerShell module has been released in Preview

Rogier Dijkman
3 min readAug 14, 2023

Hi All,

For the last two weeks I have been working on developing a PowerShell module for the Microsoft Sentinel Workspace Manager.

I have just released it and can be found in the PSGallery.

You can download it from here

Install-Module AzWorkspaceManager

Getting Started

The AzWorkspaceManager PowerShell module helps you in automating your operational tasks, like adding member workspaces, creating and configuring groups, but also adding assignments and triggering assignments jobs.

Yes you can even use this module to search for the resourceIds of the resources that need to be added to the assignments.

All cmdlets support pipeline input to make it as easy as possible from a coding point of view.

Examples

To get started we need to create a Workspace Manager configuration which can be done with the Add-AzWorkspaceManager cmdlet.

Add-AzWorkspaceManager -Name 'myWorkspace' -ResourceGroup 'myRG'

The resource group parameter is only required if multiple log analytics workspaces with an identical name reside in the same subscription.

Adding Members and Groups

To add a Workspace Manager member the Add-AzWorkspaceManagerMember can be used.

To add a member the user needs to have the Microsoft Sentinel Contributor role to add the target workspace.

$arguments = @{
    workspaceName = 'myWorkspace'
    resourceId    = $resourceId
    tenantId      = $tenantId
}

  Add-AzWorkpaceManagerMember @arguments

No need to provide a resource group name as we have no workspaces with the same name.

Most cmdlets support pipeline input, which means that the output of a previous command can be parsed to the next cmdlet.

In the example below we retrieved all Workspace Manager members and added them to the Workspace Manager Group ‘Banks’ through the pipeline input.

  Get-AzWorkpaceManagerMember myWorkspace | Add-AzWorkspaceManagerGroup -GroupName 'myGroup'
adding a member and group

Adding an Assignment

An assignment contains the resources that you want to synchronize with the workspace members. These assignments are linked to the Workspace Manager group.

In the next example we are adding an assignment to the previously created group. To do this, we first need to get the resourceIds of the items we want to include in the assignment.

The module contains the Get-AzWorkspaceManagerItem helper cmdlet to retrieve these ids. The resourceIds found, can than be used to add to the assignment.

note: currently only SavedSearches , AutomationRules and AlertRulesare supported by this helper function.

You could also pipe the results to the Add-AzWorkspaceManagerAssignment cmdlet, but that gives less performance as every item is separately send. So in this exmaple I have added the resources to a variable called $Rules .

$Rules = Get-AzWorkspaceManagerItem -WorkspaceName 'myWorkspace' -Type AlertRules

$arguments = @{
    workspaceName = 'myWorkspace'
    name          = 'myAssignment'
    groupName     = 'myGroup'
    resourceId    = $Rules.resourceId
}

  Add-AzWorkspaceManagerAssignment @arguments

More examples and documentation can be found here

Feedback

If you are missing any features, or running into unexpected behavior or have any other comments, let me know or open an issue on the GitHub page of the project AzWorkspaceManager

Looking forward to your feedback!

Sentinel
Microsoft
Powershell
Security
Azure

--

--

Rogier Dijkman
Rogier Dijkman

Written by Rogier Dijkman

165 Followers
36 Following

Microsoft Security MVP | Azure | GitHub | Cloud Security Architect | Marathoner | passionate about Microsoft Security

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams