Merge branch 'main' of https://github.com/microsoft/GlobalSecureAccess

Author: andres-canello

website/docs/How-To/MonitoringGSA.md

@@ -0,0 +1,43 @@
+# GSA logs and monitoring
+
+This article describes the logs and dashboards that are available to you and some common monitoring scenarios.
+
+## Dashboard
+
+The Global Secure Access dashboard provides you with visualizations of the traffic flowing through the Microsoft Entra Private Access and Microsoft Entra Internet Access services, which include Microsoft traffic and Private Access traffic. The dashboard provides a summary of the data related to product deployment and insights. Within these categories you can see the number of users, devices, and applications seen in the last 24 hours. You can also see device activity and cross-tenant access.
+
+For more information, see [Global Secure Access dashboard](https://learn.microsoft.com/en-us/entra/global-secure-access/concept-traffic-dashboard).
+
+## Audit logs (preview)
+
+The Microsoft Entra audit log is a valuable source of information when researching or troubleshooting changes to your Microsoft Entra environment. Changes related to Global Secure Access are captured in the audit logs in several categories, such as filtering policy, forwarding profiles, remote network management, and more.
+
+For more information, see [Global Secure Access audit logs (preview)](https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-access-audit-logs).
+
+## Traffic logs (preview)
+
+The Global Secure Access traffic logs provide a summary of the network connections and transactions that are occurring in your environment. These logs look at *who* accessed *what* traffic from *where* to *where* and with what *result*. The traffic logs provide a snapshot of all connections in your environment and breaks that down into traffic that applies to your traffic forwarding profiles. The logs details provide the traffic type destination, source IP, and more.
+
+For more information, see [Global Secure Access traffic logs (preview)](https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-view-traffic-logs).
+
+## Enriched Office 365 logs (preview)
+
+The *Enriched Office 365 logs* provide you with the information you need to gain insights into the performance, experience, and availability of the Microsoft 365 apps your organization uses. You can integrate the logs with a Log Analytics workspace or third-party SIEM tool for further analysis.
+
+Customers use existing *Office Audit logs* for monitoring, detection, investigation, and analytics. We understand the importance of these logs and have partnered with Microsoft 365 to include SharePoint logs. These enriched logs include details like client information and original public IP details that can be used for troubleshooting security scenarios.
+
+For more information, see [Enriched Office 365 logs](https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-view-enriched-logs).
+
+## Log Retention and Storage
+
+**Traffic Logs and Remote Network Health Logs:** These logs are retained within the system for 30 days. This duration allows for ample time to review and analyze recent activities and network health status.
+
+**Audit Logs:** The retention period for Audit Logs varies depending on your Microsoft Entra ID license. The table provides a breakdown:
+
+|Report Type	| Microsoft Entra ID Free	| Microsoft Entra ID P1	| Microsoft Entra ID P2 |
+|----------|-----------|------------|------------|
+|Audit Logs |	Seven days | 30 days | 30 days |
+
+**Office Logs:** Office Logs are maintained for a shorter duration, up to only 24 hours. 
+
+**Exporting and Storing Logs for Longer Durations:** As a customer, you have the flexibility to export these logs through the diagnostic settings feature. Exporting logs allows you to maintain records for more extended periods beyond the default retention times. This can be crucial for compliance, auditing, and in-depth analysis purposes. 

website/docs/How-To/WorkbooksGSA.md

@@ -0,0 +1,57 @@
+# How to use workbooks with Global Secure Access
+
+Workbooks combine text, log queries, metrics, and parameters into rich interactive reports. Any team member with access to the required Azure resources can create and edit workbooks. To learn more about Azure Workbooks, see [Overview of Azure Workbooks](https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview).
+
+## Prerequisites
+- Administrators who interact with **Global Secure Access** features must have one or more of the following role assignments depending on the tasks they're performing.
+   - The [Global Secure Access Administrator role](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference) role to manage the Global Secure Access features.
+   - The [Security Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#security-administrator) to create, edit, and use workbooks.
+- An existing Log Analytics workspace. To learn more about Log Analytics, see [Overview of Log Analytics in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview).
+- The product requires licensing. For details, see the licensing section of [What is Global Secure Access](https://learn.microsoft.com/en-us/entra/global-secure-access/overview-what-is-global-secure-access). If needed, you can [purchase licenses or get trial licenses](https://aka.ms/azureadlicense).
+
+
+## Export Global Secure Access information to Log Analytics
+
+Global Secure Access workbooks integrate with Log Analytics. This integration allows you to monitor and analyze logs effectively. To learn more about Global Secure Access log integration with Log Analytics, see [Integrate Microsoft Entra logs with Azure Monitor logs](https://learn.microsoft.com/en-us/entra/identity/monitoring-health/howto-integrate-activity-logs-with-azure-monitor-logs).
+
+To learn how to send log information to Log Analytics, see [Send logs to Azure Monitor](https://learn.microsoft.com/en-us/entra/identity/monitoring-health/howto-integrate-activity-logs-with-azure-monitor-logs#send-logs-to-azure-monitor).
+
+The Global Secure Access categories are: 
+
+|Log type   |Diagnostic settings category   |
+|----------|-----------|
+|Traffic logs     |`NetworkAccessTrafficLogs`       |
+|Audit logs (Preview) | `AuditLogs` |
+|Enriched Microsoft 365 logs (Preview) |`EnrichedOffice365AuditLogs`   |
+|Remote Network Health Logs (Preview) |`RemoteNetworkHealthLogs` |
+
+![alt text](./img/add-diagnostic-setting.png)
+
+## Global Secure Access workbooks
+
+In the Microsoft Entra admin center, navigate to **Global Secure Access** > **Monitor** > **Workbooks** to view predefined workbooks. Note that you won't see the workbooks unless logging data has been captured.
+
+**Network Traffic Insights workbook** - 
+Provides an overview of all traffic logs within your network, offering insights into data transfer, anomalies, and potential threats. 
+
+![alt text](./img/Network-Traffic-Insights.png)
+
+**Remote Network Health workbook** - 
+Monitors the health and performance of remote networks, ensuring that all remote connections are reliable and secure. 
+
+![alt text](./img/Remote-Network-Health.png)
+
+**Clients Activity and Status workbook** - 
+Offers an overview of the clients connected to your network, including their health status and activity levels. 
+
+![alt text](./img/Client-Activity.png)
+
+**Discovered Application Segments workbook** - 
+Identifies and categorizes application segments discovered within your network, aiding in effective monitoring and management of applications. 
+
+![alt text](./img/App-Discovery.png)
+
+**Enriched Microsoft 365 Logs workbook** - 
+Provides a detailed view of Microsoft 365 log data, enriched with contextual information to enhance visibility into user activities and potential security threats. 
+
+![alt text](./img/Enriched-Logs.png)