Configure Azure Resources

In this step, we'll configure the Azure Automation account with the necessary permissions to access the Log Analytics workspace, and configure the data retention period of the workspace.

Enable a managed identity

If you have not already done so, enable a system-managed identity for the automation account.

  • In the automation account, go to Account Settings > Identity

  • In the System assigned tab, set the Status to On.

You could also use a user-managed identity if you prefer.

Enable Log Analytics workspace access for the managed identity

To allow the automation account to read and write data to the log analytics workspace, assign it the appropriate permission.

  • In the Log Analytics workspace, go to the Access control (IAM) blade.

  • Click Add > Add role assignment

  • Select the Log Analytics Contributor role and click Next

  • Next to Assign access to, select Managed identity, then click Select members

  • Under Managed identity, select Automation Account

  • Select the automation account from the list and click Select.

  • Click Review + assign twice to finish.

Log Analytics data retention

By default, a log analytics workspace in the Pay as you go tier includes 31 days of free data retention. If you wish, you can increase this, but there are some things to consider if doing so:

  • You will be charged for data retention beyond the free 31 days

  • The retention period affects how much historic data you will be able to see in your software updates report, for example in the trend charts.

  • Longer retention times means your report queries will need to process more data and return more rows and increases the risk of hitting API service limits.

To change the data retention period:

  • In the Log Analytics workspace, go to General > Usage and estimated costs

  • Click Data retention at the top

  • Set the desired retention period and click OK.

If you are willing to pay for it, a 60-day retention period is recommended.

Last updated