基于用户组成员身份的查询 [英] Query based on user group membership
问题描述
我在我的环境中启用了系统更新评估解决方案,我需要跟踪设备的补丁合规性。我的问题是,tehre很多开发人员和测试设备都不适合我报告补丁状态,但它们在评估报告中都显示为
。
I have the System Update Assessment solution enabled in my environment, I need to track patch compliance for devices. My problem is that tehre are a lot fo developer and test devices that are not in scope for me to report patch status on but they all appear in the assessment report.
Memebrship组是基于用户的,我有广泛的组和开发和试点组。我希望能够看到广泛组中的用户拥有的任何设备是否缺少某些补丁。
Memebrship of groups is user based, I have broad groups and dev and pilot groups. I would like to be able to see if any of the devices owned by users in the broad groups are missing certain patches.
我以为我可以查询某些群组的用户并获取他们的设备列表,然后根据返回的设备列表过滤评估。但我不知道从哪里开始,我看不出如何基于AAD组成员资格(我确实看到可以根据AD成员资格创建
组)。
It was thinking I could query users of certain groups and get a list of their devices and then filter the assessment based on the list of devices returned. But I don't know where to start, I can't see how to based on AAD group membership (I did see that groups can be created based on AD memberships).
有什么想法吗?不确定这是否可行,因为它是基于用户的组的分配。
Any ideas? not sure if this will be possible since it is user based assignement to the groups.
推荐答案
你好,
更新评估数据可通过日志搜索查询,以下是评估报告中使用的查询: https://docs.microsoft.com/en-us/azure/automation/automation-update-management#search-logs
Update Assessment data is queriable from Log Search, here are the queries used in assessment reports: https://docs.microsoft.com/en-us/azure/automation/automation-update-management#search-logs
要将评估报告范围扩展到您感兴趣的计算机/计算机,您确实可以对查询应用过滤器。
To scope assessment reports to the computers/machines of your interest you could indeed apply filters to the queries.
看起来你还需要以某种方式解决给定用户解析计算机/机器列表的问题,对吗?如果分辨率是基于AAD组完成的,您可以考虑将组信息导入日志搜索(工作区
- >高级设置 - >计算机组 - > Active Directory),然后使用导入的组在过滤器中。
And it looks like you also need to somehow solve the problem of resolving the list of computers/machines for a given user, correct? If the resolution is done based on the AAD groups, you could look into importing the groups info to the Log Search (Workspace -> Advanced Settings -> Computer Groups -> Active Directory) and then using imported groups in filters.
这篇关于基于用户组成员身份的查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
