P
E
E
R
T
O
P
E
E
R
:
I
L
T
A
'
S
Q
U
A
R
T
E
R
L
Y
M
A
G
A
Z
I
N
E
|
S
U
M
M
E
R
2
0
1
9
43
Out of the box, Device Health tells you which versions of the
applications are crashing the most and how your firm compares to the
world (the commercial average).
This is our Device Health Report for Microsoft Outlook. We see
that our crash rate is significantly higher than the commercial average.
I expect this is common for law firms, as we have more add-ins, large
mailboxes, and attorneys and staff use Outlook extensively.
Log Analytics
With Log Analytics, you install the Microsoft
Monitoring Agent on your workstations, and the
Workstation Event Logs are uploaded to Azure's
Event table.
Instead of hunting through Event Logs one by
one, now you can query all the Event Logs for all
your workstations and get results in seconds. If you
find a strange error on a user's machine, you can now
query across the enterprise to see all the computers
that have had the same error.
You get data out of Azure by using a query
language called KQL (distant cousin of SQL?): https://
docs.microsoft.com/en-us/sharepoint/dev/general-
development/keyword-query-language-kql-syntax-
reference
We have found KQL useful when identifying the
largest problems that need fixing. The query below
tells us which modules are crashing outlook.exe the
most across all our workstations.
Device Health
With Device Health, your workstation Windows Telemetry data is sent
to your Azure Cloud. Out of the box, you see which applications are
crashing most often and the devices they are crashing on.