MicrosoftDocs
diff --git a/‎articles/virtual-machines/monitor-vm-reference.md
Lines changed: 29 additions & 41 deletions b/‎articles/virtual-machines/monitor-vm-reference.md
Lines changed: 29 additions & 41 deletions
@@ -39,50 +39,38 @@ The VM availability metric is currently in public preview. This metric value ind
 
 The dimension Logical Unit Number (`LUN`) is associated with some of the preceding metrics.
 
-[!INCLUDE [horz-monitor-ref-resource-logs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-resource-logs.md)]
-
-### Supported resource logs for Microsoft.Compute/virtualMachines
-[!INCLUDE [Microsoft.Compute/virtualMachines](~/azure-reference-other-repo/azure-monitor-ref/supported-logs/includes/microsoft-compute-virtualmachines-logs-include.md)]
-
-> [!IMPORTANT]
-> For Azure VMs, all the important data is collected by the Azure Monitor agent. The resource log categories available for Azure VMs aren't important and aren't available for collection from the Azure portal. For detailed information about how the Azure Monitor agent collects VM log data, see [Monitor virtual machines with Azure Monitor: Collect data](/azure/azure-monitor/vm/monitor-virtual-machine-data-collection).
-
 [!INCLUDE [horz-monitor-ref-logs-tables](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-logs-tables.md)]
 
-| Table | Categories | Solutions|[Supports basic log plan](/azure/azure-monitor/logs/basic-logs-configure?tabs=portal-1#compare-the-basic-and-analytics-log-data-plans)| Queries|
+| Table | Categories | Data collection method|[Supports basic log plan](/azure/azure-monitor/logs/basic-logs-configure?tabs=portal-1#compare-the-basic-and-analytics-log-data-plans)| Queries|
 |---|---|---|---|---|
-| [ADAssessmentRecommendation](/azure/azure-monitor/reference/tables/ADAssessmentRecommendation)<br>Recommendations generated by AD assessments that are started through a scheduled task. When you schedule the assessment it runs by default every seven days and uploads the data into Azure Log Analytics. | workloads | ADAssessment, ADAssessmentPlus, AzureResources | No| [Yes](/azure/azure-monitor/reference/queries/adassessmentrecommendation)|
-| [ADReplicationResult](/azure/azure-monitor/reference/tables/ADReplicationResult)<br>The AD Replication Status solution regularly monitors your Active Directory environment for any replication failures. | workloads | ADReplication, AzureResources | No| -|
-| [AzureActivity](/azure/azure-monitor/reference/tables/AzureActivity)<br>Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure. | resources, audit, security | LogManagement | No| [Yes](/azure/azure-monitor/reference/queries/azureactivity)|
-| [AzureMetrics](/azure/azure-monitor/reference/tables/AzureMetrics)<br>Metric data emitted by Azure services that measure their health and performance. | resources | LogManagement | No| [Yes](/azure/azure-monitor/reference/queries/azuremetrics)|
-| [CommonSecurityLog](/azure/azure-monitor/reference/tables/CommonSecurityLog)<br>This table is for collecting events in the Common Event Format, that are most often sent from different security appliances such as Check Point, Palo Alto and more. | security | Security, SecurityInsights | No| [Yes](/azure/azure-monitor/reference/queries/commonsecuritylog)|
-| [ComputerGroup](/azure/azure-monitor/reference/tables/ComputerGroup)<br>Computer groups that can be used to scope log queries to a set of computers. Includes the computers in each group. | monitor, virtualmachines, management | LogManagement | No| -|
-| [ConfigurationChange](/azure/azure-monitor/reference/tables/ConfigurationChange)<br>View changes to in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons | management | ChangeTracking | No| [Yes](/azure/azure-monitor/reference/queries/configurationchange)|
-| [ConfigurationData](/azure/azure-monitor/reference/tables/ConfigurationData)<br>View the last reported state for in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons | management | ChangeTracking | No| [Yes](/azure/azure-monitor/reference/queries/configurationdata)|
-| [ContainerLog](/azure/azure-monitor/reference/tables/ContainerLog)<br>Log lines collected from stdout and stderr streams for containers. | container, applications | AzureResources, ContainerInsights, Containers | No| [Yes](/azure/azure-monitor/reference/queries/containerlog)|
-| [DnsEvents](/azure/azure-monitor/reference/tables/DnsEvents) | network | DnsAnalytics, SecurityInsights | No| [Yes](/azure/azure-monitor/reference/queries/dnsevents)|
-| [DnsInventory](/azure/azure-monitor/reference/tables/DnsInventory) | network | DnsAnalytics, SecurityInsights | No| -|
-| [Event](/azure/azure-monitor/reference/tables/Event)<br>Events from Windows Event Log on Windows computers using the Log Analytics agent. | virtualmachines | LogManagement | No| [Yes](/azure/azure-monitor/reference/queries/event)|
-| [HealthStateChangeEvent](/azure/azure-monitor/reference/tables/HealthStateChangeEvent)<br>Workload Monitor Health. This data represents state transitions of a health monitor. | undefined | AzureResources, VMInsights | No| -|
-| [Heartbeat](/azure/azure-monitor/reference/tables/Heartbeat)<br>Records logged by Log Analytics agents once per minute to report on agent health. | virtualmachines, container, management | LogManagement | No| [Yes](/azure/azure-monitor/reference/queries/heartbeat)|
-| [InsightsMetrics](/azure/azure-monitor/reference/tables/InsightsMetrics)<br>Table that stores metrics. 'Perf' table also stores many metrics and over time they all will converge to InsightsMetrics for Azure Monitor Solutions  | virtualmachines, container, resources | AzureResources, ContainerInsights, InfrastructureInsights, LogManagement, ServiceMap, VMInsights | No| [Yes](/azure/azure-monitor/reference/queries/insightsmetrics)|
-| [Perf](/azure/azure-monitor/reference/tables/Perf)<br>Performance counters from Windows and Linux agents that provide insight into the performance of hardware components operating systems and applications. | virtualmachines, container | LogManagement | No| [Yes](/azure/azure-monitor/reference/queries/perf)|
-| [ProtectionStatus](/azure/azure-monitor/reference/tables/ProtectionStatus)<br>Antimalware installation info and security health status of the machine: | security | AntiMalware, Security, SecurityCenter, SecurityCenterFree | No| [Yes](/azure/azure-monitor/reference/queries/protectionstatus)|
-| [SQLAssessmentRecommendation](/azure/azure-monitor/reference/tables/SQLAssessmentRecommendation)<br>Recommendations generated by SQL assessments that are started through a scheduled task. When you schedule the assessment it runs by default every seven days and uploads the data into Azure Log Analytics. | workloads | AzureResources, SQLAssessment, SQLAssessmentPlus | No| [Yes](/azure/azure-monitor/reference/queries/sqlassessmentrecommendation)|
-| [SecurityBaseline](/azure/azure-monitor/reference/tables/SecurityBaseline) | security | Security, SecurityCenter, SecurityCenterFree | No| -|
-| [SecurityBaselineSummary](/azure/azure-monitor/reference/tables/SecurityBaselineSummary) | security | Security, SecurityCenter, SecurityCenterFree | No| -|
-| [SecurityEvent](/azure/azure-monitor/reference/tables/SecurityEvent)<br>Security events collected from windows machines by Azure Security Center or Azure Sentinel. | security | Security, SecurityInsights | No| [Yes](/azure/azure-monitor/reference/queries/securityevent)|
-| [Syslog](/azure/azure-monitor/reference/tables/Syslog)<br>Syslog events on Linux computers using the Log Analytics agent. | virtualmachines, security | LogManagement | No| [Yes](/azure/azure-monitor/reference/queries/syslog)|
-| [Update](/azure/azure-monitor/reference/tables/Update)<br>Details for update schedule run. Includes information such as which updates where available and which were installed. | management, security | Security, SecurityCenter, SecurityCenterFree, Updates | No| [Yes](/azure/azure-monitor/reference/queries/update)|
-| [UpdateRunProgress](/azure/azure-monitor/reference/tables/UpdateRunProgress)<br>Breaks down each run of your update schedule by the patches available at the time with details on the installation status of each patch. | management | Updates | No| [Yes](/azure/azure-monitor/reference/queries/updaterunprogress)|
-| [UpdateSummary](/azure/azure-monitor/reference/tables/UpdateSummary)<br>Summary for each update schedule run. Includes information such as how many updates weren't installed. | virtualmachines | Security, SecurityCenter, SecurityCenterFree, Updates | No| [Yes](/azure/azure-monitor/reference/queries/updatesummary)|
-| [VMBoundPort](/azure/azure-monitor/reference/tables/VMBoundPort)<br>Traffic for open server ports on the monitored machine. | virtualmachines | AzureResources, InfrastructureInsights, ServiceMap, VMInsights | No| -|
-| [VMComputer](/azure/azure-monitor/reference/tables/VMComputer)<br>Inventory data for servers collected by the Service Map and VM insights solutions using the Dependency agent and Log analytics agent. | virtualmachines | AzureResources, ServiceMap, VMInsights | No| -|
-| [VMConnection](/azure/azure-monitor/reference/tables/VMConnection)<br>Traffic for inbound and outbound connections to and from monitored computers. | virtualmachines | AzureResources, InfrastructureInsights, ServiceMap, VMInsights | No| -|
-| [VMProcess](/azure/azure-monitor/reference/tables/VMProcess)<br>Process data for servers collected by the Service Map and VM insights solutions using the Dependency agent and Log analytics agent. | virtualmachines | AzureResources, ServiceMap, VMInsights | No| -|
-| [W3CIISLog](/azure/azure-monitor/reference/tables/W3CIISLog)<br>Internet Information Server (IIS) log on Windows computers using the Log Analytics agent. | management, virtualmachines | LogManagement | No| [Yes](/azure/azure-monitor/reference/queries/w3ciislog)|
-| [WindowsFirewall](/azure/azure-monitor/reference/tables/WindowsFirewall) | security | Security, WindowsFirewall | No| -|
-| [WireData](/azure/azure-monitor/reference/tables/WireData)<br>Network data collected by the WireData solution using by the Dependency agent and Log analytics agent. | virtualmachines, security | WireData, WireData2 | No| [Yes](/azure/azure-monitor/reference/queries/wiredata)|
+| [ADAssessmentRecommendation](/azure/azure-monitor/reference/tables/ADAssessmentRecommendation)<br>Recommendations generated by AD assessments that are started through a scheduled task. When you schedule the assessment it runs by default every seven days and uploads the data into Azure Log Analytics. | workloads | [Active Directory On-Demand Assessment](/services-hub/unified/health/getting-started-ad) | No| [Yes](/azure/azure-monitor/reference/queries/adassessmentrecommendation)|
+| [AzureActivity](/azure/azure-monitor/reference/tables/AzureActivity)<br>Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure. | resources, audit, security | [Export Activity log](/azure/azure-monitor/essentials/activity-log) | No| [Yes](/azure/azure-monitor/reference/queries/azureactivity)|
+| [CommonSecurityLog](/azure/azure-monitor/reference/tables/CommonSecurityLog)<br>This table is for collecting events in the Common Event Format, that are most often sent from different security appliances such as Check Point, Palo Alto and more. | security | [Common Event Format (CEF) via AMA connector for Microsoft Sentinel](/azure/sentinel/data-connectors/common-event-format-cef-via-ama) | No| [Yes](/azure/azure-monitor/reference/queries/commonsecuritylog)|
+| [ConfigurationChange](/azure/azure-monitor/reference/tables/ConfigurationChange)<br>View changes to in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons | management |[Enable Change Tracking and Inventory](/azure/automation/change-tracking/enable-vms-monitoring-agent) | No| [Yes](/azure/azure-monitor/reference/queries/configurationchange)|
+| [ConfigurationData](/azure/azure-monitor/reference/tables/ConfigurationData)<br>View the last reported state for in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons | management | [Enable Change Tracking and Inventory](/azure/automation/change-tracking/enable-vms-monitoring-agent) | No| [Yes](/azure/azure-monitor/reference/queries/configurationdata)|
+| [ContainerLog](/azure/azure-monitor/reference/tables/ContainerLog)<br>Log lines collected from stdout and stderr streams for containers. | container, applications | [Container Insights](/azure/azure-monitor/containers/kubernetes-monitoring-enable) | No| [Yes](/azure/azure-monitor/reference/queries/containerlog)|
+| [DnsEvents](/azure/azure-monitor/reference/tables/DnsEvents) | network | [Stream and filter data from Windows DNS servers with Azure Monitor Agent](/azure/sentinel/connect-dns-ama) | No| [Yes](/azure/azure-monitor/reference/queries/dnsevents)|
+ | [DnsInventory](/azure/azure-monitor/reference/tables/DnsInventory) | network | [Stream and filter data from Windows DNS servers with Azure Monitor Agent](/azure/sentinel/connect-dns-ama) | No| -|
+| [Event](/azure/azure-monitor/reference/tables/Event)<br>Events from Windows Event Log on Windows computers using Azure Monitor Agent Analytics agent. | virtualmachines | [Collect events with Azure Monitor Agent](/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent) | No| [Yes](/azure/azure-monitor/reference/queries/event)|
+| [HealthStateChangeEvent](/azure/azure-monitor/reference/tables/HealthStateChangeEvent)<br>Workload Monitor Health. This data represents state transitions of a health monitor. | undefined | [VM Insights](/azure/azure-monitor/vm/vminsights-enable-overview) | No| -|
+| [Heartbeat](/azure/azure-monitor/reference/tables/Heartbeat)<br>Records logged by Azure Monitor Agent once per minute to report on agent health. | virtualmachines, container, management | [Azure Monitor Agent](/azure/azure-monitor/agents/agents-overview) | No| [Yes](/azure/azure-monitor/reference/queries/heartbeat)|
+| [InsightsMetrics](/azure/azure-monitor/reference/tables/InsightsMetrics)<br>Table that stores metrics. 'Perf' table also stores many metrics and over time they all will converge to InsightsMetrics.  | virtualmachines, container, resources | [VM Insights](/azure/azure-monitor/vm/vminsights-enable-overview), [Container Insights](/azure/azure-monitor/containers/kubernetes-monitoring-enable) | No| [Yes](/azure/azure-monitor/reference/queries/insightsmetrics)|
+| [Perf](/azure/azure-monitor/reference/tables/Perf)<br>Performance counters from Windows and Linux agents that provide insight into the performance of hardware components operating systems and applications. | virtualmachines, container | [Collect performance counters from VMs with Azure Monitor Agent](/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent) | No| [Yes](/azure/azure-monitor/reference/queries/perf)|
+| [ProtectionStatus](/azure/azure-monitor/reference/tables/ProtectionStatus)<br>Antimalware installation info and security health status of the machine: | security | [Enable Azure Monitor Agent in Defender for Cloud](/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent) | No| [Yes](/azure/azure-monitor/reference/queries/protectionstatus)|
+| [SQLAssessmentRecommendation](/azure/azure-monitor/reference/tables/SQLAssessmentRecommendation)<br>Recommendations generated by SQL assessments that are started through a scheduled task. When you schedule the assessment it runs by default every seven days and uploads the data into Azure Log Analytics. | workloads | [SQL Server On-Demand Assessment](/services-hub/unified/health/getting-started-sql) | No| [Yes](/azure/azure-monitor/reference/queries/sqlassessmentrecommendation)|
+| [SecurityBaseline](/azure/azure-monitor/reference/tables/SecurityBaseline) | security | [Enable Azure Monitor Agent in Defender for Cloud](/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent) | No| -|
+| [SecurityBaselineSummary](/azure/azure-monitor/reference/tables/SecurityBaselineSummary) | security | [Enable Azure Monitor Agent in Defender for Cloud](/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent) | No| -|
+| [SecurityEvent](/azure/azure-monitor/reference/tables/SecurityEvent)<br>Security events collected from windows machines by Azure Security Center or Azure Sentinel. | security | [Windows Security Events via AMA connector for Microsoft Sentinel](/azure/sentinel/data-connectors/windows-security-events-via-ama) | No| [Yes](/azure/azure-monitor/reference/queries/securityevent)|
+| [Syslog](/azure/azure-monitor/reference/tables/Syslog)<br>Syslog events on Linux computers using Azure Monitor Agent. | virtualmachines, security | [Collect Syslog events with Azure Monitor Agent](/azure/azure-monitor/agents/data-collection-syslog) | No| [Yes](/azure/azure-monitor/reference/queries/syslog)|
+| [Update](/azure/azure-monitor/reference/tables/Update)<br>Details for update schedule run. Includes information such as which updates where available and which were installed. | management, security | [Enable Update Management](/azure/automation/update-management/enable-from-portal) | No| [Yes](/azure/azure-monitor/reference/queries/update)|
+| [UpdateRunProgress](/azure/azure-monitor/reference/tables/UpdateRunProgress)<br>Breaks down each run of your update schedule by the patches available at the time with details on the installation status of each patch. | management | [Enable Update Management](/azure/automation/update-management/enable-from-portal) | No| [Yes](/azure/azure-monitor/reference/queries/updaterunprogress)|
+| [UpdateSummary](/azure/azure-monitor/reference/tables/UpdateSummary)<br>Summary for each update schedule run. Includes information such as how many updates weren't installed. | virtualmachines | [Enable Update Management](/azure/automation/update-management/enable-from-portal) | No| [Yes](/azure/azure-monitor/reference/queries/updatesummary)|
+| [VMBoundPort](/azure/azure-monitor/reference/tables/VMBoundPort)<br>Traffic for open server ports on the monitored machine. | virtualmachines | [VM Insights](/azure/azure-monitor/vm/vminsights-enable-overview) | No| -|
+| [VMComputer](/azure/azure-monitor/reference/tables/VMComputer)<br>Inventory data for servers collected by the Service Map and VM insights solutions using the Dependency agent and Azure Monitor Agent. | virtualmachines | [VM Insights](/azure/azure-monitor/vm/vminsights-enable-overview) | No| -|
+| [VMConnection](/azure/azure-monitor/reference/tables/VMConnection)<br>Traffic for inbound and outbound connections to and from monitored computers. | virtualmachines | [VM Insights](/azure/azure-monitor/vm/vminsights-enable-overview) | No| -|
+| [VMProcess](/azure/azure-monitor/reference/tables/VMProcess)<br>Process data for servers collected by the Service Map and VM insights solutions using the Dependency agent and Azure Monitor Agent. | virtualmachines | [VM Insights](/azure/azure-monitor/vm/vminsights-enable-overview) | No| -|
+| [W3CIISLog](/azure/azure-monitor/reference/tables/W3CIISLog)<br>Internet Information Server (IIS) log on Windows computers using Azure Monitor Agent. | management, virtualmachines | [Collect IIS logs with Azure Monitor Agent](/azure/azure-monitor/agents/data-collection-iis) | No| [Yes](/azure/azure-monitor/reference/queries/w3ciislog)|
+| [WindowsFirewall](/azure/azure-monitor/reference/tables/WindowsFirewall) | security | [Enable Azure Monitor Agent in Defender for Cloud](/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent) | No| -|
 
 [!INCLUDE [horz-monitor-ref-activity-log](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-activity-log.md)]