Hi GalFenig, thank you for your information. To make it clear, please forgive me to ask a question.
From your article, I understand that the aim of this is to reduce the alert noise (or false positive alerts, duplicate alerts, etc.). So if the customer wants to protect the Azure VMs, they only have to monitor the MDfC console mainly and daily. (i.e., MDE console will be used for such like drill-down purpose.) Am I right?
If not, what type (or severity) of security alerts will be ommitted to transfer from MDE to MDfC console? (i.e., when do we have to check the MDE console?)
From the point of Azure VM security, we have to use multiple VM agents, such like ASA, GC, FIM(CTA). So my afraid is that the customer (VM management team) always has to check both console (MDE/MDfC).
Thanks!