Azure - Windows Security Events

Hi, 

I am looking at options to monitor Azure VM OS security events and it seems that I have two options:

Azure Sentinel via a connector - see https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events?tabs=LAA 

Azure VM Diagnostics, which are ingested into a Storage Account 

Both of these options would allow the collection of  the Security Events (audit success / failure)

I am aware that in the past I could have done this via Azure Defender as well under the data collection settings.  

I just want to ensure I have understood this correctly