Hi, Maybe I'm missing something, but does anyone know how to view the 'Audit Only' logs for InTune? I've it setup for Win 10 End Point Protection > Microsoft Defender Exploit Guard > Process creation from Office communication products (beta). I've enabled InTune to use Log Analytics, but can't see how to query this or where to start from. Thanks.

securitycenter.microsoft.com (if you have an MDATP subscription) otherwise they are stored in the local event logs of each machine. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/event-views

sp-jmglade

Iron Contributor

Jul 07, 2020

Solved

View 'Audit Only' results

Hi,

Maybe I'm missing something, but does anyone know how to view the 'Audit Only' logs for InTune? I've it setup for Win 10 End Point Protection > Microsoft Defender Exploit Guard > Process creation from Office communication products (beta).

I've enabled InTune to use Log Analytics, but can't see how to query this or where to start from.

Thanks.

Intune

Security Center Recommendations

Joe Stocker
Jul 24, 2020
securitycenter.microsoft.com (if you have an MDATP subscription) otherwise they are stored in the local event logs of each machine. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/event-views

2 Replies

Moe_Kinani
Bronze Contributor
Jul 24, 2020
Agree with Joe, If you use log analytics, you need to install the agent on the PCs and then you can query info you need.

Moe
Joe Stocker
Bronze Contributor
Jul 24, 2020
securitycenter.microsoft.com (if you have an MDATP subscription) otherwise they are stored in the local event logs of each machine. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/event-views

Forum Discussion

View 'Audit Only' results

2 Replies

Resources