Forum Discussion

AnuragSrivastava's avatar
AnuragSrivastava
Iron Contributor
Jul 06, 2021

Microsoft Defender for Endpoint Audit Logs

Is there a way to check who created the Microsoft Defender for Endpoint instance in the first place and set up the Data Storage option.
 
may we can run some queries to get the activity logs on who created the instance and set the Data Storage option and Data Retention option.
microsoft defender for endpoint
  • pelegrini's avatar
    pelegrini
    Copper Contributor
    Jul 08, 2021
    Hi Anurag, here in my job, we use MMA (Microsoft Monitoring Agent) for send Security Audit Logs for Azure Sentinel, this delivery security logs which event id 4624, 4634, 4667 among others. I hope help you.
  • pvanberlo's avatar
    pvanberlo
    Steel Contributor
    Jul 06, 2021
    I don't recall seeing this info either in the Azure AD Audit Logs or the Microsoft 365 Audit Logs, so my guess would be that this is not an event that can be seen by normal admins. Microsoft has more audit logging in their backend, so if it's not in the usual places, perhaps this is something Microsoft support can help you with.

Resources