Azure Security baseline for Defender for Cloud

Question

Hi,&nbsp;Looking for some help with this.&nbsp;LT-4 for the Azure Security baseline for Defender For Cloud -&nbsp;https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/security-center-security-baselinesays "Microsoft Defender for Cloud also produces security audit logs for the local administrator accounts. Enable these local admin audit logs"&nbsp;What are these audit logs - does this refer to auditing the SecurityAdmin role or something else ? How do you enable these logs ?&nbsp;Thanks, R

p4tr8k · Answer

Hi,This point applies to collecting logs from Azure Resources not directly from Defender for Cloud. Here you have a link describing what data you can and you should collect:https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components

ramurali · Answer

understood. thanks for your response.

Forum Discussion

Azure Security baseline for Defender for Cloud

https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/security-center-security-baseline

2 Replies

Resources