Forum Discussion

msmotto21's avatar
msmotto21
Copper Contributor
Oct 06, 2021

Azure Security Center Logging via AMA Agent vs. MMA

I would like to separate performance and diagnostic data from security data. With the MMA it is only possible to send to one Log Analytic Workspace and has no capability to separate data. With MMA you can restrict access to the relevant tables like SecurityEvent can only be distinguished via access rights in RBAC and you can handle retention time individually  via rules. However, due to compliance requirements, you often want to define separate log targets from scratch in order to handle them independently of each other. So requirement is to end up with two seperate LAWs. For this I found the new Azure Monitor Agent which allows to send data to two different LAWs via Data Collection Rules and thus enables a data separation. Now I have the question from Security Center point of view if I can do without the classic MMA agent on the machines or if I still need it for Defender and co. on the machines?

Kind Regards

Sebastian

No RepliesBe the first to reply

Resources