Forum Discussion

Arjan Veen, van's avatar
Arjan Veen, van
Brass Contributor
Jun 30, 2022
Solved

Log Analytics design - Defender for Cloud and Sentinel

All,   When you have Defender for Cloud and Sentinel.....do you still use 2 log analytics workspaces or do you reconfigure the defender for cloud log analytics workspace to ingest the defender for ...
  • Chandrasekhar_Arya's avatar
    Chandrasekhar_Arya
    Sep 26, 2022

    Arjan Veen, van one log analytics is good enough to you can forward the ASC(Azure security center/Defender alerts to  Sentinel . 

    Refer the below picture reference to one of the Microsoft source where it shows one log analytics is good enough for both Azure and On-prem 

Clive_Watson's avatar
Clive_Watson
Bronze Contributor
Jun 30, 2022
They can happily share a workspace. There are lots of options, but typically I see one workspace.
ellyse's avatar
ellyse
Icon for Microsoft rankMicrosoft
Sep 26, 2022
Hi Clive, do you know if there's any guidance or steps on how this can be set up?
  • Arjan Veen, van's avatar
    Arjan Veen, van
    Brass Contributor
    Sep 27, 2022
    Hello,

    browse to defender for cloud - Environment settings - Auto provisioning - Extensions -Log Analytics agent/Azure Monitor agent - Edit Auto-provisioning configuration - Workspace selection and select the Sentinel workspace
    • ellyse's avatar
      ellyse
      Icon for Microsoft rankMicrosoft
      Sep 27, 2022
      Hi - I'm not seeing any mention of "Auto - provisioning ..." etc in the MDC environment settings. Could it be somewhere else?
      • Rko's avatar
        Rko
        Copper Contributor
        Oct 15, 2022
        Now it´s named "Settings & Monitoring". You can see it at top of the page "Defender Plans", near "Save" icon