Forum Discussion

Arjan Veen, van's avatar
Arjan Veen, van
Brass Contributor
Jun 30, 2022
Solved

Log Analytics design - Defender for Cloud and Sentinel

All,   When you have Defender for Cloud and Sentinel.....do you still use 2 log analytics workspaces or do you reconfigure the defender for cloud log analytics workspace to ingest the defender for ...
  • Chandrasekhar_Arya's avatar
    Chandrasekhar_Arya
    Sep 26, 2022

    Arjan Veen, van one log analytics is good enough to you can forward the ASC(Azure security center/Defender alerts to  Sentinel . 

    Refer the below picture reference to one of the Microsoft source where it shows one log analytics is good enough for both Azure and On-prem 

ellyse's avatar
ellyse
Icon for Microsoft rankMicrosoft
Sep 26, 2022
Hi Clive, do you know if there's any guidance or steps on how this can be set up?
Arjan Veen, van's avatar
Arjan Veen, van
Brass Contributor
Sep 27, 2022
Hello,

browse to defender for cloud - Environment settings - Auto provisioning - Extensions -Log Analytics agent/Azure Monitor agent - Edit Auto-provisioning configuration - Workspace selection and select the Sentinel workspace
  • ellyse's avatar
    ellyse
    Icon for Microsoft rankMicrosoft
    Sep 27, 2022
    Hi - I'm not seeing any mention of "Auto - provisioning ..." etc in the MDC environment settings. Could it be somewhere else?
    • Rko's avatar
      Rko
      Copper Contributor
      Oct 15, 2022
      Now it´s named "Settings & Monitoring". You can see it at top of the page "Defender Plans", near "Save" icon