Forum Discussion

Arjan Veen, van's avatar
Arjan Veen, van
Brass Contributor
Jun 30, 2022
Solved

Log Analytics design - Defender for Cloud and Sentinel

All,   When you have Defender for Cloud and Sentinel.....do you still use 2 log analytics workspaces or do you reconfigure the defender for cloud log analytics workspace to ingest the defender for ...
  • Chandrasekhar_Arya's avatar
    Chandrasekhar_Arya
    Sep 26, 2022

    Arjan Veen, van one log analytics is good enough to you can forward the ASC(Azure security center/Defender alerts to  Sentinel . 

    Refer the below picture reference to one of the Microsoft source where it shows one log analytics is good enough for both Azure and On-prem 

Arjan Veen, van's avatar
Arjan Veen, van
Brass Contributor
Sep 27, 2022
Hello,

browse to defender for cloud - Environment settings - Auto provisioning - Extensions -Log Analytics agent/Azure Monitor agent - Edit Auto-provisioning configuration - Workspace selection and select the Sentinel workspace
ellyse's avatar
ellyse
Icon for Microsoft rankMicrosoft
Sep 27, 2022
Hi - I'm not seeing any mention of "Auto - provisioning ..." etc in the MDC environment settings. Could it be somewhere else?
  • Rko's avatar
    Rko
    Copper Contributor
    Oct 15, 2022
    Now it´s named "Settings & Monitoring". You can see it at top of the page "Defender Plans", near "Save" icon