Forum Discussion
Sending Windows security event logs from domain-joined on-premise Windows Servers
Hi all, I have two on-premises Windows servers that only have domain joined to local domain controller. I understand that there was a forum to send logs through WEF via AMA collector - Forward On-Pr...
Jacky_Tse We have this setup and you don't need your on-prem machines to join an Azure-AD domain. However, you do need to onboard those two servers to Azure Arc to install the AMA. However, there is bit of configuration needs to be done for AMA, such as data collection rules. That is pretty much our setup for windows logs. All windows servers forward event logs to those two VMs, then these VMs send it to Sentinel using AMA that was installed through Arc.