Hey!

I want to create an alert dashboard in PowerApps based on security events like logoff and logon without using Azure Sentinel or Microsoft Defender for Cloud due to client cost constraints. The Windows Agent available in Log Analytics Workspace does not provide security events but it should be possible to collect those events via Custom Logs (C:\WINDOWS\System32\winevt\logs). However, trying this triggers the error: You don't have permission to open this file. Still, I am local and global admin and this is why I am kind of confused. Does it mean that collecting those events is inherently not possible in Log Analytics Workspace or am I missing some permissions? Otherwise, I would try modifying the registry, move logs to another location and try again.