Azure - Windows Security Events

Occasional Contributor


I am looking at options to monitor Azure VM OS security events and it seems that I have two options:

Azure Sentinel via a connector - see link 

Azure VM Diagnostics, which are ingested into a Storage Account 


Both of these options would allow the collection of  the Security Events (audit success / failure)

I am aware that in the past I could have done this via Azure Defender as well under the data collection settings.  

I just want to ensure I have understood this correctly 

0 Replies