Sep 13 2021
I am looking at options to monitor Azure VM OS security events and it seems that I have two options:
Azure Sentinel via a connector - see link
Azure VM Diagnostics, which are ingested into a Storage Account
Both of these options would allow the collection of the Security Events (audit success / failure)
I am aware that in the past I could have done this via Azure Defender as well under the data collection settings.
I just want to ensure I have understood this correctly