No Security Alerts ProtectionStatus table missing

%3CLINGO-SUB%20id%3D%22lingo-sub-1528600%22%20slang%3D%22en-US%22%3ENo%20Security%20Alerts%20ProtectionStatus%20table%20missing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1528600%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3EI%20have%20enabled%20Security%20Center%20Standard%20on%20one%20of%20my%20subscriptions%20that%20already%20had%20Log%20analytics%20set%20up%20for%20the%20VM's%20so%20I%20don't%20want%20to%20enable%20auto%20provisioning%20in%20Security%20Center.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22Endpoint%20Protection%20not%20installed%20on%20Azure%20VMs%22%20status%20has%20been%20remediated%20and%20is%20green.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tested%20the%20alert%20by%20using%20this%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-alert-validation%23validate-alerts-on-windows-vms-%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-alert-validation%23validate-alerts-on-windows-vms-%3C%2FA%3E%3C%2FP%3E%3CP%3EBut%20I%20see%20no%20alerts.%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20also%20checked%20the%20log%20analytics%20workspace%20that%20the%20computers%20are%20connected%20to%20(two%20different)%20and%20neither%20of%20them%20have%20the%20ProtectionStatus%20table%20present.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20I'm%20trying%20to%20figure%20out%20what%20step%20is%20missing.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi

I have enabled Security Center Standard on one of my subscriptions that already had Log analytics set up for the VM's so I don't want to enable auto provisioning in Security Center.

 

"Endpoint Protection not installed on Azure VMs" status has been remediated and is green.

 

I tested the alert by using this
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation#validate-ale...

But I see no alerts. 

I've also checked the log analytics workspace that the computers are connected to (two different) and neither of them have the ProtectionStatus table present. 

 

So I'm trying to figure out what step is missing. 

1 Reply

@PatrikHansson 

Can answer my own question after some testing. You have to enable the standard tier on the Log analytics workspace as well as the subscription. Couldn't find any clear documentation on this but after I did it for the workspace my azure vm was connected to it works.