Defender for Endpoints for Servers: Workspace ID

Contributor

There are 2 places we get Workspace ID while working with server onboarding
In Defender for Endpoint portal (securitycenter.microsoft.com) > Onboarding
In Azure security center > when creating a new workspace for onboarding new servers

 

Question:
Which workspace ID do we use when installing MMA agent manually on onprem servers (2012, 2016, 2019 OS)?

 

My understanding is, if we want to onboard only to Defender for endpoints then use workspace ID from Defender for endpoint portal.
If we want to onboard to both Defender for endpoints + Azure security center use Workspace ID from Azure security center.

1 Reply

@Pa_D I've used the workspace id from Azure Security Center. Having the servers with MMA agent and tie up with Azure security center gives you a lot more information. You get details on vulnerable configurations, missing updates, improvement actions to further strengthen security are few of them