SOLVED

View 'Audit Only' results

Iron Contributor

Hi,

 

Maybe I'm missing something, but does anyone know how to view the 'Audit Only' logs for InTune? I've it setup for Win 10 End Point Protection > Microsoft Defender Exploit Guard > Process creation from Office communication products (beta).

 

I've enabled InTune to use Log Analytics, but can't see how to query this or where to start from.

 

Thanks.

2 Replies
best response confirmed by sp-jmglade (Iron Contributor)
Solution
securitycenter.microsoft.com (if you have an MDATP subscription) otherwise they are stored in the local event logs of each machine. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/event-vie...
Agree with Joe, If you use log analytics, you need to install the agent on the PCs and then you can query info you need.

Moe
1 best response

Accepted Solutions
best response confirmed by sp-jmglade (Iron Contributor)
Solution
securitycenter.microsoft.com (if you have an MDATP subscription) otherwise they are stored in the local event logs of each machine. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/event-vie...

View solution in original post