Thoughts on Microsoft Defender for Endpoint Enriched device data vs OMS Agent

Copper Contributor

Hi all

 

Hoping for just some second thoughts / opinions really on a topic that's arisen if I may, namely:

 

Data received from Defender of Endpoint and new Enriched device (FileInfo, Info, Network) vs typical OMS agent installation. Is the main difference really only traditional Windows Event logs? Would you have one preference over another? or both?

 

We've deployed defender for endpoint to Server 2019 and thus have the enriched data coming into the DeviceXXXX tables, however, we haven't deployed the OMS agent (legacy) , so missing SecurityEvents  for the devices. Is there perhaps a middle ground?

 

Thanks!

0 Replies