Log Analytics workspace
Hello, can anyone help me understand the workspace used for Defender for Cloud How to identify which workspace is Defender for cloud connected to, older version of Defender for cloud has clear mention of the workspace name to which it is connected, the latest version just displays it as "Default Workspace" not the actual name of the workspace, as there are multiple "Default workspaces" in a subscription/Tenant. Thanks in Adv.Which VM security events are requried for enhanced security features, e.g. in Defender for Servers?
Hi Azure Cloud Defenders! I would like to understand which Defender for Cloud Features require VM Security Events to be collected and to which extent. According to a recent Webinar, it is a common misconception that Threat Detection and Vulnerability Assessments for VMs rely on that data beeing collected/ingested. On the other hand the docs, e.g. for adaptive application control, let me assume that gathering those events/logs is required for that feature. Can someone explain for which cases/scenarios event logs from VMs must be collected and ingested into the log analytics workspace? Furthermore, it would be good to know the level of data to store (all events, common, minimal) for each case. Thank you very much in advance!Defender for Server deployed, integration for DfE checked, but M365 Defender showing "Can be onboard
I'm sure I'm missing something in the slightly complicated way of enabling servers for DfE via Defender for Cloud Server. The licensing is in-place the checkboxes to share data are ticked. The servers are showing as onboarded in Defender for Cloud however, the one portal to rule them all - Microsoft Defender 365 - is still showing the servers as "Can be onboarded" and missing the data of a properly onboarded DfE client. Where should I start my troubleshooting to determine what I've missed or what is going wrong? Paul
