![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
1,562 questions
Defender for Cloud’s data is stored in Azure Monitor Logs (formerly known as Log Analytics). The data is stored in one or more Log Analytics workspaces within Azure.
Here's a breakdown of where the data goes:
Log Analytics Workspace: When you use Defender for Cloud, the security data it collects, such as security alerts, recommendations, and other related information, is stored in a Log Analytics workspace. This workspace acts like a central database where all the logs and data related to security monitoring are kept.
Data Storage Location: The physical location of the data is determined by the region where your Log Analytics workspace is created. When you set up the workspace, you choose a region (like West Europe, East US, etc.), and the data is stored in that Azure region. It's important to select a region that complies with your data residency requirements.
Retention and Access: You can configure how long the data is retained within the workspace and how it can be accessed. The data is accessible through various tools like Azure Monitor, Azure Security Center, and other Azure services.
So, Defender for Cloud’s data is stored securely in the Azure region where your Log Analytics workspace is hosted, and it can be accessed through Azure's monitoring and security tools.