![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 75%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,165 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Thank you for reaching out to us.
Yes, there is another way to store the logs from CloudAppEvents or DeviceRegistryEvents tables without ingesting them into Microsoft Sentinel. You can use Microsoft Defender for Endpoint to stream Advanced Hunting events to your Storage account.
Reference: https://learn.microsoft.com/en-us/defender-endpoint/api/raw-data-export-storage
Once the data is stored in your Storage account, you can use Azure Blob Storage lifecycle management to automatically move the data to cold storage after a certain period of time. This can help reduce the cost of storing the data over the long term.
Reference: https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-overview
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.