![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 69%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER7%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,798 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
@RT-7199 , Thank you for the detailed information in the question.
Based on the information, you have added "Microsoft Monitoring Agent" (also know as MMA, Log Analytics Agent or LA agent). It is by design that you cannot see the security event in the LA workspace when using this agent. See the Important section in the following link for more details - Configure Windows event logs.
Therefore, to collect the security event logs, you must use Microsoft Defender for Cloud or Microsoft Sentinel
Alternatively, you can migrate the monitoring from this agent to newer Azure Monitor Agent where you can configure Data collection rules for collecting security event logs. Note that the Microsoft Monitoring Agent (LA Agent) will be retired by August 31, 2024. Therefore, I would recommend to start planning the migration from legacy MMA to newer AMA. For more details, see Migrate to Azure Monitor Agent from Log Analytics agent
Please let me know if you have any questions.
If the aswer did not help, please add more context/followup question for it, and we will help you out, else please click Accept answer so that it can help others in the community looking for help on similar topics.