![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 25%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
Thank you for your post and I apologize for the delayed response!
I understand that you're trying to change the Security events storage configuration from None to All Events, but the option is greyed out even though you have the correct permissions. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.
Findings:
When it comes to changing the Security events storage configuration, I was able to reproduce your issue and to change my Security events storage configuration from None to All Events, I had to:
- Navigate to Defender for Cloud, select Environment settings.
- Select the relevant workspace.
Note: If you configured the Security Events within Azure Sentinel to change the tier, you'll need to do this in Azure Sentinel, and it will apply for Microsoft Defender for Cloud.
Additional Links:
- Setting the security event option at the workspace level
- Configure the Log Analytics agent and workspaces
- Windows security event options for the Log Analytics agent
- How can I use my existing Log Analytics workspace?
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
