![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 0%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPF%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 44%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
Hello Pablo Fuenzalida,
Thank you for reaching out to Microsoft Q&A forum!
- Log Analytics Agent Integration: The Log Analytics agent is essential for collecting data from your workloads and enabling robust security monitoring. When it’s active, Defender for Cloud automatically deploys the agent on all supported Azure VMs and any new ones created. To configure integration with the Log Analytics agent, follow these steps: From Defender for Cloud’s menu, navigate to Environment settings. Select the relevant subscription. In the Monitoring Coverage column of the Defender plans, click Settings. In the configuration options pane, define the workspace to use:
Adjust the Windows security events configuration to store the desired amount of raw event data1.**Connect Azure VMs to the default workspaces** created by **Defender for Cloud**. These workspaces are automatically generated in the same geolocation as your resources. If your subscription contains VMs from multiple geolocations, **Defender for Cloud** creates separate workspaces to comply with data privacy requirements. Workspace Naming Convention: Workspace: **`DefaultWorkspace-[subscription-ID]-[geo]`** Resource Group: **`DefaultResourceGroup-[geo]`** Alternatively, you can **connect Azure VMs to a different workspace**. Choose an existing workspace or create a new one. This option is useful if you’re using a centralized workspace for security data collection. If your selected workspace already has a **Security** or **SecurityCenterFree** solution enabled, pricing will be set automatically. Otherwise, install a **Defender for Cloud solution** on the workspace. - Azure Arc Integration: When connecting your machines using Azure Arc, ensure that the Log Analytics agent is installed on your Linux-based Azure Arc machines. This step allows you to benefit from the full range of protections offered by Defender for Cloud2.
- Updated Strategy: As part of the Defender for Cloud updated strategy, the Azure Monitor Agent will no longer be required for the Defender for Servers offering. However, it remains necessary for Defender for SQL Server on machines. Be aware of this adjustment in the autoprovisioning process for both agents3.
Best regards,