Exam AZ-801 topic 5 question 12 discussion

HOTSPOT -
You have an on-premises server named Server1 and a Microsoft Sentinel instance.
You plan to collect Windows Defender Firewall events from Server1 and analyze the event data by using Microsoft Sentinel.
What should you install on Server1, and which information should you provide during the installation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:
Box 1: Azure Monitor agent -
The Azure Monitor agent supports Log Analytics, Metrics explorer, and Microsoft Sentinel.
Note: The Azure Monitor agent is meant to replace the Log Analytics agent, Azure Diagnostic extension and Telegraf agent for both Windows and Linux machines. It can send data to both Azure Monitor Logs and Azure Monitor Metrics and uses Data Collection Rules (DCR) which provide a more scalable method of configuring data collection and destinations for each agent.
Use the Azure Monitor agent if you need to:
* Collect guest logs and metrics from any machine in Azure, in other clouds, or on-premises. (Azure Arc-enabled servers required for machines outside of Azure.)
* Manage data collection configuration centrally, using data collection rules and use Azure Resource Manager (ARM) templates or policies for management overall.
* Send data to Azure Monitor Logs and Azure Monitor Metrics (preview) for analysis with Azure Monitor.
* Use Windows event filtering or multi-homing for logs on Windows and Linux.
Box 2: The Azure Log Analytics workspace ID and workspace key
The Azure Monitor agent sends data to Azure Monitor Metrics (preview) or a Log Analytics workspace supporting Azure Monitor Logs.
Enable Microsoft Defender for Cloud monitoring of on-premises Windows computers.
1. In the Azure portal on the Defender for Cloud - Overview blade, select the Get Started tab.
2. Select Configure under Add new non-Azure computers. A list of your Log Analytics workspaces displays, and should include the Defender for Cloud-
SentinelWorkspace.
3. Select this workspace. The Direct Agent blade opens with a link for downloading a Windows agent and keys for your workspace identification (ID) to use when you configure the agent.
4. Select the Download Windows Agent link applicable to your computer processor type to download the setup file.
5. To the right of Workspace ID, select Copy, and then paste the ID into Notepad.
6. To the right of Primary Key, select Copy, and then paste the key into Notepad.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/hybrid/hybrid-security-monitoring https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview