Thoughts on Microsoft Defender for Endpoint Enriched device data vs OMS Agent

Occasional Visitor

Hi all


Hoping for just some second thoughts / opinions really on a topic that's arisen if I may, namely:


Data received from Defender of Endpoint and new Enriched device (FileInfo, Info, Network) vs typical OMS agent installation. Is the main difference really only traditional Windows Event logs? Would you have one preference over another? or both?


We've deployed defender for endpoint to Server 2019 and thus have the enriched data coming into the DeviceXXXX tables, however, we haven't deployed the OMS agent (legacy) , so missing SecurityEvents  for the devices. Is there perhaps a middle ground?



0 Replies
We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE