From 51a9cbad3e41cae703e045380b405ff6b2a2ce2d Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 13 Apr 2020 09:38:47 +0500
Subject: [PATCH] Update evaluate-controlled-folder-access.md

---
 .../evaluate-controlled-folder-access.md                       | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
index da28a46770..1d9da1a791 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
@@ -58,6 +58,9 @@ Event ID | Description
  1124 | Audited controlled folder access event
  1123 | Blocked controlled folder access event
 
+> [!TIP]
+> You can configure a [Windows Event Forwarding subscription](https://docs.microsoft.com/windows/win32/wec/setting-up-a-source-initiated-subscription) to collect the logs centrally. 
+
 ## Customize protected folders and apps
 
 During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files.