deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

40012854 - Clarify LogAnalytics may extract MI logs after opt-in

Browse Source
This commit is contained in:
valemieux
2022-06-20 13:19:42 -07:00
parent bf0939d2f0
commit bec0a9d00a
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
View File

@ -52,6 +52,9 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
## Diagnostic events for Intelligent Security Graph (ISG) and Managed Installer (MI)
> [!NOTE]
> When Managed Installer is enabled, customers using LogAnalytics should be aware that Managed Installer may fire many 3091 events. Customers may need to filter out these events to avoid high LogAnalytics costs.
Events 3090, 3091 and 3092 prove helpful diagnostic information when the ISG or MI option is enabled by any WDAC policy. These events can help you debug why something was allowed/denied based on managed installer or ISG. These events do not necessarily indicate a problem but should be reviewed in context with other events like 3076 or 3077 described above.
| Event ID | Explanation |