If you are wondering why your Azure subscription has a resource group called DefaultResourceGroup-XXX (the XXX is related to your region) and within that same resource group you have a DefaultWorkspace-<SubscriptionID>-XXX, there is a logical explanation, and it is associated with Azure Security Center.
We can see that pattern in the image depicted below, where the log analytics (Item 1) and the default resource group (Item 2) is highlighted in the same image.
Can we change this behavior from Azure Security Center? Of course! Logged on the Azure Security Center, click on Pricing & settings, select the subscription from the list, then click on Data collection. In the Workspace configuration section, we can check that the default is being configured, which is Use workspace(s) created by Security Center (default).
Featured image: Shutterstock
Great solution, thank you for providing this!
Am I wrong or this feature does not exist anymore?
Setting is now under
* ASC > (Management) Pricing & settings > [select subscription]
then
* ASC Settings > Auto provisioning > (Extensions) Log Analytics agent for Azure VMs > Edit configuration
then
* Workspace configuration
There are two options there
* Default workspace
* Different workspace
This can also be created/used by Application Insights. Go to Application Insights > Choose an Instance > Properties > WORKSPACE