Azure default resource group and default workspace: What are they?

If you are wondering why your Azure subscription has a resource group called DefaultResourceGroup-XXX (the XXX is related to your region) and within that same resource group you have a DefaultWorkspace-<SubscriptionID>-XXX, there is a logical explanation, and it is associated with Azure Security Center.

We can see that pattern in the image depicted below, where the log analytics (Item 1) and the default resource group (Item 2) is highlighted in the same image.

Azure default workspace

Can we change this behavior from Azure Security Center? Of course! Logged on the Azure Security Center, click on Pricing & settings, select the subscription from the list, then click on Data collection. In the Workspace configuration section, we can check that the default is being configured, which is Use workspace(s) created by Security Center (default).

Featured image: Shutterstock

About The Author

4 thoughts on “Azure default resource group and default workspace: What are they?”

  1. Setting is now under
    * ASC > (Management) Pricing & settings > [select subscription]
    * ASC Settings > Auto provisioning > (Extensions) Log Analytics agent for Azure VMs > Edit configuration
    * Workspace configuration

    There are two options there
    * Default workspace
    * Different workspace

  2. This can also be created/used by Application Insights. Go to Application Insights > Choose an Instance > Properties > WORKSPACE

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top