Use table level retention settings or automate ( Managing personal data in Log Analytics and Application Insightsīy placing workspaces in separate subscriptions, they can be billed to different parties. This is no longer needed in many cases, thanks to the introduction of table level retention settings. Historically, multiple workspaces were the only way to set different retention periods for different data types. ![]() Use resource Azure RBAC or table level Azure RBAC Regional or subsidiary SOCs' access to data relevant to their parts of the organization.Resource owners' access to data pertaining to their resources.Therefore, each Azure AD tenant requires a separate workspace.Īn organization may need to allow different groups, within or outside the organization, to access some of the data collected by Microsoft Sentinel. Microsoft Sentinel supports data collection from Microsoft and Azure SaaS resources only within its own Azure Active Directory (Azure AD) tenant boundary. The boundaries of data ownership, for example by subsidiaries or affiliated companies, are better delineated using separate workspaces. To keep data in different Azure geographies to satisfy regulatory requirements, split up the data into separate workspaces. RequirementĪ workspace is tied to a specific region. ![]() This table lists some of these scenarios and, when possible, suggests how you may use a single workspace for the scenario. While you can get the full benefit of the Microsoft Sentinel experience with a single workspace, in some cases, you might want to extend your workspace to query and analyze your data across workspaces and tenants. When you onboard Microsoft Sentinel, your first step is to select your Log Analytics workspace. Feedback In this article The need to use multiple Microsoft Sentinel workspaces
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |