This workspace is located in Contoso Azure AD tenant, within EU North region, and is being used to collect logs from Azure VMs in all regions. Contoso access requirementsĬontoso’s Azure environment already has a single existing Log Analytics workspace used by the Operations team to monitor the infrastructure. Contoso uses Microsoft Defender for servers on all their Azure VMs.Ĭontoso expects to ingest around 300 GB/day from all of their data sources. Multiple Azure PaaS resources, such as Azure Firewall, AKS, Key Vault, Azure Storage, and Azure SQLĪzure VMs are mostly located in the EU North region, with only a few in US East and West Japan.CEF, from multiple on-premises networking devices, such as Palo Alto, Cisco ASA, and Cisco Meraki.Syslog, from both on-premises and Azure VM sources.Windows Security Events, from both on-premises and Azure VM sources.Each tenant has its own Office 365 instance and multiple Azure subscriptions, as shown in the following image:Ĭontoso compliance and regional deploymentĬontoso currently has Azure resources hosted in three different regions: US East, EU North, and West Japan, and strict requirement to keep all data generated in Europe within Europe regions.īoth of Contoso's Azure AD tenants have resources in all three regions: US East, EU North, and West Japan Contoso resource types and collection requirementsĬontoso needs to collect events from the following data sources: Contoso tenantsĭue to an acquisition several years ago, Contoso has two Azure AD tenants: and. Recently, Contoso has migrated their productivity suite to Office 365, with many workloads migrated to Azure. Contoso has offices around the world, with important hubs in New York City and Tokyo. The Contoso Corporation is a multinational business with headquarters in London. For more information, see Microsoft Sentinel workspace architecture best practices. The samples in this article use the Microsoft Sentinel workspace design decision tree to determine the best workspace design for each organization. Multiple tenants, with multiple regions and centralized security.Multiple-tenants and regions, with European Data Sovereignty requirements.This article describes suggested workspace designs for organizations with the following sample requirements:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |