![]() The Log Analytics agent supports TLS 1.2 to ensure data security in transit between the agent and the Log Analytics service, as well as the FIPS 140 standard. To start validating your compliance, assess your data sources, and how and where they send data. Storing and processing EU data in the EU - EU policy blog.Geographical availability and data residency.In such cases, data may be copied outside your workspace geography for processing. In Microsoft Sentinel, data is mostly stored and processed in the same geography or region, with some exceptions, such as when using detection rules that leverage Microsoft's Machine learning. Having the ability to validate and prove who has access to what data under all conditions is a critical data sovereignty requirement in many countries and regions, and assessing risks and getting insights in Microsoft Sentinel workflows is a priority for many customers. Compliance considerationsĪfter your data is collected, stored, and processed, compliance can become an important design requirement, with a significant impact on your Microsoft Sentinel architecture. Partner data connectors are often based on API or agent collections, and therefore are not attached to a specific Azure AD tenant. Use Azure Lighthouse to help manage multiple Microsoft Sentinel instances in different tenants. This applies to connectors such as Azure Firewall, Azure Storage, Azure Activity or Azure Active Directory. If you have multiple tenants, such as if you're a managed security service provider (MSSP), we recommend that you create at least one workspace for each Azure AD tenant to support built-in, service to service data connectors that work only within their own Azure AD tenant.Īll connectors based on diagnostics settings cannot be connected to a workspace that is not located in the same tenant where the resource resides. For more information, see Microsoft Sentinel costs and billing. When determining how many tenants and workspaces to use, consider that most Microsoft Sentinel features operate by using a single workspace or Microsoft Sentinel instance, and Microsoft Sentinel ingests all logs housed within the workspace.Ĭosts are one of the main considerations when determining Microsoft Sentinel architecture. For example, many organizations have a cloud environment that contains multiple Azure Active Directory (Azure AD) tenants, resulting from mergers and acquisitions or due to identity separation requirements. While fewer workspaces are simpler to manage, you may have specific needs for multiple tenants and workspaces. See our video: Architecting SecOps for Success: Best Practices for Deploying Microsoft Sentinel Tenancy considerations ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |