Forum Discussion
Solved
Microsoft Sentinel workspace design
Hello everyone,
Microsoft Sentinal sample workspace designs listed here do not fit my requirements
https://learn.microsoft.com/en-us/azure/sentinel/sample-workspace-designs
Could anyone please suggest a Sentinal workspace design for an organization with the following requirements:
- Single Azure tenant
- 20 departments/affiliates/ownership
- Split billing /chargeback among different departments/affiliates/ownership
- Segregate data or define boundaries based on departments/affiliates/ownership
- Single SOC team
- Different operational teams (departments/affiliates/ownership)
A general conceptual design will be useful!
Thank you very much
- Sounds like you would need a different Sentinel instance per department (possibly each one in its own subscription to make billing easier). Your SOC team would have to have Lighthouse setup to each of these instances in order to be able to see the incidents and respond to them.
It would be very difficult to give you a good design just using this forum. You would probably be better off working with a consultant to give you a thorough design.
- GBushey
Microsoft
Sounds like you would need a different Sentinel instance per department (possibly each one in its own subscription to make billing easier). Your SOC team would have to have Lighthouse setup to each of these instances in order to be able to see the incidents and respond to them.
It would be very difficult to give you a good design just using this forum. You would probably be better off working with a consultant to give you a thorough design.
