Forum Discussion

veesamprabhukiran's avatar
veesamprabhukiran
MCT
Mar 25, 2026

Your Sentinel AMA Logs & Queries Are Public by Default — AMPLS Architectures to Fix That

When you deploy Microsoft Sentinel, security log ingestion travels over public Azure Data Collection Endpoints by default. The connection is encrypted, and the data arrives correctly — but the endpoint is publicly reachable, and so is the workspace itself, queryable from any browser on any network.

For many organisations, that trade-off is fine. For others — regulated industries, healthcare, financial services, critical infrastructure — it is the exact problem they need to solve.

Azure Monitor Private Link Scope (AMPLS) is how you solve it.

What AMPLS Actually Does

AMPLS is a single Azure resource that wraps your monitoring pipeline and controls two settings:

  • Where logs are allowed to go (ingestion mode: Open or PrivateOnly)
  • Where analysts are allowed to query from (query mode: Open or PrivateOnly)

Change those two settings and you fundamentally change the security posture — not as a policy recommendation, but as a hard platform enforcement. Set ingestion to PrivateOnly and the public endpoint stops working. It does not fall back gracefully. It returns an error. That is the point.

It is not a firewall rule someone can bypass or a policy someone can override. Control is baked in at the infrastructure level.

Three Patterns — One Spectrum

There is no universally correct answer. The right architecture depends on your organisation's risk appetite, existing network infrastructure, and how much operational complexity your team can realistically manage. These three patterns cover the full range:

Architecture 1 — Open / Public (Basic)

No AMPLS. Logs travel to public Data Collection Endpoints over the internet. The workspace is open to queries from anywhere. This is the default — operational in minutes with zero network setup.

Cloud service connectors (Microsoft 365, Defender, third-party) work immediately because they are server-side/API/Graph pulls and are unaffected by AMPLS. Azure Monitor Agents and Azure Arc agents handle ingestion from cloud or on-prem machines via public network.

  • Simplicity: 9/10 | Security: 6/10
  • Good for: Dev environments, teams getting started, low-sensitivity workloads

Architecture 2 — Hybrid: Private Ingestion, Open Queries (Recommended for most)

AMPLS is in place. Ingestion is locked to PrivateOnly — logs from virtual machines travel through a Private Endpoint inside your own network, never touching a public route. On-premises or hybrid machines connect through Azure Arc over VPN or a dedicated circuit and feed into the same private pipeline.

Query access stays open, so analysts can work from anywhere without needing a VPN/Jumpbox to reach the Sentinel portal — the investigation workflow stays flexible, but the log ingestion path is fully ring-fenced. You can also split ingestion mode per DCE if you need some sources public and some private.

This is the architecture most organisations land on as their steady state.

  • Simplicity: 6/10 | Security: 8/10
  • Good for: Organisations with mixed cloud and on-premises estates that need private ingestion without restricting analyst access

Architecture 3 — Fully Private (Maximum Control)

Infrastructure is essentially identical to Architecture 2 — AMPLS, Private Endpoints, Private DNS zones, VPN or dedicated circuit, Azure Arc for on-premises machines. The single difference: query mode is also set to PrivateOnly.

Analysts can only reach Sentinel from inside the private network. VPN or Jumpbox required to access the portal. Both the pipe that carries logs in and the channel analysts use to read them are fully contained within the defined boundary.

This is the right choice when your organisation needs to demonstrate — not just claim — that security data never moves outside a defined network perimeter.

  • Simplicity: 2/10 | Security: 10/10
  • Good for: Organisations with strict data boundary requirements (regulated industries, audit, compliance mandates)

Quick Reference — Which Pattern Fits?

ScenarioArchitecture
Getting started / low-sensitivity workloadsArch 1 — No network setup, public endpoints accepted
Private log ingestion, analysts work anywhereArch 2 — AMPLS PrivateOnly ingestion, query mode open
Both ingestion and queries must be fully privateArch 3 — Same as Arch 2 + query mode set to PrivateOnly

One thing all three share: Microsoft 365, Entra ID, and Defender connectors work in every pattern — they are server-side pulls by Sentinel and are not affected by your network posture.

Please feel free to reach out if you have any questions regarding the information provided. 

alerts
analytics
apis
automation
azure
monitoring
siem
what's new
No RepliesBe the first to reply