Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

how many alerts MAX

Copper Contributor

First of all, thanks for the help.

I would like to know what is the current alert limit of Azure Sentinel.

We are a SOC with many alerts of its own and I think there is a limitation.

We use an MSSP model with Lighthouse

Thanks in advance.

I would also like to confirm the limit of Workspace that we can manage, if it is 20.

2 Replies
At any point of time you can view the incidents of 10 workspaces only using light house and coming to the limitation of alerts on sentinel. I dont think there is any limitation on the alerts Azure Sentinel can trigger. You may not see the older alerts if it crosses the Sentinel retention period
10 is a limit in the Azure Sentinel UI, you can use a Workbook (example is "Sentinel Central" - see Workbooks - Templates), from which can see 10+ workspaces, or those you select. Or you can use a cross workspace query to look over 10+ (which is what the workbook does). Please note accessing lots of workspaces (especially across regions) can be slow. please see: https://www.linkedin.com/pulse/announcing-azure-sentinel-central-workbook-clive-watson/