Microsoft Sentinel workspace design

Emutahar505 · ‎Dec 11 2022

Hello everyone,

Microsoft Sentinal sample workspace designs listed here do not fit my requirements

https://learn.microsoft.com/en-us/azure/sentinel/sample-workspace-designs

Could anyone please suggest a Sentinal workspace design for an organization with the following requirements:

Single Azure tenant
20 departments/affiliates/ownership
Split billing /chargeback among different departments/affiliates/ownership
Segregate data or define boundaries based on departments/affiliates/ownership
Single SOC team
Different operational teams (departments/affiliates/ownership)

A general conceptual design will be useful!

Thank you very much

Emutahar505 · ‎Dec 12 2022

Sounds like you would need a different Sentinel instance per department (possibly each one in its own subscription to make billing easier). Your SOC team would have to have Lighthouse setup to each of these instances in order to be able to see the incidents and respond to them.

It would be very difficult to give you a good design just using this forum. You would probably be better off working with a consultant to give you a thorough design.

Emutahar505 · ‎Dec 12 2022

Sounds like you would need a different Sentinel instance per department (possibly each one in its own subscription to make billing easier). Your SOC team would have to have Lighthouse setup to each of these instances in order to be able to see the incidents and respond to them.

It would be very difficult to give you a good design just using this forum. You would probably be better off working with a consultant to give you a thorough design.

View solution in original post

Microsoft Sentinel workspace design

Microsoft Sentinel workspace design

Re: Microsoft Sentinel workspace design

Re: Microsoft Sentinel workspace design

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Microsoft Sentinel workspace design