cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Microsoft Sentinel workspace design

Emutahar505
Copper Contributor

‎Dec 11 2022 02:57 AM

‎Dec 11 2022 02:57 AM

Microsoft Sentinel workspace design

Hello everyone, 

Microsoft Sentinal sample workspace designs listed here do not fit my requirements

https://learn.microsoft.com/en-us/azure/sentinel/sample-workspace-designs

 

Could anyone please suggest a Sentinal workspace design for an organization with the following requirements:

  1. Single Azure tenant
  2. 20 departments/affiliates/ownership
  3. Split billing /chargeback among different departments/affiliates/ownership
  4. Segregate data or define boundaries based on departments/affiliates/ownership
  5. Single SOC team
  6. Different operational teams (departments/affiliates/ownership)

A general conceptual design will be useful!

 

Thank you very much

 

782 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Emutahar505 (Copper Contributor)
GBushey

‎Dec 12 2022 03:44 AM

‎Dec 12 2022 03:44 AM

Solution

Re: Microsoft Sentinel workspace design

Sounds like you would need a different Sentinel instance per department (possibly each one in its own subscription to make billing easier). Your SOC team would have to have Lighthouse setup to each of these instances in order to be able to see the incidents and respond to them.

It would be very difficult to give you a good design just using this forum. You would probably be better off working with a consultant to give you a thorough design.
0 Likes
Reply