AIP and Sentinel Log Analytics

Brass Contributor



Are there any best practices around Log Analytics when deploying both Azure Information Protection and MS Sentinel in the same tenant?


For example, should both automatically use the same Log Analytics space (to save costs)?


Otherwise if AIP has its own Log Analytics (and cost) and AIP data is then ingested into Sentinel (into its own Log Analytics), you will then be paying for the same data twice, as the same data will reside in both Log Analytics?




0 Replies