First off, for planning purposes it would be great to get a feeling of your usage of ADX for Sentinel storage.
Planning Feedback: Understanding ADX Usage
If you have data stored in Azure Data Explorer (ADX), we would like to understand your use cases and feedback when it comes to querying data from ADX. This helps us understand your ADX usage and plan the future ADX capabilities with Microsoft Sentinel.
Secondly - and I know this is a big one for a lot of organizations - we’d love to get your feedback on the RBAC req’s for Microsoft Sentinel.
Microsoft Sentinel RBAC Requirements
We are looking to learn more about your experience with the existing Role-Based Access Control (RBAC) capabilities and explore opportunities for improvement. Please share any of your requirements for role or attribute-based access control (R/ABAC) for configuring your Sentinel workspaces, or accessing any of the content (Analytics, Watchlists, Automation Rules, etc.) within it.
Survey on Resiliency and BCDR Options for Microsoft Sentinel
SIEMs are deemed to be mission critical systems that are essential in ensuring that the SOC remains operational in the event of any disruption. While the cloud provides inherent resiliency benefits, and the Microsoft Sentinel service is designed with internal resiliency and failover mechanisms, some Enterprises have expressed a desire to have additionalBusiness Continuity and Disaster Recovery (BCDR) capabilities to increase resiliency.
Given that Enterprises have varying BCDR objectives and have to strike a balance between (residual) risk, deployment complexity and cost - we would like to gather your feedback on what BCDR means to you, what is lacking, and how we can do better.