Design guidance

Occasional Visitor

We are a relatively small smb with 100+ user which are developing software. Our internal infrastructure is spread over a few locations in Europe and in our offices we mainly have a couple of switches, firewall and some WiFi access points. Our employees have laptop with azure AD joined windows 10 and they login using their O365 credentials.

 

almost all of our servers are either in azure UK or west Europe. We also heavily uses SAAS solutions for help desk, CRM and source code (Azure Devops).

 

since we are developing software we also have a few subscriptions in Azure where we hosts the servers running our software. The products we sell stands for about 70% of our cloud cost, and we like to keep them separated from the company intern servers in azure.

 

There are no limited connections between our internal IT and the services we hosts. They are on separate networks with their vpn gateways.

 

We are now looking into sentinel for security and logging purposes and are trying to figure out if we are to use separate sentinel instances for the various products, and then one for internal IT. 

anyone see any pros and cons of this? The analysts of the products sentinel would most likely be not be working with the internal  IT alerts and vise versa. 

1 Reply

@Joachims1975 Take a look at this link here: https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants#:~:text=Th...

If you are using multiple tenants and are spread across different geographies, then you would need multiple instances. 

 

Let me know if this helps.