Design Planning (Part 2)

 




To read part 1, please click here
To read part 3, please click here




Number of Azure Resource Groups

A Microsoft Sentinel Log Analytics workspace resides in a resource group, which is a container holding related resources for an Azure solution or Microsoft Sentinel. These resource groups allows granularity in assigning permissions and logical grouping of resources according to their purpose. So, Microsoft Sentinel can use multiple resources like Log Analytics workspaces, workbooks, Logic Apps, API connections, functions apps, VMs, and many others. Generally, a single resource group is sufficient, but in some instances, the full solution may span multiple resource groups.

Hence, it is recommended to maintain all Microsoft Sentinel-related resources in a dedicated resource group, if a dedicated subscriptions is not practical. 

Distribution of Azure PaaS Resources

There is no cost for traffic that spans between Azure PaaS region. However, the traffic egressed to non-Azure environments (such as internet and on-premises VPN) incurs a bandwidth cost. Hence, the cost of transferring data out of other Azure regions or other cloud providers should be understood and considered as an additional cost.

So, the preferred location should be in the region with majority of log-generating Azure resources. Multiple Microsoft Sentinel instances can be deployed, but the reduced bandwidth costs should be weighed against the additional management complexity.

Data Segregation Requirements

Some organizations strictly requires the access of logging data between different business units due to legislative or regulatory compliance requirements or internal dictates. permissions can be applied to specific logging data within a single Microsoft Sentinel instance, but for full, clear isolation, a dedicated Microsoft Sentinel instance should be considered. 

Conclusion

More key factors that affects the initial architecture for deployments are discussed here.


To read part 1, please click here
To read part 3, please click here


































Comments

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

APT29: A Russian Hacker Group