Build with an Azure free account. Get USD200 credit for 30 days and 12 months of free services.

Start free today

Improve security with Azure Sentinel, a cloud-native SIEM and SOAR solution

Play Improve security with Azure Sentinel, a cloud-native SIEM and SOAR solution

The Discussion

  • User profile image
    Is it possible to connect azure sentinel for multiple azure ad tenants, so we can control and audit a different directory, which is not under the tenanted generated by sentinel workspace ?
  • User profile image
    Sarah Young

    Hello Oshri,

    It is only possible to connect Azure Sentinel to the Azure AD tenant that it resides in.


  • User profile image
    Great presentation @Sarah & obviously @Scott!

    Yes you are correct I wasn't sure difference between Security Center & Sentinel. Now I know :)

    However quick questions:
    1. Sentinel looks like Tenant wide where as Security center is connected per subscription and logging into one log analytics. So question is that, wouldn't security centre IaaS focus logs be duplicated in Sentinel logs?
    2. Similarly I already connected the Azure AD Diagnostic Logs to a Log Analytics from the Azure AD interface. When I connect AD using Sentinel interface, would it collect the duplicate the logs?
    3. Would be great to know some pricing and/or release date.

    Cheers From DownUnder
  • User profile image
    sarah young

    Hello Omer

    In answer to your questions:

    1. No, if you connect ASC to Sentinel using the native connectors then the logs are not duplicated. Sentinel takes up ASC threat protection alerts, which are high fidelity alerts where the OMS agent on the endpoint has already analysed the logs - the raw logs themselves are not sent from ASC to Sentinel.

    2. Currently the AAD Sentinel connector only joins Sign-In and Audit logs. If you've chosen to connect more than these AAD logs in your LA workspace, then the Sign-in and Audit logs would be duplicated, the others would not.

    3. This is TBA.


Add Your 2 Cents