Project :Currently working on a project to build Security Compliance dashboard for 5 Data Centers under Azure Sentinel Service
Current Design :
No of Data centers =5
No Of Log Analytics Workspaces =5 (1 for each data center resources)
No of Sentinel Workspace=1
Each data center has approx. 200+ assets to be onboard on respective Azure log analytics workspaces for monitoring .
Data center users should be able to access the data only for the respective data centers assigned
Can this solution further optimized to restrict to collect the asset logs from all 5 datacenters into single Log analytics workspace ?
Still satisfy the requirement of data center level access ?
Is there any mechanism in sentinel to capture current logged in user on Azure ?