search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.29k stars 21.47k forks source link

Azure Sentinel versus Azure Monitor #33203

Closed gilherau closed 5 years ago

gilherau commented 5 years ago

The article encourages customers to adopt Sentinel's native connector instead of the procedure listed here. We should be careful though because on the Azure Sentinel article that discuss O365 integration, it clearly states that "Currently, Azure Sentinel supports Exchange and SharePoint" so there's a lot of information that is NOT captured by sentinel but might be of value to potential users. I would caveat the text in the blue box up top that going with Sentinel introduces limitation in the Record Types that are captured. In fact, I wonder if the method described in THIS article are capturing all the information coming out of the API or are we also filtering somehow. My current customer is trying to persist Power BI logs in Azure monitor and they also uses Sentinel and confirmed that they do not see any telemetry originating from Power BI in Azure Sentinel.

Thanks!

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

femsulu commented 5 years ago

Very valid point. Your feedback has been shared with the content author for further review.

bwren commented 5 years ago

Thanks, I'll pass on the engineering team for potential updates.

morshabi commented 5 years ago

Hi,

Right Azure Sentinel provides "Exchange" and SharePoint" (you can connect the Azure AD logs using Azure Sentinel - Azure AD connector). We are working to add more office records to Azure Sentinel based to the new solution.

gilherau commented 5 years ago

Also can you please confirm whether or not this solution (not the Sentinel approach) also includes PowerBI usage telemetry (i.e. RecordType = "PowerBI"). Our customer is trying to consolidate all telemetry related to their modern Data Platform into Log Analytics so they can perform queries on the whole solution, including Power BI.

Thanks!

morshabi commented 5 years ago

The Power BI record is in our backlog, but we do not have specific ETA yet.

femsulu commented 5 years ago

We will now close this issue. If there are further questions regarding this matter, please reply and we will gladly continue the discussion.