Keeping Your Business Data Private with Microsoft Sentinel

Business leaders face mounting pressure to protect their organisation’s data while navigating complex compliance landscapes. Microsoft Sentinel, a robust security information and event management (SIEM) solution, provides powerful tools for collecting, storing, and analysing data securely.

However, it’s understandable to have some concerns about how Sentinel processes and uses data – after all, it can look at data across your organisation. We’ll explain how Microsoft Sentinel handles data storage, retention, and processing to help you keep your business data private and compliant.

How Does Microsoft Sentinel Collect and Use Data?

Microsoft Sentinel collects data from a broad range of sources across an organisation’s ecosystem, such as:

• Applications
• Users
• Servers
• On-premises devices
• Cloud-based environments

This data is ingested into Log Analytics, where events and insights are analysed to provide a 360-degree view of your security posture. By capturing information from every nook and cranny of your digital environment, Sentinel ensures no suspicious activity slips through the cracks.

The types of data collected are:

• Raw data: This covers a wide range of data, including information collected from connected Microsoft services and partner systems.
• Processed data: This includes incidents, alerts and other related data.
• Configuration data: This covers the rules and connector settings you configure in Microsoft Sentinel.

For those concerned about data overloading: don’t worry. Sentinel offers robust customisation tools, allowing businesses to tailor data ingestion and processing to meet specific needs (such as monitoring incoming emails from addresses outside the organisation) without sacrificing efficiency or compliance.

Where Does Microsoft Sentinel Store Collected Data?

Microsoft Sentinel will store any data in the same geography as the associated Log Analytics workspace. With regions spanning North America, South America, Europe, Asia, the Middle East, and Australia, businesses can align storage with their specific data residency requirements.

Where data is processed depends on a couple factors:

Raw Data: Raw data is stored in the same region as the associated Azure Log Analytics workspace. However, where it is processed changes depending on where you’re located:

• Europe: Data processed within Europe.
• Israel: Data processed within Israel.
• China 21Vianet: Data processed within China 21Vianet regions.
• All other regions: Data processed in a US region.

Processed Data and Configuration Data: If your workspace is onboarded to Microsoft’s unified security operations platform, this data may be processed and stored in one of Microsoft’s Defender XDR regions. Otherwise, it follows the same method as raw data.

This setup empowers organisations to maintain control over their data’s physical location, a critical factor for adhering to compliance regulations like GDPR and regional data protection laws.

Retention and Archiving Policies

Data retention with Microsoft Sentinel is as customisable as your morning coffee order. Here’s how it works:

1. Default Retention: Analytics logs are stored free for the first 90 days. Basic and auxiliary logs enjoy a 30-day free period. All three log types have at least 30 days for interactive queries.
2. Extended Retention:
   Analytics logs: Retain data interactively for up to two years.
   Long-term retention: Preserve data for up to 12 years for all log types.

Data is categorised into two states:

• Interactive Retention: Newly ingested data, immediately accessible for analysis.
• Long-Term Retention: Older data, stored cost-effectively but still available when needed.

Data Privacy and Security Features: Locking Down Your Data

Microsoft Sentinel doesn’t just store data securely—it actively protects it. Here’s how:

• Access Control: Azure Role-Based Access Control (Azure RBAC) provides fine-grained control, ensuring users only access data they need. No more accidental peeks into sensitive information.
• Encryption: Customer-managed keys (CMKs) allow businesses to encrypt data with their own keys, adding an extra layer of security and peace of mind.
• AI-Powered Threat Detection: Sentinel uses machine learning to detect threats that might bypass traditional systems, keeping your data one step ahead of cyber criminals.

And for compliance aficionados, Sentinel aligns with major regulations like GDPR and PCI DSS, offering audit capabilities to track and demonstrate adherence to security standards.

Cost-Effective Data Management

Managing cyber security can feel like balancing a tightrope between safety and budget constraints. Microsoft Sentinel’s pay-as-you-go pricing model ensures you’re billed only for the gigabytes you ingest and analyse. Fluctuating data volumes? No problem – this model scales with your needs.

To further optimise costs, businesses can:

• Utilise data collection rules to filter out unnecessary logs.
• Leverage auxiliary and basic logs plans for high-volume, low-priority data at reduced rates.
• Segregate non-security data into separate workspaces to minimise Sentinel costs.

The result? A solution that works for your bottom line without compromising on security. Microsoft Sentinel’s full pricing can be found here.

Integration with the Microsoft Ecosystem: Better Together

Microsoft Sentinel doesn’t operate in isolation. As part of the Microsoft security ecosystem, it integrates seamlessly with tools like Azure Active Directory and Microsoft Defender. This interoperability ensures a unified security solution across platforms while maintaining data privacy. Think of Sentinel as the glue that binds your cyber security stack together, creating a cohesive and efficient defence.

Why Microsoft Sentinel Stands Out

In summary, Microsoft Sentinel offers:

• Granular control over data residency and processing.
• Flexible retention policies for compliance and cost management.
• Advanced security features to detect and neutralise threats in real-time.
• Seamless integration with the Microsoft ecosystem for comprehensive protection.

By prioritising transparency, customisation, and security, Microsoft Sentinel equips organisations with the tools needed to safeguard their data and meet today’s complex regulatory demands.

Closing Thought: Data Privacy with Confidence

Protecting business data doesn’t have to feel like fighting an uphill battle. With Microsoft Sentinel, you’re armed with a powerful, cost-effective, and compliant solution. Whether you’re configuring retention periods, monitoring for threats, or proving compliance during an audit, Sentinel is a partner you can trust.

So, IT managers and CISOs: breathe easy. Microsoft Sentinel has your back, leaving you free to focus on driving innovation.

And if you need any cyber security support, AAG is here to help. From optimising Microsoft Sentinel for your specific needs to seamlessly integrating this powerful tool into your security infrastructure, our experts ensure you get the most from your investment.

Contact us today to discover how we can bolster your cyber security strategy and keep your data private where it belongs—safe, secure, and in your control.