I'm managing a production Azure tenant with a central log analytics workspace that utilizes Sentinel for security and Defender for Cloud. We employ Data Collection Rules and Sentinel connectors to gather logs from all resources. On the other hand, I have a small test tenancy with just a few VMs. My main question is how to properly secure this test environment? Additionally, what's the best way to transfer logs from it to my production workspace? I've heard that using Azure Lighthouse and Managed Tenant Onboarding (MTO) might be the answer, but it feels like overkill since Lighthouse seems designed more for managed service providers than for test tenants. I'd appreciate any suggestions!
3 Answers
Honestly, if it’s just a test tenant, you might want to keep production logs clean. It could be more beneficial to replicate your security setup in your test environment instead. That way, you won't mix test data with your production logs. If you do want to see logs together later, you could set up a separate Sentinel for testing and use multi-workspace view to check incidents across both tenants.
Using Azure Lighthouse might seem heavy-handed for a test setup, but you can actually leverage the technology behind it to ship logs between your tenants. It facilitates log retention in a B2C scenario too. Just make sure you set it up correctly to avoid any mishaps.
If you’re looking for something simpler, maybe just set up a basic logging framework for your test tenant instead of going all out with Lighthouse. It should keep things manageable without cluttering your production logs.
That sounds like a smart approach! Sometimes less is more, especially in testing.
Absolutely agree! Keeping them separate helps maintain clarity in your production logs.