You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/datalake/sentinel-lake-onboarding.md
+5-2Lines changed: 5 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ ms.subservice: sentinel-graph
15
15
# Onboarding to Microsoft Sentinel data lake (preview)
16
16
17
17
18
-
The Microsoft Sentinel data lake, available in the Microsoft Defender portal, is a tenant-wide, repository for collecting, storing, and managing large volumes of security-related data from various sources. It enables comprehensive, unified analysis and visibility across your security landscape. By leveraging advanced analytics, machine learning, and artificial intelligence, the data lake helps in detecting threats, investigating and responding to incidents, and improving overall security posture.
18
+
The Microsoft Sentinel data lake, available in the Microsoft Defender portal, is a tenant-wide, repository for collecting, storing, and managing large volumes of security-related data from various sources. It enables comprehensive, unified analysis and visibility across your security landscape. By using advanced analytics, machine learning, and artificial intelligence, the data lake helps in detecting threats, investigating, and responding to incidents, and improving overall security posture.
19
19
20
20
For more information, see [What is Microsoft Sentinel data lake (preview)](sentinel-lake-overview.md).
21
21
@@ -58,7 +58,7 @@ This article describes how to onboard to the Microsoft Sentinel data lake for cu
58
58
59
59
To onboard to the Microsoft Sentinel data lake Public Preview, you must be an existing Microsoft Defender and Microsoft Sentinel customer with the following prerequisites:
60
60
61
-
+ You must have Microsoft Defender (security.microsoft.com) and Microsoft Sentinel to onboard the data lake. A Microsoft Defender XDR license is not required to use Microsoft Sentinel data lake with Microsoft Sentinel in the Microsoft Defender portal.
61
+
+ You must have Microsoft Defender (security.microsoft.com) and Microsoft Sentinel to onboard the data lake. A Microsoft Defender XDR license isn't required to use Microsoft Sentinel data lake with Microsoft Sentinel in the Microsoft Defender portal.
62
62
63
63
+ You must have existing Azure subscription and resource group to set up billing for the data lake. You must be the subscription owner. You can use your existing Microsoft Sentinel SIEM Azure subscription and resource group or create a new one.
64
64
+ You must have a Microsoft Sentinel primary workspace connected to Microsoft Defender portal.
@@ -109,6 +109,9 @@ Use the following steps to onboard to the Microsoft Sentinel data lake from the
109
109
110
110
1. If you have the required permissions, a setup side panel appears. Select the **Subscription** and **Resource group** to enable billing for the Microsoft Sentinel data lake.
111
111
112
+
> [!NOTE]
113
+
> After the data lake is provisioned for a specific Azure subscription and resource group, it can't be migrated to a different subscription or resource group.
114
+
112
115
1. Select **Set up data lake**.
113
116
114
117
:::image type="content" source="./media/sentinel-lake-onboarding/set-up-data-lake.png" lightbox="./media/sentinel-lake-onboarding/set-up-data-lake.png" alt-text="A screenshot showing the setup page for the Microsoft Sentinel data lake.":::
0 commit comments