Integrating MDC, Sentinel and Azure monitor with ServiceNow

Question

I want to integrate MS sentinel, MDC, & Azure Monitor with ServiceNow tool. the ServiceNow team has used/created the domain separation in the ServiceNow. In the sentinel integration document, it has been mentioned that domain separation is not supported as a limitation. I want to know if it is true and also to know if there is any work around. Also is there any limitation like this for integration of MDC and azure monitor to service now. 

Answer 1

Hi @Brynel Peter Libera (CONVERGYS CORPORATION)

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Microsoft Sentinel does not support domain partitions at all in ServiceNow. The main issue is that domain partitions create different “zones” in ServiceNow, and Sentinel’s data does not reside in the correct zone. This can lead to inadvertent data discovery in the domain, which can lead to security concerns.

The best solution to solve this is to create a custom integration using ServiceNow's REST API, which allows you to control how the data is transferred and make sure it goes to the right domain. You can also create a Scoped Application in ServiceNow to help better isolate data. It is highly recommended that you test this site first to avoid any problems.

On the other hand, integrating Microsoft Defender for Cloud (MDC) and Azure Monitor with ServiceNow does not present the same issues as domain partitions. However, you will still want to ensure that the data from these tools is correctly sent to the correct domain. You can usually solve this with ServiceNow’s built-in connectors or APIs.

If you have any concerns, please go through this link: -

https://learn.microsoft.com/en-us/azure/sentinel/configure-data-connector?tabs=azure-portal

If you have any further queries, do let us know

---

If the answer is helpful, please click "Accept Answer" and "Upvote it"