![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 34%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hello @sameer khandar
Thank you for reaching out to Microsoft Q&A.
Unfortunately, there are some limitations on cross-region connectivity with Azure services in China, which are run by local partner 21Vianet. In particular, these data residency and compliance limitations may make it difficult to transport data directly between regions (for example, from China to the US) via DCR. Due to restrictions on cross-region data transfer from the China region, a DCR that gathers logs from China and transmits them straight to a workspace in the US may not perform as intended.
Go through this thread: https://learn.microsoft.com/en-us/answers/questions/684901/setting-up-sentinel-to-get-logs-from-multiple-regi?page=1#answers
You can associate multiple workspaces with a single Sentinel instance. For best practices about designing your setup, see Design your Microsoft Sentinel Workspace Architecture.
You can also view incidents in multiple workspaces at once through the Multiple Workspace View.
If you configure a Sentinel workspace in the US region and use DCR to collect logs from the China region, this might not work due to the restrictions between the China region and other global Azure regions. The DCR is typically region-specific, and logs collected in China may not be able to be sent directly to a US-based workspace without an intermediary like Event Hub
The most viable solution is to use Event Hub to transfer logs from the China region to the US region and then ingest them into your US-based Sentinel workspace.
I hope this clarifies things. Please contact us if you have any additional questions.
If this answers your query, do click Accept Answer and Yes for "Was this answer helpful". And, if you have any further query do let us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 78%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)