Muokkaa

Jaa


Support for data types in Microsoft Sentinel across different clouds

Microsoft Sentinel data connectors use data stored in various cloud environments, like the Microsoft 365 Commercial cloud or the Government Community Cloud (GCC).

This article describes the types of clouds that affect the supported data types for the different connectors that Microsoft Sentinel supports. Specifically, support varies for different Microsoft Defender XDR connector data types in different GCC environments.

Microsoft cloud types

Name Also named Description Learn more
Azure Commercial Azure, Azure Public The standard Microsoft cloud. Most of the enterprises in the private market, academic institutions and home Office 365 tenants reside in a Commercial environment.

Different tools help meet the Microsoft 365 Commercial compliance and security needs. For example: Intune, Microsoft Purview compliance portal, Microsoft Purview Information Protection, and more.
Microsoft 365 integration
Government Community Cloud (GCC) GCC-M, GCC Moderate A government-focused copy of Microsoft 365 Commercial environment. While GCC contains similar features to the Microsoft 365 Commercial environment, GCC is subject to the FedRAMP Moderate policy. Government Community Cloud
Department of Defense (DoD) Originally created for internal use by the Department of Defense. DoD is the only environment that meets DoD SRG levels 5 and 6. Other clouds described in this article don't support these SRG levels. GCC High and DoD
GCC-High GCC High Technically, GCC High is a copy of a DoD environment, but GCC High exists in its own sovereign environment.

GCC High (and above) stores the data in Azure Government, so it is physically segregated from the commercial services.
GCC High and DoD

Microsoft clouds and Microsoft Sentinel

Microsoft Sentinel is built on Microsoft Azure environments—both commercial and government. Office 365 environments, like GCC, GCC-High and DoD, interface at different levels with Azure environments.

This diagram shows the hierarchy of the Office 365 and Microsoft Azure clouds and how they relate to each other and to Microsoft Sentinel.

Diagram showing how the Microsoft cloud architecture relates to Microsoft Sentinel data.

Because of this complexity, different types of data streaming into Microsoft Sentinel may or may not be fully supported.

How cloud support affects data from Microsoft Defender XDR connectors

Your environment ingests data from multiple connectors. The type of cloud you use affects Microsoft Sentinel's ability to ingest and display data from these connectors, like logs, alerts, device events, and more.

We have identified support discrepancies between the different clouds for the data streaming from these connectors:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Entra ID Protection

Read more about support for Microsoft Defender 365 connector data types in different clouds.

Next steps

In this article, you learned about the types of clouds that affect the supported data types for the different connectors that Microsoft Sentinel supports.