Good morning fellow friends. Hope you are having a fresh start of the day. I would like to write about my journey on Microsoft Sentinel during migration phase.
Microsoft Sentinel is SIEM and SOAR security solution providing corporate the flexibility and better visibility in terms of managing security logs from Microsoft security products and third-party products and threats prevention.
Let’s begin…
Current situation of what I have in my Microsoft Sentinel is,
- Solution running on a trial subscription
- Resource group 1
- Some queries
- Some connectors (Microsoft and third-party)
- Some Logic app
- Some Automation rules
I would like to migrate from the trial subscription to the CSP subscription, this migration would likely be perform by your license provider and request them to provide the appropriate permission so that you can perform your management on the Microsoft Sentinel in the new subscription.
Note: This is not migrating from one tenant to another tenant.
The highlighted in RED are the ones you would need to perform backup, making sure the connection is up and the authentication is establish.
The New resource group has the current resource group resources,
- Solution is now running on paid subscription
- Resource group 2 (You would need to create a new resource group)
- Some queries (Custom queries needs to be regenerate)
- Some connectors (Make sure connectors with log forwarder is working else you would have to reestablish)
- Some Logic app (Reauthenticate your log workflow)
- Some Automation rules
That is all you would need to know in advance before you start your migration. Hopefully you would find this article knowledgeable for you if you are heading to migrating your Microsoft Sentinel to a new subscription. Is never a waste of time if you are used to double checking or triple checking that all the resources are connecting and working well after migrated.
References:
Sabrina Kay's Blog 