Azure Sentinel can only be enabled for a single Log Analytics Workspace. Therefore it is recommended to centralize all security logs to a dedicated central workspace. Use Azure Lighthouse if you have multiple workspaces.
To create Azure Sentinel, an active subscription and a Log Analytics workspace need to be available.
The permissions required
Azure Sentinel is a next-generation Security Information and Event Management (SIEM) and Security Operation Automation Response (SOAR) solution provided by Microsoft.
A cloud-based SIEM and SOAR solution that depends on various security solutions to provide threat detection, investigation, hunting, and automated response capabilities.
Azure Security Center
A Cloud Security Posture Management and Cloud Workload Platform Protection solution.
Complements Azure Sentinel
Types of Analytic Rules
Manging and Investigating Incidents
A security playbook is a collection of procedures that can be run from Azure Sentinel in response to an alert. Playbooks provide the ability to build flows that can automate investigations and respond to security alerts that happen in the environment.