In which of the following scenarios would you need Azure Arc to leverage resource level RBAC within Log Analytics/Azure Sentinel?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
Reference:
Resource-based access control (RBAC) is a method used in Azure to regulate access to resources based on user roles and permissions. Azure Arc is a service that extends Azure management capabilities to resources outside of Azure, including on-premises and multi-cloud environments. Azure Sentinel and Log Analytics are two Azure services that provide security information and event management (SIEM) and log management capabilities, respectively.
Based on the options provided, the scenario in which Azure Arc is required to leverage resource level RBAC within Log Analytics/Azure Sentinel is option B: To apply RBAC to data which has come from on-prem resources within a table.
When data is ingested into Log Analytics or Azure Sentinel from on-premises resources, it is stored in a workspace within Azure. This workspace is managed by Azure Arc, and the resources from which the data originates are not managed by Azure. To apply RBAC to data from these resources, Azure Arc is required to extend Azure management capabilities to the on-premises resources. Azure Arc allows you to apply RBAC policies to these resources, which will also extend to the data that is ingested from these resources into Azure Sentinel or Log Analytics.
Option A is incorrect because if the table is outside of the tenant, RBAC cannot be applied using Azure Arc since it is not within the Azure ecosystem.
Option C is incorrect because if the data is from Azure resources, RBAC can be applied using the built-in Azure RBAC feature for those resources.
Option D is incorrect because applying RBAC to a table containing restricted data is not related to the use of Azure Arc. RBAC policies can be applied within Azure Sentinel or Log Analytics itself to restrict access to the data.