Azure Monitor Logs workspaces serve as administrative boundaries for data storage, enabling the collection and aggregation of log data from various sources.  - **Key Characteristics**: - **Data Organization**: Data is organized into tables, each storing different kinds of data based on the resource generating it. - **Settings Configuration**: Configure settings like pricing tier, retention, and data capping based on administrative boundaries or geographic locations. - **Access Control**: Use Azure role-based access control (Azure RBAC) to grant users and groups the necessary access to monitoring data. - **Scalability**: Workspaces can grow to petabytes of data, with no need to split due to scale. - **Deployment Models**: - **Centralized**: All logs stored in a central workspace, easy to manage and search across resources. - **Decentralized**: Each team has its own workspace, secure and consistent with resource access. - **Hybrid**: Combines centralized and decentralized models, but can be complex and expensive. - **Recommendations**: Implement a single workspace for centralized log data collection, enforce access control with Azure Policy, and ensure compliance with Azure resources. ## Resources [Design for Azure Monitor Logs (Log Analytics) workspaces - Training | Microsoft Learn](https://learn.microsoft.com/en-us/training/modules/design-solution-to-log-monitor-azure-resources/3-design-for-log-analytics)