AzureGov support

[rpsmith310]

Hello,

Does this tool support Sentinel in AzureGov?

[ianhelle]

Hi,
It does in theory. However, there are some caveats:

1. You need to be able to install it and dependencies from PyPI - this might be an issue in an air-gapped environment. We have some workarounds for this using a scripted copy and install from a shared folder/URL
2. The URL used by the KQL connection assumes the public cloud by default. You can change this in a couple of ways:

• Set the environment variable KQLMAGIC_CONFIGURATION=cloud=government
• After loading the Azure Sentinel query provider (but before authenticating) run this in a single cell
  %kql --config 'cloud=government'

3. Our keyvault support (for storing/retrieving secrets in KeyVault) has some support for multiple clouds but we haven't really tested this well.

2 and 3 are easy to get working in a smoother way - we just haven't done it because a) no one has asked us for it and b) we have limited ability to test it.
I'd be very really happy to work with you to get this going.