This reference architecture illustrates how to use Microsoft Defender for Cloud and Microsoft Sentinel to monitor the security configuration and telemetry of on-premises, Azure, and Azure Stack workloads.
https://learn.microsoft.com/en-us/azure/architecture/hybrid/hybrid-security-monitoring
