Funny that you say that. Because that’s the “solution” we settled for earlier. Yes, you’re right with some basic PowerShell cmdlets we achieved the same goal. But triggering the Function and getting the response back requires additional security. Otherwise the whole world could query our Sentinel workspaces.
We looked into VNet integration but that required an App Service Environment (💰) for the Logic Apps and then we’re also forced to implement private link for Log Analytics as well. A lot of hassle which we wanted to avoid. And this seems like the forward way to do so.

Often both Sentinel and related resources live in a separate subscription. So an Integration Account with a “free” tier is just fine.

Thanks for commenting! 👍🏻