This course looks at how to monitor Microsoft 365 security with Azure Sentinel. We'll start by looking at what Azure Sentinel is and at what it offers, as well as how to onboard Azure Sentinel. We’ll then take a look at the process required for connecting Azure Sentinel to Microsoft 365 and you'll watch a live demo showing you how to do this.
After covering the onboarding of Azure Sentinel and the connection of Sentinel to Microsoft 365, we’ll look at how you can visualize data using Azure Sentinel, before wrapping things up by covering workbooks.
Learning Objectives
By the time you finish this course, you should have an understanding of how to onboard Azure Sentinel and how to connect it to Microsoft 365 and Office 365.
Intended Audience
This course is intended for anyone who wishes to learn what Azure Sentinel is and how to use it to monitor Microsoft 365.
Prerequisites
To get the most out of this course, you should have a basic understanding of Microsoft 365.
Hello, and welcome back. What we're gonna do here in this brief demonstration is just walk through the process of enabling Azure Sentinel in Microsoft Azure. On the screen here, I'm logged into my Azure portal. I'm at the homepage and I'm logged in as an admin for my fictional Berks Batteries organization.
To enable Azure Sentinel, what I can do here is search up the top here in the search bar for Azure Sentinel. And what we'll do here is we'll select it from services and we can see, we have no Azure Sentinel to display here. So let's go ahead and create Azure Sentinel. And then what we have to do here is create a workspace for Azure Sentinel.
Now, if we had an existing workspace available, we could select it, but we don't have any. So we'll go ahead and create a new workspace here. Now to create our workspace, we need to provide some basic information. Essentially, what we're creating is a log analytics workspace. So what we'll do here is we'll deploy into our Berks Batteries subscription. And then what we'll do is deploy into the Berks RG resource group. We could create a new one if we wanted to. But this one works for this demonstration.
Now, if we hover over the icon here for name, we can see that the workspace name needs to be between four and 63 characters. It can be letters, digits, or the hyphen. So what we'll do here is we'll just call this MyWorkspace. Now, if we next over to pricing here, we can choose a pricing tier. Now the only pricing tier I have available to me is pay as you go. So that's what we'll go with here.
We'll go ahead and click through to tags. We're not gonna do any tagging here, so we'll review and create. And then from here, we can review our settings and then go ahead and deploy the log analytics workspace. So we'll close our notification here. And so now we have a workspace here, and we'll go ahead and add. And what we're doing here is adding Azure Sentinel to the new workspace.
And now we can see we've successfully deployed Azure Sentinel. And from this getting started page here, we can connect to data sources to collect data. We can create security alerts, and we can perform automation and orchestration. Under threat management, we can look at incidents. We can look at workbooks. We can perform hunting. And then of course, under configuration, we can configure data connectors, analytics, and configure the watch list.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.