Onboarding Azure Sentinel
Start course

This course looks at how to monitor Microsoft 365 security with Azure Sentinel. We'll start by looking at what Azure Sentinel is and at what it offers, as well as how to onboard Azure Sentinel. We’ll then take a look at the process required for connecting Azure Sentinel to Microsoft 365 and you'll watch a live demo showing you how to do this.

After covering the onboarding of Azure Sentinel and the connection of Sentinel to Microsoft 365, we’ll look at how you can visualize data using Azure Sentinel, before wrapping things up by covering workbooks.

Learning Objectives

By the time you finish this course, you should have an understanding of how to onboard Azure Sentinel and how to connect it to Microsoft 365 and Office 365.

Intended Audience

This course is intended for anyone who wishes to learn what Azure Sentinel is and how to use it to monitor Microsoft 365.


To get the most out of this course, you should have a basic understanding of Microsoft 365.


Hello and welcome to Onboarding Azure Sentinel. In this lesson, we’ll take a look at some of the requirements for Azure Sentinel and at some of the pre-requisites for onboarding it.

So, before you begin using Azure Sentinel with Microsoft 365, you first need to onboard it. Once you’ve onboarded it, you then need to connect your data sources. Now, in the context of this course, we are going to discuss Azure Sentinel as it relates to Microsoft 365. And that being the case, I want to point out that Azure Sentinel comes with several connectors for Microsoft 365 offerings. It includes a connector for Microsoft 365 defender, Microsoft 365 sources, which includes office 365, and it includes a connector for Microsoft defender for identity, which was formerly Azure ATP. Azure Sentinel also includes connectors for Microsoft cloud app security, Azure ad, and several other features and offerings.

Once you connect your data sources to Azure Sentinel, you can then use workbooks from a gallery to gather insights into your organization, based on the data that is collected.

Before you onboard Azure Sentinel, you need to meet some global prerequisites.

First and foremost, you need to have an active Azure subscription. That kind of goes without saying. However, you also need a log analytics workspace to use Azure Sentinel. Now, once you meet these global prerequisites, in order to enable and use Azure Sentinel, you’ll need specific permissions. To enable Azure Sentinel, contributor permissions are needed to the subscription that contains the Azure Sentinel workspace. Using Azure Sentinel requires you to have either contributor or reader permissions on the resource group that contains the Azure Sentinel workspace. And depending on the specific data sources you want to connect to; you may need other permissions to those data sources as well.


Enabling Azure Sentinel is actually pretty straightforward. All you have to do is sign into the portal and then search for Azure Sentinel. From there, you simply click add and then create a workspace. After creating a workspace, you can add Azure Sentinel. In the upcoming demonstration, I will walk you through this process.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.