1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Monitoring Microsoft 365 Security with Azure Sentinel

Using Workbooks

Contents

keyboard_tab
Course Introduction
1
Introduction
PREVIEW1m 34s
Course Conclusion
9
Start course
Overview
Difficulty
Intermediate
Duration
24m
Students
141
Ratings
5/5
starstarstarstarstar
Description

This course looks at how to monitor Microsoft 365 security with Azure Sentinel. We'll start by looking at what Azure Sentinel is and at what it offers, as well as how to onboard Azure Sentinel. We’ll then take a look at the process required for connecting Azure Sentinel to Microsoft 365 and you'll watch a live demo showing you how to do this.

After covering the onboarding of Azure Sentinel and the connection of Sentinel to Microsoft 365, we’ll look at how you can visualize data using Azure Sentinel, before wrapping things up by covering workbooks.

Learning Objectives

By the time you finish this course, you should have an understanding of how to onboard Azure Sentinel and how to connect it to Microsoft 365 and Office 365.

Intended Audience

This course is intended for anyone who wishes to learn what Azure Sentinel is and how to use it to monitor Microsoft 365.

Prerequisites

To get the most out of this course, you should have a basic understanding of Microsoft 365.

Transcript

Once you’ve connected Azure Sentinel with the data sources you are interested in, you can begin visualizing and monitoring that data. This is accomplished through the use of workbooks. Using workbooks to visualize and monitor things allows you to create custom dashboards that display only what you are interested in. You can use built-in workbook templates, or you can build custom workbooks, depending on what data you are interested in.

Using a built-in workbook is pretty straightforward. Simply browse to Workbooks within the Sentinel portal to select Templates. Doing so displays the full list of built-in Azure Sentinel workbooks. If a workbook is relevant to any data types you’ve connected Sentinel to, the Required data types field for the selected workbook will show a green checkmark.

After selecting the relevant workbook, clicking View template allows you to view the template populated with your data.

You can then edit the workbook and then click Save. You’ll be prompted to choose a location where you want to save the JSON file for the template.

Once you’ve saved the new workbook, you can click View saved workbook, to view it. To edit it, click the Edit button at the top. Editing a workbook allows you to customize it for your specific needs. 

Once you are done making your changes, you can save the workbook.

To read more about workbooks in Azure Sentinel, visit the URL you see on your screen:

 

https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data

About the Author
Avatar
Thomas Mitchell
Instructor
Students
43677
Courses
57
Learning Paths
16

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.