1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Monitoring Microsoft 365 Security with Azure Sentinel

Visualizing with Azure Sentinel

Contents

keyboard_tab
Course Introduction
1
Introduction
PREVIEW1m 34s
Course Conclusion
9
Start course
Overview
Difficulty
Intermediate
Duration
24m
Students
137
Ratings
5/5
starstarstarstarstar
Description

This course looks at how to monitor Microsoft 365 security with Azure Sentinel. We'll start by looking at what Azure Sentinel is and at what it offers, as well as how to onboard Azure Sentinel. We’ll then take a look at the process required for connecting Azure Sentinel to Microsoft 365 and you'll watch a live demo showing you how to do this.

After covering the onboarding of Azure Sentinel and the connection of Sentinel to Microsoft 365, we’ll look at how you can visualize data using Azure Sentinel, before wrapping things up by covering workbooks.

Learning Objectives

By the time you finish this course, you should have an understanding of how to onboard Azure Sentinel and how to connect it to Microsoft 365 and Office 365.

Intended Audience

This course is intended for anyone who wishes to learn what Azure Sentinel is and how to use it to monitor Microsoft 365.

Prerequisites

To get the most out of this course, you should have a basic understanding of Microsoft 365.

Transcript

Welcome to Visualizing with Azure Sentinel. In this lesson, you’ll learn how to use Azure Sentinel to view and monitor what's going on in your environment. 

Once you’ve connected your Microsoft 365 data sources to Azure Sentinel, it begins providing visualization and analysis of that data. This visualization and analysis allows you to better see what’s happening in your environment. As I mention elsewhere in this course, workbooks are used to gather insights into the environment.

To visualize and analyze data collected about your environment, you can start with the overview dashboard, because the overview dashboard shows the overall security posture of your organization. From the dashboard, you can click on specific information within the tiles to drill down into the raw data that you are most interested in. 

Viewing the Azure Sentinel dashboard is as easy as browsing to the Azure portal and selecting Azure Sentinel. From Azure Sentinel, you can then choose the workspace you want to monitor.

The image on your screen shows what a typical workspace looks like. Notice the toolbar across the top. What this toolbar does is show you how many events were generated during the selected time period. It compares them to the previous 24 hours. The toolbar also shows you the alerts that were triggered from those events. It tells you how many are open, how many are still in progress, and how many are closed. 

The main pane of the overview page shows the overall security status of the workspace. For example, the Events and alerts over time tile shows the number of events and how many alerts were generated as a result of those events. 

The Potential malicious events tile shows where in the world alerts are generated due to traffic sources that are known to be malicious. The orange notations represent inbound traffic, which in turn, represents people trying to access your organization from known malicious IP addresses. Red denotes outbound activity. These entries refer to incidents where data is being streamed out of the organization to known malicious IP addresses.

Over on the right side, you’ll notice the Recent incidents pane. This pane allows you to view recent incidents, along with their severity and the number of alerts associated with each incident. 

Underneath the recent incidents pane is the Data source anomalies pane. This pane shows anomalies in your data sources that are based on models created by Microsoft's data analysts.

 

In each of these panels, you can click on the underlying data to further investigate.

About the Author
Avatar
Thomas Mitchell
Instructor
Students
43479
Courses
57
Learning Paths
16

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.