hands-on lab

Introduction to Microsoft Sentinel

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Microsoft Sentinel is a cloud-based SIEM (security information event management) solution that offers advanced intelligence tools across the organizations to secure the cloud and on-premises resources. The core offering of the Microsoft Sentinel revolves around collecting data at scale while detecting the threat in real-time using artificial intelligence to hunt the suspicious activities, ultimately performing actions to either remediate based on the preconfigured actions or provide a response plan to the security teams in an organization.

In this lab, you will create a Microsoft Sentinel workspace and connect it with log analytics workspace using Data Connectors to review and capture log incidents.

Learning Objectives

Upon completion of this beginner-level lab, you will be able to:

  • Onboard Azure VM to Log Analytics Workspace
  • Create and understand Microsoft Sentinel resource
  • Review Data Connectors and enable Syslog collection

Intended Audience

  • Candidates for AZ-500 Azure Security Engineer Exam
  • Cloud Architects
  • Data Engineers
  • DevOps Engineers
  • Security Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • Azure Virtual Machines
  • Log Analytics Workspace

The following content can be used to fulfill the prerequisite:


June 4th, 2024 - Resolved deployment issue

June 27th, 2023 - Updated screenshots and instructions to reflect UI

30 Nov, 2022: Rebranded the lab to Microsoft Sentinel rename.

Environment before

Environment after

About the author

Learning paths

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Configuring Azure VM for Log Analytics Workspace
Reviewing Microsoft Sentinel Workspace