securityI wrote recently about Azure Sentinel and now, thanks to this great article, I was able to set up Azure Sentinel in no time of all.  Steve Goodman’s article is very easy to follow, and I will not try to reproduce it for you.  But let me give you some examples of Azure Sentinel setup based on my experience.

If you’re still trying to understand Azure Sentinel here is an article you can read that will give you a better understanding of the product.

Note that in order to set up Azure Sentinel you will need to have global administrator privileges for both Azure and Office 365.

Start with Log Analytics

The first step in setting up Azure Sentinel is to set up a workspace for log analytics.  Here’s an example of the workspace that I created.

Azure _Sentinel_Create_Log_workspace

One thing to note is that the workspace name and resource group name cannot have any spaces.  I found this out the hard way.

Note also that you get to pick the Azure location where you want your data to be housed.

Azure_Sentinel_Log_Workspace

Connect Your Services to Azure Sentinel

Now that I had the log analytics workspace setup it was time to connect services to Azure Sentinel.  I wanted to connect Azure Active Directory and Office 365.  But as you can see from the image below, there are other services that I could connect.  For instance, I could connect a CheckPoint or Cisco firewall as part of setting up Azure Sentinel.

Azure_Sentinel_Services_Connect

As part the setup of Azure Sentinel, I needed to connect our Office 365 tenant.  And since we have MFA enabled for administrator accounts (you are doing this, correct?!) I also had to supply a code from my authenticator app.

Azure_Sentinel_Permissions

Once I had our Office 365 tenant connected, I selected Exchange and SharePoint as record types I wanted to track.

On to Dashboards

Now we get to the fun part -setting up dashboards.  I set up the Azure and Office 365 dashboards as outlined in Steve’s article. I also set up a couple of other dashboards that looked interesting: Threat Intelligence and Identity and Access.

Azure_Sentinel_Overview

And with that, I completed setting up Azure Sentinel. The whole process (excluding interruptions) took less than an hour.

Of course, the interesting part is yet to come: looking at the data. It will take Azure Sentinel some time to begin collecting and analyzing log data. Look for a future post where I can drill down into the data to see what’s going on in CGNET’s Office 365 service.

Translate »