Azure Sentinel: 3-Week Implementation

The Missing Link Network Integration Pty Ltd

The Missing Link aims to assist your organisation in consolidating and displaying your security information through a unified interface, facilitating enhanced detection and response capabilities.

We provide a 3-week intensive program designed to help you maximize your investment in Microsoft services by quickly onboarding you to Microsoft Sentinel. This program offers direction on navigating the constantly evolving security landscape and utilising various layers of protection to empower your business. Our experienced team will assist you in implementing Microsoft Sentinel and integrating it with other security products to manage your entire security landscape. We have a proven track record of delivering end-to-end security solutions across a diverse range of products.

The key deliverables of the service include conducting a design workshop and deploying Microsoft Sentinel alongside its supporting resources. We also facilitate the connection of data connectors such as Azure Active Directory, Microsoft 365, and others. Additionally, we deploy a playbook for email notifications and incident creation, and deliver a high-level design document and as-built documentation

Delivery Phases:

Project Initiation

  • Kick Off Meeting

Information Gathering & Design

  • Design workshop and information gathering
  • Implementation Schedule
  • Create High Level Design (HLD)
  • Peer review & Final Updates

Configure Log Analytics Workspace, Defender for Cloud & Defender for Microsoft 365

  • Create single log analytics workspace
  • Enable Sentinel on provisioned workspace
  • Enable Defender for Cloud
  • Enable Defender for Microsoft 365
  • Enable low impact security recommendations

Data Connectors

  • Auto-provision AMA on all VM's in Azure subscription
  • Deploy AMA agent on all on-premises domain controllers
  • Enable AAD and Microsoft 365 connector and enable recommended templates
  • Configure security events to be forwarded to Microsoft Sentinel

Configure Azure ARC/On-Premises Log Shipping

  • Download and create Linux based virtual machine. Configure to customer specifications
  • Configure log shipping to log analytics
  • Connect firewall to use Linux VM for syslog. Confirm logs in log analytics

Configure Workbooks,Playbooks & Analytics Rules

  • Prompt user incident
  • Post message teams
  • Enable workbook for Azure AD sign-in logs
  • Enable workbook for Security alerts
  • Enable template rules related to Azure activity

Project Sign-off and Handover

  • As-built documentation
  • Project sign-off and handover