Azure Sentinel: Quick Start 1-day Workshop


Overview of Azure Sentinel and Modern SIEM architecture, quick setup and instant log ingestion from the inbuilt connector (Office 365). See Azure Sentinel capabilities.


Office 365 is just one of 70+ data connectors available in Azure Sentinel. This overview covers other available options. Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, users, apps, servers, and any cloud, it uses the power of artificial intelligence to ensure you are identifying real threats quickly and unleashes you from the burden of traditional SIEMs by eliminating the need to spend time on setting up, maintaining and scaling infrastructure. Since it is built on Azure, it offers limitless cloud scale and speed, scaling automatically to address your needs.

Azure Sentinel and Office 365 data Ingestion

Covers how to configure and deploy Azure subscription, Azure Sentinel service and start the office 365 log ingestion. The Office 365 log connector brings into Azure Sentinel information on ongoing user and admin activities in Exchange and SharePoint, and now in Teams as well. This information includes details of actions such as file downloads, access requests sent, changes to group events, mailbox operations, Teams events, as well as the details of the user who performed the actions. Connecting Office 365 logs to Azure Sentinel enables you to view and analyze this data in your workbooks, query it to create custom alerts, and incorporate it to improve your investigation process, giving you more insight into your Office 365 security.


To reduce noise and minimize the number of alerts we have to review and investigate, Azure Sentinel uses analytics to correlate alerts into incidents. Azure Sentinel also provides machine learning rules to map your network behavior and then look for anomalies across your resources. These analytics connect the dots.