The Microsoft Sentinel Workshop (previously known as the ‘Azure Sentinel Workshop’) is designed to create customer intent for deploying and adopting Microsoft Sentinel.
Microsoft 365 Sentinel is also called Azure Sentinel a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Insights into threats: Get a birds-eye view across all data ingested and detect threats using Microsoft's analytics and threat intelligence. Investigate threats with artificial intelligence and hunt for suspicious activities. Ability to automatically respond to detected threats: Out of scope for this engagement. Requirements: Available to organizations with an Azure tenant
Workshop topics include: Showcasing the Microsoft Sentinel experience. Identifying active threats across identity, email, and data, both on-premises and cloud environments. Demonstrating automated response to threats. Gathering the information you need to build a business case for a production deployment of Microsoft Sentinel.
Workshop requirements for the Microsoft Sentinel workshop to be considered complete, a partner is required to deliver the following activities: Identify the customer’s key security objectives and priorities. Conduct the Threat Check analysis in the customer’s production environment by utilizing Microsoft Sentinel. Use customer’s exiting licenses or product trials of Microsoft 365 Defender, Microsoft Defender for Cloud Apps, Microsoft Defender for Office 365 and Azure AD Identity Protection, to perform Threat Check. Demonstrate the value of Microsoft Sentinel by showcasing product features, such as automated threat response. Provide recommendations and next steps.
Workshop Agenda: Week 1: Define engagement scope Align expectations & next steps Week 2: Goals, scope, and deliverables Engagement tools Deploy and Configure Microsoft Sentinel Week 3: Limited remote incident monitoring Prepare Results report and Recommendations Present engagement Results report