Onboarding Azure for Security and Compliance (Essentials) seeks to reduce the mean time to detection by consolidating logging, analytics, detection, and response into a single cohesive solution
You can't stop what you cannot detect. Threat actors reside in compromised networks for an average of 55 days prior to detection. Without sophisticated logging and threat-hunting capabilities, this time can expand exponentially, exposing organizations to data loss, intellectual property theft, ransomware, and could expose the organization to becoming a vector for further supply chain attacks on their customers and vendors.
Microsoft Sentinel is a cloud-native security information event management (SIEM) and security orchestration automated response (SOAR) solution. Onboarding Azure for Security and Compliance (Essentials) seeks to reduce the mean time to detection by consolidating logging, analytics, detection, and response into a single cohesive solution.
By pairing Microsoft Sentinel with Microsoft 365 services, customers can quickly gain access to:
• Log aggregation and correlation for security analytics and threat intelligence across the Microsoft 365 platform
• Advanced analytics and hunting for threats
• Generate alerts and centralize incident management
• Execute playbooks to automate investigations and responses
• Present data visualizations via workbooks
• Leverage machine learning with artificial intelligence
As part of Agile IT's ongoing dedication and commitment to security and compliance, we will perform the following:
Deployment and Configuration
• Provision an Azure storage account and Log Analytics workspace to host a Microsoft Sentinel instance
• Provision a Microsoft Sentinel instance with data retention of 90 days
• Enable Office 365 unified audit logging to capture user and admin activity
• Configure Azure Active Directory, Azure Activity, and Resource logs of other Microsoft services within the scope of the deployment, to be sent to the Log Analytics workspace, feeding Microsoft Sentinel
• Configure Microsoft Sentinel data connectors for Microsoft services, within the scope of current deployment
• Deploy built-in Azure Monitor Workbook templates in Microsoft Sentinel, to provide data visualizations and dashboards
• Deploy Microsoft Sentinel Analytics Rules to automate incident creation from alerts
• Deploy up to two Azure Policy Initiatives, that align to the regulatory/compliance requirements of the customer, if available in the template catalog
Walkthrough of Services
The walkthrough session is a single remote screen sharing meeting to guide the customer on what was deployed and the basics of using the services. This is not a deep technical training on the product and assumes attendees have 3+ years in managing IT environments. If the customer requires additional time for deep knowledge sharing, this would be billed as time and materials.
• Microsoft Sentinel data connectors enabled for Microsoft services • Adding and removing data connectors in Microsoft Sentinel • Using, updating and deploying Azure Monitor Workbook templates in Microsoft Sentinel • Managing Alerts/Incidents in Microsoft Sentinel • Hunting Queries and how they can be used to create Alerts/Incidents Licensing/Infrastructure Requirements: • Existing Azure tenant or as an add-on to an active Agile IT AgileAscend project • Azure Subscription (Commercial or Government)