Summary
In this module, you learned how Microsoft Sentinel provides a way to address the concerns of your organizations IT director:
- Alerts come from multiple products.
- Too many alerts are triaged across dashboards.
- The time spent to set up and maintain IT infrastructure takes the SecOps team away from its security tasks.
You explored the various deployment considerations for Microsoft Sentinel, including necessary roles and permissions. You also learned how to connect data sources to Microsoft Sentinel and how to manage its log data.
You understand how Microsoft Sentinel saves time performing complex investigations and improves your SecOps.
Learn more
You can learn more by reviewing the following documents.
Getting started
- Microsoft Sentinel documentation
- Quickstart: On-board Microsoft Sentinel
- Microsoft Sentinel pricing
- Permissions in Microsoft Sentinel
- Tutorial: Visualize and monitor your data
- Quickstart: Get started with Microsoft Sentinel
- What is Azure Lighthouse?
- Extend Microsoft Sentinel across workspaces and tenants
- What is Azure Resource Manager?
- Azure Foundation 4-Week Implementation
Azure Monitor Logs
- Designing your Azure Monitor Logs deployment
- Azure resource logs
- Manage usage and costs with Azure Monitor Logs
Azure roles
- View and assign administrator roles in Microsoft Entra ID
- What is Azure role-based access control (Azure RBAC)?