Microsoft Sentinel Log ingestion from Business Premium, Microsoft Sentinel is Microsoft’s Cloud native SIEM solution and has been available for several years. Sentinel is becoming more popular as time goes on due to the requirement with many cyber security frameworks and some governmental regulations to have data logged for a period of time, incase it needs to be reviewed or used for threat hunting or later analysis.
Microsoft Business Premium is a common Microsoft licensing tier for organisations under 300 seats and there is significant value to Stream the data from a clients business Premium tenant into Sentinel, so to support this I have collected the following resources to help configure Defender for Business, Defender XDR, Log analytics and Sentinel to capture data from an M365 tenant running BP.
As always with any Azure or cloud technology, Cost control should be front of mind, I have written previously about this here: Sentinel cost management but ALWAYS set up spend limits to ensure that you do not overspend.
Configuring Sentinel for Business Premium
- Steps to use API for Sentinel
- Defender is setup , configured and device onboarded.
- Create a Log analytics Workspace
- Onboard to Sentinel
- Enable and use XDR connector
Configuring Sentinel for Business Premium Summary
The above steps will help with configuring Sentinel for use with M365 Business Premium and also for Defender for Business if you have that in place. Sentinel is a powerful tool for organisations looking to store logs with a platform to threat hunt as well as to automate and respond to incidents that occur within an organisation.
As always please reach out to us here if you require any further assistance about this or any other Security question.
Leave a Reply