Forum Discussion
Is Azure AD important to run Azure Sentinel ?
Hello, We are trying to build a SOC based on Azure Sentinel, and a have 26 windows on-prem VMs connected via MMA agents. These VMs include 2 Active Directory servers which are on-prem as well, an...
Azure Sentinel can make use of AD and or AAD. Some rules, workbooks, rule, hunting etc... will need various sources. UEBA uses data sources like Azure Active Directory, Azure Monitor, Azure Security Center, and Microsoft Defender. Whilst its possible to run without either identity source, more often than not many features will require you to corelate with identity.
https://docs.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics