General MSSP Inquiry

%3CLINGO-SUB%20id%3D%22lingo-sub-2116567%22%20slang%3D%22en-US%22%3EGeneral%20MSSP%20Inquiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2116567%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHello%20Azure%20Security!%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CI%3EOverview%3A%3C%2FI%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%3ECurrently%2C%20I%E2%80%99ve%20been%20waiting%20weeks%20to%20get%20my%20questions%20answered%20from%20Microsoft%20Support%2C%20and%20to%20be%20approved%20by%20the%20OneVet%20team%20-%20so%20I%20am%20bringing%20my%20questions%20to%20the%20forums%2C%20where%20the%20experts%20are.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CI%3EQuestions%3A%3C%2FI%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20I%20was%20to%20offer%20an%20MDR%20solution%20to%20clients%2C%20what%20is%20needed%2C%20and%20why%3F%20I%20am%20projecting%20it%20would%20look%20something%20like%20this%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSPAN%3EAzure%20Sentinel%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3ELog%20analytics%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3EDefender%2For%20ATP%3F%20(Differences%3F)%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIs%20there%20anything%20missing%20in%20this%20stack%20that%20you%20would%20consider%20essential%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWhat%20are%20the%20current%20CSP%20pricing%20models%20for%20these%20services%2C%20(keep%20in%20mind%2C%20I%20do%20not%20have%20access%20to%20the%20CSP%20portal%20yet%2C%20and%20I%E2%80%99ve%20been%20waiting%20weeks)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ENETFLOW%20data%2C%20I%20understand%20I%20can%20ingest%20this%20data%20into%20Azure%20Sentinel%2C%20but%20for%20a%20small-business%20operating%20without%20a%20switch%20or%20with%20a%20switch%2C%20with%20defender%20deployed%20on%20all%20endpoints...%20is%20NetFlow%20data%20needed%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EQuestion%20on%20Capacity%20-%20I%20am%20trying%20to%20understand%20the%20average%20usage%20of%20a%2010-endpoint%20office%2Fbusiness%2C%20and%20what%20the%20costs%20associated%20would%20be%20to%20deploy%20Microsoft%20Security%20Solutions%20as%20described%20above.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWhat%20is%20the%20typical%20usage%20for%20a%20small%20size%20business%20and%20medium%20size%20business%3F%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2118868%22%20slang%3D%22en-US%22%3ERe%3A%20General%20MSSP%20Inquiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2118868%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F957846%22%20target%3D%22_blank%22%3E%40sentinelhero%3C%2FA%3E%26nbsp%3Bsure%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2117770%22%20slang%3D%22en-US%22%3ERe%3A%20General%20MSSP%20Inquiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2117770%22%20slang%3D%22en-US%22%3E%3CP%3EBrilliant!%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F66621%22%20target%3D%22_blank%22%3E%40Javier%20Soriano%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20of%20my%20questions%20have%20been%20answered%20via%20PM.%3CBR%20%2F%3EYou%20can%20delete%20this%20thread%20%2C%20as%20I%20cannot%20edit%20the%20original%20content.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20do%20have%20some%20additional%20questions%2C%20do%20you%20mind%20if%20I%20PM%20you%3F%3CBR%20%2F%3E%3CBR%20%2F%3E(p.s.%20I've%20read%20all%20of%20your%20documentation%2C%20well%20written)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2117713%22%20slang%3D%22en-US%22%3ERe%3A%20General%20MSSP%20Inquiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2117713%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F957846%22%20target%3D%22_blank%22%3E%40sentinelhero%3C%2FA%3E%26nbsp%3Bdon't%20pay%20attention%20to%20the%20response%20from%20David%2C%20it%20looks%20like%20a%20scam.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2116999%22%20slang%3D%22en-US%22%3ERe%3A%20General%20MSSP%20Inquiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2116999%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F958431%22%20target%3D%22_blank%22%3E%40David_William46%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hello Azure Security!

 

Overview:


Currently, I’ve been waiting weeks to get my questions answered from Microsoft Support, and to be approved by the OneVet team - so I am bringing my questions to the forums, where the experts are.

 

Questions:

 

If I was to offer an MDR solution to clients, what is needed, and why? I am projecting it would look something like this:

 

  • Azure Sentinel
  • Log analytics
  • Defender/or ATP? (Differences?)

 

Is there anything missing in this stack that you would consider essential?

 

What are the current CSP pricing models for these services, (keep in mind, I do not have access to the CSP portal yet, and I’ve been waiting weeks)

 

NETFLOW data, I understand I can ingest this data into Azure Sentinel, but for a small-business operating without a switch or with a switch, with defender deployed on all endpoints... is NetFlow data needed?

 

Question on Capacity - I am trying to understand the average usage of a 10-endpoint office/business, and what the costs associated would be to deploy Microsoft Security Solutions as described above.

 

What is the typical usage for a small size business and medium size business?

4 Replies

Thanks @David_William46 

@sentinelhero don't pay attention to the response from David, it looks like a scam.

Brilliant! @Javier Soriano 

Some of my questions have been answered via PM.
You can delete this thread , as I cannot edit the original content.

I do have some additional questions, do you mind if I PM you?

(p.s. I've read all of your documentation, well written)