Azure Sentinel Solutions for Partners: Build Combined Value for a Wider Audience
Published Jul 14 2021 07:44 AM 4,121 Views

At the RSA Conference in May, we were excited to announce the release of Azure Sentinel solutions, a new way for Azure Sentinel customers to discover and deploy use cases and integrations faster than ever.


Solutions make it easy to enable new use-cases for Azure Sentinel by consolidating related data connectors, analytics rules, interactive workbooks, and automation playbooks into a single package to deliver end-to-end product or domain or industry vertical value for customers.


With solutions, customers can more easily detect and respond to threats with out-of-the-box content for their critical use cases, all in one package. They can empower their SOC team with content developed by Microsoft’s security experts – and our trusted technology partners – with instant deployment. Our investment in solutions and our expanding partner network is key to helping customers stay secure and protect their organizations.


A new blade in Azure Sentinel offers a growing marketplace of solutions designed to help customers protect their entire digital estate and integrate Azure Sentinel with their existing security infrastructure to operationalize their critical use cases. The marketplace now features more than 40 solutions, including:

  • Cloudflare and Palo Alto Prisma solutions to give you visibility into your cloud workloads. This week, we also released new solutions to help you monitor multi-cloud environments, with solutions for GCP Identity and Access Management, GCP CloudDNS, and GCP CloudMonitor.
  • Threat intelligence solutions from RiskIQ, and ReversingLabs to enrich your threat detection, hunting and response capabilities.
  • Azure SQL and Oracle database audit solutions to monitor your database anomalies.
  • …And many others, with even more to come. Just this week, we released an additional ten solutions into Public Preview. In addition to the new multi-cloud solutions mentioned above, we’re releasing solutions for Sophos Endpoint Protection, Cisco Application Centric Interface, Web Security Appliance, Secure email Gateway, TrendMicro ApexOne, McAffee Network Security Platform and anti-virus information, InsightVM Cloud API (Rapid7) and Juniper Intrusion Detection and Prevention.

Solutions makes it easier and faster for customers to use Azure Sentinel. They also represent a significant opportunity for our technology partners.


Azure Sentinel solutions and partners


Solutions make it easier than ever for joint customers to discover, deploy, and maximize the value of the integrations that our technology partners create. With solutions, partners can:


Unlock more value for your current customers and create new use cases. When you build an Azure Sentinel solution, you’re giving your customers everything they need to start maximizing the security value that your product or service already gives them – by building detections on top of that data, enabling them to cross-correlate it with the rest of their ecosystem, streamline investigation via the investigation graph, automate responses, and more. By delivering solutions you have an opportunity to deeply integrate with each of these Azure Sentinel SIEM and SOAR capabilities to not only deliver combined value for your current offerings but also expand to newer use cases that Azure Sentinel has to offer currently and in the future.


Reach new customers.  Broaden discoverability and reach a new customer base through the Azure Sentinel solutions marketplace. Azure Sentinel solutions integrate with Azure Marketplace, and the solutions you deliver is showcased both in Azure Sentinel solutions blade as well as the Azure Marketplace. Hence delivering solutions gives you a direct connection to a potentially new and broad customer base.


Productize your investments. Enable customers to deploy integrations with just a few clicks by combining content into one single, easily discoverable, easily deployable package - consolidating value across data connectors, analytics, playbooks, and more. With solutions, you are delivering a combined productized value for your offerings in Azure Sentinel to deliver end-to-end scenarios in Azure Sentinel for our mutual customers.


Here are some examples of use cases partners can deliver as Azure Sentinel solutions:

  • Product value – Direct product or service integrations to deliver your product value in Azure Sentinel. Some examples include Azure SQL, Cisco Umbrella, Crowdstrike, Checkpoint solutions.
  • Domain value – Content to deliver domain value in areas like threat intelligence, insider threat, compliance, and more. Some examples include HYAS, ReversingLabs, or RiskIQ solutions.  
  • Industry vertical value – Deliver industry vertical value in areas like ERP, healthcare, finance, retail, etc. Some examples include SAP or Microsoft Dynamics solutions.
  • Refer to the Azure Sentinel solutions catalog to discover more. Define your own unique use cases to deliver customer value!

As we continue to build more value into solutions and work with technology partners to expand our library of solutions, the potential possibilities with solutions will only continue to grow.  


Building your Azure Sentinel solution


So, how can technology partners get started with building their own Azure Sentinel solution? There are three key steps to this process: building content, packaging content, and listing the offering. Refer to the Azure Sentinel solutions build guide for further details on this 3-step process.


Build content

First, you need to start by building the content you want to include in your solution – including data connectors, workbooks, playbooks, analytics, hunting rules, and more. You can learn more about how to create content in the Azure Sentinel GitHub getting started documentation.  


After content is submitted, it will be validated and reviewed by the Azure Sentinel team. After any feedback is addressed, you can move on to packaging your content.


Package content

After content is approved, the next step is to package content into the solution. We provide a packaging tool for this process. Follow the guidance to create your solution package and validate.   


Publish the solution

The Azure Sentinel solution publishing process is powered by the Microsoft Partner Center. After a one-time registration in the Partner Center, you can create your offering, configure its details, and publish. During this phase, the Azure Sentinel team will also step in to help you get this solution listed in the Azure Sentinel solutions gallery within the Azure Sentinel interface. Refer to Step-3 in the Azure Sentinel solutions build guide for step-by-step guidance.


Getting started – and announcing the Azure Sentinel 2021 Hackathon


We’re very excited about the new possibilities that the launch of Azure Sentinel solutions opens and the wider audience that it gives our technology partners. This is only the beginning, and we’re looking forward to continuing to expand the capabilities of solutions and tap into the possibilities that they offer.


If you’re interested in building an Azure Sentinel solution, now is the perfect time to get started building content! We recently kicked off the second annual Azure Sentinel Hackathon. This hackathon challenges security experts around the globe to build end-to-end cybersecurity solutions for Azure Sentinel that delivers enterprise value by collecting data, managing security, detecting, hunting, investigating, and responding to constantly evolving threats – plus, you can win a piece of the $19,000 cash prize pool. Learn more about the hackathon here.  


To learn more about solutions, visit the following resources:

We’d love to hear from you as you embark on the solutions creation journey! Let us know your feedback using any of the channels listed in the Resources.

Version history
Last update:
‎Nov 03 2021 03:56 AM
Updated by: