Special thanks to Javier-Soriano, Sreedhar_Ande, Bill Almonroeder, and Dick Lake
More than a year ago, we announced the second version of Microsoft Sentinel All-in-One and one of the most requested features was to have it work with Azure Government tenants. Today, we’re happy to announce a new revamped version that does that.
If you are not familiar with the All-In-One offering, it will:
- Create a resource group
- Create a Log Analytics workspace
- Enable Microsoft Sentinel on top of the workspace
- Set the workspace retention, daily cap and commitment tiers if desired
- Enable UEBA with the relevant identity providers (AAD and/or AD)
- Enable health diagnostics for Analytics Rules, Data Connectors and Automation Rules
- Install Content Hub solutions from a predefined list
- Enable Data Connectors from this list:
- Azure Entra ID
- Azure Entra ID Identity Protection
- Azure Activity
- Dynamics 365
- Microsoft 365 Defender
- Microsoft Defender for Cloud
- Microsoft Insider Risk Management
- Microsoft PowerBI
- Microsoft Project
- Office 365
- Enable analytics rules (Scheduled and NRT) included in the selected Content Hub solutions
- Enable analytics rules (Scheduled and NRT) that use any of the selected Data connectors
Getting started
You can find this new version at http://aka.ms/sentinel-all-in-one in the V2 folder.
The only thing you need to start using Microsoft Sentinel All-in-One, is an Azure Government Subscription and an account with permissions to deploy Microsoft Sentinel. Higher privileges might be required if you wish to enable UEBA and some of the supported connectors. You can find details about the required permissions here .
Go ahead and give it a try! We look forward to hearing your feedback about this new version.
Microsoft