Update to Microsoft Sentinel’s Technical Playbook for MSSPs is now available (v1.5.1)
Published Nov 07 2022 05:45 AM 4,401 Views
New Contributor

Special thanks: @MargaretMwaura @GBushey @edilahav @Javier Soriano @Nayef_Yassin @Jeremy Tan for all the content and reviews you contributed.


Today, we are announcing version 1.5.1 of the MSSP playbook. The technical playbook provides guidance in deploying and managing Microsoft Sentinel with a focus on MSSP or large organizations and institutions who operate security operations within environments requiring multi-tenant architectures. The playbook addresses topics like efficient customer onboarding, scaling SOC operations, managing the MSSP intellectual property, accessing the customer’s workspaces/environments and optimizing system administration costs. Since the last version, there have been some significant feature updates to Microsoft Sentinel that need to be included in the playbook. Some of these updates in this version include:

  • Repositories to deploy custom content
  • Codeless connector platform
  • Ingestion time transformation
  • Normalization and ASIM
  • Sentinel health
  • New long term storage using Archive
  • Search and Restore for Archived logs
  • Basic logs tier

To download the latest updates to the MSSP playbook version click here https://aka.ms/mssentinelmssp.

Version history
Last update:
‎Nov 07 2022 07:47 AM
Updated by: