Microsoft Sentinel is now eligible for complimentary remote guidance through Microsoft’s FastTrack Architecture & Advisory program.
Microsoft Sentinel is a scalable, cloud-native solution that provides security information and event management (SIEM) and security orchestration, automation, and response (SOAR).
Microsoft’s FastTrack architects that are assigned to Sentinel customers at no cost, can provide remote guidance for:
- Providing an overview of the prerequisites for Microsoft Sentinel deployment.
- Providing conceptual workspace architecture best practices and considerations, including multi-tenancy scenarios.*
- Assisting in prioritizing data connectors to optimize Microsoft Sentinel configuration, including:
- Explaining data transformation and collection customization to assist with optimization.*
- Planning roles and permissions.
- Conducting cost expectation analysis based on planned configuration.*
- Enabling the Microsoft Sentinel service.
- Discussing and configuring data retention.
- Configuring data connectors, including:
- Setting up Microsoft data connectors.
- Demonstrating how to configure third-party data connectors.*
- Exploring ingestion cost expectations.*
- Configuring analytics rules, including;
- Built-in analytics rules.
- A query starter pack.
- Additional rules for Zero Trust and insider threats.
- User entity behavior analytics rules.
- Apache Log4J enhancements.
- Providing an overview of the following:
- Security operations center (SOC) optimization.
- Workbooks.
- Watchlists.
- User and entity behavior analytics (UEBA).
- Logic app playbooks.
- Incident response capabilities*, simulations, and tutorials (like practice scenarios, fake malware, and automated investigations).
*Supported with limitations.
For more information, visit:
https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-defender#microsoft-sentinel
Contact your FastTrack Manager or Microsoft account team for more information.
Kurt Shintaku's Blog 