Previous Articles
Part 1: Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment
RBAC Assignment for Microsoft Sentinel
In the previous article, we have seen how to create a workspace and deploy Microsoft Sentinel.
In this article, we will see how we can assign an RBAC role to Sentinel.
Learn more about Roles and permissions for working in Microsoft Sentinel at https://learn.microsoft.com/azure/sentinel/roles
Go to Subscription where Microsoft Sentinel and Workspace deployed. Click on Subscription
Select Access Control(IAM)
Click on Add –> Add role assignment
Search for Microsoft Sentinel Contributor and select Members
Click on Select Members
Click on Review + assign
Now we have provided the Microsoft Sentinel Contributor Role to the user account that is going to manage Sentinel.
Configuration of Data Retention
Learn more about data retention at https://learn.microsoft.com/azure/azure-monitor/logs/data-retention-archive.
Go to the Log Analytics Workspace
Select Usage and estimated costs
Click on Data retention
Click on OK
Next Articles
Part 3: Microsoft Sentinel Implementation a Deep Dive – Part 3: Configuring Data Connectors
Part 5: Microsoft Sentinel Implementation a Deep Dive – Part 5: Validating the Microsoft Sentinel Deployment
Part 6: Microsoft Sentinel Implementation a Deep Dive – Part 6: Ingesting Microsoft 365 Logs and validation