SIEM and XDR in one place

Previous Articles

Part 1:  Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

RBAC Assignment for Microsoft Sentinel

In the previous article, we have seen how to create a workspace and deploy Microsoft Sentinel.

In this article, we will see how we can assign an RBAC role to Sentinel.

Learn more about Roles and permissions for working in Microsoft Sentinel at https://learn.microsoft.com/azure/sentinel/roles

Go to Subscription where Microsoft Sentinel and Workspace deployed. Click on Subscription

Select Access Control(IAM)

Click on Add –> Add role assignment

Search for Microsoft Sentinel Contributor and select Members

Click on Select Members

Click on Review + assign

Now we have provided the Microsoft Sentinel Contributor Role to the user account that is going to manage Sentinel.

Configuration of Data Retention

Learn more about data retention at https://learn.microsoft.com/azure/azure-monitor/logs/data-retention-archive.

Go to the Log Analytics Workspace

Select Usage and estimated costs

Click on Data retention

Click on OK

Next Articles

Part 3: Microsoft Sentinel Implementation a Deep Dive – Part 3: Configuring Data Connectors

Part 4: Microsoft Sentinel Implementation a Deep Dive – Part 4: Deploy VM to Validate the Microsoft Sentinel Deployment

Part 5: Microsoft Sentinel Implementation a Deep Dive – Part 5: Validating the Microsoft Sentinel Deployment

Part 6: Microsoft Sentinel Implementation a Deep Dive – Part 6: Ingesting Microsoft 365 Logs and validation

Author

Leave a comment

Your email address will not be published. Required fields are marked *