Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Implementation & Connectivity

Simple and Secure Deployment of Microsoft Sentinel via Azure Marketplace

Our Sentinel implementation is designed to be both simple and secure. The deployment takes place through the Azure Marketplace. Once accepted, Sentinel is provisioned as a Managed Application. Attic only receives access to the specific resource group where Sentinel is deployed—nothing more. During onboarding, the user is asked to authorize an application in order to connect various data sources.

Implementation Process

Preparation

  1. Ensure all requirements are met (Azure subscription, appropriate permissions).

Onboarding

  1. Microsoft Sentinel is deployed via the Azure Marketplace.

  2. Required data connectors (such as Azure AD, Microsoft 365, Defender) are activated.

  3. Detection rules and automation playbooks are installed.

 

Configuration

  • Retention: 90 days for all tables used by Attic.


Data Sources

  • Azure: AzureActivity for all owned and accessible subscriptions

  • M365: OfficeActivity including Teams/SharePoint and Exchange logs

  • Entra ID: AuditLog and various SignInLogs

  • Defender for X: adds security incidents, security alerts, and security evidence to Sentinel

Configuration Details

  • Access Model: A service principal is used to connect to the marketplace offer, ensuring secure cross-tenant management.

  • Data Storage: All collected logs stay within your Azure subscription and region. No data is moved outside your environment (with the exception of alerts/incidents).

Security Considerations

  • No persistent admin accounts are created.

  • Service connections are limited to the minimum required permissions (Attic only receives access to the resource group where Sentinel is deployed - nothing more).