How to purchase sentinel?

emir goenaga 0 Reputation points
2024-12-02T18:10:08.23+00:00

How to purchase Microsoft sentinel or where I can buy it?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,205 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 20,376 Reputation points Microsoft Employee
    2024-12-03T03:07:27.3933333+00:00

    @Goenaga, Emir

    Thank you for posting this in Microsoft Q&A.

    As I understand you want to know how you can get sentinel in your environment and how can you make use of it.

    Microsoft Sentinel is a paid service. Review the pricing options and the Microsoft Sentinel pricing page.

    To have Microsoft Sentinel in your environment you need to have an Azure subscription, Microsoft Entra ID license and a Log analytics workspace.

    Once you have Azure subscription and Entra ID license you can enable Microsoft Sentinel in your Azure tenant. Along with subscription you also need Log Analytics workspace in your environment.

    You can go through below prerequisites for Microsoft Sentinel,

    • A Microsoft Entra ID license and tenant, or an individual account with a valid payment method, are required to access Azure and deploy resources.
    • An Azure subscription to track resource creation and billing.
    • Assign relevant permissions to your subscription. For new subscriptions, designate an owner/contributor.
      • To maintain the least privileged access, assign roles at resource group level.
      • For more control over permissions and access, set up custom roles. For more information, see Role-based access control (RBAC).
      • For extra separation between users and security users, consider resource-context or table-level RBAC.
      For more information about other roles and permissions supported for Microsoft Sentinel, see Permissions in Microsoft Sentinel.
    • A Log Analytics workspace is required to house the data that Microsoft Sentinel ingests and analyzes for detections, analytics, and other features. For more information, see Design a Log Analytics workspace architecture.
    • The Log Analytics workspace must not have a resource lock applied, and the workspace pricing tier must be pay-as-you-go or a commitment tier. Log Analytics legacy pricing tiers and resource locks aren't supported when enabling Microsoft Sentinel. For more information about pricing tiers, see Simplified pricing tiers for Microsoft Sentinel.
    • To reduce complexity, we recommend a dedicated resource group for your Log Analytics workspace enabled for Microsoft Sentinel. This resource group should only contain the resources that Microsoft Sentinel uses, including the Log Analytics workspace, any playbooks, workbooks, and so on. A dedicated resource group allows for permissions to be assigned once, at the resource group level, with permissions automatically applied to dependent resources. With a dedicated resource group, access management of Microsoft Sentinel is efficient and less prone to improper permissions. Reducing permission complexity ensures users and service principals have the permissions required to complete actions and makes it easier to keep less privileged roles from accessing inappropriate resources. Implement extra resource groups to control access by tiers. Use the extra resource groups to house resources only accessible by groups with higher permissions. Use multiple tiers to separate access between resource groups even more granularly.

    If you do not have an Azure subscription you can create a free account by using below link,

    https://azure.microsoft.com/free/?WT.mc_id=A261C142F

    To get Log Analytics workspace you can follow below article,

    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/quick-create-workspace

    For more information about Log Analytics workspaces, see Designing your Azure Monitor Logs deployment.

    Once you have above prerequisites then you can check and set below permissions in Azure

    Permissions:

    • To enable Microsoft Sentinel, you need contributor permissions to the subscription in which the Microsoft Sentinel workspace resides.
    • To use Microsoft Sentinel, you need either Microsoft Sentinel Contributor or Microsoft Sentinel Reader permissions on the resource group that the workspace belongs to.
    • To install or manage solutions in the content hub, you need the Microsoft Sentinel Contributor role on the resource group that the workspace belongs to.

     

    To enable Microsoft Sentinel, you can follow below article,

    https://learn.microsoft.com/en-us/azure/sentinel/quickstart-onboard#enable-microsoft-sentinel-

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.