Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Zero Trust
FastTrack provides comprehensive guidance on implementing Zero Trust security principles. The Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. This approach ensures robust security across your networks, applications, and environment. FastTrack accomplishes this by focusing on identity, devices, applications, data, infrastructure, and networks. With FastTrack, you can confidently advance your Zero Trust security journey and protect your digital assets effectively.
With Microsoft Sentinel, you can implement Zero Trust principles through a comprehensive approach to security that focuses on explicit verification, using least privileged access, and assuming breach. Microsoft Sentinel's advanced threat detection, incident management, and automated response features help identify and mitigate threats quickly, ensuring that any potential breaches are contained and addressed promptly.
Microsoft Sentinel
Microsoft Sentinel is a scalable, cloud-native solution that provides security information and event management (SIEM) and security orchestration, automation, and response (SOAR). It delivers intelligent security analytics and threat intelligence across your enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.
Microsoft Sentinel provides a view across your enterprise, including:
- Removing the stress of sophisticated attacks.
- Preventing a greater number of alerts.
- Helping avoid long resolution time frames.
FastTrack provides remote guidance for:
- Providing an overview of the prerequisites for Microsoft Sentinel deployment.
- Providing conceptual workspace architecture best practices and considerations, including multi-tenancy scenarios.*
- Helping prioritize data connectors to optimize Microsoft Sentinel configuration, including:
- Explaining data transformation and collection customization to assist with optimization.*
- Planning roles and permissions.
- Conducting cost expectation analysis based on planned configuration.*
- Enabling the Microsoft Sentinel service.
- Discussing and configuring data retention.
- Configuring data connectors, including:
- Setting up Microsoft data connectors.
- Demonstrating how to configure non-Microsoft data connectors.*
- Exploring ingestion cost expectations.*
- Configuring analytics rules, including;
- Built-in analytics rules.
- A query starter pack.
- More rules for Zero Trust and insider threats.
- User entity behavior analytics rules.
- Apache Log4J enhancements.
- Providing an overview of the following items:
- Security operations center (SOC) optimization.
- Workbooks.
- Watchlists.
- User and entity behavior analytics (UEBA).
- Logic app playbooks.
- Incident response capabilities*, simulations, and tutorials (like practice scenarios, fake malware, and automated investigations).
*Supported with limitations.
Out of scope
- Attack simulations (including penetration testing).
- Diagnosis of threats and threat hunting.
- Creation and configuration of Log Analytics workspaces.
- Troubleshooting issues encountered during engagement (including networking issues)
- Configuration of non-Microsoft or custom connectors.
- Configuration of data transformation.
- Migration from Microsoft Monitoring Agent (MMA) to Azure Monitor Agent (AMA).
- Compete conversations around non-Microsoft SIEM and SOAR solutions.
- Assisting with non-Microsoft SIEM and SOAR configuration.
- Migrations from non-Microsoft SIEM and SOAR solutions.
- Advanced SIEM Information Model (ASIM) parsers.
- Jupyter Notebooks.
- Azure Synapse and Azure Data Lake solutions.
- Preview features.
- Common Event Format (CEF)- and Syslog-filtered ingestion through AMA.
Microsoft advanced deployment guides
Microsoft provides customers with technology and guidance to assist with deploying your Microsoft 365, Microsoft Viva, and security services. We encourage our customers to start their deployment journey with these offerings.
For non-IT admins, see Microsoft 365 Setup.