Connect Windows hosts to Microsoft Sentinel

Security Operations Analyst
Microsoft Sentinel
Windows Security
Azure Policy

One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.

Learning objectives

Upon completion of this module, the learner will be able to:

  • Connect Azure Windows Virtual Machines to Microsoft Sentinel
  • Connect non-Azure Windows hosts to Microsoft Sentinel
  • Configure Log Analytics agent to collect Sysmon events


Basic knowledge of operational concepts such as monitoring, logging, and alerting.