Azure Sentinel Workshop: Partner Overview Deck
Azure Sentinel Workshop: Partner Overview Deck
Author name
Date
1. Introduction & overview
2. Funding & nomination flow
Agenda: 3. Workshop delivery phases
4. Resources
Introducing the Azure Sentinel Workshop
Audience
Customers Partner Participants
Senior BDMs – CISO, CSO, CIO, etc. Consultants, Solution Architects, Dev and Design Leads
and TDMs – IT Security, IT Operations
Workshop
Real data: threat analysis based on Position yourself as the trusted advisor
customer’s environment. for security strategy.
$1500
per engagement
• 250+ Monthly Active Units (MAU)
for EXO, SPO or Teams
• No in-progress or completed
Security Workshop with Azure Proof of execution
Sentinel via MCAP program • Customer Satisfaction Survey
• Partner Findings Survey
Program dates
• POE Report
• Nominations open: Jan 27, 2021 • Partner Invoice
• Last day of nomination: May 15th,
2021 or till the funding lasts
2. Once edibility is confirmed via email, send customer acknowledgement via email within 30 days of receiving the eligibility
confirmation. Support team will review customer acknowledgement and approve the engagement for funding.
3. Engagement approval email will provide the required trial license SKUs to run an Azure Sentinel Workshop.
4. If your customer so requires, you can request an Azure Trial Subscription to use for the engagement via email. Please
allow 2 business days to receive the Azure Trial codes, after placing a request.
5. Execute the workshop within 90 days after engagement approval, using the delivery guidance resources:
https://aka.ms/AzureSentinelWorkshop/Resources .
6. Submit the Required POE documents to claim funds within the 90-day period: (1) customer satisfaction survey, (2)
partner findings survey, (3) POE Report, (4) Partner Invoice.
7. Payouts are released monthly once all POE has been received and vetted.
Azure Sentinel Workshop delivery phases
Engagement scenarios
Scenario 1 – Remote monitoring of threats Scenario 2 – Joint threat exploration
Designed for organizations that can’t justify building and staffing No remote monitoring. Instead, we will complete the threat
their own SOC or when you need to offload certain monitoring tasks exploration step together, allowing your security analysts and
so that your SecOps team can focus on key risk areas. engineers additional hands-on experience with Azure Sentinel to
enable you to manage Azure Sentinel as part of your existing SOC. As
We will manage your Azure Sentinel deployment remotely during the part of the joint Threat Exploration, you will:
alert and log collection phase allowing us to also provide:
• Experience Azure Sentinel - Get hands-on experience and learn
• Incident monitoring - Our security analysts will provide remote how to discover and analyze threats using Azure Sentinel. Learn
monitoring of Azure Sentinel for incidents during the engagement. how to automate your Security Operations to make it more
effective.
• Proactive threat hunting - Our security analysts will use Azure
• Analyze threats - Analyze and gain visibility into threats to your
Sentinel’s powerful hunting search and query tools to hunt for
Microsoft 365 cloud and on-premises environments across email,
security threats across your organization’s data sources.
identity and data in order to better understand, prioritize and
mitigate potential cyberattack vectors
Out of scope
Out of scope
• Incident response – Not included in the default scope
• Incident response - Not included in the default scope
Requirements
Requirements
• Access to deployed Azure Sentinel instance in your tenant using
delegated access through either Azure B2B or Azure Lighthouse
• No additional requirements necessary
(recommended)
Pre-engagement call – 1 hour Kick-Off – 1 hour Remote Monitoring – 2h/week Results Presentation
– 2 hours
Goals: Goals: Goals:
• Introductions • Kick-off meeting • Remote incident monitoring • Present engagement results
• Engagement overview ₋ Goals, scope and • Proactive threat hunting report
deliverables • Joint plan and next steps
• Define engagement scope
₋ Engagement tools Threat Exploration and Report
• Identify right stakeholders
₋ Expectations and next steps Generation – 5 hours
• Engagement scheduling
• Align expectations & next steps Goals:
• Provide engagement Define Scope – 1 hour • Threat Exploration
• Prepare Results report and
questionnaire
Goals: Recommendations
• Define and document
deployment scope
Goals:
• Set-up trial license
• Deploy and Configure Azure
Sentinel
• Setup Azure Lighthouse Data Collection
Threat
Exploration Results and
Customer
Orientation
Engagement
Setup
Remote
Monitoring 3 weeks vv
Report
preparation
vv
Next Steps
Engagement Timeline
Pre-engagement call – 1 hour Kick-Off – 1 hour Threat Exploration and Report Results Presentation
Generation – 5 hours – 2 hours
Goals: Goals:
• Introductions • Kick-off meeting Goals: • Present engagement results
• Engagement overview ₋ Goals, scope and • Joint threat exploration and report
deliverables hunting • Joint plan and next steps
• Define engagement scope
₋ Engagement tools • Prepare Results report and
• Identify right stakeholders
₋ Expectations and next steps Recommendations
• Engagement scheduling
• Align expectations & next steps
• Provide engagement Define Scope – 1 hour
questionnaire
Goals:
• Define and document
deployment scope
Goals:
• Set-up trial license
• Deploy and Configure Azure
Sentinel
Data Collection
Threat
Customer Engagement Exploration Results
Orientation Setup 3 weeks Report Presentation
preparation
Resources
Resources