Microsoft has announced the release of Microsoft Sentinel All-in-One v2. The latest version is designed to help customers reduce costs and speed up the deployment and configuration process.
Microsoft Sentinel is a cloud-based Security Information and Event Management (SIEM) solution for Microsoft 365 and Microsoft Azure. Formerly known as Azure Sentinel, the tool allows customers to collect and analyze event logs from multiple sources to detect security threats. Microsoft Sentinel integrates with other security products and third-party tools to help organizations improve their security posture.
Microsoft launched the first version of its Microsoft Sentinel All-in-One back in February 2021. It’s available in two flavors called PowerShell and Azure Resource Manager. The company explained that the revamped version includes several new features and capabilities for organizations.
Specifically, Microsoft Sentinel All-in-One version 2 automates various tasks to improve productivity, including creating resource groups and the Log Analytics workspace. It also enables health diagnostics capabilities for Automation Rules, Data Connectors, and Analytics Rules. Microsoft says that the latest update installs the Microsoft Sentinel service on top of the workspace.
“Microsoft Sentinel All-in-One is aimed at helping customers and partners quickly set up a full-fledged Microsoft Sentinel environment that is ready to use by customers speeding up deployment and initial configuration tasks in few clicks, saving time and simplifying Microsoft Sentinel setup,” Microsoft explained.
Microsoft Sentinel All-in-One v2 also enables several Data Connectors. The list includes Office 365, Dynamics 365, Microsoft Defender for Cloud, Microsoft 365 Defender, Azure Active Directory, Azure Active Directory Identity Protection, Azure Activity, Microsoft Project, Microsoft Power BI, Microsoft Insider Risk Management, and Threat Intelligence Platforms. The service also uses a predefined list to install Content Hub solutions 1st party, Essentials, and Training categories.
Microsoft notes that the customers must have an Azure subscription to access Microsoft Sentinel All-in-One v2. It is important to note that this release only supports Azure Resource Manager. Additionally, IT admins will need an Azure account with permissions to enable UEBA and supported connectors, and more information about the required permissions is available on this support page.