|This service implements a small functionality of Microsoft Sentinel and focuses on controlling the work with certain files or folders for SharePoint Online, OneDrive, and Microsoft Teams.
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that helps you collect and analyze data in a security context from a variety of sources. With Microsoft Sentinel, you can detect various attacks and threats that occur in your services in real-time, quickly investigate them and if necessary, activate automation scripts.
Often, having a restricted site with sensitive corporate information that only certain people can access, does not prevent your IT admins, IT managers, and other users with elevated privileges from accessing the corporate confidential data without your knowledge and this can become a significant issue for your organization. Microsoft Sentinel lets you quickly discover such unwanted changes and notify all interested parties with minimal cost and maximum preservation of your work principles. Though it will not be able to prevent unauthorized access, you can also consider other services - such as Azure Information Protection or Data Loss Prevention Policy. However, they are more complex to implement and require the participation of end users.
Our goal is to connect your data sources (such as SharePoint for example) and set up all the necessary rules and notifications to keep you informed if anyone downloads/opens a certain file or makes changes in permissions. For example, if a system administrator adds himself as a site member to gain access to sensitive data, you will receive an email or a message in Teams. An incident will also be created in Microsoft Sentinel where you can find all the additional information and perform in-depth analysis if required.
IT Partner responsibilities #
- Gather all the required information to implement the solution.
- Set up Microsoft Sentinel and configure the required connectors.
- Enable custom analytics rules to catch the required events.
- Configure automation rules and Azure Logic apps for notification purposes.
- Performs tests.
Client responsibilities #
- Provide access to tenant and Azure subscription.
- Provide the information required for rule configuration.
The plan may vary depending on your needs.
- Kickoff meeting.
- Gather the required information.
- Plan and approve rules.
- Provision the appropriate subscriptions.
- Implement the solution.
- Perform testing and demonstration.
Success criteria #
- The client has an Azure Subscription with a Microsoft Sentinel instance.
- Microsoft Sentinel is configured according to the clients' requirements.
- The desired scenarios and tasks have been successfully tested and confirmed.