Monitor On-Premises Servers And Azure VMs By Using Microsoft Sentinel

In this article, You will learn how to monitor your on-premises servers and Azure VMs using Microsoft Sentinel. It was called Azure Sentinel, and they recently renamed it to Microsoft Sentinel.

Prerequisite

  • Azure Subscription and Log Analytics Workspace

Create a Microsoft Sentinel

Step 1

Sign in to your Azure portal at https://portal.azure.com using your Microsoft credential.

Click the portal menu to select "All Services"

Then Using the Sentinel keywords to search the Microsoft Sentinel 

Then select the "Microsoft Sentinel"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 2

Click "Create Microsoft Sentinel"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 3

Select "Create a workspace" to add Microsoft Sentinel

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 4

Provide the Project Details

Select the Subscription (Active subscription)

Create a new or use existing "Resource Group" (ex: MsSentinelRG)

Enter the "Workspace name" (ex: sentinelworkspace)

Then Select your "Region"

Then select "Review + Create" to validate the entered details 

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 5

Once Validation passed, Select "Create"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 6

Add Microsoft Sentinel to a workspace

Select the workspace "sentinelworkspace" and then click "Add"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Connect On-premises server to Microsoft Sentinel

Steps 1

Go to the Resource Group, where the sentinel workspace stored

Then open the SecurityInsights(sentinelworkspace)

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 2

Navigate to "Log Analytics Workspace"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 3

Select "Agent"

Then Select your "Operating System Type"

And then "Download Windows Agent" (64/32 bit)

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 4

Once the download is completed, double-click to open the Windows Agent Wizard from your on-premises server

Then click "Next"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 5

Select "I Agree" to Accept the Microsoft Software Licence Terms

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 6

If you want to store it in a different location, Click Change to select the installation folder.

Then Select "Next"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 7

Select the Agent setup option "Connect the Agent to Azure Log Analytics (OMS)"

Then Select "Next"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 8

Enter the Workspace ID and Workspace key to connect the agent to azure log analytics.

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 9

If you want to keep secure your origination, "Use Microsoft Update help keep secure and up to date"

Then Select "Next"

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 10

Click "Install" to start the installation of the Microsoft Monitor Agent

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 12

Click "Finish" to complete the wizard

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 13

Now officially installed Microsoft Agent on a Windows computer, you can check from the Agent management.

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel

Steps 14

After connecting the Log Analytics workspace to Microsoft Sentinel, use existing or create analytics rules to detect threats and anomalous behaviors in your environment.

Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel