In this article, You will learn how to monitor your on-premises servers and Azure VMs using Microsoft Sentinel. It was called Azure Sentinel, and they recently renamed it to Microsoft Sentinel.
Prerequisite
- Azure Subscription and Log Analytics Workspace
Create a Microsoft Sentinel
Step 1
Sign in to your Azure portal at https://portal.azure.com using your Microsoft credential.
Click the portal menu to select "All Services"
Then Using the Sentinel keywords to search the Microsoft Sentinel
Then select the "Microsoft Sentinel"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 2
Click "Create Microsoft Sentinel"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 3
Select "Create a workspace" to add Microsoft Sentinel
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 4
Provide the Project Details
Select the Subscription (Active subscription)
Create a new or use existing "Resource Group" (ex: MsSentinelRG)
Enter the "Workspace name" (ex: sentinelworkspace)
Then Select your "Region"
Then select "Review + Create" to validate the entered details
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 5
Once Validation passed, Select "Create"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 6
Add Microsoft Sentinel to a workspace
Select the workspace "sentinelworkspace" and then click "Add"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Connect On-premises server to Microsoft Sentinel
Steps 1
Go to the Resource Group, where the sentinel workspace stored
Then open the SecurityInsights(sentinelworkspace)
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 2
Navigate to "Log Analytics Workspace"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 3
Select "Agent"
Then Select your "Operating System Type"
And then "Download Windows Agent" (64/32 bit)
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 4
Once the download is completed, double-click to open the Windows Agent Wizard from your on-premises server
Then click "Next"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 5
Select "I Agree" to Accept the Microsoft Software Licence Terms
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 6
If you want to store it in a different location, Click Change to select the installation folder.
Then Select "Next"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 7
Select the Agent setup option "Connect the Agent to Azure Log Analytics (OMS)"
Then Select "Next"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 8
Enter the Workspace ID and Workspace key to connect the agent to azure log analytics.
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 9
If you want to keep secure your origination, "Use Microsoft Update help keep secure and up to date"
Then Select "Next"
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 10
Click "Install" to start the installation of the Microsoft Monitor Agent
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 12
Click "Finish" to complete the wizard
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 13
Now officially installed Microsoft Agent on a Windows computer, you can check from the Agent management.
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()
Steps 14
After connecting the Log Analytics workspace to Microsoft Sentinel, use existing or create analytics rules to detect threats and anomalous behaviors in your environment.
![Monitor On-premises Servers & Azure VMs by Using Microsoft Sentinel]()