Azure Sentinel Workshop

Partner Overview Deck

Author name
Date
 1. Introduction & overview
2. Funding & nomination flow
Agenda: 3. Workshop delivery phases
4. Resources
Introducing the Azure Sentinel Workshop

Showcase Azure Sentinel and find threats in

your customer’s environment, creating
adoption intent
Azure Sentinel Workshop: Overview
Designed as a two-day engagement, the Azure Sentinel Workshop enables partners to build intent for
sales and deployment of Azure Sentinel. The Workshop uses specialized Microsoft 365 trial licenses for
identifying real-time threats in a customer environment, and a sponsored Azure trial subscription to
showcase Azure Sentinel in production.

Audience
Customers Partner Participants
Senior BDMs – CISO, CSO, CIO, etc. Consultants, Solution Architects, Dev and Design Leads
and TDMs – IT Security, IT Operations

Workshop

Envision Discover Plan

Value Conversation Security assessment Next Steps Discussion
• Customer priorities & • Threat analysis through Azure • Azure Sentinel Pilot
requirements Sentinel lens • Azure Sentinel deployment
• Product feature showcase • Remote monitoring (Optional) • Cost and economic value
conversation
What we’ll do during the Workshop

Analyze customer’s Define scope & Remote Discover threats to Recommend

requirements and deploy Azure Sentinel monitoring* on-premises and next steps on how
priorities for a Security in production during the alert cloud environments to proceed with a
Information and Event environment and log collection across email, production
Management (SIEM) integrating with phase identity, and data implementation of
deployment Microsoft and 3rd party *Optional component to and demonstrate Azure Sentinel
be discussed how to automate
solutions
responses
After the Azure Sentinel Workshop, you’ll…

Understand the Better understand, Have defined Have defined next

benefits of a cloud prioritize, and deployment steps based on your
native SIEM mitigate potential roadmap needs and objectives
threats
Why deliver the Azure Sentinel Workshop

Customer benefits Partner benefits

Customized: exclusively focused on Use Microsoft funding to acquire new

their specific security needs. customers.

Real data: threat analysis based on Position yourself as the trusted advisor
customer’s environment. for security strategy.

Solution oriented: mitigation Opportunity to pitch deployment and

solutions & actionable next steps. managed services with recommended
outcomes.
Funding & nomination flow
Program details and funding
Partner funding is available for eligible partners and customers.

Customer requirements Partner requirements

• 1000+ AADP Paid Available units • Co-sell ready or FastTrack Ready, and
(PAU), and • SSPA Compliant

$1500
per engagement
• 250+ Monthly Active Units (MAU)
for EXO, SPO or Teams
• No in-progress or completed
Security Workshop with Azure Proof of execution
Sentinel via MCAP program • Customer Satisfaction Survey
• Partner Findings Survey
Program dates
• POE Report
• Nominations open: Jan 27, 2021 • Partner Invoice
• Last day of nomination: May 15th,
2021 or till the funding lasts

Nominate customers at:  https://aka.ms/AzureSentinelWorkshop/Nomination More information: https://aka.ms/SecurityPilotWorkshops 

Workshop nomination flow & steps
1. Nominate your target accounts to conduct an engagement to verify whether the accounts are eligible for program
funding: https://aka.ms/AzureSentinelWorkshop/Nomination . Please allow 2 business days for a response on eligibility.

2. Once edibility is confirmed via email, send customer acknowledgement via email within 30 days of receiving the eligibility
confirmation. Support team will review customer acknowledgement and approve the engagement for funding.

3. Engagement approval email will provide the required trial license SKUs to run an Azure Sentinel Workshop.

4. If your customer so requires, you can request an Azure Trial Subscription to use for the engagement via email. Please
allow 2 business days to receive the Azure Trial codes, after placing a request.

5. Execute the workshop within 90 days after engagement approval, using the delivery guidance resources:
https://aka.ms/AzureSentinelWorkshop/Resources .

6. Submit the Required POE documents to claim funds within the 90-day period: (1) customer satisfaction survey, (2)
partner findings survey, (3) POE Report, (4) Partner Invoice.

7. Payouts are released monthly once all POE has been received and vetted.
Azure Sentinel Workshop delivery phases
Engagement scenarios
Scenario 1 – Remote monitoring of threats
Designed for organizations that can’t justify building and staffing
their own SOC or when you need to offload certain monitoring tasks
so that your SecOps team can focus on key risk areas.
We will manage your Azure Sentinel deployment remotely during the
alert and log collection phase allowing us to also provide:
• Incident monitoring - Our security analysts will provide remote
monitoring of Azure Sentinel for incidents during the engagement.
• Proactive threat hunting - Our security analysts will use Azure
Sentinel’s powerful hunting search and query tools to hunt for
security threats across your organization’s data sources.
Out of scope
• Incident response – Not included in the default scope
Requirements
• Access to deployed Azure Sentinel instance in your tenant using
delegated access through either Azure B2B or Azure Lighthouse
(recommended)
Read the 2 next sections to understand both scenarios
Scenario 2 – Joint threat exploration
No remote monitoring. Instead, we will complete the threat
exploration step together, allowing your security analysts and
engineers additional hands-on experience with Azure Sentinel to
enable you to manage Azure Sentinel as part of your existing SOC. As
part of the joint Threat Exploration, you will:
• Experience Azure Sentinel - Get hands-on experience and learn
how to discover and analyze threats using Azure Sentinel. Learn
how to automate your Security Operations to make it more
effective.
• Analyze threats - Analyze and gain visibility into threats to your
Microsoft 365 cloud and on-premises environments across email,
identity and data in order to better understand, prioritize and
mitigate potential cyberattack vectors
Out of scope
• Incident response - Not included in the default scope
Requirements
• No additional requirements necessary
Engagement Timeline (Remote Monitoring)

Pre-engagement call – 1 hour
Goals:
• Introductions
• Engagement overview
• Define engagement scope
• Identify right stakeholders
• Engagement scheduling
• Align expectations & next steps
• Provide engagement
questionnaire
Kick-Off – 1 hour
Goals:
• Kick-off meeting
₋ Goals, scope and
deliverables
₋ Engagement tools
₋ Expectations and next steps
Define Scope – 1 hour
Goals:
• Define and document
deployment scope
Remote Monitoring – 2h/week Results Presentation
– 2 hours
Goals:
• Remote incident monitoring • Present engagement results
• Proactive threat hunting report
• Joint plan and next steps
Threat Exploration and Report
Generation – 5 hours
Goals:
• Threat Exploration
• Prepare Results report and
Recommendations

Threat Check and Azure Sentinel

Configuration – 4 hours

Goals:
• Set-up trial license
• Deploy and Configure Azure
Sentinel
• Setup Azure Lighthouse Data Collection

Threat
Exploration Results and
Customer
Orientation
Engagement
Setup
Remote
Monitoring 3 weeks vv
Report
preparation
vv
Next Steps
Engagement Timeline

Pre-engagement call – 1 hour
Goals:
• Introductions
• Engagement overview
• Define engagement scope
• Identify right stakeholders
• Engagement scheduling
• Align expectations & next steps
• Provide engagement
questionnaire
Kick-Off – 1 hour Threat Exploration and Report Results Presentation
Generation – 5 hours – 2 hours
Goals:
• Kick-off meeting Goals: • Present engagement results
₋ Goals, scope and • Joint threat exploration and report
deliverables hunting • Joint plan and next steps
₋ Engagement tools • Prepare Results report and
₋ Expectations and next steps Recommendations
Define Scope – 1 hour
Goals:
• Define and document
deployment scope

Threat Check and Azure Sentinel

Configuration – 4 hours

Goals:
• Set-up trial license
• Deploy and Configure Azure
Sentinel
Data Collection

Threat
Customer Engagement Exploration Results
Orientation Setup 3 weeks Report Presentation
preparation
Resources
Resources

 Security Pilot Workshops webpage: https://aka.ms/SecurityPilotWorkshops 

 Delivery resource & guides: https://aka.ms/AzureSentinelWorkshop/Resources

 Customer nomination form: https://aka.ms/AzureSentinelWorkshop/Nomination

 Program FAQ: https://aka.ms/AzureSentinelWorkshop/FAQ

Join the Microsoft Security, Compliance & Identity Yammer Group

Thank you.

© Copyright Microsoft Corporation. All rights reserved.