Special thanks to @Javier-Soriano, @Sreedhar_Ande, Bill Almonroeder, and Dick Lake

More than a year ago, we announced the second version of Microsoft Sentinel All-in-One and one of the most requested features was to have it work with Azure Government tenants. Today, we’re happy to announce a new revamped version that does that.

If you are not familiar with the All-In-One offering, it will:

Create a resource group
Create a Log Analytics workspace
Enable Microsoft Sentinel on top of the workspace
Set the workspace retention, daily cap and commitment tiers if desired
Enable UEBA with the relevant identity providers (AAD and/or AD)
Enable health diagnostics for Analytics Rules, Data Connectors and Automation Rules
Install Content Hub solutions from a predefined list
Enable Data Connectors from this list:

Azure Entra ID
Azure Entra ID Identity Protection
Azure Activity
Dynamics 365
Microsoft 365 Defender
Microsoft Defender for Cloud
Microsoft Insider Risk Management
Microsoft PowerBI
Microsoft Project
Office 365

Enable analytics rules (Scheduled and NRT) included in the selected Content Hub solutions
Enable analytics rules (Scheduled and NRT) that use any of the selected Data connectors

Getting started

You can find this new version at http://aka.ms/sentinel-all-in-one in the V2 folder.

The only thing you need to start using Microsoft Sentinel All-in-One, is an Azure Government Subscription and an account with permissions to deploy Microsoft Sentinel. Higher privileges might be required if you wish to enable UEBA and some of the supported connectors. You can find details about the required permissions here .

Go ahead and give it a try! We look forward to hearing your feedback about this new version.

​Microsoft Tech Community – Latest Blogs –Read More