Set up Microsoft Sentinel and Microsoft 365 Lighthouse

This consultation project involved setting up and optimising Microsoft Sentinel in the client Tenant, managing the Microsoft Sentinel instance in the Customer Tenant using Azure Lighthouse and utilising Microsoft 365 Lighthouse for this organisation.

It started with understanding how to deploy and configure Microsoft Sentinel. Practical solutions, including documentation, were provided to show the deployment of Content Types such as Content Hub Solutions, Data Connectors and Analytics Rules. There was a focus on deploying the Content Hub Solutions for Azure Activity, Microsoft Defender for Cloud, Microsoft Defender XDR, Microsoft Entra ID and Threat Intelligence.

Other ongoing and maintenance tasks involved creating custom detection rules, analysing security alerts, investigating incidents, hunting for potential threats using advanced queries, automating response actions with playbooks, reviewing dashboards and reports, and regularly updating connectors and content to maintain effectiveness.

Concerning Azure Lighthouse, this part of the project involved managing subscriptions and resource groups in different Client tenants while maintaining scalability, automation, and governance. Acting as a service provider, meant delivering managed services to the Customers’ tenants while the customer is still in control of who has access to their tenant.

Concerning Microsoft 365 Lighthouse, this part of the project involved setting up Customer enrollment in the Cloud Solution Provider (CSP) program as an Indirect Reseller or Direct Bill partner, to be able to connect to Client tenants. A further task was accomplished in defining GDAP (Granular Delegated Administrative Privileges) templates to onboard Clients to Microsoft 365 Lighthouse. GDAP templates help manage permissions in the Clients' tenant and give a high level of control and flexibility by providing access through Microsoft Entra built-in roles.

All work completed is fully documented for training purposes and I provide up-to-date training on all Azure Security services mentioned.

I include an example image of the training documentation that shows how to centrally manage multiple Microsoft Sentinel workspaces with the workspace manager service.

As this project is under NDA (Non-Disclosure Agreement), I am unable to share full details due to confidentiality reasons. Verification for this work can be confirmed by the project sponsor who has provided a recommendation/review:

https://contra.com/jason_smyth_cyber/reviews (Mark, Cool Waters Cyber)