Microsoft Sentinel

About this guide

Lab Scenario

You have been asked to create a proof of concept of Microsoft Sentinel-based threat detection and response. Specifically, you want to:

• Start collecting data from Azure Activity and Microsoft Defender for Cloud.
• Add built in and custom alerts
• Review how Playbooks can be used to automate a response to an incident.

Lab Objectives

Exercise 1: Implement Microsoft Sentinel

• Task 1: Onboard Microsoft Sentinel
• Task 2: Connect Azure Activity to Sentinel
• Task 3: Create a rule that uses the Azure Activity data connector
• Task 4: Create a playbook
• Task 5: Create a custom alert and configure the playbook as an automated response
• Task 6: Invoke an incident and review the associated actions

Microsoft Sentinel Diagram

Job Skills

The Cloudguides in this series help IT professionals gain practical skills related to making Microsoft Azure environments more secure, including how to implement security controls, manage identity and access, protect data and applications, monitor for threats, and maintain a secure posture across various Azure services.

Career Connections

With the increasing demand for cybersecurity expertise, professionals with the skills from this series can pursue job prospects in roles such as Cloud Security Engineer, Security Analyst, Azure Security Consultant, Security Administrator, and Compliance Manager.

As of 2025, average U.S. salaries range from $103,197 to $143,002 for entry-level roles and $120,201 to $203,652 for professionals with 5 years' experience across positions like Cloud Security Engineer, Security Analyst, Azure Security Consultant, Security Administrator, and Compliance Manager. Please note that these figures are approximate, derived from online sources, and can vary based on factors such as location, industry, and company size.