A series of workshops designed to develop and test your incident response readiness in response to various forms of cyberattacks.
Microsoft Sentinel Health Check
CloudGuard’s Microsoft Sentinel Health Check is a comprehensive audit and analysis service that focuses on evaluating the configuration, performance, and effectiveness of Microsoft’s cloud-native Security Information and Event Management (SIEM) solution.
As a Microsoft-certified Solutions Partner for Security, we can increase your organisation’s threat detection and response capabilities, improve automation efficiency, reduce operational costs, and strengthen your overall security posture.
The CloudGuard Microsoft Sentinel Health Check service conducts a thorough 4-hour audit and configuration analysis of your Sentinel instance.
After the initial audit, you will receive a comprehensive report with prioritised recommendations based on the findings and analysis.
These recommendations are aimed at addressing any identified gaps and improving the overall configuration, performance, and effectiveness of the Azure Sentinel instance.
- Optimise detection performance
- Ensure Microsoft Sentinel connector health
- Prepare for custom connectors
- Refine analytical rules
- Log analytics cost optimisation
- Workspace log ingestion tuning
- Security alert tuning
- Identify key automation improvements
- Achieve maximum value from your Microsoft Sentinel SIEM investment
- Introduce cost savings from data logging sources optimisation
- Enhance threat detection and analysis with best practice tuning
- Readiness for future automation and custom connector requirements
- A single, business-wide view of security alerts and responses
- Improve your overall security posture
Health Check Objectives
What we analyse in Microsoft Sentinel
The CloudGuard Microsoft Sentinel Health Check provides in-depth evaluation of your Microsoft Sentinel environment, including Entra/Active Directory integration, connector health, analytical rules, and Microsoft Defender settings. We offer detailed reports and expert recommendations to optimise performance and security, ensuring your Sentinel instance operates at its best to protect your business and data.
- Summarise the connected Entra/Active Directory connected services and their identified health
- Identify the Microsoft licenses present and reported in Entra/AD
- Identify Entra/AD users
- Identify key User Settings, Conditional Access Policies
- Identify Group Settings
- Identify App Registrations
- Identify External Identities and Federations
- Identify Configured Identity Providers
- Review configuration of Sentinel Connectors and associated Health status
- Review Log Analytics configuration and consumption attributes
- Review Log Analytics workspaces
- Review Microsoft Defender connector and settings
- Sentinel Use Cases and Audit performance
Going a step further
Microsoft Defender
If your business relies on Microsoft Defender solutions, our Microsoft Sentinel Health Check also analyses your configuration settings. We make sure to give priority to integrated Defender services, ensuring your protection spans across all your security domains. Our aim is to pinpoint those crucial settings and alerts that are essential for Microsoft Sentinel to work effectively for you.
Microsoft Entra
You might not realise it, but Microsoft Sentinel’s performance heavily relies on the health of Microsoft Entra (formerly Active Directory). Even though everything might seem smooth on the surface, there could be underlying issues lurking around. Things like conflicting access policies or compromised Multi-Factor Authentication settings could be leaving your users vulnerable. Our Microsoft Sentinel Health Check will seek to uncover any inactive or suboptimal security policies, helping you stick to the best practices and strengthen your overall posture.
Cost optimisation
We also understand the key elements that can drive down Log Analytics costs for you. This includes tailoring custom table ingestion strategies for non-critical log sources, setting up the base retention period for Log Analytics data, devising an effective Log Analytics archive strategy, configuring workspace ingestion, meeting your analytical query and reporting requirements, and ensuring smooth Logic Apps connections and executions.
Get in touch
Want Microsoft Sentinel to Work Harder and Smarter? Time for a Health Check
Discover how CloudGuard can help you optimise and improve the effectiveness of your Azure Sentinel instance by completing the contact form.
Related Services
Not what you’re looking for?
Security Posture Assessment
Our cybersecurity experts will assess your organisation’s current security posture, with remediation actions to close any gaps.
CISO Advisory Services
Partner with CloudGuard’s CISO Advisory Services to prepare, protect, and strengthen your organisation’s cybersecurity defences.