Microsoft Sentinel
Proof of Concept (POC)

We will hold a series of preliminary meetings (including a kickoff call) to determine the overall scope of the engagement and capture key considerations and success criteria. This step will cover:

• Defining the size of the deployment​
• Agreeing on event and log sources​
• Guidance for design and deployment considerations​
• Understanding logical access requirements​
• Identifying key stakeholders and their requirements
• Agreeing on the success criteria

In this design step, our team of security analysts and engineers design use cases and key technical requirements. This step will cover:

• Documenting the delivery plan​
• Creating & implementing use case detections​
• Process design​
• Define reporting requirements​
• Agreement of any additional requirements​

The technical implementation and enablement of Microsoft’s security solutions will cover: 

• Enablement & configuration of key technologies​
• Technology deployment
• Implementation of use case detection rules​
• ​Deployment of any required remedial actions
• Implementation of identified integrations
• Implementation of approved areas of automation​
• Implementation of agreed process
• Delivery of short stand-up reporting sessions​

In the Analyze step we work with key stakeholders to analyze alerts and incidents. This step will cover:

• Management of alerts and incidents​
• Analysis and collation of triggered use cases​
• Weekly updates on the progress of the POC​
• Delivery of success criteria​

The outcomes of the POC are delivered and presented to key stakeholders, concluding with a Q&A session. The final presentation will cover:

• Executive Summary​
• Deployment Evaluation​​
• Use Case Validation​
• Success Criteria​
• Microsoft Sentinel Visibility & Results​
• POC Recommendations​