Active subscription

Managed Detection

Thank you for your interest in our Microsoft Sentinel solution. Your solution is already active. For any inquiries, please contact hello@fortytwo.io.

Onboarding

Managed Detection

Thank you for your interest in our Microsoft Sentinel solution. Please follow this wizard in order to enable our service.

Do you already have an existing Sentinel workspace?

No problem,

Do you already have an active Azure subscription or do you want us to create one for you?

Awesome,

We need some information from you, and we can start the process of creating an Azure subscription for you (through CSP):

Thank you,

You'll hear back from us very soon!

First step,

Please click for deploying a Sentinel workspace to your Azure environment, or if you would rather create Sentinel manually, use the below guide:

Step 1

1) Go to the Microsoft Sentinel blade in the Azure Portal

2) Click + Create

Step 2

1) On the Add Microsoft Sentinel to a workspace page, click + Create a new workspace

Step 3

1) Choose subscription and an existing or new resource group

2) Choose a unique Name. We recommend something like <customername>sentinel

3) Select Region. Please note that this is the region where all of your log data is stored and processed.

4) Complete the wizard and click Create.

Step 4

1) Select the workspace you just created. Hit the Refresh button if it does not appear right away.

2) Click Add.

3) The operation takes a few seconds, and you will be redirected to the Microsoft Sentinel workspace.

Finished?

Well done, click the button below for the next step.

Sweet,

then we simply need delegated access to your environment, and we'll deploy our configuration to your workspace. We will not delete anything, we promise!

Step 1 - Add Managed Service Provider Offering

1) Find our Managed Detection and Response managed service offering in the Azure Portal. This is used for delegation purposes only.

2) Choose the Azure Subscription and region of your choosing and complete the wizard.

Our Managed Service will now be available under Service Providers in the Azure Portal.

Step 2 - Add Delegation

1) Go to the Service Providers - Delegation blade in the Azure Portal.

2) Click Add.

Step 3 - Delegate resources

1) Select service provider Fortytwo Managed Services.

2) Under Name, select the service you added in Step 1.

3) Click + Delegate subscriptions and select the subscription where the Sentinel workspace is located

4) Complete the wizard

Sweet,

We will now start deploying our configuration to your environment. While we are settings things up on our side, please follow these last steps below, for configuring our recommended set of built-in Sentinel connectors and features.

You'll receive an email when we are done deploying our configuration to your environment.

So long, and thanks for all the fish.

Step 1

1) Go to the Microsoft Sentinel blade in the Azure Portal

2) Click on the name of your Microsoft Sentinel instance

Step 2

1) In the left menu, click on Data connectors

2) Find the Azure Active Directory connector and click on it

3) Click the Open connector page

Step 3

1) Under Configuration, check all boxes

2) Click Apply Changes

Step 4

1) Go back to the Data connectors page

2) Find the Microsoft 365 Defender (Preview) connector

3) Enable the Connect incidents & alerts feature

4) Enable boxes under Connect events

Step 5

1) Go back to the Data connectors page

2) Find the Office 365 connector

3) Enable the Exchange, SharePoint and Teams checkboxes

4) Click Apply changes

That's it,

With connectors added, log data and events will now flow into Microsoft Sentinel. When we deploy our Managed Detection solution, our analytics rules will start detecting security incidents based on these data.

We will contact your for onboarding workshops, which will include enabling additional connectors and log sources, cost control, workbooks and other Sentinel features.