Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article helps you onboard your Azure Arc-enabled machines to Microsoft Sentinel to start collecting security-related events. Microsoft Sentinel provides a single solution for alert detection, threat visibility, proactive hunting, and threat response across the enterprise.
Prerequisites
Before you start, make sure you meet the following requirements:
- One or more machines onboarded to Azure Arc.
- The Azure Monitor Agent must be installed and enabled on your Arc-enabled machines. For more information, see Deployment options for Azure Monitor agent on Azure Arc-enabled servers.
- A Log Analytics workspace. For more information about Log Analytics workspaces, see Design a Log Analytics workspace architecture.
- Microsoft Sentinel must be enabled in your subscription.
Enable the Azure Monitor Agent on your Arc-enabled servers
Microsoft Sentinel comes with many data connectors for Microsoft solutions, available out of the box and providing real-time integration. For physical and virtual machines, the Azure Monitor Agent can forward information to Microsoft Sentinel.
You can deploy the Azure Monitor Agent to your Arc-enabled servers by installing the Azure Monitor Agent extension. This can be done individually on each machine, or at scale via Azure Policy or Azure Automation. For more information, see Deployment options for Azure Monitor Agent on Azure Arc-enabled servers.
Enable Microsoft Sentinel and set up a data connector
Once the Azure Monitor Agent is installed, you can enable Microsoft Sentinel and set up a data connector to start collecting security-related events from your Arc-enabled servers. For more information, see Quickstart: Onboard Microsoft Sentinel.
After your Arc-enabled servers are connected, your data starts streaming into Microsoft Sentinel and is ready for you to start working with. You can view the logs in the built-in workbooks and start building queries in Log Analytics to investigate the data.
Next steps
Get started detecting threats with Microsoft Sentinel.