We recently released some guidance on setting a good baseline for security best practices for Azure Sentinel. I know some of you have found it, but I think it’s worth documenting and highlighting so more people know about it.
As much as this is a security component, generally the SOC doesn’t deal with this information – it’s the operations teams securing Azure that finds this information most valuable. But, as your SOC uses Azure Sentinel the operations team will probably ask questions. You can direct them to the following links:
Azure security baseline for Azure Sentinel: https://docs.microsoft.com/en-us/azure/sentinel/security-baseline
Download the Azure Sentinel security baseline spreadsheet: https://github.com/MicrosoftDocs/SecurityBenchmarks/blob/master/Azure%20Offer%20Security%20Baselines/1.0/azure-sentinel-security-baseline-v1.0.xlsx