...
- VCS: Identify existing or create an org in version control system (Github/Gitlab) and add users involved in implementation to the org.
- Azure Subscription: It is advised to use a dedicated azure Azure subscription for XDR MDR deployment to separate any other production resources from XDR MDR resources. Suggested naming convention for new subscription: < company Name>-xdrmdr-< environment >.
- Service principal: A service principal is required for integration between Microsoft Sentinel and playbook for automated notifications. Permissions required by service principal is
Microsoft Sentinel Contributor. Reference to MS Doc - Azure owner permissions: For initial deployment, owner permissions with Application.Read.All is required to perform role assignment for some of the azure applications to communicate amongst each other or you can create a custom role in Azure AD using instructions in these documentation.
...
In Sentinel, you will find our rules, workbooks and automation deployed. For more information about custom content, see XDR SIEM Content Management
If there is an error in running the update-environment script and the outcome was unexpected, you will need to delete the Sentinel resource groups security-dashboards and security-log-analytics before running the script again
...