Announcing Microsoft Sentinel All-in-One v2

More than 2 years ago we announced the first version of Microsoft Sentinel All-in-One. Today, we're happy to announce a new revamped version that includes all the latest advancements in the product.

Microsoft Sentinel All-in-One is aimed at helping customers and partners quickly set up a full-fledged Microsoft Sentinel environment that is ready to use by customers speeding up deployment and initial configuration tasks in few clicks, saving time and simplifying Microsoft Sentinel setup.

What's new

This new version automates the following steps:

  • Creates resource group
  • Creates Log Analytics workspace
  • Enables Microsoft Sentinel on top of the workspace
  • Sets workspace retention, daily cap and commitment tiers if desired
  • Enables UEBA with the relevant identity providers ( and/or AD)
  • Enables health diagnostics for Analytics Rules, Data Connectors and Rules
  • Installs Content Hub solutions from a predefined list
  • Enables Data Connectors from this list:
  • Enables analytics rules (Scheduled and NRT) included in the selected Content Hub solutions
  • Enables analytics rules (Scheduled and NRT) that use any of the selected Data connectors

You can see a brief demo here:

All-in-One demo.gif

Getting started

You can find this new version at

The only thing you need to start using Microsoft Sentinel All-in-One, is an Azure Subscription and an account with permissions to deploy Microsoft Sentinel. Higher privileges might be required if you wish to enable UEBA and some of the supported connectors. You can find details about the required permissions here .

You can deploy directly from here:


Go ahead and give it a try! We look forward to hearing your feedback about this new version.


This article was originally published by Microsoft's Sentinel Blog. You can find the original article here.