Description
This is an updated version of the Microsoft Sentinel Integration with Jamf Protect macOS Security Portal. In addition to leveraging the latest capabilities and features for both products related to data and forwarding to the SIEM, it also includes additional benefits that weren’t previously available:
Support for simplified query and analysis of data in Sentinel.
Support for complex data streams (such as new telemetry v2 release).
Note: Both the “old” and “new” configurations will be available in the web application for some time. However, disabling the Microsoft Sentinel (Deprecated) version will remove the section from the data forwarding screen.
Do not enable both Microsoft Sentinel data forwarding options simultaneously, as having both Microsoft Sentinel integrations enabled at the same time may result in duplicated data being sent.
Customers are encouraged to configure the “new” Sentinel configuration ONLY if they need to do so.
The “old” configuration will be disabled and removed from the web app at a future date (TBD).
Migrating Data to Your "New" Microsoft Sentinel
1. In the Jamf Protect macOS Security Portal, select the Administrative tab from the left navigation pane.
2. Select the Data option to reveal the Configure Data Forwarding page. Scroll down to see both Microsoft Sentinel sections.
3. Enable the latest version of the Jamf Protect Microsoft Sentinel integration. For detailed configuration steps, see Setting Up Data Forwarding to Microsoft Sentinel.
Note: Jamf recommends only enabling one version of the Microsoft Sentinel integration at a time. Having both versions of the Microsoft Sentinel integration enabled for any period of time can cause duplicated data to be forwarded.
4. Validate that the latest integration is configured correctly and sending the desired data to your Microsoft Sentinel solution.
5. Disable the Microsoft Sentinel (Deprecated) data forwarding option by sliding the toggle to the off position. This should remove the Microsoft Sentinel (Deprecated) section from the page.