Share via

Need to configure a new deployment to enable Jamf Protect for Microsoft Sentinel integration (deprecated in Jamf Protect)

Diego Rios 0 Reputation points
2025-04-21T23:13:28.8833333+00:00

Hello,

I´m starting to configure from marketplace and creating a new Need to configure a new deployment to enable Jamf Protect for Microsoft Sentinel integration as the old configuration from Jamf protect is showing as Deprecated, so I need some help to know if I need to create a new resource group for that new configuration. I was guiding from this Url https://learn.jamf.com/en-US/bundle/jamf-protect-documentation/page/Setting_Up_Data_Forwarding_to_Azure_Sentinel.html but does not mention that I have to create a new resource group, Thank you!

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,268 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sanoop M 2,815 Reputation points Microsoft External Staff
    2025-04-22T04:24:50.07+00:00

    Hello @Diego Rios,

    Please note that one of the main Pre-requisites for deploying Microsoft Sentinel is to have a Resource group.

    Prerequisites

    • A Log Analytics workspace is required to house the data that Microsoft Sentinel ingests and analyzes for detections, analytics, and other features. For more information, see Design a Log Analytics workspace architecture.
    • The Log Analytics workspace must not have a resource lock applied, and the workspace pricing tier must be pay-as-you-go or a commitment tier. Log Analytics legacy pricing tiers and resource locks aren't supported when enabling Microsoft Sentinel. For more information about pricing tiers, see Simplified pricing tiers for Microsoft Sentinel.
    • To reduce complexity, we recommend a dedicated resource group for your Log Analytics workspace enabled for Microsoft Sentinel. This resource group should only contain the resources that Microsoft Sentinel uses, including the Log Analytics workspace, any playbooks, workbooks, and so on. A dedicated resource group allows for permissions to be assigned once, at the resource group level, with permissions automatically applied to dependent resources. With a dedicated resource group, access management of Microsoft Sentinel is efficient and less prone to improper permissions. Reducing permission complexity ensures users and service principals have the permissions required to complete actions and makes it easier to keep less privileged roles from accessing inappropriate resources. Implement extra resource groups to control access by tiers. Use the extra resource groups to house resources only accessible by groups with higher permissions. Use multiple tiers to separate access between resource groups even more granularly.

    Reference document: Prerequisites for deploying Microsoft Sentinel | Microsoft Learn

    Please note that if you already have an existing Resource group created for the old deployment to enable Jamf Protect for Microsoft Sentinel integration which is not yet deleted, you can still use the same Resource group for the new configuration for a new deployment to enable Jamf Protect for Microsoft Sentinel integration.

    If you don't have any Resource groups in your tenant, please refer to the below document for the detailed guide to create a new Resource group.

    Use the Azure portal and Azure Resource Manager to Manage Resource Groups - Azure Resource Manager | Microsoft Learn

    I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.