Microsoft Sentinel All-in-One automates the following tasks:

• Creates resource group
• Creates Log Analytics workspace
• Installs Microsoft Sentinel on top of the workspace
• Sets workspace retention, daily cap and commitment tiers if desired
• Enables UEBA with the relevant identity providers (AAD and/or AD)
• Enables health diagnostics for Analytics Rules, Data Connectors and Automation Rules
• Installs Content Hub solutions from a predefined list in three categories: 1st party, Essentials and Training
• Enables analytics rules (Scheduled and NRT) included in the selected Content Hub solutions, with the ability to filter by severity
• Enables analytics rules (Scheduled and NRT) that use any of the selected Data connectors, with the ability to filter by severity

Enables Data Connectors from this list:

• Azure Active Directory (with the ability to select which data types will be ingested)
• Azure Active Directory Identity Protection
• Azure Activity (from current subscription)
• Dynamics 365
• Microsoft 365 Defender
• Microsoft Defender for Cloud
• Microsoft Insider Risk Management
• Microsoft Power BI
• Microsoft Project
• Office 365
• Threat Intelligence Platforms

Steps:

Microsoft Sentinel All-in-One is aimed at helping customers and partners quickly set up a full-fledged Microsoft Sentinel environment that is ready to use, speeding up deployment and initial configuration tasks in few clicks, saving time and simplifying Microsoft Sentinel setup.