The technical playbook provides guidance in deploying and managing Microsoft Sentinel with a focus on MSSP or large organizations and institutions who operate security operations within environments requiring multi-tenant architectures. The playbook addresses topics like efficient customer onboarding, scaling SOC operations, managing the MSSP intellectual property, accessing the customer’s workspaces/environments and optimizing system administration costs. Since the last version, there have been some significant feature updates to Microsoft Sentinel that need to be included in the playbook. Some of these updates in this version include:

• Repositories to deploy custom content
• Codeless connector platform
• Ingestion time transformation
• Normalization and ASIM
• Sentinel health
• New long term storage using Archive
• Search and Restore for Archived logs
• Basic logs tier
• Reference Links