Configuration Manager and Azure Sentinel

A few months ago, Microsoft had an Azure Sentinel hackathon, and I thought that maybe I could build-up one POC solution for Azure Sentinel. My idea was to capture all the admin activities and send the data immediately off the Primary Site server. The reason why I decided to build this POC is that the built-in auditing isn’t that good, and it needs some modernization.

You can download all the scripts and manuals from my GitHub account –

If you have any questions, then just let me know.

Have fun!