Monitor, detect and remediate Macs using Microsoft Azure Sentinel with Jamf Protect

Today, we announced a new integration as part of our partnership efforts with Microsoft by connecting Jamf Protect and Microsoft Azure Sentinel. This integration natively pushes all Mac security-related data and alerts directly into Azure Sentinel instance with minimal configuration.

March 10 2021 by

Matthias Wollnik

Azure Sentinel provides cloud-based Security Incident and Event Manager (SIEM) and Security Orchestration Automated Response (SOAR) capabilities. These identify, manage and remediate security issues based on data from many sources such as device logs, security tools and infrastructure logs. It is the security team’s “single pane of glass” for their security tools and provides automation for many common incident response activities, all with simple cloud-based infrastructure and deployment.

Integrate into existing security workflows

Security teams that rely on Azure Sentinel tend to have extensive monitoring, dashboards and remediation automation setups. Jamf Protect is the first endpoint security solution completely focused on macOS that natively pushes all Mac security-related data and alerts directly into your Azure Sentinel instance with minimal configuration. All of your Mac activity, malicious and suspicious, as well as any malware notifications simply integrate with pre-existing workflows with minimal effort.

Screen of Jamf Protect with toggle key for Azure Sentinel forwarding.

Simplified Mac monitoring

A SIEM is only as good as the data that it is fed. With Jamf Protect and Azure Sentinel, customers have complete visibility into security-related activity across their Mac estate from within their familiar single pane of glass.

Azure sentinel overview screen with Jamf Protect data

Azure Sentinel excels at identifying potential attacks based on the data it collects. Complex analytics can monitor incoming information to detect even highly distributed attacks. With Jamf Protect, attack detection and log information, Azure Sentinel can easily extend its attack detection capabilities to include all of the Mac devices in your environment.

Incident Response Automation

Additionally, Azure Sentinel allows you to build out a series of automated data collection and remediation playbooks when an incident is identified. By automating repetitive tasks like this that rarely change, but are critical tasks, security incident times are reduced and the efficiency of your security team increased. Integrating Jamf Protect data greatly enhances the ability of a security team to effectively respond to incidents on Mac devices using this automation.

We’re excited about this new integration and the capabilities this brings to Azure Sentinel. We would love to hear about the interesting insights you can gather across your environment, the attacks you discover and the remediation automation you implement with this.

Get endpoint security protection purpose-built for Mac.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.