This guide walks you through how to install and configure the Valimail Microsoft Sentinel Connector in your Azure environment.
Overview
The Microsoft Sentinel Connector retrieves security and authentication events from Valimail and ingests them into your Microsoft Sentinel workspace for monitoring and analysis.
The connector is installed using Azure OneDeploy and UIDefinition, which provides a guided installation experience directly in the Azure Portal. No scripts or manual deployments are required.
Estimated installation time: 10–15 minutes
Prerequisites
Before starting the installation, make sure you have the following ready.
1. Azure Account Access & Permissions
The user performing the installation must have access to the Azure Portal and one of the following role:
Owner
Contributor (or a custom role with equivalent permissions)
The Azure account must be able to:
Create or use an existing Resource Group
Create a Storage Account
Create an Azure Key Vault
Create an Azure Function App (Flex Consumption plan)
Create a Managed Identity
Create Application Insights
2. Microsoft Sentinel Workspace Details
To send events into Microsoft Sentinel, the connector requires credentials from your Log Analytics Workspace.
You will need:
Workspace ID (UUID)
Primary Shared Key
How to Retrieve the Shared Key
Log in to the Azure Portal
Open Cloud Shell that the Azure Portal provides (Bash)
Run the following command, replacing the placeholders with your values
az monitor log-analytics workspace get-shared-keys \
--resource-group "<RESOURCE GROUP>" \
--workspace-name "<WORKSPACE NAME>"Copy and save:
Primary Shared Key
Workspace ID (available on the workspace overview page)
These values will be entered during the connector deployment.
3. Valimail Reporting API Keys
The connector uses Valimail Reporting API keys to retrieve event data from your Valimail account.
To obtain a Reporting API Key:
Log in to the Valimail Web Application
Navigate to Account Settings
Open the API / Reporting Keys section
Generate a new Reporting API Key (or copy an existing one)
Store the key securely
No additional permissions or scopes need to be configured for this key.
4. Request the Azure Deployment URL from Valimail Support
The Microsoft Sentinel Connector is deployed using a secure Azure deployment URL provided by Valimail Support.
Customers cannot generate this URL themselves and should not attempt to deploy the connector directly from Azure or the Azure Marketplace.
To obtain the deployment URL, contact Valimail Support and request access to the Microsoft Sentinel Connector.
Please be prepared to provide:
Your Valimail account name
Confirmation that you have:
Sentinel Workspace ID
Sentinel Shared Key
Valimail Reporting API Key
The Azure subscription where the connector will be installed
Valimail Support will provide a customer-specific Azure deployment URL.
Connector Installation Steps
Once you have received the Azure deployment URL from Valimail Support, you can install the connector.
Step 1: Open the Deployment URL
Open the Azure deployment URL provided by Valimail Support in your browser
Log in to the Azure Portal if prompted
This will launch the guided Azure deployment experience.
Step 2: Complete the Azure Guided Deployment
After authentication, the Azure UIDefinition (guided deployment) page will open.
You will be prompted to:
Select an Azure Subscription
Select or create a Resource Group
Recommendation:
Creating a new Resource Group is recommended. The Resource Group will contain all components created for the connector, making it easier to monitor, modify, or delete the connector later without impacting existing resources.Using an existing Resource Group is supported but is recommended only for advanced users.
Enter the required configuration values:
Sentinel Workspace ID
Sentinel Shared Key
Valimail Reporting API Key
Review the deployment summary
Click Create
Azure will automatically provision the following resources:
Azure Function App (Flex Consumption)
Storage Account
Key Vault
Managed Identity
Application Insights
Estimated deployment time: 10–15 minutes
Completion & Validation
After deployment completes:
The Azure Function begins retrieving events from Valimail automatically
Events start flowing into Microsoft Sentinel
No additional configuration or restarts are required
Note: It may take up to 5–6 minutes for data and logs to appear after deployment.
You can validate successful ingestion by:
Confirming the deployment completed successfully in Azure
Viewing logs in Application Insights instance created for the connector
The primary log to check is traces
Verifying new data appears in Microsoft Sentinel logs
Important: The deployment creates a dedicated Application Insights instance for the connector. Logs will not appear in a global or pre-existing Application Insights resource.
Troubleshooting Tips
If data does not appear after deployment:
Allow at least 5–6 minutes for logs and events to appear
Reconfirm the Workspace ID and Shared Key
Ensure the Valimail Reporting API Key is valid
Check the Application Insights traces logs for errors
Note: By default, the connector retrieves events from the last 7 days. If there were no events during that period, no data will appear in Sentinel, and Application Insights logs may show no errors.
Need Help?
If you encounter any issues during installation or need the deployment URL, contact Valimail Support.
Please note:
Valimail Support cannot troubleshoot Azure-side issues without the customer reviewing logs in Application Insights
Support can verify whether the Valimail account is being accessed via the Reporting API at the expected frequency
When reaching out, be prepared to:
Open an Azure session
Review Application Insights (traces) for the connector resources