Microsoft Sentinel solution for SAP® applications

Protect business-critical data within SAP systems and applications from advanced threats.

Guard critical data against advanced threats

SAP systems and applications handle massive amounts of sensitive data that is hosted on Azure, Google Cloud Platform (GCP), Amazon Web Services (AWS), or on-premises infrastructure. The SAP ecosystem is complex and difficult for security operations (SecOps) teams to effectively monitor and protect. The Microsoft Sentinel solution for SAP® applications allows you to monitor, detect, and respond to suspicious activities and guard your business-critical data against sophisticated cyberattacks.

Monitor all SAP system layers

Gain visibility across business logic, application, database, and operating system layers with built-in investigation and threat detection tools.
Detect and automatically respond to threats

Discover suspicious activity including privilege escalation, unauthorized changes, sensitive transactions, and suspicious data downloads with out-of-the-box detection capabilities.
Correlate SAP activity with other signals

Accurately detect SAP threats with data correlation from all sources and SAP infrastructure.
Customize based on your needs

Build your own threat detection solutions to monitor specific business risks to extend built-in security content.

Offer details

The Microsoft Sentinel solution for SAP® applications is generally available with a free promotion through April 30, 2023.

Billing will start on May 1, 2023, as an add-on charge at USD 2 per production system ID (SID) per hour in addition to the existing Microsoft Sentinel consumption-billing model.

See Microsoft Sentinel pricing for more information

Get started

Start ingesting data from your SAP applications into Microsoft Sentinel with the SAP data connector. The data connector is an agent, delivered as a docker container, that's installed on a virtual machine, a Kubernetes/AKS cluster, or a physical server. It collects application logs from across the entire SAP system over the SAP applicative interfaces, NetWeaver RFC and SAPControl. The SAP data connector then sends those logs and data to Microsoft Sentinel for continuous threat monitoring.

After your data is connected, use the other solution components—analytics rules for threat detection, workbooks for interactive data visualization, and watchlists for configuration and fine-tuning—to gain insights into your organization's SAP environment and address security threats.

Get started now with the Microsoft Sentinel solution for SAP® applications

Get started with Microsoft Sentinel

Get help from a trusted partner

Microsoft has a broad set of partners to help you select, integrate, deploy, and manage security solutions. As managed service providers, Microsoft partners can offer security operations center (SOC) services using a common SIEM solution to proactively identify security anomalies for the entire IT landscape and take corrective actions in a timely manner. With the solution's native integrations with SAP, threat detection becomes more robust, and creation of compliance reports and dashboards can be automated.

Contact a Microsoft partner for:

Deploying Microsoft Sentinel for threat protection on SAP.

Securing SAP on Azure with native cloud security controls.

Additional resources

Prerequisites for deploying SAP continuous threat monitoring in Microsoft Sentinel

Deploy and configure the Microsoft Sentinel SAP data connector agent container

Microsoft Sentinel solution for SAP® applications security content reference

Microsoft Sentinel solution for SAP® applications data reference

Microsoft Sentinel pricing

Frequently asked questions

The SAP data connector agent supports SAP NetWeaver systems and requires preparation steps on the SAP side of the integration and in Azure. For more information, refer to the SAP prerequisites.
No, we charge only for active connections to production SAP systems (SIDs) by the hour. Connecting a new system is carried from the SAP data connector after the content-hub solution installation, which is free.
No, systems configured for development and test usage aren't charged.
No, we bill only for SAP application data collection triggered by connecting our SAP connector to SAP SIDs (instances). Only connected instances are billed by the hour.
The SAP-specific cost is determined by the number of systems connected. Microsoft Sentinel ingestion costs may vary and are determined by the number of logs collected.
Yes, you can integrate with SAP Rise NetWeaver-based systems.

Featured

AI + Machine Learning

Analytics

Compute

Containers

Databases

DevOps

Developer Tools

Hybrid + multicloud

Identity

Integration

Internet of Things

Management and Governance

Media

Migration

Mixed Reality

Mobile

Networking

Security

Storage

Web

Windows Virtual Desktop

Use cases

Application development

AI

Cloud migration and modernisation

Data and analytics

Hybrid cloud and infrastructure

Internet of Things

Security and governance

Organisation type

Resources

Microsoft Sentinel solution for SAP® applications

Guard critical data against advanced threats

Monitor all SAP system layers

Detect and automatically respond to threats

Correlate SAP activity with other signals

Customize based on your needs

Offer details

Get started

Get help from a trusted partner

Additional resources

Frequently asked questions

What are the supported SAP versions?

Do I get billed immediately after installing the SAP solution from the content hub?

Do I get billed for non-production systems?

Will non-SAP-specific data connectors get billed if enabled on an SAP system?

How is the cost determined?

Can I integrate the solution with SAP Rise?