I have a customer who uses Jamf Protect and we just recently integrated it with Azure Sentinel for GCC High. The native connector isn't available in GCC High yet, so we had to use the manual Data Forwarding method to an Azure Log Analytics Workspace. Ingestion seems to be working as of now. Without the native connector, however, we don't get the out-of-the-box analytics rules to create Sentinel incidents. Does anyone know of some importable analytics rules that might help us get some use out of the raw data in the log workspace?
