Making a seperate security group with all ports open. This is to allow all traffic and pings to HIT the VM.

Creating a Log in Log Analytics workspace to make a Geolocation Log to track location of Threat Actors locations and IP's

            Turning on Microsoft Defender to enable the ability to gather Logs. 

                Connecting the Log to the created VM.

          Setting up Microsoft Sentinel to visualize the attack data

  Logging in to the VM with Remote desktop to setup logging script and adjusting Firewall rules on the VM.

        Using Event Viewer in the VM to see failed Login attempts

    Pinging the VM on the main machine and setting up Firewall rules in the VM to allow attackers to find the VM faster through icmp echos

            Using Powershell ISE to run the geolocation script

          Script running and showing failed login attempts on the machine

  Creating a custom Log in Log Analytics workspace to help Sentinel visualize the data

                        Setting up Microsoft Sentinel 

                        Setting up a new query in Sentinel workbook

                        Changing the Data to be visualize via Map

                Final RESULTS after letting the Honeypot run for 6 hours!!