The Security Content Guide to Microsoft Build 2022

Build 2022 has a LOT of awesome security-focused content along with the great content to be consumed for any number of focus areas. For my area of focus -- security -- here's the things I'm most interested in and the sessions that I'll be focusing on to glean knowledge for the things I'm tasked with … Continue reading The Security Content Guide to Microsoft Build 2022

Deploying Microsoft Sentinel Analytics Rules that are Already Enabled

The Repositories feature in Microsoft Sentinel is a popular way to deploy uniform content using a CI/CD pipeline to a single or to multiple Sentinel workspaces. The default for Analytics Rules is to deploy into the workspace as disabled. But many organizations prefer to deliver the updated or new content as ready-to-go and enabled already. … Continue reading Deploying Microsoft Sentinel Analytics Rules that are Already Enabled

SC-100: Microsoft Cybersecurity Architect Gets a Learning Path

For those of us that took the SC-100 beta exam, there's a strong indicator today that the exam results could show up soon. That indicator is a new SC-100 Learn path. The Learn path is a set of modules that are repurposed from other exams, but it's a Learn path, nonetheless. The following is the … Continue reading SC-100: Microsoft Cybersecurity Architect Gets a Learning Path

Estimating the Size of the M365 Advanced Tables for Microsoft Sentinel Enablement

The Microsoft 365 Defender Connector in Microsoft Sentinel is coming along nicely with all the table sources now available to select. The Connector is still in public preview, but the progress is a very welcome sight. All the logs Even though ingesting the M365 Advanced logs is considered necessary, enabling them will cost something. There … Continue reading Estimating the Size of the M365 Advanced Tables for Microsoft Sentinel Enablement

MIM Portal & Application Context Authentication

The intention of this write-up is that you are modifying MIM Portal to switch email notifications to use the Application Context Authentication method as opposed to an SMTP relay or other method that uses a log on name and password. Basic Authentication will be deprecated somewhere around October 2022.  A Modern Authentication needs to be … Continue reading MIM Portal & Application Context Authentication

Better Accessibility for the Vision Impaired in Microsoft Sentinel

Last year in July, my colleague Innocent Wafula talked about Accessibility and usability for all in Azure Sentinel. Things like responsive design, content reflow, and linear order go a long way to provide better accessibility value for Microsoft Sentinel but also the Azure portal, in general. But there's more that can be done. And, while it … Continue reading Better Accessibility for the Vision Impaired in Microsoft Sentinel

Microsoft Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports

In the Sign-in logs you will regularly see Application IDs as user accounts. Most generally, these will be our own application IDs for commonly used services and products. These are generally considered non-nefarious, but they can show up in Incidents and take time to investigate. So, here's a Watchlist you can employ in your Microsoft … Continue reading Microsoft Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports

Using Logic App Parameters with Microsoft Sentinel Playbooks

I recently made a recommendation about the importance of Making Use of Variables in Microsoft Sentinel Playbooks. In this post I want to take this just a bit further and make an addendum recommendation. Have you ever wondered how to generate those fill-in blanks that are produced during deployment of an ARM template (as shown … Continue reading Using Logic App Parameters with Microsoft Sentinel Playbooks

Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created

Would you like to have an email notification show up daily in your inbox (or your security team's share inbox) with a list of the Incidents created while you were sleeping? Here's a Logic App that is ready to fully deploy to your environment that delivers at 7am each morning and includes the list of … Continue reading Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created