Use Azure Backup for Active Directory forest recovery requirements | Part 1

In this series I will demonstrate how to configure Azure Backup to protect a Domain Controller deployed in Azure. An initial backup will be performed which will then be used to restore the Azure Virtual Machine (VM) to an isolated Virtual Network. The VM restore will be tested by signing into the Domain Controller with the built-in Administrator account. This validates the successful backup and restore of the Domain Controller VM. Part 1 covers the configuration of Azure Backup and creation of backups for two Domain Controllers in Azure. I will configure backup for a Domain Controller in the forest root domain and a Domain Controller in the child domain.

How to Use the Advanced Commenting Editor for Azure Sentinel

Some may have noticed this week a few new capabilities have shown up in Azure Sentinel Incidents on the Comments tab. It's still early days for this enhanced functionality, but there's enough here now to get a good head-start on developing some team policies around better commenting. The following, shows the current interface of the … Continue reading How to Use the Advanced Commenting Editor for Azure Sentinel

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

Something that's been on the waiting list for a number of customers and myself, is the ability to choose a System-assigned Managed Identity for Azure Sentinel Playbooks. This enables Azure Sentinel customers the ease of allowing the system to manage access of the logic behind the automated components, without the drudgery of manually maintaining AAD … Continue reading How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

Field Notes: Zerologon | CVE-2020-1472 | Manage Netlogon secure channel changes

The Netlogon vulnerability (CVE-2020-1472) is well documented and includes all the required remediation and preparation steps for the next update coming February 2021. We are less than a month away from the enforcement phase, and I have found that some customers are still unsure of what they need to do in regards to this vulnerability and the security updates. I've decided to publish this post to clarify the required actions, and tools available after deploying the August 2020 security update.

Run a Configuration Manager Package / Program at every logon for a user.

Recently I was working with a customer who requirement to have a Toast Notification pop up every time a user logged into their computer for a pending Windows 10 Feature Update. They decided to leverage the functionality of Toast Notification using Windows 10 Toast Notification Script – imab.dk which allows for everything they needed, customized … Continue reading Run a Configuration Manager Package / Program at every logon for a user.

Configuration Manager – Getting Lenovo Model Information

Using the Model name for devices can be useful when we need to download drivers and create WMI query for our Driver Packs in the Task Sequence. Most manufacturers populate the Model field with the relevant model of the device, but in the case of Lenovo they use a different model number system as such … Continue reading Configuration Manager – Getting Lenovo Model Information

Setting up an Android Emulator for testing Intune features on Apple macOS

Overview In September 2020 Vikash Sivanath wrote a blog on Setting up an Android Emulator for testing Intune features that focused on how to get it setup on a Windows platform. In this blog we will look at setting it up on Apple macOS. Installation Download the Android Studio software from Android’s developer site by … Continue reading Setting up an Android Emulator for testing Intune features on Apple macOS

How to Create a Backup Notification System in the Event an Unauthorized User Accesses Azure Sentinel

A request was made recently about how to prevent an unauthorized and elevated user account from getting access to Azure Sentinel. Essentially, the scenario is this: An environment was compromised.A compromised user account had elevated access.The compromised user account shut down monitoring (Azure Sentinel) so as not to be detected. I'm still working the full … Continue reading How to Create a Backup Notification System in the Event an Unauthorized User Accesses Azure Sentinel

How to Evolve the SOC with Azure Sentinel: Analytics Rules Part 1

I kicked off this SOC evolution with Azure Sentinel series a few days ago with How to Evolve the SOC with Azure Sentinel: Hunting Queries. I'm not sure yet how many posts will ultimately be in this series, but like I do with SOC efficiency, I'll probably maintain this series going-forward to ensure we're always … Continue reading How to Evolve the SOC with Azure Sentinel: Analytics Rules Part 1

eBook Available for Managing Azure Sentinel with PowerShell

Just quick heads-up post. A good buddy of mine and Microsoft MVP, Kaido Järvemets, hinted yesterday that he would was putting together a guide for those just beginning to work with the new PowerShell module for Azure Sentinel. Details about the PowerShell module here: Official Azure Sentinel PowerShell Module Released – Azure Cloud & AI … Continue reading eBook Available for Managing Azure Sentinel with PowerShell