Intune – Query Azure AD Bitlocker Keys using Graph API

The Issue If you have recently started using the BitLocker Encryption options out of Intune whether its device configuration or the endpoint protection encryption portion you will see there are many great reports like the encryption below. The problem is its quite hard to see if your machines have backed up their keys to Azure … Continue reading Intune – Query Azure AD Bitlocker Keys using Graph API

Achieving SOC Operational Efficiency for Azure Sentinel Hunting – the Replay

I had a fantastic time delivering this session yesterday for the Microsoft Cloud and Client Management Community (@mc2mcbe). This is the final version (until I update it with new information) of this session - which is the first in a series efficiency sessions I'm developing Azure Sentinel. So stay tuned for more. I believe at … Continue reading Achieving SOC Operational Efficiency for Azure Sentinel Hunting – the Replay

A few important updates to the Azure Sentinel CEF Connector

The CEF connector in Azure Sentinel has received some necessary updates and the docs have been updated already to reflect the changes. Docs: Connect your external solution using Common Event Format For those that have been working with this connector, it's worthwhile to see what's changed. Here's what's new... The command-line to install the CEF … Continue reading A few important updates to the Azure Sentinel CEF Connector

Azure – “Executing Runbooks with Power Platform and Webhooks”

The Question In a recent Workshop I wanted to explain how you could use webhooks in clever ways to kick off specific tasks in Azure Automation. Specifically I wanted to create a Power App where I could just click a button and all my Az Modules in my Azure Automation Account gets updated. You can … Continue reading Azure – “Executing Runbooks with Power Platform and Webhooks”

Why Enabling Entities for Azure Sentinel Investigations is so Important

Building out or enabling Analytics Rules in Azure Sentinel allows customers the ability to automate analysis of the data that is being ingested and stored in the Log Analytics workspace. These are important for exposing security events and potential threats to the environment. Analytics Rules produce Incidents (if you've allowed the defaults during the rule … Continue reading Why Enabling Entities for Azure Sentinel Investigations is so Important

Modernize Security for Efficiency and Scale Using Azure Sentinel from Microsoft

Recently, I let you know about an upcoming talk I'm giving about "How to Achieve SOC Operational Efficiency for Azure Sentinel Hunting." Check that out if it interests you. There may still be tickets available. It happens on Thursday, November 19, 2020. But, I now have another talk coming up even sooner. This one is … Continue reading Modernize Security for Efficiency and Scale Using Azure Sentinel from Microsoft

How to Send Azure SQL Server Audit Logs to Azure Sentinel

Still in preview, you can send your Azure-based SQL Server Audit logs to the same Log Analytics workspace that is being used by Azure Sentinel. In many other services, you would enable a Diagnostic Setting to send the logs to Azure Sentinel. But, Azure SQL Server is a bit different so it's good to highlight. … Continue reading How to Send Azure SQL Server Audit Logs to Azure Sentinel

How to Be Notified When an Azure Sentinel Analytics Rule Has been Created or Modified

It may seem a bit anal (personally, I don't think it is), but for security teams that want to "watch the watchers" they want to be notified when certain things in the Azure Sentinel structure are modified or created. I've been asked about this numerous times for the various areas in Azure Sentinel. To start … Continue reading How to Be Notified When an Azure Sentinel Analytics Rule Has been Created or Modified