How to Monitor for Brute Force Attack Against a Cloud PC in Azure Sentinel

I am a pioneer of sorts. It was completely unintended.

A few months back, I submitted a session to an in-person conference (MMS Miami Beach Edition), assuming that by the time the conference kicked-off there’d be a lot of great information to pull from to connect a Cloud PC to Azure Sentinel. The conference is in 2 weeks and my assumption was incorrect.

So, I’ve been knee deep in learning about Windows 365 and Cloud PCs and developing best practices around connecting Cloud PCs to Azure Sentinel. There’s actually different viable methods for each subscription type (business or enterprise), but I’ll share more in-depth knowledge around this soon.

As part of this pioneering effort, I’m starting to develop the potential signs to look for when monitoring for possible threats against Cloud PCs.

Here’s the first Analytics Rule developed specifically for Brute force attack against a Cloud PC, and possibly the first-ever rule developed for monitoring Cloud PCs with Azure Sentinel.

Brute Force against a Cloud PC

I’ll be developing new rules and possibly a Workbook around this, so stay tuned. The main repository for this work is here: CloudPC-Sentinel

If you start down this path yourself, I’m to collaborate. Reach out to me over Twitter or LinkedIn.


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]

[Subscribe to the Bi-Weekly Azure Security Center Newsletter]