What are DEV-#### indicator designations for detections?

I had this question come up today, but I've been asked a few times before recently, so I believe it's prudent to supply and explanation and guidance on what to do with these. Microsoft uses DEV-#### designations as a temporary name given to an unknown, emerging, or a developing cluster of threat activity, allowing MSTIC … Continue reading What are DEV-#### indicator designations for detections?

Better Accessibility for the Vision Impaired in Microsoft Sentinel

Last year in July, my colleague Innocent Wafula talked about Accessibility and usability for all in Azure Sentinel. Things like responsive design, content reflow, and linear order go a long way to provide better accessibility value for Microsoft Sentinel but also the Azure portal, in general. But there's more that can be done. And, while it … Continue reading Better Accessibility for the Vision Impaired in Microsoft Sentinel

MAINFRAME-FREE

Authors: Ankush Rathore, Anurag Vij, and Francois Magnin, Azure Cloud & AI Practice, Microsoft Industry Solutions “After two failed migrations over seven years, ‘mainframe migration’ became the two most dreaded words in the organization. Third attempt was not only opposed by the business unit heads but was outright rejected by the steering committee…” - Group CIO, … Continue reading MAINFRAME-FREE

July 14: Thomas Maurer on Azure Arc for the Microsoft Security Insights Podcast and Twitch Stream

A couple weeks back during the Microsoft Security Insights Podcast, the topic of Azure Arc came up in reference to the new AMA client that uses DCRs to help filter the Windows events collected from on-prem servers and sent to the Log Analytics workspace for Azure Sentinel. At the time, I suggested Thomas Maurer would … Continue reading July 14: Thomas Maurer on Azure Arc for the Microsoft Security Insights Podcast and Twitch Stream

Creating Cloud Shell Storage Resources in a Different Azure Region

I had a situation recently where I needed to test to determine if a specific cmdlet for the Azure Sentinel PowerShell module would run in a specific Azure region. Cloud Shell instances require storage to function. When you initiate a Cloud Shell instance and accept the defaults it generates a random set of storage account … Continue reading Creating Cloud Shell Storage Resources in a Different Azure Region

Intune – Query Azure AD Bitlocker Keys using Graph API

The Issue If you have recently started using the BitLocker Encryption options out of Intune whether its device configuration or the endpoint protection encryption portion you will see there are many great reports like the encryption below. The problem is its quite hard to see if your machines have backed up their keys to Azure … Continue reading Intune – Query Azure AD Bitlocker Keys using Graph API

Azure – “Executing Runbooks with Power Platform and Webhooks”

The Question In a recent Workshop I wanted to explain how you could use webhooks in clever ways to kick off specific tasks in Azure Automation. Specifically I wanted to create a Power App where I could just click a button and all my Az Modules in my Azure Automation Account gets updated. You can … Continue reading Azure – “Executing Runbooks with Power Platform and Webhooks”

How to Automate the Backup of Azure Sentinel Tables to Long-term Storage Using Cloud Shell

Azure Sentinel customers with specific policies around data retention and the ability to retain data longer than Log Analytics allows, are interested in knowing how to move their Azure Sentinel tables to long-term storage. In a more recent blog post, Matt Lowe talked about how to Move Your Azure Sentinel Logs to Long-Term Storage with … Continue reading How to Automate the Backup of Azure Sentinel Tables to Long-term Storage Using Cloud Shell