New Microsoft Security Certifications released

Exams such as AZ-500 and MS-500 measures your overall knowledge of Azure and Microsoft 365 security solutions and features. Microsoft has now released four new exams measuring skills on specific security solutions instead. You can obtain a new Fundamentals certification and three new Associate certifications. The new exams/certifications are as follows: Exam SC-900 | Microsoft … Continue reading New Microsoft Security Certifications released

New Microsoft Security Operations Analyst Associate Certification with Azure Sentinel and Defender

If you've taken the exam for the Microsoft Azure Security Engineer certification, you may have gotten a bit excited in mid-2020 when it was announced Azure Sentinel and Azure Security Center content would be added. I was (does that make me weird?). But, after that announcement, I was a bit disappointed in the number of … Continue reading New Microsoft Security Operations Analyst Associate Certification with Azure Sentinel and Defender

Field Notes: Zerologon | CVE-2020-1472 | Manage Netlogon secure channel changes

The Netlogon vulnerability (CVE-2020-1472) is well documented and includes all the required remediation and preparation steps for the next update coming February 2021. We are less than a month away from the enforcement phase, and I have found that some customers are still unsure of what they need to do in regards to this vulnerability and the security updates. I've decided to publish this post to clarify the required actions, and tools available after deploying the August 2020 security update.

Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)”

Issue It's December and time to let your hair down. It could be a time to relax, do some reading or even take time to upskill in a new technology. Perhaps catch up with friends and family. But if you think you can completely relax just remember, your identities on-the-line(Vince Vaughn) are open and exposed … Continue reading Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)”

Intune – Query Azure AD Bitlocker Keys using Graph API

The Issue If you have recently started using the BitLocker Encryption options out of Intune whether its device configuration or the endpoint protection encryption portion you will see there are many great reports like the encryption below. The problem is its quite hard to see if your machines have backed up their keys to Azure … Continue reading Intune – Query Azure AD Bitlocker Keys using Graph API

How to Add the Antimalware Assessment to Your Azure Sentinel Workspace

The Antimalware Assessment has been part of the Azure Marketplace for a long while and contains some valuable information like Threat Status Rank, Threat Status, Threat Status Details, Protection Status Rank, Protection Status, Protection Status Details, Type of Protection, Scan Date, Date Collected, Product Version, and others. With all this valuable information wouldn't it be … Continue reading How to Add the Antimalware Assessment to Your Azure Sentinel Workspace

KQL to Help Identify Systems Patched for CVE-2020-1350

On Tuesday, July 14th, we released an alert and guidance on a potentially impactful Windows DNS Server Remote Code Execution Vulnerability. See: CVE-2020-1350 If you're using Azure Sentinel, Intune, or any other service that can take advantage of KQL to sift through a Log Analytics Workspace (LAW), the following KQL query can help identify those … Continue reading KQL to Help Identify Systems Patched for CVE-2020-1350

Creating an Azure Sentinel Taskbar and Start Menu Shortcut and Icon for Quick Access

Do you want quick access to your Azure Sentinel tenant without having to sift through the general Azure portal? Sure, you can setup an Edge (or other browser) shortcut, but you can also create a Windows 10 Taskbar shortcut and/or a Start Menu shortcut. Here's how. Download the 32x32 pixels Azure Sentinel icon: https://github.com/rod-trent/AzureSentinelMisc/blob/master/AzureSentinel_icon_32x32.zip Extract … Continue reading Creating an Azure Sentinel Taskbar and Start Menu Shortcut and Icon for Quick Access

Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

A customer recently wanted me to suggest a very simple, cost-worthy service ticketing system they could use with Azure Sentinel. The following ended up serving the customer's needs. Microsoft To-do can be a powerful tool for those that like to separate their schedule items from their task lists. For many Office 365 customers, they may … Continue reading Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

Resolving WindowsFirewall Log Ingestion Problems for Azure Sentinel

This problem has come up enough in the last month or so that its worth a quick-hit blog post to help folks resolve it. The problem: You enable the Windows Firewall Data Connector in Azure Sentinel, follow the directions, and make sure the Log Analytics agent is installed on the remote system - but the … Continue reading Resolving WindowsFirewall Log Ingestion Problems for Azure Sentinel