Publish Custom PowerShell Workflows to Azure Automation

Introduction Writing Runbooks in Az Automation is possible in the following languages: PowerShell and Python, in PowerShell it is also possible to write PowerShell Workflow. In this blog post, I will walk through some highlights in writing 'PowerShell Workflow' and how to upload it to 'Runbook gallery' in Azure Automation. The pros and cons of using Workflow The … Continue reading Publish Custom PowerShell Workflows to Azure Automation

Microsoft Endpoint Manager – “Defeating Vulnerability Scans”

The Issue In Operations you may get approached by your Security Team from time to time to help them close new Vulnerabilities that have been identified after a Vulnerability Scan was run. It might look like the below and contain a list of Vulnerabilities that need to be addressed. The Investigation If you are lucky … Continue reading Microsoft Endpoint Manager – “Defeating Vulnerability Scans”

How to Use HTML and Markdown in Azure Sentinel Incident Comments

Just recently the Azure Sentinel team has added the capability for customers to use HTML and Markdown in the Comment section of Incidents. And, to ensure that there's enough room for the additional content, the comments field has been expanded to support 3,000 characters (1,000 was the default limit). This gives customer the ability to … Continue reading How to Use HTML and Markdown in Azure Sentinel Incident Comments

How to Monitor Compliant and Non-compliant Systems for Zerologon Using Azure Sentinel

In August, we released security updates to resolve a vulnerability (CVE-2020-1472) for all affected systems. With August or September security updates deployed, Domain, Trust and Windows machine accounts will be protected. However, for those organizations that want to monitor for those systems that are either compliant or non-compliant - and find those systems that might … Continue reading How to Monitor Compliant and Non-compliant Systems for Zerologon Using Azure Sentinel

Sentinel Email Notification Logic App

Azure Sentinel feature development is progressing at a rapid pace. Currently there is no option to setup an email subscription for all Sentinel incidents. Though I expect more tooling around email notifications in the near future. In the meantime, the following Logic App is a simple way to setup a global email subscription for Sentinel … Continue reading Sentinel Email Notification Logic App

On-Demand Azure Sentinel Video Resources from Microsoft Ignite

Yesterday, I noted the Azure Sentinel Sessions to Watch for During Microsoft Ignite. Most of the sessions I alerted you to are now available for on-demand replay. Here they are: What's new in Azure Sentinel - On-Demand Detect Unknown Threats with User and Entity Behavioral Analytics in Azure Sentinel – On-demandImprove SecOps with Azure Sentinel, your … Continue reading On-Demand Azure Sentinel Video Resources from Microsoft Ignite

Setting up an Android Emulator for testing Intune features

Overview As more customers leverage either standalone Microsoft Intune or Microsoft Endpoint Manager for cloud management of their devices they also seek an efficient means to upskill administrators on Intune features and capabilities without the need to purchase devices upfront for testing.   Scenario I recently delivered a workshop where attendees experienced the above issue … Continue reading Setting up an Android Emulator for testing Intune features