How to Monitor for ProxyShell Microsoft Exchange Vulnerabilities using Azure Sentinel

Based on recent reporting and evidence its worthwhile to utilize Azure Sentinel to monitor for potential vulnerabilities in ProxyShell for Microsoft Exchange. See: Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit Here's a quick KQL query to use to Hunt for this vulnerability in your environment. The query can be turned into an Analytics Rule … Continue reading How to Monitor for ProxyShell Microsoft Exchange Vulnerabilities using Azure Sentinel

How to Control Deployment of Defender for Endpoint to your Linux machines

Azure Security Center now supports (in preview) the automatic deployment of Defender for Endpoint to your Linux machines. To enable this... [1] In Azure Security Center go to Pricing & Settings for the Security Center enabled subscription and then Integrations. [2] Click the Enable for Linux Machines (Preview) button and click Save. [3] Finally, verify … Continue reading How to Control Deployment of Defender for Endpoint to your Linux machines

Security Center Compliance Over Time Report Now in Public Preview

The Microsoft Security Center team has now released an integrated report that gives customers the ability to track compliance status over time. This is a valuable report to enable managers and workers to view continuing progress toward a compliant environment. The Compliance Over Time workbook requires continuous export to export data to a Log Analytics … Continue reading Security Center Compliance Over Time Report Now in Public Preview

Using PowerShell to create Windows 10 Customer Device Policy from the output of Endpoint Manager Group Policy Analytics

In 2020 Microsoft released the Endpoint Manager Group Policy Analytics (still in Preview). This can be very useful to determine your level of modern management support. At this point Group Policy analytics only provides you with the MDM Supported values in CSP mappings and do not provide any further options to create the policies. As … Continue reading Using PowerShell to create Windows 10 Customer Device Policy from the output of Endpoint Manager Group Policy Analytics

How to Use Threatview.io Threat Intelligence Feeds with Azure Sentinel

Threatview.io provides some excellent threat intelligence feeds that can be used with Azure Sentinel as external sources. The Threatview.io feeds are updated regularly - generated daily at 11PM UTC - so you can be sure that the most current indicators will be available. The feeds are available from here: https://cda.ms/2mc The feeds are provided as … Continue reading How to Use Threatview.io Threat Intelligence Feeds with Azure Sentinel

How to Obtain a Completion Certificate for Azure Security Center Ninja Training

Many of the Microsoft Ninja trainings have completion certificates available after a brief knowledge measure and a passing score. As of August 11th, this also goes for the Ninja training for Azure Security Center/Azure Defender. The knowledge measure for ASC consists of 30 questions. I've taken it myself and am pretty happy to say I … Continue reading How to Obtain a Completion Certificate for Azure Security Center Ninja Training

Field Notes: Active Directory tombstone lifetime

The days of updating the default tombstone lifetime for Active Directory may be long forgotten, but if your Active Directory Forest has been running since Windows Server 2000/2003 and you have never verified the tombstone lifetime, it may be worthwhile to do so. As I have found first-hand with my customer, there are some deployments out there that may still be using a tombstone lifetime of 60 days. Expecting a value of 180 days and realizing too late that this is not the case may cause unnecessary complications in the future.

How to Monitor the Azure Sentinel What’s New Docs Page with RSS

There's a few ways to monitor for the new features that are in constant release for Azure Sentinel. First off, you can watch the "What's New" posts on the official Azure Sentinel blog and pick up the RSS feed from there. Secondly, there's (of course!) the Azure Sentinel weekly newsletter that delivers every Friday morning. … Continue reading How to Monitor the Azure Sentinel What’s New Docs Page with RSS