Azure Sentinel KQL Results Now Supports 30k Rows Returned

Prior to a change available today, the results window in the Logs Blade for Azure Sentinel (and any other Log Analytics capable service) was limited to 10,000 rows returned. This capability has been enhanced so that the results limit has been bumped to 30,000 rows. 30k - yay! Personally - and I hope you'll agree … Continue reading Azure Sentinel KQL Results Now Supports 30k Rows Returned

New Microsoft Security Operations Analyst Associate Certification with Azure Sentinel and Defender

If you've taken the exam for the Microsoft Azure Security Engineer certification, you may have gotten a bit excited in mid-2020 when it was announced Azure Sentinel and Azure Security Center content would be added. I was (does that make me weird?). But, after that announcement, I was a bit disappointed in the number of … Continue reading New Microsoft Security Operations Analyst Associate Certification with Azure Sentinel and Defender

Understanding the Little Blue Permissions Locks in Azure Sentinel Data Connectors

This question comes up more than I expect, so I thought it worthy to put a short blog post to it. Azure Sentinel Data Connectors have a cool, time-saving feature that automatically checks the logged-in user's credentials against the list of prerequisites to enable the data connection. When attempting to enable a Data Connector you … Continue reading Understanding the Little Blue Permissions Locks in Azure Sentinel Data Connectors

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

The replay is now available for both the Podcast and the Twitch stream for my visit to the Microsoft Security Insights podcast. Podast: Microsoft Security Insights: 036: Azure Sentinel with Rod Trent Twitch.tv: https://www.twitch.tv/videos/890598048 ========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn]

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Over the past several weeks there's a been a mighty movement in the Data Connector blade of Azure Sentinel, resulting in lots of new Data Connectors. As easy as it is (or not) to notice when new Data Connectors are available, it's difficult to know when existing ones are updated. Once such recent update is … Continue reading Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Use Azure Backup for Active Directory forest recovery requirements | Part 2

In part one of this series, we used Azure Backup to enable a daily backup schedule on two Domain Controllers, one from each domain in the Active Directory forest. A few days have passed since Azure Backup was configured. Multiple backups (restore points) should be available for each of the Domain Controllers. In this post, one of these recovery points will be used to restore the forest root Domain Controller in an Azure isolated virtual network (VNET), while having no impact on the production environment. We should be able to successfully logon to this Domain Controller after the restore, to perform the remaining Active Directory recovery steps.

New Azure Sentinel Learning Modules Released

I noted just a month or so ago that a Learning Path for Azure Sentinel was made available just in time for the Christmas season. What better way to spend the holiday than to stack up your Azure Sentinel product knowledge, right? Maybe I'm just too geeky, but personally I spent my holiday going through … Continue reading New Azure Sentinel Learning Modules Released

Set up iOS/iPadOS device enrollment with Apple Configurator

Scenario Setting up device enrollment with Apple Configurator, organizations can ensure that their company owned devices can be managed with additional features (Supervised Mode) and will also avoid activation lock of these devices when reallocated. What is Supervised mode? Apple iOS/iPadOS supervised mode gives administrators more options when managing Apple devices, making it useful for … Continue reading Set up iOS/iPadOS device enrollment with Apple Configurator

How to Connect the New Intune Devices Log to Azure Sentinel

I've updated my original instructions on Connecting Intune to Azure Sentinel due to a recent log addition for Intune. Use those instructions for the complete steps to enabling Azure Sentinel to monitor Intune activity. A new log type has shown up recently. The new log type is Devices and the table name created is IntuneDevices … Continue reading How to Connect the New Intune Devices Log to Azure Sentinel