Filling Up the Security Data Lake

Dam the Lake! The foundation of our data “dam” is a pool of information collected from multiple sources. Some data is ingested directly into the data lake storage account. Other data is ingested into the SIEM and later forwarded on to the data lake to meet long-term retention requirements.  Typically, 70% of data ingested into … Continue reading Filling Up the Security Data Lake

Code as Code – Managing Azure Automation with Terraform

Introduction Azure Automation is a robust tool that provides administrators with the ability to execute tasks either on Azure or on-premises (through a hybrid worker). If you're familiar with Azure Automation, you've likely configured a lot of settings, including runbooks, schedules, RBAC permissions, variables and PowerShell modules. In certain organizations, these configurations can amount to … Continue reading Code as Code – Managing Azure Automation with Terraform

Microsoft Defender for Server Reference Architecture and Deployment Guide

When coming to deploying Defender for Servers within Microsoft Defender for Cloud, there are a number of considerations and factors which need focus to ensure a successful implementation. My goal here is to provide a reference architecture with steps that show at a high level the core areas of focus, calling out core integrations and … Continue reading Microsoft Defender for Server Reference Architecture and Deployment Guide

Azure AD PowerShell to Microsoft Graph PowerShell

Overview: You might have heard about AzureAD PowerShell module deprecation. So, in this article we will summarize the migration between Azure AD PowerShell to Microsoft Graph PowerShell and will provide you with all the relevant info and links in one place, to get you up and running with the new MS Graph Module. The best … Continue reading Azure AD PowerShell to Microsoft Graph PowerShell

Azure – Assign A Custom Role to Allow Specific Users to Stop/Start/Restart a specific VM

The Issue A customer recently had the need to only allow specific Server Owners to Start\Restart\Deallocate specific Virtual Machines. The Investigation I actually found this article that explains how to create this for an assignment to an entire subscription. https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-enabling-custom-role-based-access-control-in-azure/ba-p/363668 You use the mentioned JSON File, { "Name": "Restart Virtual Machines", "IsCustom": true, "Description": "Restart … Continue reading Azure – Assign A Custom Role to Allow Specific Users to Stop/Start/Restart a specific VM

Azure – Point to Site Transit Traffic over Connected VNETs Issue

The Issue Recently one of my customers experienced an issue where we wanted to achieve the below. The reason was we wanted machines out on the internet to communicate with Active Directory Servers by using the Azure VPN Client. The Investigation So there are two ways to achieve a "Connection" between Virtual Networks. You can … Continue reading Azure – Point to Site Transit Traffic over Connected VNETs Issue