A request was made recently about how to prevent an unauthorized and elevated user account from getting access to Azure Sentinel. Essentially, the scenario is this: An environment was compromised.A compromised user account had elevated access.The compromised user account shut down monitoring (Azure Sentinel) so as not to be detected. I'm still working the full … Continue reading How to Create a Backup Notification System in the Event an Unauthorized User Shuts Down Azure Sentinel
Saw this today when I was adding a new Workbook to my Azure Sentinel environment for a customer demo and thought it worthy to pass along. The ability to save workbooks as Private Workbooks is going away by early 2021. You will still be able to access your private workbooks but any edit or save … Continue reading Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks
In this blog I will demonstrate how to collect the SMBv1 audit events in Azure Log Analytics. I will also show a simple query to extract the IP information from these events which can be exported to a CSV file if needed.
The Azure Monitor team has rolled out a new capability to everyone to help enable quicker debugging for KQL queries in the Log Analytics workspace. When writing queries now and you receive the standard error that includes the line number and position, you'll be able to identify the actual line more easily. For those used … Continue reading How to Enable Line Numbers in Azure Sentinel to Aid Quicker Debugging of KQL Queries
In order to help remote workers efficiently, I would like to share with you latest updates that WVD Team have made to manage Windows Virtual Desktop Service in Azure. Windows Virtual Desktop Admin Portal now in Public Preview. Windows Virtual Desktop Service has been expanded to additional locations Additional Security capabilities More ... Windows Virtual … Continue reading New Updates for Windows Virtual Desktop including Admin Portal
Background Azure resources can be deploy and configure automatically by using ARM Templates, Azure Policy, PS scripts etc... those automation ways have it's limit to sets of allows and deny functions, And in particular, it can be configure only on the subscription level, with Azure Blueprint [Preview] you can manage policies and target it on … Continue reading Manage Azure monitor with Azure Blueprint
Azure Diagnostics Extension provides the basic monitoring and diagnostics capabilities on a Azure resources. Diagnostics agent enable monitoring Azure guest VM, with capabilities to use standard metrics and to add a new extended metrics that are not collected by default. This is can be done by allowing “Diagnostics Settings” on azure virtual machine, “Enable guest … Continue reading Create Azure monitor Alert based on Custom metrics