How to Connect the New Intune Devices Log Azure Sentinel

I've updated my original instructions on Connecting Intune to Azure Sentinel due to a recent log addition for Intune. Use those instructions for the complete steps to enabling Azure Sentinel to monitor Intune activity. A new log type has shown up recently. The new log type is Devices and the table name created is IntuneDevices … Continue reading How to Connect the New Intune Devices Log Azure Sentinel

AMA for Azure Sentinel on the Microsoft Security Insights Podcast and Twitch Stream

I noted yesterday that I have a webinar coming up that you can sign-up to participate in. See: Upcoming Webinar: A Day in the Life of an Azure Sentinel Analyst. This webinar is on February 12, 2021 and 1:00pm-2:30pm CST - so mark your calendars. But, for those that want an even more interactive opportunity, … Continue reading AMA for Azure Sentinel on the Microsoft Security Insights Podcast and Twitch Stream

Upcoming Webinar: A Day in the Life of an Azure Sentinel Analyst

Azure Sentinel has change - a LOT - since that original delivery of "A Day in the Life of an Azure Sentinel Analyst." So much so that it's definitely time for a bit of a refresh. So, just a heads-up, I'll be refreshing this session and delivering it as a Microsoft Tech Talk on February … Continue reading Upcoming Webinar: A Day in the Life of an Azure Sentinel Analyst

How to Use the Advanced Commenting Editor for Azure Sentinel

Some may have noticed this week a few new capabilities have shown up in Azure Sentinel Incidents on the Comments tab. It's still early days for this enhanced functionality, but there's enough here now to get a good head-start on developing some team policies around better commenting. The following, shows the current interface of the … Continue reading How to Use the Advanced Commenting Editor for Azure Sentinel

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

Something that's been on the waiting list for a number of customers and myself, is the ability to choose a System-assigned Managed Identity for Azure Sentinel Playbooks. This enables Azure Sentinel customers the ease of allowing the system to manage access of the logic behind the automated components, without the drudgery of manually maintaining AAD … Continue reading How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

How to Create a Backup Notification System in the Event an Unauthorized User Accesses Azure Sentinel

A request was made recently about how to prevent an unauthorized and elevated user account from getting access to Azure Sentinel. Essentially, the scenario is this: An environment was compromised.A compromised user account had elevated access.The compromised user account shut down monitoring (Azure Sentinel) so as not to be detected. I'm still working the full … Continue reading How to Create a Backup Notification System in the Event an Unauthorized User Accesses Azure Sentinel

How to Evolve the SOC with Azure Sentinel: Analytics Rules Part 1

I kicked off this SOC evolution with Azure Sentinel series a few days ago with How to Evolve the SOC with Azure Sentinel: Hunting Queries. I'm not sure yet how many posts will ultimately be in this series, but like I do with SOC efficiency, I'll probably maintain this series going-forward to ensure we're always … Continue reading How to Evolve the SOC with Azure Sentinel: Analytics Rules Part 1

eBook Available for Managing Azure Sentinel with PowerShell

Just quick heads-up post. A good buddy of mine and Microsoft MVP, Kaido Järvemets, hinted yesterday that he would was putting together a guide for those just beginning to work with the new PowerShell module for Azure Sentinel. Details about the PowerShell module here: Official Azure Sentinel PowerShell Module Released – Azure Cloud & AI … Continue reading eBook Available for Managing Azure Sentinel with PowerShell

How to Evolve the SOC with Azure Sentinel: Hunting Queries

The evolution of the Security Operations Center (SOC) is important. This process is key to enabling your security teams and your security tools to work more efficiently and more intelligently. Without it your security operations become stagnate and incapable of addressing new threats. As you know, I spend a lot of time working with and … Continue reading How to Evolve the SOC with Azure Sentinel: Hunting Queries

Official Azure Sentinel PowerShell Module Released

On December 29th, when the rest of the world wasn't watching, the Microsoft team unleashed the first rev of a PowerShell module specifically for Azure Sentinel. You can find Az.SecurityInsights version 0.1.0 here: https://www.powershellgallery.com/packages/Az.SecurityInsights/0.1.0 I've been playing with it the last couple days when my wife isn't looking. I'm off until January 4th and have … Continue reading Official Azure Sentinel PowerShell Module Released