How to Manually Reset the Remediation Policy when Microsoft Sentinel Azure Activity Connector Shows Not Connected

A short while ago, we started recommending that customers use the new Policy-based method of connecting the Azure Activity log to Microsoft Sentinel. Azure Policy-based assignment Recently, we have started to see some customers that have used this method where the Data Connector shows as not connected in the Microsoft Sentinel console. While we diagnose … Continue reading How to Manually Reset the Remediation Policy when Microsoft Sentinel Azure Activity Connector Shows Not Connected →

Must Learn KQL Part 3: Workflow

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you'd like the 90-second post-commercial recap that seems to be a standard part of every TV show these days... The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 3: Workflow →

Must Learn KQL Part 2: Just Above Sea Level

Must Learn KQL Part 1: Tools and Resources

Schedule a Reboot for Manual installation of Windows 10 Feature Updates

With the various methods of deploying Windows 10 Feature Updates, the Feature Update Rollouts via Application Deployment does not provide restart notifications to the user and as such the device will automatically reboot if the “/noreboot” switch is not added to your batch file or if the switch is added the reboot will not happen … Continue reading Schedule a Reboot for Manual installation of Windows 10 Feature Updates →

How to Add the New Azure Sentinel Hunting Columns for MITRE Techniques, Results Delta, and Results Delta Percentage

Those sneaky Azure Sentinel engineers! A few new data points have shown up in the Azure Sentinel console, specifically in the Hunting section. These data points are available as new columns in the Hunting display and include: MITRE ATT&CK Techniques - This is the more specific technique that's associated with the based tactic. You can … Continue reading How to Add the New Azure Sentinel Hunting Columns for MITRE Techniques, Results Delta, and Results Delta Percentage →

How to Locate installed LA Agents and If On-prem or in Azure

My colleague, Sonia Cuff, recently posted a great article around How to find your Azure Log Analytics agent deployments in preparation for the Azure Monitor agent. In the article, she presents a couple different ways to locate the Log Analytics agent including using PowerShell and the actual Log Analytics service console. There's also another way … Continue reading How to Locate installed LA Agents and If On-prem or in Azure →

How to Drag-n-Drop hotfixes with Kudu

Nowadays, CI/CD are embedded in almost every modern software solution which brings lots of benefits of course. However, sometimes you may need to skip CI/CD steps just to try something directly on one of your environments. In such cases, you may not be interested in things like (unit testing, security testing, resources creation, full deployment, … Continue reading How to Drag-n-Drop hotfixes with Kudu →

Flowing gMSA accounts into MIM Portal

The purpose for this document is to guide someone through adding Group Managed Service Accounts (gMSA) into the MIM Portal. At my customer, we have started utilizing gMSA’s more and more as opposed to regular service accounts. With increased usage this means that gMSA’s are showing up as members of various Security Groups. Anyone who … Continue reading Flowing gMSA accounts into MIM Portal →

Accessing MIM Portal with Azure AD App Proxy

Enabling MIM Portal to work with Azure AD App Proxy is not new. There are certainly numerous articles out on the Internet that talk about the topic. At the same time, MIM Portal on App Proxy is not as easy to configure as other web-based applications are. My reasons for documenting this was to solve … Continue reading Accessing MIM Portal with Azure AD App Proxy →