Join the Launch of Microsoft Security Insights on Microsoft Reactor

On April 20th, myself and my colleagues will be kicking off a new journey for the Microsoft Security Insights podcast. We will be kicking off our first-ever Microsoft Reactor show, joined by our inaugural guest, Matt Soseman, Senior Program Manager in Identity & Network Access Division. If you missed it, read the reasons and behind … Continue reading Join the Launch of Microsoft Security Insights on Microsoft Reactor

The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues to grow. Not only is the listener audience in an exploding growth spurt, but there are many security experts coming out of the woodwork asking to come on the … Continue reading The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

All the Ways to Read the Weekly Newsletters for Microsoft Sentinel and Microsoft Defender

The weekly newsletters for Microsoft Sentinel and Defender continue to skyrocket in subscribers. It's amazing how far each of these resources have come and how dedicated and loyal the inbox subscribers are. But there are many out there that prefer not to receive yet another newsletter in their inbox, or who would like to sample … Continue reading All the Ways to Read the Weekly Newsletters for Microsoft Sentinel and Microsoft Defender

The Unified Microsoft Sentinel and Microsoft 365 Defender Repository

As product and services always to continue to align its great to see movement in areas that provide pure value. The Microsoft Sentinel GitHub repository has now made room to house Microsoft 365 Defender Hunting queries. KQL is the tie that binds these two security services, and because of that, Hunting queries for Microsoft 365 … Continue reading The Unified Microsoft Sentinel and Microsoft 365 Defender Repository

Must Learn KQL Part 13: The Extend Operator

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 13: The Extend Operator

KQL Basics and Advanced KQL Hunting for Microsoft 365 Defender

Since it seems I've become all things KQL for our security platforms (which I don't mind at all, btw), I thought I'd step outside the Sentinel realm for a moment and share some recent releases for using KQL with Microsoft 365 Defender. Here's some awesome video content learning... M365D KQL Basics: https://cda.ms/3D3 M365D Advanced Hunting: … Continue reading KQL Basics and Advanced KQL Hunting for Microsoft 365 Defender

“Server error Category A is not supported” message when enabling Microsoft Defender for Office 365 in the Microsoft Sentinel Connector

Recently, a few of us were confused about an error message that exhibited itself when attempting to enable the Microsoft Defender for Office 365 option in the Microsoft 365 Defender connector for Microsoft Sentinel. Never experiencing something like this yourself, makes it even more difficult to troubleshoot. You know the scenario - user or customer … Continue reading “Server error Category A is not supported” message when enabling Microsoft Defender for Office 365 in the Microsoft Sentinel Connector

Must Learn KQL Part 11: The Summarize Operator

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 11: The Summarize Operator

New Year’s Resolution: Must Learn KQL in 2022

For those that missed the notification, I'm still off of work until the first week of January. But I'm finding that I truly am a victim of tech FOMO. It's really hard for me to completely shut down and walk away. But this isn't a new phenomenon. I've experienced this my whole professional, adult life. … Continue reading New Year’s Resolution: Must Learn KQL in 2022

Must Learn KQL Part 9: The Limit and Take Operators

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 9: The Limit and Take Operators