Replay: Sarahzin Shane, MCAS and Elephant Made Coffee on the Microsoft Security Insights Podcast

Did you miss the live event on Wednesday evening this week? This week's episode of the Microsoft Security Insights podcast saw myself and Nathan Swift co-guest hosting - but even more importantly we had an amazing discussion around Microsoft Cloud App Security with program manager, Sarahzin Shane. Sarahzin provided some awesome information including sharing the … Continue reading Replay: Sarahzin Shane, MCAS and Elephant Made Coffee on the Microsoft Security Insights Podcast →

Field notes: Working with MCAS Alerts

This will be a series of articles on how to investigate MCAS alerts. In this first article I will start to cover the basics for activity and anomaly alerts. As we already know, in todays Microsoft Cloud App Security, we can encounter different alerts every day. How do we know where to start the investigation? … Continue reading Field notes: Working with MCAS Alerts →

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

I noted recently how powerful and valuable Microsoft Cloud App Security (MCAS) is, but also how noisy it can make the Azure Sentinel console unless the MCAS policies are tuned correctly. See: Tuning the Noise Out of MCAS for Azure Sentinel That post struck a chord with a number of people. So, I thought I'd … Continue reading Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation →

Tuning the Noise Out of MCAS for Azure Sentinel

It's funny, the first question out of my mouth when a customer asks for help tuning the noise for Azure Sentinel is: "Is your noisiest connection MCAS, by any chance?" 95% of the responses are a resounding: "Yes" Most customers think that it's Azure Sentinel's problem, but it's not. It's actually a tuning issue for … Continue reading Tuning the Noise Out of MCAS for Azure Sentinel →