What are DEV-#### indicator designations for detections?

I had this question come up today, but I've been asked a few times before recently, so I believe it's prudent to supply and explanation and guidance on what to do with these. Microsoft uses DEV-#### designations as a temporary name given to an unknown, emerging, or a developing cluster of threat activity, allowing MSTIC … Continue reading What are DEV-#### indicator designations for detections? →

The Security Content Guide to Microsoft Build 2022

Build 2022 has a LOT of awesome security-focused content along with the great content to be consumed for any number of focus areas. For my area of focus -- security -- here's the things I'm most interested in and the sessions that I'll be focusing on to glean knowledge for the things I'm tasked with … Continue reading The Security Content Guide to Microsoft Build 2022 →

SC-100: Microsoft Cybersecurity Architect Gets a Learning Path

For those of us that took the SC-100 beta exam, there's a strong indicator today that the exam results could show up soon. That indicator is a new SC-100 Learn path. The Learn path is a set of modules that are repurposed from other exams, but it's a Learn path, nonetheless. The following is the … Continue reading SC-100: Microsoft Cybersecurity Architect Gets a Learning Path →

Microsoft Defender for Endpoint Workbook for Microsoft Sentinel

There's a new Workbook available in the Microsoft Sentinel console that I'm pretty sure you'll overlook because it's been released without much fanfare. However, for those taking advantage of Microsoft Defender for Endpoint and the connection to Microsoft Sentinel, this Workbook contains valuable information. To locate it, in Workbook - Templates, to a quick filter … Continue reading Microsoft Defender for Endpoint Workbook for Microsoft Sentinel →

Join the Launch of Microsoft Security Insights on Microsoft Reactor

On April 20th, myself and my colleagues will be kicking off a new journey for the Microsoft Security Insights podcast. We will be kicking off our first-ever Microsoft Reactor show, joined by our inaugural guest, Matt Soseman, Senior Program Manager in Identity & Network Access Division. If you missed it, read the reasons and behind … Continue reading Join the Launch of Microsoft Security Insights on Microsoft Reactor →

Introducing a New Series Called Security Rodcasts

Customers are inundated with the ever-flowing stream of updates to all of our services and products. I know it's hard to keep up, and it's even harder to commit time to learn about all the new stuff. I've mulled for a time how to deliver bite-sized nuggets of Microsoft Security information in a way that … Continue reading Introducing a New Series Called Security Rodcasts →

The Microsoft Security Operations Guide Contains Microsoft Sentinel Templates for Things to Monitor

Thanks to a huge collaborative effort, there's now some additional value in the Microsoft Security Operations Guide - specifically for Microsoft Sentinel customers. You can locate the full Security Operations Guide at the following link: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-introduction Inside the guide, in each operations section you'll find a Things to Monitor table. This table provides guidance and … Continue reading The Microsoft Security Operations Guide Contains Microsoft Sentinel Templates for Things to Monitor →

Must Learn KQL Part 4: Search for Fun and Profit

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 4: Search for Fun and Profit →

Must Learn KQL Part 3: Workflow

Must Learn KQL Part 2: Just Above Sea Level