Set up enrollment notifications

Microsoft recently made enrollment notifications available as a Public Preview in Intune. You can create custom notification messages as push notifications and/or email notification when a user enrolls a new device and include information in the notification about how to report an unrecognized device. Note. Push notifications will appear in the Company Portal and email … Continue reading Set up enrollment notifications

How to Enroll a Huawei Device in Intune

In May 2019, then-United States President Donald Trump announced that Huawei, along with several other Chinese companies, was now on something called the Entity List. Companies on this list are unable to do business with any organization that operates in the United States. This made the lives of administrators difficult, to ensure that these devices … Continue reading How to Enroll a Huawei Device in Intune

Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

Here's a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it. Did you know that KQL supports emoji? Emoji in KQL? Say it isn't so!! It has to … Continue reading Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

Threatview.io provides some excellent threat intelligence feeds that can be used with Microsoft Sentinel as external sources. The Threatview.io feeds are updated regularly - generated daily at 11PM UTC - so you can be sure that the most current indicators will be available. The feeds are available from here: https://threatview.io/ The feeds are provided as … Continue reading How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

How to Import One or Multiple Analytics Rules into Microsoft Sentinel

There are a few PowerShell options out there (including the official module) to help automate content and collateral deployment to your Microsoft Sentinel workspace. But the one from Jan Geisbauer is highly recommended. Jan's original blog post announcement about this new module is here: Alertrule from github to Azure sentinel | (emptydc.com) The PowerShell module … Continue reading How to Import One or Multiple Analytics Rules into Microsoft Sentinel

Tip: Duplicate and Deprecate to Modify Azure Sentinel Analytics Rules

Just a quick heads-up tip for those that might be affected by this scenario eventually. Some might call this a "best practice" but I know many people hate that term. Hence, my use of the term "tip" instead. When Azure Sentinel Analytics Rules are updated from Microsoft, any changes you have made to the original … Continue reading Tip: Duplicate and Deprecate to Modify Azure Sentinel Analytics Rules

How to Get the Network Security Dashboard for Security Center

There's a new dashboard in town for Azure Security Center. This particular dashboard (workbook) contains the following: Overview - a summary of all monitored network-related security components.Public IPs & Exposed Ports - Public IP and Asset Types and Ports Exposed to the InternetNetwork Security Services- DDoS Protection Plans, Azure Firewalls and Firewall Policies, Azure WAF … Continue reading How to Get the Network Security Dashboard for Security Center

Azure Sentinel Gets Its Own Knowledge Check and Completion Certificate

Following in the footsteps of the rest of the Microsoft security platform tools, Azure Sentinel training now has its own completion certificate! My original post on All the Microsoft Ninja Training I Know About noted that every product except Security Center and Sentinel provided knowledge checks with a resulting completion certificate. But, I've since updated … Continue reading Azure Sentinel Gets Its Own Knowledge Check and Completion Certificate

Azure Sentinel Incident View Column Chooser Reaches GA

Released in Preview in June of this year, the column chooser in the Incident blade of Azure Sentinel is now generally available. You might think this is a pretty low value feature release, but its not. This capability allows analysts to customize the view to show only those areas of content that will be valuable … Continue reading Azure Sentinel Incident View Column Chooser Reaches GA

How to Monitor for ProxyShell Microsoft Exchange Vulnerabilities using Azure Sentinel

Based on recent reporting and evidence its worthwhile to utilize Azure Sentinel to monitor for potential vulnerabilities in ProxyShell for Microsoft Exchange. See: Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit Here's a quick KQL query to use to Hunt for this vulnerability in your environment. The query can be turned into an Analytics Rule … Continue reading How to Monitor for ProxyShell Microsoft Exchange Vulnerabilities using Azure Sentinel