AzureTracks

Azure Security Features Explained: Protecting Your Data with Microsoft’s Robust Framework

In today’s digital world, securing sensitive information is a top priority for organizations. Microsoft Azure, one of the leading cloud platforms, offers a comprehensive suite of security features designed to safeguard your data from internal and external threats. This is supported by a solid suite of Security SaaS offerings in the Defender stack, Azure Firewall, network security groups, web application firewalls, and so much more! (But wait — there’s more!) In this article, we’ll explore these features step by step, providing insights on how to implement them effectively.

Today we jump into protecting data in Azure using Microsoft’s native security tooling.

Posted on May 29, 2025 7:02 am

Azure

Zero Trust with Microsoft Security Solutions: An Overview

In today’s rapidly evolving threat landscape, the traditional perimeter-based security model is no longer sufficient. As organizations adopt hybrid work […]

Posted on May 15, 2025 7:00 am

Azure

Strengthening Your Security Posture: The Role of Zero Trust Architecture

In today’s digital landscape, traditional security measures are no longer enough to safeguard sensitive data and resources. Cyber threats are evolving, and organizations must adapt to stay resilient. Enter Zero Trust Architecture—a security framework that’s gaining traction for its ability to mitigate modern risks effectively. Today we explore Zero Trust a bit more, and some simple steps to begin shaping your own organization towards a more secure-by-design mindset.

Posted on May 1, 2025 7:03 am

Azure

Microsoft Defender for Cloud - A defender pictured as a knight with a shield defending against technology threats and badguys!

Onboard a Single Subscription with Microsoft Defender for Cloud

In today’s post we will look at a targeted way to harness the full potential of your Azure security by integrating Microsoft Defender for Cloud with Microsoft Sentinel. This powerful combination allows for advanced threat detection, seamless monitoring, and a unified view of your security posture. We want to select our Sentinel data connectors while being thoughtful. The Microsoft Defender XDR data connector is the modern connector version that we should all use in most cases; but the legacy connector is useful when we have only specific subscriptions that we want to bring into Sentinel. The older, legacy connector, requires the manual selection of the subscriptions to include in the data ingestion; it is the perfect solution if you have a tenant that you only want 2 of the many subscriptions provisioned.

Posted on January 23, 2025 7:15 am

Azure

Detecting Common Email Inbox Rule Manipulation

This article dives deep into the world of Kusto Query Language (KQL) to show you how to create custom analytics rules for detecting high-volume email sends, both internal and external, that might indicate potential security breaches. By leveraging these KQL queries, you can gain valuable insights into your email traffic, identify suspicious patterns, and take proactive measures to safeguard your organization’s data. Targeting a high-risk behaviour from the most recent MDDR, we will explore finding inbox rule compromises on our o365 logs today.

Posted on January 9, 2025 7:00 am

Azure

Building Custom KQL Analytics Rules in Sentinel

In this post I explore using Sentinel to detect, and respond to threats using custom analytics rules using Kusto Query Language (KQL). This allows you to tailor threat detection to your organization’s specific needs, ensuring that no threat goes unnoticed and tuning the detections to exclude low value and noisy results that clutter up the incident queue.

Posted on January 2, 2025 7:07 am

Azure

Post High Severity Incidents in Sentinel to a Teams Channel

Today we explore incident communication using Teams. One of the great things about Microsoft Sentinel is the ability to integrate with Microsoft Teams, allowing for seamless collaboration and communication during high-severity incident responses. We will take a look at getting Teams working using a step-by-step guide to post summary information from incidents directly to a Teams channel, alerting our SOC team quickly.

Posted on December 12, 2024 6:45 am

Azure

Integrating Threat Intelligence in Microsoft Sentinel

Join me in exploring the essential topic of integrating Microsoft threat intelligence within Microsoft Sentinel. In an era where cyber threats are becoming increasingly sophisticated, having a robust strategy to ingest and leverage threat intelligence is crucial for any SOC team. Understanding how to implement and utilize threat intelligence in Sentinel, you can significantly enhance your security posture, enabling faster detection and mitigation of potential threats before they escalate.

Posted on November 28, 2024 6:55 am

Azure

Building a Microsoft Sentinel Data Use Case

Join me this week to gain an in-depth understanding on how to clearly define what data to retain. Data retention is not just a regulatory box to tick; it’s the backbone of a robust security posture. In the realm of Microsoft Sentinel, understanding how to manage your data retention is key to leveraging the full potential of your SIEM system. From cost management to compliance, the way you handle data can make or break your security operations.

Posted on November 6, 2024 8:40 am

Azure

Data Retention in Sentinel – Where to Start

Join me for as we explore one of the critical aspects of using Microsoft Sentinel — understanding data retention and how to get started. Data retention in Microsoft Sentinel involves managing how long data is kept within your Log Analytics workspace. This is crucial for compliance, incident response, log searchability, and cost management.

Posted on October 31, 2024 7:10 am

Category: Security