Real world business tracks leading towards Azure Services
Today we explore incident communication using Teams. One of the great things about Microsoft Sentinel is the ability to integrate with Microsoft Teams, allowing for seamless collaboration and communication during high-severity incident responses. We will take a look at getting Teams working using a step-by-step guide to post summary information from incidents directly to a Teams channel, alerting our SOC team quickly.
Join me in exploring the essential topic of integrating Microsoft threat intelligence within Microsoft Sentinel. In an era where cyber threats are becoming increasingly sophisticated, having a robust strategy to ingest and leverage threat intelligence is crucial for any SOC team. Understanding how to implement and utilize threat intelligence in Sentinel, you can significantly enhance your security posture, enabling faster detection and mitigation of potential threats before they escalate.
Join me this week to gain an in-depth understanding on how to clearly define what data to retain. Data retention is not just a regulatory box to tick; it’s the backbone of a robust security posture. In the realm of Microsoft Sentinel, understanding how to manage your data retention is key to leveraging the full potential of your SIEM system. From cost management to compliance, the way you handle data can make or break your security operations.
Join me for as we explore one of the critical aspects of using Microsoft Sentinel — understanding data retention and how to get started. Data retention in Microsoft Sentinel involves managing how long data is kept within your Log Analytics workspace. This is crucial for compliance, incident response, log searchability, and cost management.
In this article, we explore real world automation and improvements to Sentinel Incidents. Leveraging Microsoft Sentinel Playbooks you can streamline your SOC security operations and respond to incidents faster and with the information your Analysts need to make decisions. A key component of this process is the integration of Threat Intelligence (TI) to enrich incident data with critical context – before anyone opens that incident to investigate.
Wondering where to get started finding all the users in your Entra ID that do not have MFA enabled? Here’s some quick PowerShell to get you started and easily identify what users may be missed by your conditional access policies.
A summary update on Azure News that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Every update is linked to it’s original Microsoft Azure, Microsoft Sentinel or other blog source. Hopefully this will save you some time digging around to find recent releases and changes.
Today, we embark on a thrilling quest through the Azure cosmos to uncover the secrets of failed create operations using Kusto Query Language (KQL). This quick post will equip you with the knowledge to track down those elusive “create” mishaps and help find clues behind these operations quickly.
In this blog post, we’ll explore how to wield the mighty KQL to uncover those elusive “delete” actions within your Azure environment. Whether you’re a seasoned cloud explorer or just dipping your toes into the Azure waters, this guide will equip you with the knowledge to track down those vanishing resources.
Finding the true cost of cloud SaaS tooling is a complicated and elusive task. Microsoft has some different tools we can use to try and estimate costs that we’ll cover in this post. There are challenges in accurately estimating cloud consumption and usage costs due to day-to-day variances in that usage and other factors. Let’s explore MDC cost estimating together!
