Responding to Threats with Microsoft Sentinel
Knowing where to start with Sentinel Incidents speeds remediation and supports making better decisions. Today, let’s take a look at monitoring and responding to cyber threats using Microsoft Sentinel.
Building Automation Rules with your Sentinel Instance in PowerShell
Today, we explore creating custom Automation Rules in Microsoft Sentinel to help us auto-close low value incidents. Let’s look at how we can automatically close & impact incidents and make it all work using PowerShell!
How to Build Custom Microsoft Sentinel Analytics Rules
Today, we expand on and explore rapid Microsoft Sentinel deployment using PowerShell. This model of repeatable, consistent, and fast deployments is a great way to help build our own skills up, and build a resilient and robust deployment method we can count on.
Azure Updates – Number 54 – December 31, 2022
A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Save time digging around to find recent releases and changes.
Sentinel Health Data Visualization & Reporting
A common challenge after deploying Microsoft Sentinel has been how to keep track of your Data Connector health status. Last article, we explored getting a handle on our Microsoft Sentinel data connectors health. This week, we look visualizing and using that data with Sentinel Workbooks.
Sentinel Data Connector Health Monitoring
A common challenge after deploying Microsoft Sentinel has been how to keep track of Data Connectors health. Today, we take a look at getting a handle on how to start monitoring our Microsoft Sentinel data connectors health.
Modernize your Microsoft Authenticator Policies
Getting ready to move into Azure Active Directory or make changes to your Microsoft Entra configurations? The last few weeks I’ve talked about MFA and conditional access rules; so this week we will look at the preview for Microsoft Authenticator Policies, then change gears and talk about how to get our users excited about these security enhancements.
Migrate Azure Multi-Factor Authentication Server to cloud-based Azure MFA
With the end of support for Azure MFA server on-premises coming soon, it’s time to start planning the move to Azure cloud-based MFA. Let’s look at the steps to starting our migration to Azure AD MFA.
Where to find Incident Investigation Artifacts in M365 – Part 2 – The Portals
A common challenge that security teams face is simply not knowing where all the artifacts can be found during an investigation. Let’s explore the different portals where we can quickly explore our data and perform investigations…
Where to find Incident Investigation Artifacts in M365
A common challenge that security teams face is simply not knowing where all the artifacts can be found during an investigation. Microsoft Defender tools are capable of collecting a lot of data, and that can create questions during investigations of where is all this data and how do I find it quickly? Join me for a tour of the basics of Defender data retention periods and where to find that data.