May 24, 2022

The Security Sessions Guide to Microsoft Build 2022

If you’re not an app developer, you may think Build 2022 is not for you. But that’s absolutely not the case. There’s a lot of great […]
May 24, 2022

Deploying Microsoft Sentinel Analytics Rules that are Already Enabled

The Repositories feature in Microsoft Sentinel is a popular way to deploy uniform content using a CI/CD pipeline to a single or to multiple Sentinel workspaces. […]
May 13, 2022

SC-100: Microsoft Cybersecurity Architect Gets a Learning Path

For those of us that took the SC-100 beta exam, there’s a strong indicator today that the exam results could show up soon. That indicator is […]
May 12, 2022

Estimating the Size of the M365 Advanced Tables for Microsoft Sentinel Enablement

The Microsoft 365 Defender Connector in Microsoft Sentinel is coming along nicely with all the table sources now available to select. The Connector is still in […]
May 9, 2022

Azure AD Conditional Access Insights & Auditing with Microsoft Sentinel

If you have spent any time in Azure Active Directory, chances are you have stumbled across Azure AD Conditional Access. It is at the very center […]
April 30, 2022

Better Accessibility for the Vision Impaired in Microsoft Sentinel

Last year in July, my colleague Innocent Wafula talked about Accessibility and usability for all in Azure Sentinel. Things like responsive design, content reflow, and linear order […]
April 30, 2022

Microsoft Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports

In the Sign-in logs you will regularly see Application IDs as user accounts. Most generally, these will be our own application IDs for commonly used services […]
April 29, 2022

Using Logic App Parameters with Microsoft Sentinel Playbooks

I recently made a recommendation about the importance of Making Use of Variables in Microsoft Sentinel Playbooks. In this post I want to take this just […]
April 29, 2022

Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created

Would you like to have an email notification show up daily in your inbox (or your security team’s share inbox) with a list of the Incidents […]
April 28, 2022

Making Use of Variables in Microsoft Sentinel Playbooks

Creating Playbooks in Microsoft Sentinel is made easy through the use of the Logic Apps service. Most operations are just click-to-select when creating the logic steps. […]
April 28, 2022

Microsoft Defender for Endpoint Workbook for Microsoft Sentinel

There’s a new Workbook available in the Microsoft Sentinel console that I’m pretty sure you’ll overlook because it’s been released without much fanfare. However, for those […]
April 27, 2022

Watching the Watchers: Monitoring Microsoft Sentinel Repositories Activity

If you’ve not used the Repositories feature of Microsoft Sentinel and you have need to deploy content like rules, workbooks, etc., you should give it a […]