June 2, 2022

How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook

I’ve known Troy Hunt for a number of years and his contributions to the security and privacy industry have been hugely valuable and much appreciated by […]
June 1, 2022

Using Logic Apps and Microsoft Sentinel to alert on expiring Azure AD Secrets

Azure AD app registrations are at the heart of the Microsoft Identity Platform, and Microsoft recommend you rotate secrets on them often. However, there is currently […]
June 1, 2022

How to Use a Playbook to Add Geographical Data for IP Addresses to a Microsoft Sentinel Incident

We have a Playbook out on the official GitHub Repo that queries the IP-API.com website with IP addresses and then writes the geographical information to an […]
May 28, 2022

Multi-selecting Analytics Rules to Enable More than One at Once

Wouldn’t it be super nice if – in the Microsoft Sentinel UI – that you could multi-select Analytics Rules to enable and just hit a “Enable […]
May 26, 2022

What are DEV-#### indicator designations for detections?

I had this question come up today, but I’ve been asked a few times before recently, so I believe it’s prudent to supply and explanation and […]
May 24, 2022

The Security Sessions Guide to Microsoft Build 2022

If you’re not an app developer, you may think Build 2022 is not for you. But that’s absolutely not the case. There’s a lot of great […]
May 24, 2022

Deploying Microsoft Sentinel Analytics Rules that are Already Enabled

The Repositories feature in Microsoft Sentinel is a popular way to deploy uniform content using a CI/CD pipeline to a single or to multiple Sentinel workspaces. […]
May 13, 2022

SC-100: Microsoft Cybersecurity Architect Gets a Learning Path

For those of us that took the SC-100 beta exam, there’s a strong indicator today that the exam results could show up soon. That indicator is […]
May 12, 2022

Estimating the Size of the M365 Advanced Tables for Microsoft Sentinel Enablement

The Microsoft 365 Defender Connector in Microsoft Sentinel is coming along nicely with all the table sources now available to select. The Connector is still in […]
May 9, 2022

Azure AD Conditional Access Insights & Auditing with Microsoft Sentinel

If you have spent any time in Azure Active Directory, chances are you have stumbled across Azure AD Conditional Access. It is at the very center […]
April 30, 2022

Better Accessibility for the Vision Impaired in Microsoft Sentinel

Last year in July, my colleague Innocent Wafula talked about Accessibility and usability for all in Azure Sentinel. Things like responsive design, content reflow, and linear order […]
April 30, 2022

Microsoft Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports

In the Sign-in logs you will regularly see Application IDs as user accounts. Most generally, these will be our own application IDs for commonly used services […]