Azure Sentinel users: enable these new Analytics rules announced in the Microsoft Security Response Center (MSRC) post: Customer Guidance on Recent Nation-State Cyber Attacks – Microsoft Security Response Center. No need to download or import rules: Microsoft has released the rule templates to all customer Azure Sentinel workspaces and they are ready for you to […]
Organizations running one or more Azure Kubernetes Service (AKS) clusters may encounter the need to re-assign the monitoring workspace(s) associated with the AKS deployment(s). Azure Monitor for Containers gives you performance visibility by collecting memory and processor metrics from AKS controllers, nodes, and containers. There are two primary integrations in the container monitoring solution: AKS […]
Many organizations are turning to Microsoft’s cloud-native Azure Sentinel as their primary enterprise SIEM because Azure Sentinel is the best solution for cloud and hybrid IT estates. Azure Sentinel excels at integrating cloud identity and cloud application logging into a holistic security picture that includes device and network logging. For most any Azure Sentinel enterprise […]
At Microsoft’s Virtual Ignite 2020 conference this week, a recent technology took center stage: Azure Arc. Part of the Azure Hybrid solution, Azure Arc is a concept and an agent technology, based on well understood Desired State Configuration (DSC) tools, that extends Azure management features to on-premises or other-cloud Windows and Linux computers. You can […]
For many organizations, a Single Sign On (SSO) identification system is used to verify users’ access to applications and services. Everyone uses SSO, such as when you authenticate using a Microsoft account to access outlook.com, or a Google account to access gmail.com (or visa-versa). You can of course use either a Microsoft or a Google […]
A common and useful concept in management applications is to distinguish between (1) built-in, non-changing monitoring settings and (2) custom, dynamic exceptions to the standard settings. This article details methods to use existing Azure features to achieve this operational necessity. Objective: Keep standard rulesets and environment-specific exceptions separate Once you are using Azure Monitor and […]
Microsoft System Center Operations Manager (MOM and SCOM) administrators have for almost two decades needed to manage up to four (4) domain service accounts requiring passwords. A feature called Group Managed Service Accounts (gMSA) introduced in Windows Server 2012 is now supported by SCOM 2019 with its latest update (UR1). Converting existing SCOM 2019 instances […]
Microsoft’s cloud-based SIEM, Azure Sentinel, achieved general availability (GA) on 9/24/2019. Two previous articles Azure Sentinel: New Microsoft SIEM almost free to trial and Azure Sentinel updates: New Data Connector UX, AWS live, CyberArk coming walked through the Azure Sentinel basics and evolution during it’s almost 9 month preview period. Now that the product is […]
As many enterprises nearly complete their migrations to Windows 10, IT pros are turning their attention to optimizing the Windows 10 platform. One of the Windows 10 features that organizations can leverage is the Windows 10 user experience including interacting with the Microsoft Store…applications downloaded from the store install quickly, and automatically update from the […]
With little fanfare earlier this month, Microsoft released a significant UX (user experience) update to the Data Connectors component of Azure Sentinel, their new flagship cloud-based SIEM: Connect Data Sources to Azure Sentinel. Read more about the Sentinel Preview in my previous article. The new connector selection and configuration features are a big improvement and […]