Intune DeviceType Reference for Azure Sentinel KQL

As you start to connect your Intune/Endpoint Manager logs to Azure Sentinel, you may see right away that there's a DeviceType column exposed that looks valuable but the results show ID numbers instead of just device names. This DeviceType column is directly related to the DeviceTypeID for Intune device entities. As an example, the following … Continue reading Intune DeviceType Reference for Azure Sentinel KQL

MITRE ATTACK Framework Reference for Azure Sentinel

The MITRE ATT&CK framework is utilized within Azure Sentinel to help classify threats to the organization and to provide quicker understanding of the level where intrusion exists. You'll see this brandished as a timeline at the top of the Hunting blade in Azure Sentinel as follows in the next image: MITRE ATT&CK Framework in the … Continue reading MITRE ATTACK Framework Reference for Azure Sentinel

Microsoft Endpoint Manager – Intune – Client Apps Series

I have just posted my video series focusing on Intune Client Apps. The link to the full playlist is here and a description of each video in the series is below. Enjoy Modern Management - Intune - Client Apps - Part I – IntroionThis session is Part I of a series focused on the Client … Continue reading Microsoft Endpoint Manager – Intune – Client Apps Series

Digging Deeper into Intune and Azure Sentinel

Last week I finally found some time to start digging into managing security for Intune-enrolled devices with Azure Sentinel. Obviously, the first thing that had to be done was to connect Intune data to Azure Sentinel. Read about how to do that here: Connecting Intune to Azure Sentinel. The next step was to ensure that … Continue reading Digging Deeper into Intune and Azure Sentinel

MIP: Notes from the field

1. Introduction Is information protection critical or crucial to an organization? For most of us, the answer seems to be an obvious YES. However, when it comes to directly investing in information protection mechanisms, the discussion seems to be around “Should I invest in information protection tools this year or can it be next year?”. … Continue reading MIP: Notes from the field

Azure Sentinel Rare Occurrences Incidents Generated After Setup

One of the official Microsoft offerings I deliver to customers includes a Day 1 setup of Azure Sentinel - which then leads into a 3-day workshop. But, that Day 1 setup is important so we have the customer's real data to work with the rest of the week and the customer has data to continue … Continue reading Azure Sentinel Rare Occurrences Incidents Generated After Setup

New Private Preview Tag in Azure Sentinel

Part of the Private Preview program for Azure Sentinel and get confused by which previews you're testing? We've added a new feature to the News & Guides blade to help minimize the confusion and also provide links to each preview's documentation and participation requirements. Directly in the Azure Sentinel console, go to the News & … Continue reading New Private Preview Tag in Azure Sentinel