Digging Deeper into Intune and Azure Sentinel

Last week I finally found some time to start digging into managing security for Intune-enrolled devices with Azure Sentinel. Obviously, the first thing that had to be done was to connect Intune data to Azure Sentinel. Read about how to do that here: Connecting Intune to Azure Sentinel. The next step was to ensure that … Continue reading Digging Deeper into Intune and Azure Sentinel

Azure Sentinel Rare Occurrences Incidents Generated After Setup

One of the official Microsoft offerings I deliver to customers includes a Day 1 setup of Azure Sentinel - which then leads into a 3-day workshop. But, that Day 1 setup is important so we have the customer's real data to work with the rest of the week and the customer has data to continue … Continue reading Azure Sentinel Rare Occurrences Incidents Generated After Setup

New Private Preview Tag in Azure Sentinel

Part of the Private Preview program for Azure Sentinel and get confused by which previews you're testing? We've added a new feature to the News & Guides blade to help minimize the confusion and also provide links to each preview's documentation and participation requirements. Directly in the Azure Sentinel console, go to the News & … Continue reading New Private Preview Tag in Azure Sentinel

Shortcut Way to Enable Azure Sentinel Analytics Rules

One of the things we're not quite clear about in our documentation is that enabling Analytics Rules is part of the overall setup of Azure Sentinel. I can't count the number of times I have worked with customers who have stood-up Azure Sentinel and enabled the Data Connectors they want, but then are left scratching … Continue reading Shortcut Way to Enable Azure Sentinel Analytics Rules

Sharing Workbook Data Outside Azure Sentinel with Non-analysts

Customers ask quite often how they can share their Workbooks with others outside of Azure Sentinel, i.e., give access to the valuable visualizations/reports to those that don't need full Azure Sentinel access. The solution is actually much easier than it might seem and involves a very simple method of using the pinning features of Workbooks … Continue reading Sharing Workbook Data Outside Azure Sentinel with Non-analysts

Pinning Entire Azure Sentinel Workbooks to Azure Dashboards

For those that do more in the Azure portal everyday than just Azure Sentinel analyst work, it may be helpful to pin some of the more valuable data representations in Sentinel Workbooks to the general Azure portal dashboard. Azure dashboards give immediate access to a host of valuable data, and by "pinning" Azure Sentinel Workbooks, … Continue reading Pinning Entire Azure Sentinel Workbooks to Azure Dashboards

Connecting Intune to Azure Sentinel

We have some deeper integration coming for all endpoints in the future for Azure Sentinel through the standard ATP, DATP, and etc. connectors, but for now you can connect your Intune/Endpoint Manager tenant to Azure Sentinel pretty easily to get started sifting through the available data. It takes less than a few minutes to set … Continue reading Connecting Intune to Azure Sentinel

Granting Access to Specific Azure Sentinel Playbooks for Specific Analysts

As a general best practice, you want to configure access to Azure Sentinel resources through the Resource Group and you want to ensure you are providing only the access required i.e., using a least permissive model. Azure Sentinel resource access is applied using the following assignment roles... Azure Sentinel roles and allowed actions I talk … Continue reading Granting Access to Specific Azure Sentinel Playbooks for Specific Analysts

Getting Direct URLs for Azure Sentinel Incidents Using KQL

We are making this capability much, MUCH easier in the very near future but for now here's a convoluted way to get the direct link to Incidents out of the Azure Sentinel tables. I created the following query for a customer so they could parse out the URL and then send it through email to … Continue reading Getting Direct URLs for Azure Sentinel Incidents Using KQL