How to get correct discount pricing when using Reserved Instances

Often when I deliver Cost Management and Optimization MIPs to clients they, ask how to get correct savings information when using Azure Pricing calculator to plan for future investments. The most common mistake that I have found is that they are not using the correct pricing data, and by that I mean they are either … Continue reading How to get correct discount pricing when using Reserved Instances

Azure Sentinel Event Grouping is in Public Preview

You may have noticed today that a new Public Preview component has made its way into your Azure Sentinel console. But it's truly possible that you didn't because the feature is tucked away inside the Analytics Rule wizard. When you modify an existing Scheduled-type Analytics Rule, or create a brand new one, there's now an … Continue reading Azure Sentinel Event Grouping is in Public Preview

Microsoft Endpoint Manager – Intune – Compliance Policy Series

I have just posted my video series focusing on Intune Complinace Policy. The link to the full playlist is here and a description of each video in the series is below. Enjoy! Microsoft Endpoint Manager - Intune - Compliance Policy - Part I - The Basics and BeyondThis session is part I of a series … Continue reading Microsoft Endpoint Manager – Intune – Compliance Policy Series

Spice Up Your Azure Sentinel KQL Query Results with Emoji

Here's a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it. Did you know that KQL supports emoji? Emoji in KQL? Say it isn't so!! It has to … Continue reading Spice Up Your Azure Sentinel KQL Query Results with Emoji

How to Make Your Azure Sentinel Workbooks Even More Interactive with Drilldowns and Downloads

Azure Sentinel Workbooks are designed to be dynamic reporting tools. Based on KQL, the numerous Workbooks included with the product and provided across the web (including our own GitHub repo - aka.ms/ASGitHub) give security teams and security managers a way to create personalized, quick-glance views into the security stance of the organization. I've worked with … Continue reading How to Make Your Azure Sentinel Workbooks Even More Interactive with Drilldowns and Downloads

How to Query HaveIBeenPwned Using an Azure Sentinel Playbook

I've known Troy Hunt for a number of years and his contributions to the security and privacy industry have been hugely valuable and much appreciated by the masses. HaveIBeenPwned is a great resource developed and maintained by Troy. It provides the ability to query against its database to expose domains or user accounts that have … Continue reading How to Query HaveIBeenPwned Using an Azure Sentinel Playbook

Microsoft Edge: Configure IE Mode (Part 2)

IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In this final post of the two-part series, I will create the Enterprise Site Mode List XML file and test the configured sites to confirm that the specified sites can be successfully opened in IE Mode on Microsoft Edge.

How to Keep Track of Your Higher Cost Azure Sentinel Tables Using KQL

Need a good way of tracking your Azure Sentinel table usage? Here's a KQL query to help. I can't take full credit for it, other than sharing it. This query is an amalgam of different queries and the work of a multitude of individuals, but hugely useful. union withsource=TableName1 * | where TimeGenerated > ago(30d) … Continue reading How to Keep Track of Your Higher Cost Azure Sentinel Tables Using KQL

How to Prohibit an Azure Sentinel Analyst from Editing a Playbook

Recently, I wrote about how to Grant Access to Specific Azure Sentinel Playbooks for Specific Analyst. The idea with that is to ensure that an analyst with meager access can still run Playbooks against Incidents. By default, the Sentinel Reader role is limited in what they can do in Azure Sentinel. As a reminder, here's … Continue reading How to Prohibit an Azure Sentinel Analyst from Editing a Playbook

Azure – Point to Site Transit Traffic over Connected VNETs Issue

The Issue Recently one of my customers experienced an issue where we wanted to achieve the below. The reason was we wanted machines out on the internet to communicate with Active Directory Servers by using the Azure VPN Client. The Investigation So there are two ways to achieve a "Connection" between Virtual Networks. You can … Continue reading Azure – Point to Site Transit Traffic over Connected VNETs Issue