In this blog I will demonstrate how to collect the SMBv1 audit events in Azure Log Analytics. I will also show a simple query to extract the IP information from these events which can be exported to a CSV file if needed.
The Azure Monitor team has rolled out a new capability to everyone to help enable quicker debugging for KQL queries in the Log Analytics workspace. When writing queries now and you receive the standard error that includes the line number and position, you'll be able to identify the actual line more easily. For those used … Continue reading How to Enable Line Numbers in Azure Sentinel to Aid Quicker Debugging of KQL Queries
In order to help remote workers efficiently, I would like to share with you latest updates that WVD Team have made to manage Windows Virtual Desktop Service in Azure. Windows Virtual Desktop Admin Portal now in Public Preview. Windows Virtual Desktop Service has been expanded to additional locations Additional Security capabilities More ... Windows Virtual … Continue reading New Updates for Windows Virtual Desktop including Admin Portal
Background Azure resources can be deploy and configure automatically by using ARM Templates, Azure Policy, PS scripts etc... those automation ways have it's limit to sets of allows and deny functions, And in particular, it can be configure only on the subscription level, with Azure Blueprint [Preview] you can manage policies and target it on … Continue reading Manage Azure monitor with Azure Blueprint
Azure Diagnostics Extension provides the basic monitoring and diagnostics capabilities on a Azure resources. Diagnostics agent enable monitoring Azure guest VM, with capabilities to use standard metrics and to add a new extended metrics that are not collected by default. This is can be done by allowing “Diagnostics Settings” on azure virtual machine, “Enable guest … Continue reading Create Azure monitor Alert based on Custom metrics