Stay in Control of AzureAD Enterprise Application registrations with Cloud App Security

Azure Active Directory provides a simple process that provides users with a single sign-on (SSO) experience for accessing cloud-based applications using their AzureAD identity. This is a great capability as it removes the need for users to manage multiple identities while enterprises keep visibility and if needed control over which applications are used by their employees. By default, all users within Azure Active Directory have the rights to register an application and users can allow Read More …

Azure Information Protection Scanner & Analytics – Resource Collection

Hey there, This might sound like a bad excuse for not writing up a whole blog post, but in fact I had planned to write a few words about the Azure Information Protection Scanner and the recently announced Azure Information Protection Analytics that provides a central reporting capability for the AIP Scanner. Those that have used the AIP Scanner before, will agree that, gathering scanner results data was quite tedious as you had to grab Read More …

Anything About IT turns 10 today

On the 10th of May 2008, I wrote my first blog post here “Growing WIM files“. I recently read through the archive and thought of all those moments where sometimes I spend just a few minutes, hours and sometimes even days preparing for a new blog post. By writing this blog I learned a lot about various tools, products and scripting and hope that now and then, one or the other blog post has helped Read More …

It’s never too late to start learning PowerShell

It’s 2018 now and you might think who doesn’t know PowerShell yet. Although I’ve seen the number of people using PowerShell increasing over the past years, there’s still plenty of people out there that have the learning curve for PowerShell ahead of them. A few years ago, when the use of PowerShell got traction amongst many IT professionals the web was full of learning resources by means of blog posts, podcasts and online trainings. It Read More …

How to get started with Azure log Analytics

If you’re interested in getting your hands dirty with Azure Log Analytics, here’s a few resources and tips on how to get started. The Video’s If you’re looking for some imagination of what Azure Log Analytics is all about and what you can do with it, here’s a couple of videos I recommend watching. Azure Log Analytics (13 minutes) https://channel9.msdn.com/Shows/Azure-Friday/Azure-Log-Analytics?ocid=player What’s changed in Azure Log Analytics? (5 minutes) https://channel9.msdn.com/Blogs/Azure/Whats-changed-in-Azure-Log-Analytics The improved Azure Log Analytics: A Read More …

Data Collection Tier in Azure Security Center

Within the Azure Security Center, Security Policy node, you can select a workspace and there define the data collection configuration for security events. All Events Common Minimal None More details about the Azure Data Collection and the data collection tier can be found here. The page also has a list of all the Event IDs that are being collected within each tier. To better understand the exact meaning of each Event ID, I’ve created the Read More …

OMS Security and Audit Baseline Assessment

The Microsoft Operations and Management Suite, Security and Audit Solution includes a Baseline Assessment component. The Baseline configuration definition includes a set of Registry, audit policy and security policy settings rules that are recommended to configure to achieve a secure operating environment. Within the Console we get an overview of “Rules” that have failed, because the servers don’t have the recommended configuration applied. While looking at this, I wondered where I can find the complete Read More …

Collecting NetTcpConnection and Process information with PowerShell

if you need information on active TCP connections, you probably start with the netstat command When using the -b or -o parameter netstat will also list the executable involved in creating the process respectively the owing Process ID. The output then looks as following. In PowerShell we can use Get-NetTCPConnection to retrieve TCP connection information. When suspecting that something malicious is running on a device, I look at the TCP connections and want to know Read More …

Automating CIS-CAT Pro with PowerShell

CIS-CAT stands for Center for internet Security Configuration Assessment Tool. The CIS-CAT tool is used to perform configuration and vulnerability assessments. The Pro version is only available to CIS members, however if you want to try out the software, you can download the CIS-CAT Lite version from here: https://www.cisecurity.org/introducing-cis-cat-lite/ Note that the Lite version does not include the command line interface, so you won’t be able to use the automation described in this blog post. Read More …