Monitoring Service principal sign-ins with AzureAD and Azure Sentinel

Here is a conversation between Jeffrey (Developer) and Marc (IT Admin) working for ECorp Ltd. Looks familiar? Take a look in your Azure Active directory, how many applications do you have there? In an ideal world you maintain an inventory Read More …

How to create your Defender ATP Admin Audit Log Dashboard

Hello everyone, In today’s blogpost I will walk you through the process of creating an admin audit log dashboard for Defender Advanced Threat Protection. During my past customer engagements, I was often asked if there is a way to show Read More …

Microsoft Defender ATP Advanced Hunting – Who’s logging on with local admin rights?

Note: I have updated the kql queries below, but the screenshots itself still refer to the previous (old) schema names If you’re among those administrators that use Microsoft Defender Advanced Threat Protection, here’s a handy tip how to find out Read More …

OMS Security and Audit Baseline Assessment

The Microsoft Operations and Management Suite, Security and Audit Solution includes a Baseline Assessment component. The Baseline configuration definition includes a set of Registry, audit policy and security policy settings rules that are recommended to configure to achieve a secure Read More …

OMS Log Analytics HTTP Data Collector API – Work notes

I believe that the Microsoft Operations Management Suite is yet another example of how cool Cloud based solutions can be. Instead of first having to spin up an entire backend infrastructure before you can actually start collecting data, with the Read More …