Category: Microsoft Sentinel

Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 28/05/2023 0 Comments on Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization
Posted in Azure, Azure Firewall, GitHub, KQL, Microsoft Sentinel, SC-200, Study guide

12th section starting with more Sentinel. This time we are classifying Entities, creating custom log in Log Analytics and parsing the content. So let’s do some designs and configurations. Classify and analyze data by using entities You can do the…

Continue Reading Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization

Section 11 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel analytics rules

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 21/05/2023 0 Comments on Section 11 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel analytics rules
Posted in Azure, Microsoft Sentinel, SC-200, Security, Study guide

11th section starting with more and more Sentinel. Already in this series we saw that how the different pieces are connected and helping you SOC teams to proactively work on threats. So let’s do some designs and configurations. Design and…

Continue Reading Section 11 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel analytics rules

Section 10 – Mitigate threats using Microsoft Sentinel – Plan and implement the use of data connectors for ingestion of data sources

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 07/05/2023 0 Comments on Section 10 – Mitigate threats using Microsoft Sentinel – Plan and implement the use of data connectors for ingestion of data sources
Posted in Azure, Azure ARC, Azure Policy, Defender, Identity, Microsoft Sentinel, SC-200, Security, Study guide

And in this 10th section on my SC-200 study guide we will go through the following topics. Identify data sources to be ingested for Microsoft Sentinel On August 31, 2024, the Log Analytics agent is deprecated. You should begin preparing…

Continue Reading Section 10 – Mitigate threats using Microsoft Sentinel – Plan and implement the use of data connectors for ingestion of data sources

Exam cram series for SC-200 exam

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 27/01/2023 0 Comments on Exam cram series for SC-200 exam
Posted in Azure, Azure AD, Certifications, Hybrid, Identity, Mentoring, Microsoft Sentinel, SC-200, Security, Study guide

Well, finally it’s time for a new part to my study series for Microsoft Security certifications. I have published guides for SC-100 and SC-300 and now it’s times for the “little” ‘sis between. Hopefully you will find this helpful, giving…

Continue Reading Exam cram series for SC-200 exam

Microsoft Defender for Office 365 Detection Details Report

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 14/11/2022 0 Comments on Microsoft Defender for Office 365 Detection Details Report
Posted in Azure, Defender, Identity, Microsoft Sentinel, Power BI, Security

If you want to learn more on from your email security, you could use this template to get and holistic view of what’s going on inside your environment. See here the announcement of the report. Why it matters? You have…

Continue Reading Microsoft Defender for Office 365 Detection Details Report

Certificate-based authentication is generally available!

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 12/10/2022 0 Comments on Certificate-based authentication is generally available!
Posted in Active Directory, Azure, Azure AD, Entra, Hybrid, Identity, Identity Platform, Microsoft Sentinel, Security

Microsoft announced today at Ignite 2022 that Certificate-Based Authentication is officially out of preview and ready to use! Why CBA was created? “In May of 2021, the President issued Executive Order 14028, Improving the Nation’s Cybersecurity calling for the Federal Government to modernize…

Continue Reading Certificate-based authentication is generally available!

Section 7 – Design a strategy for data and applications – Specify security requirements for applications and design a strategy for securing data

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 07/09/2022 0 Comments on Section 7 – Design a strategy for data and applications – Specify security requirements for applications and design a strategy for securing data
Posted in Azure, Azure AD, Azure Policy, DevOps, Exchange, Identity, Identity Platform, Key vault, Microsoft 365, Microsoft Purview, Microsoft Sentinel, Security, Storage, Zero trust

And there you have it, this is the last section in my study guide. This time made longer posts, hopefully they weren’t too long to read. Stay tuned for more! Specify priorities for mitigating threats to applications. Specify a security…

Continue Reading Section 7 – Design a strategy for data and applications – Specify security requirements for applications and design a strategy for securing data

Section 12 – Manage security operations – Configure and manage security monitoring solutions

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 11/05/2022 0 Comments on Section 12 – Manage security operations – Configure and manage security monitoring solutions
Posted in Azure, Identity, KQL, Microsoft Sentinel, Security

AZ-500 is continuing with the following: Create and customize alert rules by using Azure Monitor Configure diagnostic logging and log retention by using Azure Monitor Monitor security logs by using Azure Monitor Create and customize alert rules in Azure Sentinel…

Continue Reading Section 12 – Manage security operations – Configure and manage security monitoring solutions