Author: Harri Jaakkonen

Section 14 – Use Microsoft Sentinel workbooks to analyze and interpret data

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 17/09/2023 0 Comments on Section 14 – Use Microsoft Sentinel workbooks to analyze and interpret data
Posted in Azure, KQL, Microsoft Sentinel, SC-200, Security, Study guide

Activate and customize Microsoft Sentinel workbook templates When we are talking about templates, it’s important to see the following information, you will see this inside your Sentinel workspace. Once you Click on Continue, it will start the migration and show…

Continue Reading Section 14 – Use Microsoft Sentinel workbooks to analyze and interpret data

Security Service Edge (SSE) in a secure access service edge Framework (SSA)

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 14/09/2023 0 Comments on Security Service Edge (SSE) in a secure access service edge Framework (SSA)
Posted in Application Proxy, Azure, Entra, Entra GSA, Identity, Security, Zero trust

In this post I will cover two different providers for SSE and in my opinion these are the top notch ones. Let’s me explain why and then you disagree or agree, just giving my opinion. But first let’s see what…

Continue Reading Security Service Edge (SSE) in a secure access service edge Framework (SSA)

Entra ID CA Templates are now Generally Available!

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 11/09/2023 0 Comments on Entra ID CA Templates are now Generally Available!
Posted in Azure AD, Entra, Identity, Security

When it was still in Public preview, I wrote this post on it. Templates available So, let’s see what has changed. These are the templates that are currently available, no change here. The process of Exporting You can download policies…

Continue Reading Entra ID CA Templates are now Generally Available!

Section 13 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel incidents

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 08/09/2023 0 Comments on Section 13 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel incidents
Posted in Azure, Microsoft Sentinel, SC-200

Triage incidents in Microsoft Sentinel What is Triaging? The SOC’s initial level is triaging. Triaging incoming security situations and assessing their seriousness are the responsibilities of Tier 1 employees. This entails figuring out the incident’s origin, estimating its size, and…

Continue Reading Section 13 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel incidents

Section 13 – Mitigate threats using Microsoft Sentinel – Configure Security Orchestration, Automation, and Response (SOAR)

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 11/06/2023 0 Comments on Section 13 – Mitigate threats using Microsoft Sentinel – Configure Security Orchestration, Automation, and Response (SOAR)
Posted in Azure, Defender, Identity, Microsoft Sentinel, SC-200, Security, Study guide

13th section starting and this time were are learning on automation, alerts and remediation. Configure automation rules By centrally managing automation rules for event management, users may streamline complicated incident orchestration procedures. Automation rules are triggered by the creation of…

Continue Reading Section 13 – Mitigate threats using Microsoft Sentinel – Configure Security Orchestration, Automation, and Response (SOAR)

Proactive migration of legacy MFA and SSPR policy settings to Authentication methods

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 01/06/2023 0 Comments on Proactive migration of legacy MFA and SSPR policy settings to Authentication methods
Posted in Authentication methods, Azure, Azure AD, Identity, Security

Why to? For now policy settings can be moved at your own pace but the procedure is completely reversible. While you specifically specify authentication methods for users and groups in the Authentication methods policy, you can continue to employ tenant-wide…

Continue Reading Proactive migration of legacy MFA and SSPR policy settings to Authentication methods

Cross-tenant synchronization is now Generally available

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 31/05/2023 0 Comments on Cross-tenant synchronization is now Generally available
Posted in Azure, Azure AD, Entra, IAM, Identity, Identity Platform, Security

Microsoft’s Cross-tenant features When it comes to the cross-tenant access features, Microsoft has a strong road plan so far. There won’t be any more external users or jumping between Teams tenants when you require access to various tenants, which we…

Continue Reading Cross-tenant synchronization is now Generally available

Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 28/05/2023 0 Comments on Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization
Posted in Azure, Azure Firewall, GitHub, KQL, Microsoft Sentinel, SC-200, Study guide

12th section starting with more Sentinel. This time we are classifying Entities, creating custom log in Log Analytics and parsing the content. So let’s do some designs and configurations. Classify and analyze data by using entities You can do the…

Continue Reading Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization

Microsoft Entra External ID’s (Preview)

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 25/05/2023 0 Comments on Microsoft Entra External ID’s (Preview)
Posted in Azure, Azure AD, IAM, Identity, Identity Platform, Security

Or Azure AD for customers, yes Azure AD for customers. That’s the name of the game. Microsoft released this excellent feature at Build yesterday and I wanted to elaborate it a bit more. Why to use it? Azure AD makes…

Continue Reading Microsoft Entra External ID’s (Preview)

Section 11 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel analytics rules

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 21/05/2023 0 Comments on Section 11 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel analytics rules
Posted in Azure, Microsoft Sentinel, SC-200, Security, Study guide

11th section starting with more and more Sentinel. Already in this series we saw that how the different pieces are connected and helping you SOC teams to proactively work on threats. So let’s do some designs and configurations. Design and…

Continue Reading Section 11 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel analytics rules