Hi, all! Welcome to our 36th week of continuing Azure Sentinel coverage. This issue marks the end of my very first in-person conference in at least 2 years. The week was amazing and despite it being a conference for endpoint management
, the reception for the Azure Sentinel sessions was warm and welcoming. Its so energizing to see such interest in this product. Heck, Azure Sentinel even had its own table
In addition to my Azure Sentinel sessions, I also co-delivered sessions on hacking Windows, hacking AD and AAD, and Defender for Endpoint. All of these security sessions were so well received that there’s talk of building a security track all its own into the event for next time. Fingers crossed for that.
So, it was a good week. The weather was wonderful
so I was able to spend some brief between delivering sessions on the beach.
It was really good to travel again and felt mostly normal about doing so. Here’s hoping to this becomes a regular thing again for us all.
This week, the product team has a request. There’s a new survey available for the Incident Update Trigger.
Here’s the message:
This year we introduced Automation Rules which allow running actions (modify incident properties or run a playbook) when an incident is created. We are planning for an upcoming feature to allow automation rules to be triggered on incident updates.
This feature has multiple use cases. We want to focus on those that matter the most to our users. Please share with us your use cases for this feature. Please be as detailed as possible.
One last thing…Microsoft Ignite is almost upon us. Prepare yourself for some product announcements and feature updates. That is all.
Thanks everyone for your continued interest in Azure Sentinel!
We’ll talk next week…