Welcome all to issue and week #39 of our most times quad-monthly time to spend together. Some of you I get to spend even more time with during the week over Teams, Twitter, LinkedIn, Slack, WhatsApp, and other places. I’m truly thankful to have so many friends, acquaintances, and colleagues to make the days and weeks fly by.
Speaking of being thankful…we’re just on the rim of the upcoming US holiday, Thanksgiving. In fact, I’m so close to the edge, I’m one day away from toppling into it completely. Or, rather, starting Tuesday next week I’ll be out of the office. with the intent to enjoy family and friends for the holiday season.
With that in mind, depending on a few things, this newsletter may miss delivery next Friday which is the day after Thanksgiving. I know, I know - what will life be like without the weekly delivery? It may still deliver, but it really depends on everyone else. If the rest of the world decides to be as unproductive as myself next week there may not be much to report on, hence, no newsletter delivery. However, idle time in one area sometimes means even more activity in another. I’ll just bide my time and see what happens.
So, I’m leaving next Friday open. You may or may not receive this newsletter next week. Time will tell and it will be a surprise to us all.
Here’s something worth knowing and something you won’t want to miss if you’re still a die-hard RSS fan like I am. Our new branding is still slowly filtering through to many places (i.e., the portal still reads Azure
Sentinel). It takes time to reach everywhere. This past week, it finally seeped into the RSS feed for the official Microsoft Sentinel blog. The blog name changed a while ago, but the RSS feed was just now adjusted. You can get the new feed here: https://cda.ms/3f0
Make sure to update your feed readers.
Are you interested in deploying Microsoft Defender for Cloud, Microsoft Sentinel and Azure Network Security to federal customers? Are you a cleared resource?
There’s an interesting opportunity that’s opened up for a Senior Program Manager here at Microsoft. This is something I’d even be interested in if I was looking to change my current role and didn’t mind moving.
Surprising to me, apparently knowledge of the KQL query language is big barrier for many of our customers to use Sentinel. I had no idea until a happenstance discussion this past week. That spurred me to action.
In a previous role at Microsoft, I regularly delivered KQL workshops to our customers. Much of that workshop and more is being fused into a new, continuing blog series I call “Must Learn KQL.” Parts 1 and 2 are up already. Please, if you’re one of those that need this knowledge, check into it. It will conversational and fun with hands-on opportunities sprinkled throughout. If you’re one of those that are already comfortable with the topics but know someone who needs it, please, please, PLEASE share it with them. I don’t want to see any piece of our solutions or pieces of those solutions to ever be a barrier for providing proper security monitoring.
BTW: Excitement for this series is already going gangbusters. Within a single day, Part 1 amassed about 3,000 readers and internally we’re already discussing reusing some of the content in a Learn module.
And, with that, its just about time for me to sign-off for the week. I truly appreciate all of you and so thankful that our journey and our paths have merged even if just for a minute. Even if you don’t observe the Thanksgiving holiday, there’s nothing stopping you from taking a moment or two to really consider the events and people in your life for which you can be truly thankful. And, saying it out loud helps.
For me, I’m thankful for my family - my wife, my kids, my new grandbaby. I’ll spend my first Thanksgiving ever without my Dad, which will be truly sad, but his lingering memory and my assuming his legacy and his role in this holiday now makes it even more special.
Be good to each other. Talk soon.