View profile

Microsoft Sentinel this Week - Issue #57

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #57
By Rod Trent • Issue #57 • View online
Happy Friday, everyone!
Gearing up for speaking at an in-person conference in a couple weeks (MMSMOA), my week has been extraordinarily busy. This time of year at Microsoft is busy anyway as we gear up for completing the fiscal year, so this added work has really felt as if things are heaped-on more than normal.
But, hey…it makes the days and weeks seem to go much quicker.
Speaking of which, as this newsletter edition hits your inboxes today, I’m celebrating my 3rd Microsoft birthday. Three years ago today, I joined Microsoft and began my NEO (new employee training) in our Las Colinas, TX office.
My life has absolutely changed for the better since that day and I’m constantly amazed, in awe, and wonderfully challenged.
I’ve mentioned this before, but I wanted to make sure its fresh of mind for everyone. Every Wednesday evening, myself and some of my colleagues produce a podcast called Microsoft Security Insights. The podcast streams live (video) on and then the audio portion is released on the following Monday wherever you get your stream for podcasts.
Approaching our 100th episode, it’s with great excitement that we will start delivering this as a show on Microsoft Reactor this next Wednesday evening, April 20th at 5pm EST, joined by our inaugural guest, Matt Soseman, Senior Program Manager in Identity & Network Access Division.
You can join us live, or watch the show in replay after. Visit the following link to set yourself a reminder to join or watch:
That’s it for me for this week.
Talk soon and enjoy the newsletter.

Stuff to Read
Monitor Conditional Access with Microsoft Sentinel – Daniel Chronlund Cloud Tech Blog
AMA – Not Just for Servers Anymore - Azure Cloud & AI Domain Blog
Identify organizational use/misuse of sensitive information using Microsoft 365 and Sentinel - Microsoft Tech Community
Monitoring Active Directory with Microsoft Sentinel – the agent deep dive. – Microsoft Sentinel 101
Microsoft Sentinel – Detect Elevate Access Activity in Azure by Leveraging M365D Integration – Sam's Corner
Recreating a MS workbook in PowerBI: Part 4 – PowerBI Parameters – Yet Another Security Blog
Stuff to Watch/Listen To
Episode 16: AMA – Not Just for Servers Anymore
Episode 15: Search and Filter Enhancements in Microsoft Sentinel Watchlists
Episode 14: Adjusting Multiple Details at Once for a Single Microsoft Sentinel Incident
How to start with KQL?
Stuff to Attend
Join the Launch of Microsoft Security Insights on Microsoft Reactor – Azure Cloud & AI Domain Blog
Microsoft Sentinel - CRAFT
Learn the latest cybersecurity techniques at the Microsoft Security Summit - Microsoft Security Blog
Microsoft Security Insights Show Ep. 98
Stuff That's New or Updated
Announcing the search and filter UI enhancements in Watchlists - Microsoft Tech Community
Stuff That's Related
How to query Azure Monitor Log Analytics in Logic Apps with a Managed Identity - Microsoft Tech Community
Tarrask malware uses scheduled tasks for defense evasion - Microsoft Security Blog
Removed and retired services - Azure Information Protection | Microsoft Docs
Cybersecurity as a Business Decision: A Manifesto - Paul Proctor
Threat Intelligence with MSTICPy | Pluralsight
Azure Monitor Tech Community rebranded to Azure Observability - Microsoft Tech Community
Stuff in the News
Skill up on cybersecurity with a White House Summit-inspired collection - Microsoft Tech Community
HCL Technologies expands collaboration with Microsoft to offer joint cybersecurity offerings to enterprises – India Education | Latest Education News | Global Educational News | Recent Educational News
Global IT services consultant Atos chooses Microsoft Security to protect internal endpoints
Navigating cybersecurity threats in financial services
Stuff to Have
Sentinel-Queries/Device-SummarizeLocalGroupAdditions.kql at main · reprise99/Sentinel-Queries · GitHub
Microsoft-Sentinel-Queries/AgentHeartBeatIgnoreDeadMachines.kql at main · le0li9ht/Microsoft-Sentinel-Queries · GitHub
Sentinel-Queries/EmailEvents-FindUsersWhoReadMaliciousEmail.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/DCA-RiskEventFollowedbyEmailForward.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/EmailEvents-VisualizeBlockedEmailPercentage.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/EmailEvents-VisualizePostDeliveryActions.kql at main · reprise99/Sentinel-Queries · GitHub
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue