Azure Arc - Add servers from Update Management The good thing about the Azure Arc is that you can deploy the agent in many different ways. As of today, [...]

Create Data Collection Rules for Azure Sentinel This article shows you how to create Data Collection Rules for the Windows Security Events data connector in Azure Sentinel. Before you [...]

Deploying Azure Arc agent using PowerShell + AMA + Tagging In this post, we take a closer look at how to deploy Azure Arc agents [...]

#AdminPrintNightmare On August 10, Microsoft posted a blog post about changes to the point and print. You can read the official story from here - https://msrc-blog.microsoft.com/2021/08/10/point-and-print-default-behavior-change/ After the August [...]

Active Directory Certificate Services XPath Queries In our previous blog post, we enabled ADCS auditing and we also included the Excel spreadsheet with different event IDs. In Azure Sentinel, [...]

Audit NTLM using Azure Sentinel – part 1 This time we are going to take a closer look at NTLM usage. Most likely, you have seen the news about [...]

Audit Active Directory Certificate Services using Azure Sentinel This blog post shows you how to enable and configure Active Directory Certificate Services auditing. What do you need? Log Analytics [...]

Manage Defender for Endpoint device tags through Azure Automaton DSC Another day I was playing around again with the Azure Desired State Configuration feature, and [...]

Our notes about #printnightmare zero-day and Kaseya As you have already heard, there is a zero-day vulnerability in the print spooler service. Microsoft also posted [...]

Getting started with Azure Sentinel and PowerShell Now that we have an official PowerShell module for Azure Sentinel, we can use PowerShell with Azure Sentinel. [...]