Integrate MDI health alerts in Microsoft Sentinel or how to turn every e-mail notification in a custom alert in Sentinel and customize alert details for your benefit.

Over the weekend I finished a really fun project I had in mind for a couple of weeks. My newest website: AnalyticsRules.Exchange In this post I will explain the reason why I created this new website, as well on how I did it. At the moment I will not publish the code, not because I don’t want to share it, but because it’s super ugly and not something I want to be a source for other people to start with.

Am Mittwoch, den 26. Oktober, spreche ich beim Microsoft 365 Security & Compliance User Group. Das Thema meines Vortrags ist “Why using a FIDO2 security key is important”. Abstract Learn why classic MFA based authentication is still at risk of being phished using AiTM techniques and how FIDO2 security keys can mitigate such attacks. You can also use Entra ID (Azure AD) conditional access to add an additional layer of security.

When using Microsoft Entra Entra ID (Azure AD), you can choose between a wide range of MFA options as an admin and user. Depending on the method you choose this can be a very strong second factor (e.g., FIDO2), or it could be a weaker second factor like text messages. Up until now there was no way to distinguish between the different methods. But with the recent announcement about authentication strength this changes.

Am Donnerstag, den 22. September, spreche ich beim Cloud Identity Summit 2022. Der Cloud Identity Summit befasst sich mit Cloud Identity Management, verschiedenen Aspekten wie Identitätsschutz, Verwaltung externer Konten, passwortlos und vielem mehr. Der Cloud Identity Summit ist eine kostenlose Veranstaltung, bei der der Austausch zwischen den Teilnehmern im Vordergrund steht. Die Gruppe der Teilnehmer ist international und kommt aus verschiedenen Bereichen und Branchen. In meinem Vortrag mit dem Titel “Azure Attack Paths” werde ich verschiedene Angriffvektoren und Techniken für die Azure Cloud beschreiben.

When using Microsoft Sentinel you can connect multiple sources as data connectors. By default all connected sources will ingest their information to predefined tables in the Log Analytics workspace, backing the Microsoft Sentinel instance. You then can query this data using analytic rules or hunting queries to identify abnormal behavior. But for a few of those data connectors Microsoft is offering an additional feature called “User and Entity Behavior Analytics” or UEBA for short.