Select Page

Automate threat response with Azure Sentinel

Sarah Young joins Scott Hanselman to discuss updates to Azure Sentinel automation and how you can use it to accelerate and streamline threat response for your security operations.[0:00:00]– Introduction[0:02:41]– Azure Sentinel automation rules[0:06:15]– Automating responses with playbooks [0:09:30]– Playbook templates ... continue reading

A closer look at the Crescendo configuration

In my previous post, I looked at the details of a Crescendo output handler from my VssAdmin module. In this post, I explain the details of a cmdlet definition in the Crescendo JSON configuration file. The purpose of the configuration ... continue reading
™

Azure network security helps reduce cost and risk according to Forrester TEI study

As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools ... continue reading
Pie graph showing DART engagement metrics by industry spanning from July 2020-June 2021. According to the graph, Consumer/Retail industry holds the highest engagement rate with 13 percent and Energy industry ranks the lowest at just 4 percent.

How cyberattacks are changing according to new Microsoft Digital Defense Report

In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are positive trends—victims are coming forward, humanizing the toll ... continue reading
DagmarHeidecker_0-1633936309439.png

NDES Security Best Practices

Hi, I am Dagmar, working for the Microsoft Compromise Recovery Security Practice team. As NDES (Network Device Enrollment Server) – if misconfigured or not secured and hardened properly – can be a door opener for the compromise of an Active ... continue reading
Dealing with deployment blockers with Bicep

Dealing with deployment blockers with Bicep

Hello Folks! Have you ever had a deployment blocked because the behavior you get from the portal is different than the deployment you get from an Azure Resource Manager (ARM) template or a Bicep deployment? Well, I had that issue ... continue reading
Managing Demo environment with Managed Disk Snapshot

Managing Demo environment with Managed Disk Snapshot

Hello folks, I have been doing some setups for demos on migrating VM to Azure. In good “cooking show” fashion I needed to have my environment ready to be reset so I can run the demo again. Well, instead of ... continue reading
Graphic outlines DART’s containment steps, which cover assessing the scope of the situation and preserving existing systems.

A guide to combatting human-operated ransomware: Part 2

This blog is part two of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page ... continue reading

My Crescendo journey

In a recent PowerShell Users Group meeting I was thinking that it might be good to talk about the new Crescendo module and how to use it. I was going to ask Jason Helmick if he would do a presentation ... continue reading

Parsing JSON with PowerShell

Q: I try to parse my JSON with the handy dandy “ConvertFrom-JSON” cmdlet but it only works in PowerShell 7, not in my good old PowerShell 5.1. How do I get it to work everywhere? A: PS 7 parses JSON ... continue reading