Monitoring Office 365 tenants with Azure Sentinel

Monitoring Office 365 tenants with Azure Sentinel

Azure Sentinel is a product from Microsoft, offering a cloud-native SIEM service. Sentinel uses clever AI (Artificial Intelligence) to make your threat detection and responses faster and smarter. A key feature with Azure Sentinel is that you can connect to other data sources. Microsoft has built-in support for ingesting data from a plethora of their own data sources, including: Azure ADOffice 365Cloud App SecurityAzure Activity LogAzure AD Identity ProtectionAzure Information Protection (AIP)Azure Advanced Threat Protection (ATP)Azure Security CenterDNSMicrosoft Web Application Firewal (WAF)Windows FirewallWindows Security Eventsand more...In this post I'll talk about how you can enable Azure…

Read More

Who accessed my Azure Key Vault?

Who accessed my Azure Key Vault?

In this post we'll discuss: What is Key Vault, in case you landed here and you don't know.Configure diagnostics logging for your vaultQuerying the logs from your Azure Key VaultConnecting Azure Monitor and Rules to set up AlertsGet e-mails about any activity you need to reviewWhat is Azure Key Vault?Storing sensitive data in the cloud, as anywhere, is vital to the success of your online business and survival. Azure Key Vault provides a way to store keys, secrets and certificates securely and under lock and key in your Azure subscription. Examples of things you can put in your…

Read More

Passing AZ-500: Microsoft Certified Azure Security Engineer Associate

Passing AZ-500: Microsoft Certified Azure Security Engineer Associate

This week I took - and passed - the Microsoft Exam AZ-500: Microsoft Azure Security Technologies, which if you pass, leads to the Microsoft Certification Azure Security Engineer Associate. View my badge on Acclaim: https://www.youracclaim.com/badges/eeb67553-55fe-4663-bf04-33c5e83d2ba7 I'm not going to lie - it was a challenging exam. I didn't pass with 1000/1000 points, but I did pass. I come from a developer and solution architect background, and this exam focuses on more IT topics than dev ones for obvious reasons, so I had to push myself to get myself prepared for it. In the last…

Read More

Protecting your Azure Container Registry by denying all requests except from allowed IP addresses

Protecting your Azure Container Registry by denying all requests except from allowed IP addresses

With Azure Container Registry, or ACR, we get a lot of great capabilities to host our Docker images in the Azure cloud. With that, as with everything else, comes security concerns we should not overlook. In this post I'm exploring how we can lock down all access to our ACR by default, and then enable access based on an IP address or range of IP addresses. This is similar to what I've already explained in another post about Secure your Azure Storage Accounts with restrictions based on public IP addresses. If you haven't seen that, take a look there how…

Read More

Getting Started with BYOK in Azure Storage - Encrypt data at rest with your own encryption keys

Getting Started with BYOK in Azure Storage - Encrypt data at rest with your own encryption keys

Many people are using the offerings in Microsoft Azure and hold their data in some type of storage containers. In Azure, this can come in the form of an Azure Storage Account, which this article is focusing on. I'll discuss and walk through how to BYOK (Bring Your Own Keys) to your Azure Storage Accounts, and use a Key Vault to point to the encryption keys that you own yourself. Link tip: Bring Your Own Encryption (Wikipedia) Link tip: Pricing and Restrictions for BYOK in Azure (Microsoft Docs) Link tip: Hardware Encryption vs. Software Encryption: The Simple Guide - Sam…

Read More