Microsoft Sentinel Archives - Practical 365 Practical Office 365 News, Tips, and Tutorials Thu, 02 Nov 2023 15:29:41 +0000 en-US hourly 1 https://wordpress.org/?v=6.3.2 https://practical365.com/wp-content/uploads/2022/06/favicon.png Microsoft Sentinel Archives - Practical 365 32 32 Five Things Microsoft 365 Security Administrators Should Do in 2023 https://practical365.com/microsoft-365-security-2023/ https://practical365.com/microsoft-365-security-2023/#comments Mon, 20 Feb 2023 11:00:00 +0000 https://practical365.com/?p=57907 Microsoft 365 security is a big topic. Focus is important when it comes to getting things done. In this article, we suggest five areas that administrators could work on during 2023 to improve the security posture of their tenant. You might already have established full control over some of these areas. Even if you have, it's still good to consider if you can improve security.

The post Five Things Microsoft 365 Security Administrators Should Do in 2023 appeared first on Practical 365.

]]>
https://practical365.com/microsoft-365-security-2023/feed/ 4
Dipping your toes in Microsoft Sentinel Automation https://practical365.com/dipping-your-toes-in-microsoft-sentinel-automation/ https://practical365.com/dipping-your-toes-in-microsoft-sentinel-automation/#respond Tue, 07 Feb 2023 20:52:50 +0000 https://practical365.com/?p=57983 Automation is a big part of Sentinel, as it helps security administrators fight the spew of alerts generated by the different security solutions. In this article, we dive into some common use cases for automation and how to utilize Playbooks within Microsoft Sentinel.

The post Dipping your toes in Microsoft Sentinel Automation appeared first on Practical 365.

]]>
https://practical365.com/dipping-your-toes-in-microsoft-sentinel-automation/feed/ 0
How to Add Active Directory Logs to Microsoft Sentinel https://practical365.com/how-to-add-active-directory-logs-to-microsoft-sentinel/ https://practical365.com/how-to-add-active-directory-logs-to-microsoft-sentinel/#respond Wed, 04 Jan 2023 14:27:26 +0000 https://practical365.com/?p=57795 When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.

The post How to Add Active Directory Logs to Microsoft Sentinel appeared first on Practical 365.

]]>
https://practical365.com/how-to-add-active-directory-logs-to-microsoft-sentinel/feed/ 0
Prioritizing data connectors in Microsoft Sentinel https://practical365.com/prioritizing-data-connectors-in-microsoft-sentinel/ https://practical365.com/prioritizing-data-connectors-in-microsoft-sentinel/#respond Mon, 28 Nov 2022 12:00:00 +0000 https://practical365.com/?p=57484 Although Sentinel makes it easy to onboard many data sources fast, it is important to keep cost in perspective. Start with prioritizing the data connectors that provide the most useful data, and then work your way down.

The post Prioritizing data connectors in Microsoft Sentinel appeared first on Practical 365.

]]>
https://practical365.com/prioritizing-data-connectors-in-microsoft-sentinel/feed/ 0
Use Microsoft 365 Defender and Sentinel to Defend Against New Zero-Day Threats: Part II https://practical365.com/use-microsoft-365-defender-and-sentinel-to-defend-against-new-zero-day-threats-part-ii/ https://practical365.com/use-microsoft-365-defender-and-sentinel-to-defend-against-new-zero-day-threats-part-ii/#respond Thu, 17 Nov 2022 11:00:00 +0000 https://practical365.com/?p=57513 This article continues the discussion of the main steps needed to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.

The post Use Microsoft 365 Defender and Sentinel to Defend Against New Zero-Day Threats: Part II appeared first on Practical 365.

]]>
https://practical365.com/use-microsoft-365-defender-and-sentinel-to-defend-against-new-zero-day-threats-part-ii/feed/ 0
How to Use Microsoft 365 Defender and Sentinel to Defend Against Zero Day Threats: Part I https://practical365.com/how-to-use-microsoft-365-defender-and-sentinel-to-defend-against-zero-day-threats/ https://practical365.com/how-to-use-microsoft-365-defender-and-sentinel-to-defend-against-zero-day-threats/#respond Wed, 02 Nov 2022 10:00:00 +0000 https://practical365.com/?p=57451 This article discusses the four main steps to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.

The post How to Use Microsoft 365 Defender and Sentinel to Defend Against Zero Day Threats: Part I appeared first on Practical 365.

]]>
https://practical365.com/how-to-use-microsoft-365-defender-and-sentinel-to-defend-against-zero-day-threats/feed/ 0
Using KQL to Master Sentinel Data https://practical365.com/use-kql-to-master-sentinel-data/ https://practical365.com/use-kql-to-master-sentinel-data/#respond Thu, 27 Oct 2022 10:00:00 +0000 https://practical365.com/?p=57398 Kusto Query Language, or KQL for short, is omnipresent in the Microsoft world and is used in different product stacks. Like any language, KQL can be challenging to understand and know where to start. This article is intended to help newcomers to get started.

The post Using KQL to Master Sentinel Data appeared first on Practical 365.

]]>
https://practical365.com/use-kql-to-master-sentinel-data/feed/ 0
Choosing an Appropriate Retention Period for Microsoft Sentinel Workspaces https://practical365.com/choosing-an-appropriate-retention-period-for-microsoft-sentinel-workspaces/ https://practical365.com/choosing-an-appropriate-retention-period-for-microsoft-sentinel-workspaces/#respond Tue, 13 Sep 2022 10:00:00 +0000 https://practical365.com/?p=57153 When you deploy Microsoft Sentinel, one of the most important design decisions is determining the appropriate data retention period.

The post Choosing an Appropriate Retention Period for Microsoft Sentinel Workspaces appeared first on Practical 365.

]]>
https://practical365.com/choosing-an-appropriate-retention-period-for-microsoft-sentinel-workspaces/feed/ 0
How to Use Office 365 Audit Data with Microsoft Sentinel https://practical365.com/use-office-365-audit-data-with-microsoft-sentinel/ https://practical365.com/use-office-365-audit-data-with-microsoft-sentinel/#comments Thu, 13 Jan 2022 07:11:00 +0000 https://practical365.com/?p=54440 Microsoft Sentinel is Microsoft's log aggregator. Along with other data, Sentinel can ingest events from the Office 365 audit log. Once ingested, we can visualize the data through workbooks. If you have an Azure subscription, it's surprisingly easy to take advantage of the 31-day trial to see if Sentinel can do a job for your organization. Follow our steps and you'll be visualizing quickly.

The post How to Use Office 365 Audit Data with Microsoft Sentinel appeared first on Practical 365.

]]>
https://practical365.com/use-office-365-audit-data-with-microsoft-sentinel/feed/ 11
Mitigating Risk Created by On-Premises Infrastructures in Microsoft 365 https://practical365.com/mitigate-onprem-threat-cloud-infrastructures/ https://practical365.com/mitigate-onprem-threat-cloud-infrastructures/#respond Tue, 23 Nov 2021 06:03:00 +0000 https://practical365.com/?p=54043 Continuing our review of practices to protect cloud infrastructures from weaknesses that can be introduced from on-premises accounts, we consider admin rights, authentication, and conditional access policies. Plus the need to collect and analyze the log data available in cloud environments to make sure that nothing nasty is slipping through.

The post Mitigating Risk Created by On-Premises Infrastructures in Microsoft 365 appeared first on Practical 365.

]]>
https://practical365.com/mitigate-onprem-threat-cloud-infrastructures/feed/ 0