Microsoft Sentinel Archives - Practical 365

Five Things Microsoft 365 Security Administrators Should Do in 2023

Tony Redmond — Mon, 20 Feb 2023 11:00:00 +0000

Microsoft 365 security is a big topic. Focus is important when it comes to getting things done. In this article, we suggest five areas that administrators could work on during 2023 to improve the security posture of their tenant. You might already have established full control over some of these areas. Even if you have, it's still good to consider if you can improve security.

The post Five Things Microsoft 365 Security Administrators Should Do in 2023 appeared first on Practical 365.

Dipping your toes in Microsoft Sentinel Automation

Thijs Lecomte — Tue, 07 Feb 2023 20:52:50 +0000

Automation is a big part of Sentinel, as it helps security administrators fight the spew of alerts generated by the different security solutions. In this article, we dive into some common use cases for automation and how to utilize Playbooks within Microsoft Sentinel.

The post Dipping your toes in Microsoft Sentinel Automation appeared first on Practical 365.

How to Add Active Directory Logs to Microsoft Sentinel

Thijs Lecomte — Wed, 04 Jan 2023 14:27:26 +0000

When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.

The post How to Add Active Directory Logs to Microsoft Sentinel appeared first on Practical 365.

Prioritizing data connectors in Microsoft Sentinel

Thijs Lecomte — Mon, 28 Nov 2022 12:00:00 +0000

Although Sentinel makes it easy to onboard many data sources fast, it is important to keep cost in perspective. Start with prioritizing the data connectors that provide the most useful data, and then work your way down.

The post Prioritizing data connectors in Microsoft Sentinel appeared first on Practical 365.

Use Microsoft 365 Defender and Sentinel to Defend Against New Zero-Day Threats: Part II

Thijs Lecomte — Thu, 17 Nov 2022 11:00:00 +0000

This article continues the discussion of the main steps needed to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.

The post Use Microsoft 365 Defender and Sentinel to Defend Against New Zero-Day Threats: Part II appeared first on Practical 365.

How to Use Microsoft 365 Defender and Sentinel to Defend Against Zero Day Threats: Part I

Thijs Lecomte — Wed, 02 Nov 2022 10:00:00 +0000

This article discusses the four main steps to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.

The post How to Use Microsoft 365 Defender and Sentinel to Defend Against Zero Day Threats: Part I appeared first on Practical 365.

Using KQL to Master Sentinel Data

Thijs Lecomte — Thu, 27 Oct 2022 10:00:00 +0000

Kusto Query Language, or KQL for short, is omnipresent in the Microsoft world and is used in different product stacks. Like any language, KQL can be challenging to understand and know where to start. This article is intended to help newcomers to get started.

The post Using KQL to Master Sentinel Data appeared first on Practical 365.

Choosing an Appropriate Retention Period for Microsoft Sentinel Workspaces

Thijs Lecomte — Tue, 13 Sep 2022 10:00:00 +0000

When you deploy Microsoft Sentinel, one of the most important design decisions is determining the appropriate data retention period.

The post Choosing an Appropriate Retention Period for Microsoft Sentinel Workspaces appeared first on Practical 365.

How to Use Office 365 Audit Data with Microsoft Sentinel

Tony Redmond — Thu, 13 Jan 2022 07:11:00 +0000

Microsoft Sentinel is Microsoft's log aggregator. Along with other data, Sentinel can ingest events from the Office 365 audit log. Once ingested, we can visualize the data through workbooks. If you have an Azure subscription, it's surprisingly easy to take advantage of the 31-day trial to see if Sentinel can do a job for your organization. Follow our steps and you'll be visualizing quickly.

The post How to Use Office 365 Audit Data with Microsoft Sentinel appeared first on Practical 365.

Mitigating Risk Created by On-Premises Infrastructures in Microsoft 365

Matthew Vinton — Tue, 23 Nov 2021 06:03:00 +0000

Continuing our review of practices to protect cloud infrastructures from weaknesses that can be introduced from on-premises accounts, we consider admin rights, authentication, and conditional access policies. Plus the need to collect and analyze the log data available in cloud environments to make sure that nothing nasty is slipping through.

The post Mitigating Risk Created by On-Premises Infrastructures in Microsoft 365 appeared first on Practical 365.