POPULARITY
18 episodes with microsoft sentinel
10 episodes with microsoft sentinel
7 episodes with microsoft sentinel
3 episodes with microsoft sentinel
3 episodes with microsoft sentinel
3 episodes with microsoft sentinel
3 episodes with microsoft sentinel
2 episodes with microsoft sentinel
2 episodes with microsoft sentinel
Les agents IA permettent aujourd'hui une "hyper-automatisation" des tâches en entreprise. C'est la mission que s'est fixée la startup française MindflowInterview : Evan Bourgouin, Directeur des opérations de MindflowL'hyper-automatisation agentique, concrètement, qu'est-ce que cela change pour les entreprises ?Nous automatisons les tâches répétitives dès qu'un humain, un ordinateur et un processus entrent en jeu. Beaucoup d'organisations utilisent déjà des services comme AWS, Microsoft Azure ou encore Salesforce et SAP, mais ces systèmes restent souvent isolés.Chez Mindflow, notre obsession, c'est l'intégration : connecter chaque service, chaque opération, au niveau le plus granulaire.Sur cette base, nous automatisons des processus dans la cybersécurité, l'IT ou les ressources humaines — par exemple l'onboarding d'un collaborateur, la création d'accès, de rôles, de comptes sur des outils comme Jira ou un CRM. Ce sont des tâches indispensables, mais pas celles où la valeur humaine est la plus forte.Quel est l'impact sur la cybersécurité et la charge des équipes ?Dans la cybersécurité, recevoir 100 alertes par jour sur un SIEM comme Splunk ou Microsoft Sentinel est devenu courant. Avec une équipe restreinte, une partie finit forcément par ne pas être traitée.Nous automatisons donc une part de ces réponses, tout en gardant l'humain dans la boucle.Cela change radicalement le quotidien : c'est un secteur où l'épuisement professionnel est très élevé. Les jeunes analystes arrivent et se font submerger par les tâches répétitives. En retirant cette charge, on leur permet de se concentrer sur l'analyse et la résolution de nouvelles menaces.Les utilisateurs vont du C-level jusqu'à l'alternant : chacun retrouve une capacité à créer, à améliorer son travail, en s'appuyant sur la plateforme.Automatisation ou agentique : comment expliquer la différence ?L'automatisation est déterministe : même input → même output.L'agentique, elle, adapte son comportement en fonction du contexte — par exemple une alerte différente sur ServiceNow ou une anomalie détectée dans un ERP. Mais on n'a pas besoin d'IA partout : certaines entreprises ne souhaitent pas envoyer leurs données dans des modèles d'IA pour des raisons de confidentialité.La vraie différence, c'est que nous avons résolu le problème de l'intégration, ce qui fait de Mindflow « l'IA du dernier kilomètre ». Une fois qu'on sait se connecter à AWS, Azure, Salesforce, Jira, un ERP ou un data lake, l'agent peut vraiment agir. Sans intégration, rien n'est possible.Comment une entreprise démarre-t-elle un projet d'automatisation ?Tout commence par une volonté interne et une culture favorable. Avec nos clients — souvent de grands groupes comme LVMH, Hermès, Thales ou Auchan — nous réalisons un état des lieux : où sont les goulots d'étranglement, quelles équipes sont surchargées, quels profils veulent devenir "builders".Une fois l'intégration réalisée, tout s'accélère. Les quick wins sont fréquemment dans la cyber, l'IT ou le support opérationnel, mais chaque entreprise a ses propres cas d'usage, même si elles utilisent parfois les mêmes outils.-----------♥️ Soutien : https://mondenumerique.info/don
Welcome to Episode 416 of the Microsoft Cloud IT Pro Podcast. In this week’s episode, Ben finally has a chance to sit down with Henrik Wojcik. Henrik has been a long-time listener as well as a fellow Microsoft MVP in Security and we finally had the chance to sit down and record an episode together, something we’ve talked about doing for years. As they sit down and enjoy a sunny afternoon in at Microsoft Ignite in San Francisco they discuss security in the financial sector, EU regulations (N2 and DORA), integrating Data Lake with Sentinel, optimizing log analytics, and the latest on Security Copilot and E5 licensing. They also spend some time chatting about some of their conference highlights, assisting as proctors in the hands-on labs, and the unique experience of Ignite in San Francisco. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Microsoft Ignite (with sessions on demand) Microsoft Ignite Book of News Catch up on Microsoft Security sessions and announcements from Ignite 2025 Microsoft Sentinel benefit for Microsoft 365 E5, A5, F5, and G5 customers Learn about Security Copilot inclusion in Microsoft 365 E5 subscription Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI What is Microsoft Sentinel data lake? KQL and the Microsoft Sentinel data lake Henrik F. Wojcik Henrik has worked in the IT industry since 2003. He’s always had a passion for learning new technologies and expanding his knowledge through various means such as online courses, webinars, and reading up on the latest developments in the industry. Throughout his career, he’s gained experience in various areas of IT, making him a true jack of all trades. However, his latest interests lie in the security space, modern workplace and management in Azure, with a particular focus on cyber security. He has experience working with products such as Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, Conditional Access, Microsoft Sentinel, and Microsof t Entra ID. His primary focus is on security on Azure workloads and identity (Entra ID). He prioritizes security awareness and believe that learning never stops, which is why He’s always eager to expand my knowledge and skillset. In the past, He’s also worked with various tools and technologies such as Cisco, Citrix, Dynamics AX, Exchange, ITIL, Azure, SCCM & SCOM, Scrum & Kanban, VMware, Windows Servers, and Windows Desktops. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
Parce que… c'est l'épisode 0x673! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Introduction Dans cet épisode technique du podcast, Yoan Schinck, directeur de la pratique de cyber réponse chez KPMG Canada, partage son expertise sur le threat hunting utilisant le Kusto Query Language (KQL). Fort de 12 ans d'expérience en technologies de l'information, dont 6 ans chez KPMG et la moitié en cybersécurité, Schinck se spécialise dans la réponse aux incidents, particulièrement les ransomwares et les compromissions de courriels d'affaires (business email compromise). Le workshop de threat hunting Lors de l'événement DeathC, dédié au detection engineering et au threat hunting, Schinck a conçu un workshop intitulé “Threat hunting en KQL 101”. Ce workshop vise à démontrer comment effectuer du threat hunting dans l'environnement Microsoft Sentinel en utilisant le KQL, le langage de requête pour explorer les données dans l'univers Microsoft. L'accent est mis particulièrement sur la télémétrie de Microsoft Defender for Endpoint, un choix stratégique reflétant la réalité du terrain où les organisations utilisant Sentinel travaillent généralement avec la suite de produits Microsoft Defender. Infrastructure et méthodologie Pour créer un environnement d'apprentissage réaliste, Schinck a mis en place une infrastructure comprenant deux machines virtuelles : un client Windows et un serveur Windows. Sur ces machines, il a exécuté une attaque complète simulée, couvrant toutes les étapes depuis l'accès initial jusqu'à l'exfiltration de données. Cette approche synthétique permet aux participants d'explorer des artefacts d'attaque authentiques dans un environnement contrôlé. L'infrastructure incluait également des politiques d'audit avancées Windows pour capturer des événements spécifiques dans le Security Event Log, notamment pour les processus, la gestion des utilisateurs et la création de comptes. Un déploiement de Sysmon avec une configuration étendue complétait le dispositif de collecte de données. Tous ces événements étaient ensuite envoyés vers Microsoft Sentinel, créant ainsi un environnement réaliste de threat hunting. Les organisateurs de DeathC ont fourni l'infrastructure on-premise, incluant le contrôleur de domaine, l'Active Directory, le Windows Event Collector et la configuration des Group Policies pour le transfert des événements Windows. Schinck s'est chargé de créer les deux machines virtuelles localement, de les joindre au domaine et d'installer Microsoft Defender for Endpoint avant d'exécuter son scénario d'attaque. Contenu pédagogique du workshop Le workshop est structuré en quatre catégories principales de threat hunting. La première se concentre sur les vecteurs d'accès initial, explorant différentes techniques pour identifier comment un accès a été obtenu. La deuxième catégorie examine les services Windows, analysant leur création, exécution et configuration pour détecter les abus potentiels par des attaquants. La troisième catégorie explore les tâches planifiées (scheduled tasks), un concept similaire aux services Windows en termes d'opportunités de hunting. Schinck souligne que la maîtrise de l'une de ces techniques facilite l'apprentissage de l'autre en raison de leurs similarités conceptuelles. Enfin, la quatrième catégorie aborde le hunting au niveau réseau en utilisant l'enrichissement de sources externes, notamment le projet Living Off Trusted Sites (LOTS) de Mr. D0x, qui répertorie les sites et domaines internet pouvant être abusés par des attaquants. Pour les participants plus expérimentés, Schinck propose un défi bonus : effectuer les mêmes analyses en utilisant la télémétrie Sysmon ou les Windows Event Logs plutôt que les données de Microsoft Defender for Endpoint. Cette approche alternative permet d'explorer différentes sources de données et de développer une compréhension plus complète du threat hunting. Expérience terrain et cas pratiques L'expertise de Schinck en réponse aux incidents enrichit considérablement le workshop. Il partage des observations concrètes issues de ses interventions, notamment l'abus fréquent des comptes de service par les attaquants. Ces comptes, souvent configurés comme des comptes utilisateurs normaux dans Active Directory avec simplement le préfixe “SVC”, peuvent être exploités pour des connexions RDP sur des systèmes où ils ne devraient pas avoir accès. Schinck recommande de chasser activement ces anomalies en surveillant les connexions de comptes de service entre serveurs, particulièrement celles survenant en dehors des heures normales de travail. Un autre pattern récurrent concerne l'emplacement des fichiers malveillants. Les attaquants déposent fréquemment leurs binaires ou scripts dans des emplacements moins surveillés comme la racine de Program Data, le dossier Users Public, ou divers répertoires AppData. Lors d'une intervention récente sur un cas de ransomware, Schinck a identifié rapidement un fichier DLL suspect dans le dossier Users Public, qui s'est révélé être un backdoor Cobalt Strike. Méthodologie de hunting et conseils pratiques Schinck insiste sur l'importance de filtrer le bruit dans les données de threat hunting. Une technique qu'il privilégie consiste à utiliser la fonction “distinct” pour regrouper les résultats uniques. Par exemple, lors de l'analyse de commandes PowerShell, plutôt que de parcourir 15 000 exécutions individuelles, le regroupement par lignes de commande distinctes peut réduire le jeu de données à 500 entrées, rendant l'analyse visuelle beaucoup plus efficace. Il souligne également que l'œil humain possède une capacité remarquable à détecter des anomalies. En parcourant lentement 50 lignes de commande PowerShell sans filtres additionnels, un analyste expérimenté peut souvent repérer des éléments suspects. Cette capacité repose sur deux piliers : la connaissance approfondie de son environnement et l'expérience accumulée à travers de multiples incidents. Accessibilité et reproductibilité Un aspect important du workshop est son accessibilité. Schinck démontre qu'il est possible de créer un environnement de threat hunting fonctionnel avec seulement deux machines virtuelles, un Windows Event Collector et Microsoft Sentinel. Cette simplicité rend l'apprentissage accessible à quiconque souhaite créer un homelab, même sur un ordinateur personnel ou portable. Il note qu'au Québec, le stack Microsoft (Sentinel et Defender) est devenu très populaire ces dernières années, rendant ces compétences particulièrement pertinentes. Paradoxalement, il observe que très peu d'organisations déploient Sysmon ou collectent les Security Event Logs dans Sentinel, malgré la gratuité de ces outils et leur valeur considérable en cas d'incident. Conclusion Le workshop de Yoan Schinck offre une approche pragmatique et réaliste du threat hunting en KQL, combinant expertise technique et expérience terrain. En se concentrant sur des scénarios d'attaque concrets et des outils largement déployés en entreprise, il prépare efficacement les participants aux défis réels de la cybersécurité moderne. Sa philosophie est claire : une fois les concepts de threat hunting maîtrisés, ils peuvent s'appliquer à n'importe quel produit ou langage de requête, seule la syntaxe change. Collaborateurs Nicolas-Loïc Fortin Yoan Schinck Crédits Montage par Intrasecure inc Locaux réels par DEATHcon Montréal
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the major announcements from Microsoft Ignite, focusing on the introduction of Security Copilot for Microsoft 365 E5 customers, innovations in identity management through Entra, and the integration of Defender for Cloud with GitHub. They also explore the new capabilities in Intune for remote management of Windows devices, highlighting the significant advancements in cybersecurity technology and its implications for organizations. In this episode, the hosts discuss significant advancements in device management, particularly focusing on Intune's future and its capabilities. They explore enhancements in Microsoft Sentinel, the introduction of the Security Store for security solutions, and the integration of AI in data security through Purview. Additionally, they highlight various security enhancements in Windows, emphasizing the importance of adapting to modern cybersecurity challenges.----------------------------------------------------YouTube Video Link: https://youtu.be/GdHZWGm7e0o----------------------------------------------------Documentation:https://news.microsoft.com/ignite-2025-book-of-news/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
Unify your security data and use AI to reason over your entire digital estate with Microsoft Sentinel. See how threats evolve in real time, map attack paths, and understand which assets are most at risk. Visualize relationships across users, devices, and resources to pinpoint vulnerabilities and focus your response where it matters most. Using natural language, you can investigate faster. Ask questions, get context, and act on insights without writing complex queries. Build and extend your own identity graphs to include multicloud systems like Salesforce, enriching your view of risk. Vandana Mahtani, Microsoft Sentinel Principal PM, shares how to detect, investigate, and disrupt threats in one connected experience with Microsoft Sentinel. You can find more info on custom graphs: https://aka.ms/sentinel/graph/ignite and sign-up for preview at: https://aka.ms/sentinel/graph/customsignup ► QUICK LINKS: 00:00 - Microsoft Sentinel SIEM and AI-ready security platform 01:37 - Blast radius integration 02:34 - Investigate using AI with the Sentinel MCP server 03:40 - Advanced hunting 04:53 - Custom graphs 07:07 - Build your own custom graph 08:51 - Wrap up ► Link References For more information, visit https://aka.ms/sentinelplatform Custom graph public preview signup at https://aka.ms/sentinel/graph/customsignup ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
In this episode of the Need to Know Podcast, we explore the evolving landscape of learning in the Microsoft Cloud ecosystem, with a spotlight on the SMB market. From the latest in Microsoft 365 Copilot innovations to critical cybersecurity updates and the end of CIAOPS Academy, this episode delivers essential insights for IT professionals and business leaders navigating the modern digital workplace. Resources Explore the tools, communities, and content mentioned in this episode: CIAOPS Need to Know Podcast: https://ciaops.podbean.com/ CIAOPS Blog: https://blog.ciaops.com/ CIAOPS Labs: https://blog.ciaopslabs.com/ CIAOPS Brief: https://blog.ciaops.com/tag/cia-brief/ Join the Teams Shared Channel: https://blog.ciaops.com/2022/07/29/join-my-teams-shared-channel/ CIAOPS Merch Store: https://my-store-c5d877-2.creator-spring.com/ Become a Patron: https://www.ciaopspatron.com/ Direct Support: https://ko-fi.com/ciaops Get Your M365 Questions Answered: https://blog.ciaops.com/2025/06/11/get-your-m365-questions-answered-via-email-2/ Test Your Microsoft 365 Speed: https://blog.ciaops.com/2025/07/21/test-your-microsoft-365-speed-in-seconds-for-free/ CIAOPS Email list - https://bit.ly/cia-email Announcements Flight School: Mastering Copilot for IT Pros – https://blog.ciaops.com/2025/11/14/flight-school-mastering-copilot-for-it-pros/ Disabling Office Macros via ASR to Meet Essential Eight Requirements – https://blog.ciaops.com/2025/11/13/disabling-office-macros-via-asr-to-meet-essential-eight-requirements/ ASD OWA settings check script – https://blog.ciaops.com/2025/11/13/asd-owa-settings-check-script/ ASD Mailflow settings check script – https://blog.ciaops.com/2025/11/12/asd-mailflow-settings-check-sript/ CIAOPS Academy deprecation notification – https://blog.ciaops.com/2025/11/10/ciaops-academy-deprecation-notification/ Show Notes The next chapter of the Microsoft–OpenAI partnership – https://blogs.microsoft.com/blog/2025/10/28/the-next-chapter-of-the-microsoft-openai-partnership/ Automate with Workflows Agent in Microsoft 365 Copilot (Frontier) – https://www.youtube.com/watch?v=Vvk1ScZT-lo Introducing Researcher with Computer Use in Microsoft 365 Copilot – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-researcher-with-comput… Build apps in minutes with App Builder agent in Microsoft 365 Copilot (Frontier) – https://www.youtube.com/watch?v=v27H_R1ltB0 Microsoft 365 Copilot now enables you to build apps and workflows – https://www.microsoft.com/en-us/microsoft-365/blog/2025/10/28/microsoft-365-copilot-now-enables-you Introducing Teams Mode for Microsoft 365 Copilot – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-teams-mode-for-microso… Introducing MAI-Image-1, debuting in the top 10 on LMArena – https://microsoft.ai/news/introducing-mai-image-1-debuting-in-the-top-10-on-lmarena/ Building human-centric security skills for AI – https://techcommunity.microsoft.com/blog/microsoftlearnblog/building-human-centric-security-skills-… GenAI vs Cyber Threats: Why GenAI Powered Unified SecOps Wins – https://techcommunity.microsoft.com/blog/microsoft-security-blog/genai-vs-cyber-threats-why-genai-p… What's new in Microsoft 365 Copilot | October 2025 – https://techcommunity.microsoft.com/blog/Microsoft365CopilotBlog/what%E2%80%99s-new-in-microsoft-36… The 5 generative AI security threats you need to know about detailed in new e-book – https://www.microsoft.com/en-us/security/blog/2025/10/30/the-5-generative-ai-security-threats-you-n… SharePoint Showcase highlights: Smarter Copilot responses using metadata with the Knowledge Agent – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/sharepoint-showcase-highlights-sma… Work smarter with Copilot in the People, Files, and Calendar apps – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/work-smarter-with-copilot-in-the-p… The weakest link: Stolen staff passwords now the biggest cyber threat to workplaces – https://www.smh.com.au/politics/federal/the-weakest-link-stolen-staff-passwords-now-the-biggest-cyb… Cyber security priorities for boards of directors 2025-26 – https://www.cyber.gov.au/business-government/protecting-business-leaders/cyber-security-for-busines… Secure external attachments with Purview encryption – https://techcommunity.microsoft.com/blog/azurepurviewblog/secure-external-attachments-with-purview-… What's New in Microsoft Intune: October 2025 – https://techcommunity.microsoft.com/blog/microsoftintuneblog/what%E2%80%99s-new-in-microsoft-intune… Custom detections are now the unified experience for creating detections in Microsoft Defender – https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/custom-detections-are-now-th… 10 ways Microsoft Intune supports a smooth upgrade to Windows 11 – https://techcommunity.microsoft.com/blog/microsoftintuneblog/10-ways-microsoft-intune-supports-a-sm… How Windows 11 and AI are transforming the future of work – https://techcommunity.microsoft.com/blog/windows-itpro-blog/how-windows-11-and-ai-are-transforming-… Security Copilot Agents: The New Era of AI, Driven Cyber Defense – https://techcommunity.microsoft.com/blog/microsoft-security-blog/security-copilot-agents-the-new-er… 6 truths about migrating Microsoft Sentinel to the Defender portal – https://techcommunity.microsoft.com/blog/microsoftsentinelblog/6-truths-about-migrating-microsoft-s… Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM – https://www.microsoft.com/en-us/security/blog/2025/10/16/microsoft-named-a-leader-in-the-2025-gartn… Extortion and ransomware drive over half of cyberattacks – https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/ Microsoft 365 Insider Round-Up: October 2025 – https://www.linkedin.com/pulse/microsoft-365-insider-round-up-october-2025-microsoft-365-insider-ub… Making every Windows 11 PC an AI PC – https://blogs.windows.com/windowsexperience/2025/10/16/making-every-windows-11-pc-an-ai-pc/ Microsoft raises the bar: A smarter way to measure AI for cybersecurity – https://www.microsoft.com/en-us/security/blog/2025/10/14/microsoft-raises-the-bar-a-smarter-way-to-… Building a lasting security culture at Microsoft – https://www.microsoft.com/en-us/security/blog/2025/10/13/building-a-lasting-security-culture-at-mic… Satya – My annual letter: Thinking in decades, executing in quarters – https://www.linkedin.com/pulse/my-annual-letter-thinking-decades-executing-quarters-satya-nadella-7…
SummaryIn this episode, Andy Jaw and Adam Brewer discuss the latest updates in Microsoft Sentinel, focusing on the new features such as the Sentinel Data Lake, Sentinel Graph, and the MCP server. They explore how these innovations enhance security operations, improve data management, and leverage AI for better threat detection and response. The conversation emphasizes the importance of cost-effective data storage and the integration of AI in cybersecurity practices.----------------------------------------------------YouTube Video Link: https://youtu.be/dspGvRHMiPc----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/azure/sentinel/whats-new----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
Welcome to Episode 412 of the Microsoft Cloud IT Pro Podcast. In this episode, we explore three announcements from Microsoft that are reshaping how security teams work with Sentinel. From a reimagined data architecture to AI integration and new visualization capabilities, Microsoft is doubling down on making security operations more intelligent, efficient, and accessible. Whether you're a seasoned SOC analyst or just getting started with cloud security, these updates offer powerful new ways to detect threats, investigate incidents, and understand your security posture. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Logitech MX Master 4, Ergonomic Wireless Mouse with Advanced Performance Haptic Feedback, Ultra-Fast Scrolling, USB-C Charging, Bluetooth, Windows, MacOS - Graphite Microsoft Sentinel data lake is now generally available Announcing Microsoft Sentinel Model Context Protocol (MCP) server – Public Preview What is Microsoft Sentinel's support for Model Context Protocol (MCP)? Add Microsoft Sentinel's collection of MCP tools Introducing Microsoft Sentinel graph (Public Preview) Graph models overview (preview) About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
In Episode 354 of the CIAOPS "Need to Know" podcast, host Robert Crane sits down with Philip Meyer, a seasoned Microsoft veteran, to explore the seismic shifts in the IT landscape driven by artificial intelligence. From reflections on decades of industry evolution to practical advice for SMBs and partners, this episode delivers a rich blend of insights, personal stories, and actionable strategies. Topics include AI's impact on employment, cybersecurity challenges, digital labor, and the future of partner enablement. Resources Explore the tools, communities, and content mentioned in this episode: CIAOPS Need to Know Podcast: https://ciaops.podbean.com/ CIAOPS Blog: https://blog.ciaops.com/ CIAOPS Labs: https://blog.ciaopslabs.com/ CIAOPS Brief: https://blog.ciaops.com/tag/cia-brief/ Join the Teams Shared Channel: https://blog.ciaops.com/2022/07/29/join-my-teams-shared-channel/ CIAOPS Merch Store: https://my-store-c5d877-2.creator-spring.com/ Become a Patron: https://www.ciaopspatron.com/ Direct Support: https://ko-fi.com/ciaops Get Your M365 Questions Answered: https://blog.ciaops.com/2025/06/11/get-your-m365-questions-answered-via-email-2/ Test Your Microsoft 365 Speed: https://blog.ciaops.com/2025/07/21/test-your-microsoft-365-speed-in-seconds-for-free/ Show Notes Email philme@catalyst345.com to receive the invitation to Phil's online meetings http://aka.ms/wti for that Work Trends Index Philip Meyer | LinkedIn for LinkedIn profile Microsoft named a Leader in the IDC MarketScape for XDR - https://www.microsoft.com/en-us/security/blog/2025/10/02/microsoft-named-a-leader-in-the-idc-market… Retail at risk: How one alert uncovered a persistent cyberthreat - https://www.microsoft.com/en-us/security/blog/2025/09/24/retail-at-risk-how-one-alert-uncovered-a-p… Fluid forms, vibrant colors - https://microsoft.design/articles/fluid-forms-vibrant-colors/ What's new in Microsoft 365 Copilot | September 2025 - https://techcommunity.microsoft.com/blog/Microsoft365CopilotBlog/what%E2%80%99s-new-in-microsoft-36… An IT pro's guide to Windows 11, version 25H2 - https://techcommunity.microsoft.com/blog/windows-itpro-blog/an-it-pro%E2%80%99s-guide-to-windows-11… Announcing Microsoft Sentinel Model Context Protocol (MCP) server – Public Preview - https://techcommunity.microsoft.com/blog/microsoft-security-blog/announcing-microsoft-sentinel-mode… Microsoft Sentinel data lake is now generally available - https://techcommunity.microsoft.com/blog/microsoft-security-blog/microsoft-sentinel-data-lake-is-no… Empowering defenders in the era of agentic AI with Microsoft Sentinel - https://www.microsoft.com/en-us/security/blog/2025/09/30/empowering-defenders-in-the-era-of-agentic… Microsoft 365 Backup: Protect your business with data recovery - https://techcommunity.microsoft.com/blog/microsoft_365_backup_blog/microsoft-365-backup-protect-you… Office Agent – “Taste driven” multi-agent system for Microsoft 365 Copilot - https://techcommunity.microsoft.com/blog/microsoft365copilotblog/office-agent-%E2%80%93-%E2%80%9Cta… Vibe working: Introducing Agent Mode and Office Agent in Microsoft 365 Copilot - https://www.microsoft.com/en-us/microsoft-365/blog/2025/09/29/vibe-working-introducing-agent-mode-a… Building Agent Mode in Excel - https://techcommunity.microsoft.com/blog/excelblog/building-agent-mode-in-excel/4457320 Microsoft Sentinel and Defender: ITSM Integrations Explained – https://techcommunity.microsoft.com/blog/microsoftsentinelblog/microsoft-sentinel-and-defender-itsm… AI vs. AI: Detecting an AI-obfuscated phishing campaign – https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishi… Expanding model choice in Microsoft 365 Copilot – https://www.microsoft.com/en-us/microsoft-365/blog/2025/09/24/expanding-model-choice-in-microsoft-3… Introducing Channel Agent in Teams – https://techcommunity.microsoft.com/blog/Microsoft365InsiderBlog/introducing-channel-agent-in-teams… SharePoint Showcase highlights: Get the most out of SharePoint agents – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/sharepoint-showcase-highlights-get… New collaborative agents in Microsoft 365 Copilot – https://www.youtube.com/watch?v=biWymgItJ_I Introducing Knowledge Agent in SharePoint – https://techcommunity.microsoft.com/blog/spblog/introducing-knowledge-agent-in-sharepoint/4454154 AI and Microsoft Teams: A New Era of Collaboration – https://techcommunity.microsoft.com/blog/microsoftteamsblog/ai-and-microsoft-teams-a-new-era-of-col… Microsoft 365 Insider Round-Up: September 2025 – https://www.linkedin.com/pulse/microsoft-365-insider-round-up-september-2025-microsoft-365-insider-… Addressing multi-tenant management challenges for MSPs with Microsoft Intune and partner innovations – https://techcommunity.microsoft.com/blog/microsoftintuneblog/addressing-multi-tenant-management-cha… Defending against evolving identity attack techniques – https://www.microsoft.com/en-us/security/blog/2025/05/29/defending-against-evolving-identity-attack… Copilot Chat comes to the Microsoft 365 apps – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/copilot-chat-comes-to-the-microsof… Get ready now: One month until Office 2016/2019 end of support – https://techcommunity.microsoft.com/blog/officeeos/get-ready-now-one-month-until-office-20162019-en…
Alan and Sam discuss the integration of Microsoft Sentinel into the Defender XDR portal. Alan goes through the benefits of the integration and thing to watch out for when starting the migration. Here are a few things we covered: What is Microsoft's Unified SecOps Platform? What are the announcements around Microsoft Sentinel's interface moving? What are the benefits of the integration of Microsoft Sentinel? What did you think of this episode? Give us some feedback via our contact form, or leave us a voice message in the bottom right corner of our site.Read transcript
Back in 2020 we did our first episode on Microsoft Sentinel. We feel it's time to revisit Sentinel after five years, and take a look at where it stands today. What's relevant, what's new, and what's happening with Sentinel?(00:00) - Intro and catching up.(04:29) - Show content starts.Show links- Microsoft Sentinel Quickstart- Sentinel Data Lake- Give us feedback!
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss significant developments in the cybersecurity landscape, including Palo Alto's acquisition of CyberArk, the introduction of Microsoft Sentinel's Data Lake feature, and the integration of Defender Threat Intelligence into existing Microsoft security solutions. They emphasize the importance of a platform approach to cybersecurity and the challenges associated with acquisitions in the industry.----------------------------------------------------YouTube Video Link: https://youtu.be/8BRxQUyHNh4----------------------------------------------------Documentation:https://www.paloaltonetworks.com/company/press/2025/palo-alto-networks-announces-agreement-to-acquire-cyberark--the-identity-security-leaderhttps://techcommunity.microsoft.com/blog/microsoft-security-blog/introducing-microsoft-sentinel-data-lake/4434280https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
In this episode Michael, Sarah and Mark talk to Mark Kendrick about Microsoft Sentinel Data Lake. We also cover news about The Open Group - Roles and Glossary standards, Security Adoption Module 5 - Data Security, Microsoft Azure Cloud HSM, WAF and Containers, PostgreSQL and PowerBI, Azure Managed Lustre, and more. Also, Sarah mentions some Developer Security YouTube videos coming out from MS Build!https://aka.ms/azsecpod
The Intel® Core™ Ultra (Series 2) processor powered Surface Laptop 5G for Business is a Copilot+ PC. Integrated Intel® AI Boost supports up to 48 TOPS with Foundry Local for on-device AI inferencing. Stay securely connected with rearchitected 5G design—including six smart-switching antennas, eSIM and Wi-Fi 7—without relying on hotspots. As the first Surface Laptop to feature 5G, it enables enterprise-ready AI features for deeper insights, productivity boosts, and powerful local inferencing wherever work happens. ► QUICK LINKS: 00:00 - Microsoft Sentinel Data Lake 01:49 - Data Management 02:46 - Table Management 03:36 - Data Lake exploration 04:17 - Advanced Hunting 05:23 - Query retention data 06:16 - Automate threat detection 07:18 - Move from reactive to predictive 08:50 - Wrap up ► Link References Check out https://surface.com/business ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Centralize, retain, and query high-volume, long-term security data across Microsoft and third-party sources for up to 12 years using Microsoft Sentinel's new unified data lake. Correlate signals, run advanced analytics, and perform forensic investigations from a single copy of data—without costly migrations or data silos. Detect persistent, low-and-slow attacks with greater visibility, automate responses using scheduled jobs, and generate predictive insights by combining Copilot, KQL, and machine learning. Vandana Mahtani, Microsoft Sentinel Principal Product Manager shows how to uncover long-running threats, streamline investigations, and automate defenses—all within a unified, AI-powered SIEM experience. ► QUICK LINKS: 00:00 - Microsoft Sentinel Data Lake 01:49 - Data Management 02:46 - Table Management 03:36 - Data Lake exploration 04:17 - Advanced Hunting 05:23 - Query retention data 06:16 - Automate threat detection 07:18 - Move from reactive to predictive 08:50 - Wrap up ► Link References Check out https://aka.ms/SentinelDataLake ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Welcome to Episode 406 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben and Scott discuss their recent experiences and thoughts on Microsoft's Copilot features and agents, specifically focusing on the Researcher and Analyst agents. They share practical applications and benefits of these tools, such as using Researcher for meeting preparations and Analyst for exploring data, summarizing data, and even coming up with python script to use with data. Additionally, they cover the upcoming migration of Microsoft Sentinel to the Defender portal, discussing its implications and potential future changes for other security tools. The episode ends with a teaser about an upcoming discussion on MCPs for AI! Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Introducing Researcher and Analyst in Microsoft 365 Copilot Introducing Deep Research in Azure AI Foundry Agent Service Get started with Researcher in Microsoft 365 Copilot Researcher agent in Microsoft 365 Copilot Analyst agent in Microsoft 365 Copilot Get started with Analyst in Microsoft 365 Copilot New reasoning agents: Researcher and Analyst in Microsoft 365 Copilot Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
In episode 245 of our SAP on Azure video podcast we talk about Security Threat detection with SAP. SAP Threat Monitoring tools like SAP Enterprise Threat Detection enable real-time monitoring of security events in SAP systems. On the Microsoft side we catch track and catch a lot of security events using Microsoft Sentinel. Luckily there ia a native integration of ETD with Sentinel. To show us how this integration actually works, I am happy to have Michael Schmitt from SAP and our own Martin Pankratz with us again today. Find all the links mentioned here: https://www.saponazurepodcast.de/episode245Reach out to us for any feedback / questions:* Robert Boban: https://www.linkedin.com/in/rboban/* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #Security #ETD #Sentinel
In episode 243 of our SAP on Azure video podcast we talk about SAP LogServ and Microsoft Sentinel!I am just returning from Sapphire in Orlando and among a lot of AI related discussions, the topic of Security was also top of mind. Several RISE customers actually approached me and asked about the SAP LogServ integration with Microsoft Sentinel. It looks like the latest release from SAP and Microsoft adressed something, that is quite top of mind for customers at the moment. To give us more insights, on what this LogServ and Sentinel integraiton is and how you can benefit from it, I am happy to have Hemanth from SAP, and Martin and Bastian with us today. Find all the links mentioned here: https://www.saponazurepodcast.de/episode243Reach out to us for any feedback / questions:* Robert Boban: https://www.linkedin.com/in/rboban/* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #RISE #Security #LogServ #Sentinel
Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM FULL SHOW NOTES https://www.microsoftinnovationpodcast.com/691 What happens when cybercrime becomes as organized—and profitable—as a Fortune 500 company? In this episode, Louis Arthur-Brown, a cybersecurity leader and solutions partner at CodeStone, pulls back the curtain on the evolving threat landscape. From ransomware-as-a-service to deepfake deception, Louis shares real-world insights and practical strategies for defending your organization in an AI-accelerated world. Whether you're a tech leader or a curious professional, this conversation will sharpen your security instincts and help you build resilience where it matters most. KEY TAKEAWAYS Cybercrime is industrialized: Ransomware-as-a-service and affiliate models make it easy for anyone—even non-technical actors—to launch attacks for as little as $50. AI is amplifying threats: A 1,300% rise in phishing emails last year is just the beginning. Deepfakes and voice cloning are reshaping social engineering tactics. MFA and basic hygiene go a long way: Implementing multi-factor authentication and conditional access can block up to 92% of cyberattacks. Zero Trust is essential: Organizations must move beyond the “walled garden” mindset and adopt a “never trust, always verify” approach to access and data. Data strategy is security strategy: Tools like Microsoft Purview and Windows 365 help classify, protect, and monitor sensitive data—especially in AI-enabled environments. RESOURCES MENTIONED
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the new security features of Windows 11, focusing on Administrator Protection and its implications for user privilege management. They also explore the advancements in Microsoft Sentinel, particularly the introduction of multi-tenancy and workspace management, which enhances security operations for organizations with multiple tenants. The discussion emphasizes the importance of these features in improving security and operational efficiency.----------------------------------------------------YouTube Video Link: https://youtu.be/n4IsSrLmPPc----------------------------------------------------Documentation:https://techcommunity.microsoft.com/blog/windows-itpro-blog/administrator-protection-on-windows-11/4303482https://techcommunity.microsoft.com/blog/microsoftsentinelblog/whats-new-multi-tenancy-in-the-unified-security-operations-platform-experience-i/4225658https://techcommunity.microsoft.com/blog/microsoftsentinelblog/multi-workspace-for-multi-tenant-is-now-in-public-preview-in-microsofts-unified-/4398229https://learn.microsoft.com/en-us/unified-secops-platform/mto-overview----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
Storage often sits in the background of cybersecurity conversations—but not at Infinidat. In this episode, Eric Herzog, Chief Marketing Officer of Infinidat, joins Sean Martin to challenge the notion that storage is simply infrastructure. With decades of experience at IBM and EMC before joining Infinidat, Herzog explains why storage needs to be both operationally efficient and cyber-aware.Cyber Resilience, Not Just StorageAccording to Herzog, today's enterprise buyers—especially those in the Global Fortune 2000—aren't just asking how to store data. They're asking how to protect it when things go wrong. That's why Infinidat integrates automated cyber protection directly into its storage platforms, working with tools like Splunk, Microsoft Sentinel, and IBM QRadar. The goal: remove the silos between infrastructure and cybersecurity teams and eliminate the need for manual intervention during an attack or compromise.Built-In Defense and Blazing-Fast RecoveryThe integration isn't cosmetic. Infinidat offers immutable snapshots, forensic environments, and logical air gaps as part of its storage operating system—no additional hardware or third-party tools required. When a threat is detected, the system can automatically trigger actions and even guarantee data recovery in under one minute for primary storage and under 20 minutes for backups—regardless of the dataset size. And yes, those guarantees are provided in writing.Real-World Scenarios, Real Business OutcomesHerzog shares examples from finance, healthcare, and manufacturing customers—one of which performs immutable snapshots every 15 minutes and scans data twice a week to proactively detect threats. Another customer reduced from 288 all-flash storage floor tiles to just 61 with Infinidat, freeing up 11 storage admins to address other business needs—not to cut staff, but to solve the IT skills shortage in more strategic ways.Simplified Operations, Smarter SecurityThe message is clear: storage can't be an afterthought in enterprise cybersecurity strategies. Infinidat is proving that security features need to be embedded, not bolted on—and that automation, integration, and performance can all coexist. For organizations juggling compliance requirements, sprawling infrastructure, and lean security teams, this approach delivers both peace of mind and measurable business value.Learn more about Infinidat: https://itspm.ag/infini3o5dNote: This story contains promotional content. Learn more.Guest: Eric Herzog, Chief Marketing Officer, Infinidat | https://www.linkedin.com/in/erherzog/ResourcesLearn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidatLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, eric herzog, storage, cybersecurity, automation, resilience, ransomware, recovery, enterprise, soc, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Welcome to 2025. Thanks so much for listening. A couple of 'summary' or 'annual' blog posts that are worth taking a look at. I also do some annual posts on my blog around what I used over the previous year if you wanted to know. I also share how I capture and work with information on a daily and the tools I use to achieve this. Let me know what works for you. Brought to you by www.ciaopspatron.com Resources @directorcia Join my shared channel CIAOPS merch store Become a CIAOPS Patron CIAOPS Blog CIAOPS Brief CIAOPSLabs Support CIAOPS The transition to the new Outlook will begin on January 1, 2025 Action Pack goes away Microsoft OneNote, a year in review: AI innovation and enhanced creativity Build custom email security reports and dashboards with workbooks in Microsoft Sentinel 6 AI trends you'll see more of in 2025 CES 2025: The year of the Windows 11 PC refresh SharePoint Roadmap Pitstop December 2024 Microsoft Entra: Top 50 features of 2024 Get ready for the new year with Microsoft 365 Pocket CIAOPS OneNote Daybook template
Streamline threat detection and response across diverse environments with Microsoft Sentinel, your cloud-native SIEM solution. With features like Auxiliary logs for low-cost storage and proactive data optimization recommendations, you can efficiently manage high volumes of security data without compromising on threat intelligence. Leverage built-in AI and automation to uncover hidden threats and reduce investigation time from days to minutes. Rob Lefferts, CVP for Security Solutions at Microsoft, joins Jeremy Chapman to show how to migrate from existing SIEM solutions with built-in migration tools, ensuring seamless access to your security logs while maintaining investigative integrity. ► QUICK LINKS: 00:00 - Microsoft Sentinel, modern Cloud SIEM 01:12 - Unified security operations platform 02:55 - Prioritize security updates 04:27 - Storage options 05:11 - Optimize data coverage and usage 06:17 - Protect against long-term persistent attacks 07:58 - Automation using auxiliary logs 08:59 - Manual effort 10:10 - Automation 12:07 - Migration 13:31 - Wrap up ► Link References Get started at https://aka.ms/MicrosoftSentinel Find samples for the Playbook Logic App and the Function app at https://aka.ms/AuxLogsTIapp ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Check out Microsoft 365 Copilot Wave Two updates, featuring Business Chat and the new Copilot Pages for enhanced collaboration, advancements in Excel data analysis, AI-driven file comparisons in OneDrive, and easy-to-create Copilot agents for automating business processes. If you are in IT, we'll show you improved integrations with our security and compliance stack. Mary Pasch, Principal Product Manager, joins Jeremy Chapman to walk through the updates, including what it means for Microsoft 365 admins. ► QUICK LINKS: 00:00 - Microsoft 365 Copilot Wave Two 00:45 - How Copilot is evolving 01:32 - BizChat and Copilot Pages 02:58 - Copilot in Excel 04:41 - Copilot using Python in Excel 06:05 - Compare and contrast documents 07:18 - Create Copilot agents from BizChat 08:44 - Create Copilot agents from SharePoint 10:12 - .copilot files 10:44 - Enterprise-grade data protection 13:54 - Wrap up ► Link References Check out new Copilot experiences at https://aka.ms/CopilotWave2 Access advanced enterprise data protections at http://microsoft.com/copilot ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Prevent attackers from stealing your identity and data by protecting your tokens. In single sign-on systems like SAML and OAUTH, tokens are how services know who you are and what you can do. When you sign in to your machine with your Microsoft Entra ID account, you are getting a session token you can use to access things like your email, teams and other apps. Check out new capabilities like Credential Guard in Windows enforced by device policies in Intune, Token Protection enforcement in Microsoft Entra, and Token theft detections in Microsoft Sentinel and Defender XDR. Alex Weinert, from the Microsoft Entra team, explains what tokens are, how token theft works, and how to defend yourself from these attacks. ► QUICK LINKS: 00:00 - Token theft attacks 01:39 - Token basics 02:59 - Token theft demo 03:41 - How to use token protection 05:22 - Additional Token theft defenses 06:25 - How to detect and shut down attacks 08:01 - Wrap up ► Link References Get started at https://aka.ms/TokenTheftDefense ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Welcome to Episode 385 of the Microsoft Cloud IT Pro Podcast. In this episode, we dive into deploying, managing, and optimizing Microsoft's leading cloud-native SIEM (Security Information and Event Management) solution. Whether you're new to Microsoft Sentinel or looking to deepen your expertise, this episode is packed with actionable insights to help you secure your Azure environment effectively. Like what you hear and want to support the show? Check out our membership options. Show Notes What is Microsoft Sentinel? Deployment guide for Microsoft Sentinel Plan costs and understand Microsoft Sentinel pricing and billing Log retention plans in Microsoft Sentinel Prepare for multiple workspaces and tenants in Microsoft Sentinel Centrally manage multiple Microsoft Sentinel workspaces with workspace manager (Preview) Sentinel Content Packs Free data sources Automate threat response with playbooks in Microsoft Sentinel About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
In episode 208 of our SAP on Azure video podcast we talk about security!Sentinel for SAP has been around for quite some time now. It is even certified for RISE with SAP and we see a lot of interest by customers in the additional protection that Sentinel can provide for their SAP system. Speaking of SAP Systems - a lot of customers are using the SAP Business Technology Platform, to leverage Integration Suite, SAP Fiori or SAP Build services and of course also AI core services. Just a few weeks back the Microsoft Sentinel for SAP BTP solution went also General Availability, which means that now you can also detect attacks on BTP with Sentinel. To help us understand more about the features I am happy to have Will King, Yossi Hasson and Martin Pankraz with us today. Find all the links mentioned here: https://www.saponazurepodcast.de/episode208Reach out to us for any feedback / questions:* Robert Boban: https://www.linkedin.com/in/rboban/* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #Sentinel #BTP #SAPBTP #Security
We haven't talked about Microsoft Sentinel in a while. This week, we take a look at auxiliary logs - a new capability that Sentinel benefits from. What is it, and why and when should you use it? Also, Jussi asks Tobi an unexpected question.(00:00) - Intro and catching up.(03:27) - Show content starts.Show links- Setting up auxiliary plan- Create a destination table using the API- Give us feedback!
Have you rolled out Microsoft Defender for Cloud? Richard chats with Yuri Diogenes about the bundle of tools under the Defender for Cloud moniker. Yuri describes Defender for Cloud as a Cloud-Native Application Protection Platform (CNAPP). This Gartner term covers the various elements that go into a cloud-native application, including APIs, servers, containers, storage, resource manager, and more! Defender for Cloud integrates with Microsoft Purview to understand data sensitivity, and Microsoft Sentinel helps detect breaches or data misuse. It also offers attack path analysis and remediation so you can get ahead of the attackers to close off potential breach risks before they happen! Check the links in the show notes for great resources, including an ebook on CNAPP strategy!LinksDefender for CloudOWASP Top 10 API Security RisksDefender for APIsMicrosoft SentinelData Security DashboardAttack PathsMicrosoft PurviewCloud Security Posture ManagementMicrosoft Copilot for SecuritySecurity Remediation with GovernanceDefender for Cloud ServiceNow IntegrationCNAPP Strategy EbookRecorded May 13, 2024
Episode Highlights: Introduction (0:00) - Hosts: Joe Stocker and Larry Lishey - Larry's new role as a SOC Analyst Larry's Journey to Cybersecurity (0:38) - Transition from warehouse management to cybersecurity - Motivations and inspirations (1:06) - Role of formal education and certifications (4:22) - Key learning experiences and helpful resources Day-to-Day as a SOC Analyst (2:23) - Typical daily tasks and responsibilities - Working with Microsoft Sentinel and other security tools (3:23) - The importance of thorough incident investigation Challenges and Rewards (10:00) - Initial challenges and overcoming nerves - The pressure and importance of accurate incident triage (11:06) - Rewarding aspects: customer satisfaction and team support (21:26) Mentorship and Team Dynamics (12:07) - The role of mentors in Larry's growth - Advice for new SOC analysts: ask questions, find a mentor - Team structure and dynamics within the SOC (19:08) Professional Growth and Skills Development (13:36) - Key skills and knowledge areas developed over 12 months - Specific incident analysis and forensics experiences (14:32) - Learning and growth through practical experiences and mentorship Career Transition and Personal Impact (18:52) - Life changes from the career transition - Balancing work and personal life, including gym routines (29:55) - Benefits of remote work and its dynamics Podcast Experiences (31:41) - Notable guests and influential conversations (31:57) - Favorite moments and topics covered (32:57) - Future aspirations for the podcast: more day-to-day SOC operations, specific scenarios AI and Cybersecurity (34:45) - Joe's thoughts on AI's impact on cybersecurity - Microsoft's Copilot for Security (34:56) - Broader societal implications of AI, including deep fakes and cybercrime Conclusion (39:48) - Final thoughts and encouragement for listeners - Invitation to connect and learn more about the field Resources: - KC7 Cybersecurity Game: https://kc7cyber.com/ - Education and certification programs https://www.mycomputercareer.edu/ - Connect with Larry on LinkedIn https://www.linkedin.com/in/lawrence-lishey-30942020/
Microsoft has recently been criticized for not prioritizing security enough. Following the CSRB's Report on the Storm-0558 attack, Microsoft announced that security is now a top priority, with a commitment to address security issues before new product innovations. In this podcast episode, Andy and Paul Schnackenburg discuss the blog post which analyzes the Secure Future Initiative and its advancements. The conversation brings up the burning question: Was it the Cyber Safety Review Board (CSRB) that catalyzed Microsoft's proactive stance on security? Key takeaways: Microsoft is taking proactive steps to address security vulnerabilities and enhance its security measures following recent incidents. The focus on protecting identities, enforcing multi-factor authentication, and improving network segmentation are crucial for bolstering security. Efforts to align security actions with recommendations from the CSRB demonstrate a commitment to addressing criticisms directly. Timestamps: (06:52) Key Insights from Charlie Bell's Blog Post Addressing Cyber Security Concerns (11:22) Enhancing Security Measures in Response to the CSRB's Report (21:22) Top Security Practices for Protecting Tenants and Production Systems (24:46) Enhancing Cloud Security with Micro Segmentation and Software Supply Chain Protection (30:44) Challenges and Considerations in Cloud Security Logging and Storage (34:37) Enhancing Cloud Security with Microsoft Sentinel and Vulnerability Reporting (37:37) Unveiling Common Vulnerabilities and the Importance of Secure Authentication in Cloud Environments (42:34) Analyzing Microsoft's Response to a Security Incident Episode Resources: The Blog Post from Charlie Bell EP39: Are Passkeys the Future of Authentication? Subcribe to our new YouTube Channel for more
Host(s):John Papa @John_PapaWard Bell @WardBellCraig Shoemaker @craigshoemakerGuest:Anthony Bartolo LinkedInRecording date: April 25, 2024Brought to you byAG GridIdeaBladeResources:Episode 274: What Developers Need To Know About Generative AI | Web RushGitHub Advanced SecurityAbout GitHub Advanced SecurityMicrosoft Copilot for SecurityWhat Developers Need to Know About Generative AIDo Roller Coasters Need CybersecurityAutomated Threat AnalysisMicrosoft Defender for CloudMicrosoft Copilot for SecurityWhat is IoTPhi-3 - redefining what's possible with SLMsDifference between SLM and LLMTimejumps01:04 Introducing Anthony Bartolo06:44 Sponsor: Ag Grid07:51 How should developer think about security and AI?16:57 Are these like linting tools for security?20:27 What's the difference between CoPilot for Security and Microsoft Sentinel?28:22 What's the difference between ChatGPT and GitHub CoPilot?33:46 Sponsor: IdeaBlade34:49 How do I keep my source code safe from AI vulnerability?39:20 Final thoughtsPodcast editing on this episode done by Chris Enns of Lemon Productions.
In this week's episode, we look at recent Azure updates. What's new? What's interesting? What's retiring? We found updates for Azure AI, Microsoft Sentinel, and Azure Advisors, and many others. Also, Jussi asks Tobi an unexpected question.(00:00) - Intro and catching up.(02:48) - Show content starts.Show links- Virtual network flow logs- Azure Classic networking services retirement- New Azure OpenAI and AI Search connectors for Logic Apps- Azure AI Search changes- Windows Server 2025 & Windows Server Insider Program- Get end-to-end protection with Microsoft's unified security operations platform- Use the SIEM migration experience - Microsoft Sentinel- Calculate cost savings in Azure Advisor - Azure Advisor | Microsoft Learn - Give us feedback!
How can Microsoft Copilot for Security help you? While at NDC in Sydney, Richard chatted with George Coldham about Microsoft Copilot for Security - combining GPT-4 with information about Microsoft security products and your organization's resources in Azure to provide guidance and insight into making your company more secure. George talks about how it's early days for this copilot - and it's only in preview so far. Bringing together the vast array of security products that Microsoft makes, Microsoft Copilot for Security brings the ability of Large Language Models to summarize data to help you understand where the organization's security vulnerabilities exist and how to address them. You want to get in on this preview!LinksMicrosoft Copilot for SecurityUnified Security Operations PlatformMicrosoft SentinelMicrosoft Security Portals and Admin CentersMicrosoft Defender for EndpointMicrosoft Defender for CloudMicrosoft EntraMicrosoft PurviewMicrosoft PrivaKusto Query LanguageMicrosoft Defender Threat IntelligenceRecorded February 13, 2024
Guest post by Kieran McCorry, National Technology Officer, Microsoft Ireland In the fast-evolving cyber landscape in Ireland, organisations are susceptible and vulnerable to attack, as highlighted by Microsoft Ireland's 'Cybersecurity Trends in Ireland' report. This exploration of the experiences of c-suite executives operating in Ireland delves into cybersecurity trends, shedding light on prevalent challenges, emerging technologies, and the imperative need for proactive measures. Cybersecurity vulnerabilities persist across Irish industries, exacerbated by the absence of comprehensive defence strategies. While there's a good adoption of cybersecurity training, the true resilience demanded by the evolving threat landscape necessitates ongoing investments in technological solutions. Our report reveals that 46% of respondents have faced cyber incidents in the last three years, with 30% experiencing data breaches. Strikingly, only 14% reported incidents to regulatory bodies. Despite these challenges, 74% of organisations haven't reduced their cybersecurity spend and 57% conduct regular cybersecurity training. However, a significant gap exists in strategic processes with just 44% performing risk assessments and 38% employing a multi-layered defence strategy. The study also points to a potential complacency with 26% of organisations indicating a lack of IT security infrastructure investment planned for the coming year. Artificial Intelligence as a Cybersecurity Enabler While the adoption of Artificial Intelligence (AI) technologies to support defensive strategies is slow - just 14% of executives say they are using AI as part of their cybersecurity strategy, while a further 30% say they are unsure if they are in fact using AI technologies - 'Cybersecurity Trends in Ireland' underscores the rising significance of AI in cybersecurity. AI technologies offer a potent defence against cyber threats by swiftly analysing vast data sets. Notably, the successful use of AI in Ukraine against cyberattacks sets a precedent for the role of innovation in cybersecurity. However, the integration of AI comes with its own set of challenges. Security teams grapple with managing disparate tools and a scarcity of skilled talent. Microsoft's recent strides in unifying incident experiences through Microsoft Sentinel and Microsoft Defender XDR mark a significant leap toward cohesive and efficient cybersecurity strategies. Meanwhile, from 1st of April, Microsoft Copilot for Security will be available in Ireland. The industry's first generative AI solution will help security and IT professionals catch what others miss, move faster, and strengthen team expertise. Copilot is informed by large-scale data and threat intelligence, including more than 78 trillion security signals processed by Microsoft each day, and coupled with Large Language Models to deliver tailored insights and guide next steps. With Copilot, users can protect their environments at the speed and scale of AI and transform their security operations. Regulation and Compliance A concerning revelation from our Cybersecurity Trends in Ireland study is the lack of awareness among Irish executives regarding upcoming legislation; specifically, the Network and Information Security 2 Directive (NIS2). Scheduled for implementation in October 2024, NIS2 will impact 18 sectors and over 180,000 companies across the EU. Despite its potential to strengthen cybersecurity postures, more than 70% of leaders are either unaware or unprepared for compliance. Of those who are aware of NIS2, 20% feel they are currently compliant with the legislation and 20% believe they are not compliant. 60% of all respondents are unsure if they are or not. Positively, 31% of organisations are planning to invest in their strategy to achieve compliance with NIS2 and 29% have a roadmap in place to achieve this. That said, this lack of awareness extends to the majority being unsure about their organisations having investment or a roa...
Summary In this episode, Henrik Wojcik, a Microsoft MVP, joins the hosts to discuss Microsoft Sentinel and provide a deep dive into its deployment and usage. They cover topics such as data residency and compliance considerations, separating operational logs and security logs, connectors for data ingestion, analytics rules and alert fatigue, scheduled queries and user and entity behavior analytics (UEBA), playbooks and automation, workbooks and data visualization, and advanced hunting with KQL queries. Takeaways Consider data residency and compliance requirements when deploying Microsoft Sentinel. Separate operational logs and security logs to optimize cost and focus on relevant data. Use connectors to ingest data from various sources into Microsoft Sentinel. Tune analytics rules to avoid alert fatigue and focus on valuable alerts. Utilize scheduled queries and UEBA to identify suspicious behavior and automate investigations. Leverage playbooks and automation to streamline incident response and reduce manual effort. Create workbooks for data visualization and customize them to display relevant information. Explore advanced hunting with KQL queries to proactively search for threats and investigate incidents. ------------------------------------------- Youtube Video Link: https://youtu.be/n9dDfmX-A9Q ------------------------------------------- Documentation: https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector https://learn.microsoft.com/en-us/azure/sentinel/billing?tabs=simplified%2Ccommitment-tiers#free-data-sources Henrik Wojcik: https://www.linkedin.com/in/henrikfrandswojcik/ https://twitter.com/henrikwojcik ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message
Integrity360, one of the leading pan-European cyber security specialists, has announced the expansion of its portfolio of Microsoft security services as it continues on an international growth trajectory. The company plans to roll out the enhanced suite of services across Ireland, the UK, Bulgaria, Italy, Spain, and the Nordic region. As well as the expansion of services and associated tools and processes, the company has invested in the training and development of over 30 employees. It has also rolled out product and platform development and integration, as well as proprietary threat detection content for the Microsoft ecosystem and threat response playbook production. The enlarged portfolio incorporates professional services for the assessment, design and implementation, and ongoing management of Microsoft security solutions. These will deliver enhanced protection for customers across the areas of threat protection, cloud security, identity and access management, and data security. Integrity360 is rolling out these specialist services amid increasing demand from customers to help optimise their security posture and configurations, maximising the value of the security toolsets available within their Microsoft licensing investments. The services are available across all of the main Microsoft Security product families, including Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, Microsoft Entra, and Microsoft Purview. Due to Microsoft's prominence in the security, productivity, and collaboration spaces, Integrity360 estimates these offerings to be relevant for at least 75% of organisations of all sizes across Europe. Integrity360's professional services team will provide guidance and direction to customers on how to maximise security features of the Microsoft ecosystem across users, systems, and applications. The team will also design and build security infrastructure in line with best practices, benefiting from existing Microsoft environments and investments to maximise the return for customers. As well as enhanced access to resources to help optimise the use and value of Microsoft products, organisations will benefit from enhanced protection against cyber security risks such as ransomware, data theft, insider risk, and zero-day attacks. Integrity360 is also expanding its suite of Microsoft managed services with a comprehensive managed extended detection and response (XDR) offering. This new solution aims to boost organisations' cyber security postures in the face of continually evolving threats and relieve the pressure on in-house security teams with proactive 24/7 monitoring, enhanced detection, and rapid containment of threats. Underpinning these new services, Integrity360 has attained designations within the Microsoft AI Cloud Partner Programme. The company has been named a Solutions Partner for Security which validates Integrity360's specialist capabilities in using the Microsoft security portfolio to secure organisations' environments including Microsoft 365, multi-operating-system endpoints, multi-cloud environments, and third-party infrastructure. It has also been named as a Solutions Partner for Modern Work which recognises its expertise across Microsoft 365 applications such as Outlook, Teams, SharePoint, and OneDrive, essential for understanding how to secure such environments. Integrity360 has expanded its offering to include services across the full Microsoft security portfolio, and with the increased scope of its new Managed XDR service powered by Microsoft SIEM+XDR, it has further advanced its specialisation particularly in the area of Threat Protection. Brian Martin, Director of Product Management, Integrity360, said: "Integrity360 is delighted to expand our comprehensive suite of services across Microsoft's security portfolio. We are excited to bring our Microsoft security specialisation and cyber security specialist expertise to our customers. Furthermore, our new partner designation...
Use GPT-powered natural language to investigate and respond to security incidents, threats and vulnerabilities with Microsoft Security Copilot, a new security AI assistant. Skilled with Microsoft's vast cybersecurity expertise, it helps you perform common security-related tasks quickly using generative AI. This includes embedded experiences within Microsoft Defender XDR, Microsoft Intune for endpoint management, Microsoft Entra for identity and access management, and Microsoft Purview for data security. Security Copilot as an enterprise-grade natural language interface to your organization's security data. Ryan Munsch, from the Security Copilot team, joins host Jeremy Chapman to share how Security Copilot is like an enterprise-grade natural language interface to your organization's security data. ► QUICK LINKS: 00:00 - Investigate and respond to security incidents 01:24 - Works with the signal in your environment 02:26 - Prompt experience 03:06 - Off-the-shelf LLM vs. Security Copilot05:43 - LoRA fine-tuning07:06 - Security analyst use case10:07 - Generate a hunting query using Microsoft Sentinel 11:34 - Threat intelligence14:20 - Embedded Copilot experiences15:42 - Wrap up ► Link References Join our early access program at https://aka.ms/SecurityCopilot ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Manage SIEM, XDR, and threat intelligence from one place with new updates in the Microsoft Defender portal. Interact with all of your security data using generative AI with Security Copilot. View incidents across your digital estate—whether they're related to endpoints, SaaS services, your network in the cloud or on prem. This unified approach eliminates the inefficiency of SOC teams having to switch between multiple systems and manually piece together incident details, while maintaining all the current functionalities of each connected service. Rob Lefferts joins Jeremy Chapman to discuss how the Defender experience has evolved into a unified security operations platform that combines threat detection, prevention, investigation, and response. ► QUICK LINKS: 00:00 - How Microsoft Defender has evolved 01:47 - Increase your SOC's efficiency and speed 02:30 - GPT-based Security Copilot 03:54 - See an active incident 05:45 - Attack disruption 06:48 - High-level recap with Security Copilot 07:39 - Unified advanced hunting 08:51 - Set it up 09:32 - Wrap up ► Link References For more information, and to join our private preview go to https://aka.ms/SOCPlatform ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Fan favorite, Senior Product Manager for Sentinel, and avid live audience member, Gary Bushey, returns to the show to talk about a new tool he's developed to provide a way to document a Microsoft Sentinel environment. Oh…and with Brodie, Andrea, and Rod on the lam, who will host this week? Thank heavens for Beth Bischoff! Show Notes/Links: Gary's blog: https://garybushey.com/ Create a Word document that describes your Microsoft Sentinel environment Book on programming Microsoft Sentinel Catch the live replay…
Stop by this episode to see and hear what Angelica Faber, Security Architect at Microsoft, has been working on. Angelica has produced some great content and guidance using Azure OpenAI with Microsoft Sentinel to provide better efficiency and deeper knowledge for Security Operations teams. Show Notes/Links: Angelica's blog: https://myfabersecurity.com/ Angelica on LinkedIn: https://www.linkedin.com/in/angelica-faber/ Rubrick: https://www.rubrik.com/ Microsoft Envision The Tour: https://envision.microsoft.com/ Microsoft Sentinel Triage AssistanT (STAT): https://github.com/briandelmsft/SentinelAutomationModules This is a demo-heavy episode. Catch the full experience with the live show video replay…
In Episode 349, Ben and Scott talk through considerations for working with Azure Policy to enable diagnostic settings at scale. Along the way they also talk about helpful tools that are available that can help you get your environment configured the way you need even quicker. Like what you hear and want to support the show? Check out our membership options. Show Notes Create diagnostic settings at scale using Azure Policies and Initiatives Microsoft Sentinel content hub catalog Create-AzDiagPolicy Documentation for Azure Policy scripts Microsoft.PolicyInsights RBAC Remediate non-compliant resources with Azure Policy Manage access to Log Analytics workspaces Microsoft Sentinel workspace architecture best practices Azure Resource Graph sample queries for Azure Policy Azure Governance Visualizer aka AzGovViz Community Policy Repo About the sponsors Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.
Welcome back Chris Stelzer! Chris was on the show recently but is back to show us how he's architected ChatGPT into SOC operations with Microsoft Sentinel. Now that ChatGPT has been updated with many new features - including functions - don't miss this live! Lots of demos. Show Notes/Links: WSUS News: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/importing-updates-into-wsus-is-changing/ba-p/3882937 Microsoft Security Insights Show Episode 136 - Chris Stelzer, Senior TS at Microsoft: https://microsoftsecurityinsights.com/microsoft-security-insights-show-episode-136-chris-stelzer-senior-ts-at-microsoft Episode 127: Microsoft Sentinel StaT with Mike Palitto and Andrea Fisher https://microsoftsecurityinsights.com/episode-127-microsoft-sentinel-stat-with-mike-palitto-and-andrea-fisher Chris' Postman page: https://www.postman.com/scstelz There's LOTS of demos this episode, so make sure to catch the live show video replay… Live show video replay: https://www.youtube.com/live/_JHXnkKcfq4?feature=share Want to watch the live show? You can always go back and watch this episode and others on our YouTube channel. Subscribe today!
In Episode 337, Ben and Scott through recommendations for securing your Office 365 tenants and admin accounts. They also address a listener question on how you can address the disparities in logging and metrics collections when you're using multiple SaaS products. Like what you hear and want to support the show? Check out our membership options. Show Notes CollabCon Conference 2023 Manage emergency access accounts in Azure AD Securing privileged access for hybrid and cloud deployments in Azure AD Conditional Access authentication strength is now Generally Available! Learn about data loss prevention Microsoft Sentinel data connectors Hybrid Cloud with AWS Video https://youtu.be/TMKm9lcaQE0 About the sponsors Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.
Cortana's Windows death, 3 months with no Xbox, thoughts on WWDC23 Developer Story As the developer conference season winds down with WWDC, a look at how Apple, Google, and Microsoft are both similar to and different from each other Hololens flashbacks anyone? Windows She's dead, Jim: Microsoft kills Cortana in Windows 10, 11 - this is all about marketing Teams for Windows (consumer) gets new features that no one will notice either Windows Insider Preview: Microsoft Paint gets Dark mode support (FINALLY) and more in Canary and Dev Canary: New build brings SMB signing requirement (Enterprise ed only), camera app troubleshooting (plus new build today) Dev (new): redesigned Home view for File Explorer, modernized address bar and search box, Dynamic Lighting settings Dev: File Explorer tabs and gallery view improvements, Add Phone Photos button for setting up OneDrive camera roll Beta: WPA3 support in Phone Link, fixes Microsoft Edge arrives with Workspaces (but not the new UI) Brave finally gets vertical tabs One week after HP, Dell posts 20 percent revenue fall Xbox Well, Paul finally did it: 3 months without Xbox WD Xbox Series X|S expansion cards start at just $80 Minecraft comes to chromebooks Microsoft was fined $20 million by the FTC for collecting kids' data (Amazon was fined $25 million) Report explains why Redfall failed. (It sucks) Apple brings Windows games to macOS using Wine-based toolkit Amazon kills Luna app on Windows and Mac, focuses on web. Are we facing a Stadia moment now? Tips & Picks Tip of the week: Passkeys come to Google Workspace accounts too Tip of the week #2: Get the updated Windows 11 22H2 ISO RunAs Radio this week: Microsoft Sentinel with Sarah Young Brown liquor pick of the week: Glenmorangie Quinta Ruban 14 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: AWS Insiders - WW meraki.cisco.com/twit Melissa.com/twit
Cortana's Windows death, 3 months with no Xbox, thoughts on WWDC23 Developer Story As the developer conference season winds down with WWDC, a look at how Apple, Google, and Microsoft are both similar to and different from each other Hololens flashbacks anyone? Windows She's dead, Jim: Microsoft kills Cortana in Windows 10, 11 - this is all about marketing Teams for Windows (consumer) gets new features that no one will notice either Windows Insider Preview: Microsoft Paint gets Dark mode support (FINALLY) and more in Canary and Dev Canary: New build brings SMB signing requirement (Enterprise ed only), camera app troubleshooting (plus new build today) Dev (new): redesigned Home view for File Explorer, modernized address bar and search box, Dynamic Lighting settings Dev: File Explorer tabs and gallery view improvements, Add Phone Photos button for setting up OneDrive camera roll Beta: WPA3 support in Phone Link, fixes Microsoft Edge arrives with Workspaces (but not the new UI) Brave finally gets vertical tabs One week after HP, Dell posts 20 percent revenue fall Xbox Well, Paul finally did it: 3 months without Xbox WD Xbox Series X|S expansion cards start at just $80 Minecraft comes to chromebooks Microsoft was fined $20 million by the FTC for collecting kids' data (Amazon was fined $25 million) Report explains why Redfall failed. (It sucks) Apple brings Windows games to macOS using Wine-based toolkit Amazon kills Luna app on Windows and Mac, focuses on web. Are we facing a Stadia moment now? Tips & Picks Tip of the week: Passkeys come to Google Workspace accounts too Tip of the week #2: Get the updated Windows 11 22H2 ISO RunAs Radio this week: Microsoft Sentinel with Sarah Young Brown liquor pick of the week: Glenmorangie Quinta Ruban 14 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: AWS Insiders - WW meraki.cisco.com/twit Melissa.com/twit
Cortana's Windows death, 3 months with no Xbox, thoughts on WWDC23 Developer Story As the developer conference season winds down with WWDC, a look at how Apple, Google, and Microsoft are both similar to and different from each other Hololens flashbacks anyone? Windows She's dead, Jim: Microsoft kills Cortana in Windows 10, 11 - this is all about marketing Teams for Windows (consumer) gets new features that no one will notice either Windows Insider Preview: Microsoft Paint gets Dark mode support (FINALLY) and more in Canary and Dev Canary: New build brings SMB signing requirement (Enterprise ed only), camera app troubleshooting (plus new build today) Dev (new): redesigned Home view for File Explorer, modernized address bar and search box, Dynamic Lighting settings Dev: File Explorer tabs and gallery view improvements, Add Phone Photos button for setting up OneDrive camera roll Beta: WPA3 support in Phone Link, fixes Microsoft Edge arrives with Workspaces (but not the new UI) Brave finally gets vertical tabs One week after HP, Dell posts 20 percent revenue fall Xbox Well, Paul finally did it: 3 months without Xbox WD Xbox Series X|S expansion cards start at just $80 Minecraft comes to chromebooks Microsoft was fined $20 million by the FTC for collecting kids' data (Amazon was fined $25 million) Report explains why Redfall failed. (It sucks) Apple brings Windows games to macOS using Wine-based toolkit Amazon kills Luna app on Windows and Mac, focuses on web. Are we facing a Stadia moment now? Tips & Picks Tip of the week: Passkeys come to Google Workspace accounts too Tip of the week #2: Get the updated Windows 11 22H2 ISO RunAs Radio this week: Microsoft Sentinel with Sarah Young Brown liquor pick of the week: Glenmorangie Quinta Ruban 14 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: AWS Insiders - WW meraki.cisco.com/twit Melissa.com/twit
Cortana's Windows death, 3 months with no Xbox, thoughts on WWDC23 Developer Story As the developer conference season winds down with WWDC, a look at how Apple, Google, and Microsoft are both similar to and different from each other Hololens flashbacks anyone? Windows She's dead, Jim: Microsoft kills Cortana in Windows 10, 11 - this is all about marketing Teams for Windows (consumer) gets new features that no one will notice either Windows Insider Preview: Microsoft Paint gets Dark mode support (FINALLY) and more in Canary and Dev Canary: New build brings SMB signing requirement (Enterprise ed only), camera app troubleshooting (plus new build today) Dev (new): redesigned Home view for File Explorer, modernized address bar and search box, Dynamic Lighting settings Dev: File Explorer tabs and gallery view improvements, Add Phone Photos button for setting up OneDrive camera roll Beta: WPA3 support in Phone Link, fixes Microsoft Edge arrives with Workspaces (but not the new UI) Brave finally gets vertical tabs One week after HP, Dell posts 20 percent revenue fall Xbox Well, Paul finally did it: 3 months without Xbox WD Xbox Series X|S expansion cards start at just $80 Minecraft comes to chromebooks Microsoft was fined $20 million by the FTC for collecting kids' data (Amazon was fined $25 million) Report explains why Redfall failed. (It sucks) Apple brings Windows games to macOS using Wine-based toolkit Amazon kills Luna app on Windows and Mac, focuses on web. Are we facing a Stadia moment now? Tips & Picks Tip of the week: Passkeys come to Google Workspace accounts too Tip of the week #2: Get the updated Windows 11 22H2 ISO RunAs Radio this week: Microsoft Sentinel with Sarah Young Brown liquor pick of the week: Glenmorangie Quinta Ruban 14 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: AWS Insiders - WW meraki.cisco.com/twit Melissa.com/twit
Are you using Microsoft Sentinel? Richard talks to Cloud Security Advocate Sarah Young about Sentinel, Microsoft's Security Information and Event Management (SIEM) solution. Sarah talks about the role of the SIEM in creating a common place for all security-related data to arrive. She mentions some of the many tools in the Microsoft suite to feed into Sentinel - Defender for Endpoints, Identity, and Cloud as examples. Specialized analysis tools send summaries to Sentinel, but Sentinel can also process raw logs as well - make sure you need the data because billing for Sentinel is connected to the number of ingress sources. There's a lot to learn, but also a lot of great documentation and information to work from. Check the show notes for links!Links:Microsoft SentinelArcSightDefender Security AlertsDefender for EndpointDefender for IdentityMicrosoft Digital Defense Report 2022Defender for CloudWhat is CSPM?Security Baselines BlogMicrosoft Security CopilotRecorded April 6, 2023
Cortana's Windows death, 3 months with no Xbox, thoughts on WWDC23 Developer Story As the developer conference season winds down with WWDC, a look at how Apple, Google, and Microsoft are both similar to and different from each other Hololens flashbacks anyone? Windows She's dead, Jim: Microsoft kills Cortana in Windows 10, 11 - this is all about marketing Teams for Windows (consumer) gets new features that no one will notice either Windows Insider Preview: Microsoft Paint gets Dark mode support (FINALLY) and more in Canary and Dev Canary: New build brings SMB signing requirement (Enterprise ed only), camera app troubleshooting (plus new build today) Dev (new): redesigned Home view for File Explorer, modernized address bar and search box, Dynamic Lighting settings Dev: File Explorer tabs and gallery view improvements, Add Phone Photos button for setting up OneDrive camera roll Beta: WPA3 support in Phone Link, fixes Microsoft Edge arrives with Workspaces (but not the new UI) Brave finally gets vertical tabs One week after HP, Dell posts 20 percent revenue fall Xbox Well, Paul finally did it: 3 months without Xbox WD Xbox Series X|S expansion cards start at just $80 Minecraft comes to chromebooks Microsoft was fined $20 million by the FTC for collecting kids' data (Amazon was fined $25 million) Report explains why Redfall failed. (It sucks) Apple brings Windows games to macOS using Wine-based toolkit Amazon kills Luna app on Windows and Mac, focuses on web. Are we facing a Stadia moment now? Tips & Picks Tip of the week: Passkeys come to Google Workspace accounts too Tip of the week #2: Get the updated Windows 11 22H2 ISO RunAs Radio this week: Microsoft Sentinel with Sarah Young Brown liquor pick of the week: Glenmorangie Quinta Ruban 14 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: AWS Insiders - WW meraki.cisco.com/twit Melissa.com/twit
© 2020-2025 Ivy Podcast Discovery LLC
