Microsoft SIEM and XDR Weekly Wrap - Issue #30
Storm driven
Things from Me
Happy Friday everyone!
It’s been a crazy weather week here in Southwest Ohio. My family and I have spent a couple late nights in our basements watching the local news and hoping the power stays on. We’ve survived so far from the Sunday and Wednesday night rounds of storms, but it’s that time of year where we’re pounded by the weather due to warm temperatures wrestling with cold temperatures for dominance.
As an example of close calls, on Sunday a huge church steeple was toppled over due to high winds.
…
But anyway…welcome to this week's newsletter! There’s an exciting lineup of topics and events that you won't want to miss. Here’s a quick summary of what you’ll find inside and not want to miss:
Learn Live: Security for AI w/ Microsoft Purview & Defender for Cloud | Microsoft Reactor
Explore how to secure AI by attending our Learn Live Series
Because Two Isn't Enough: The Dawn of 3FA and Beyond!
Part 3 - Inside the Attacker's Toolkit: Advanced Phishing Frameworks and Infrastructure
Best Practices for Using Microsoft Intune to Manage Device Security
…
Some of you may remember my life before Microsoft where I invented and ran a very popular IT Pro systems management community called, myITforum. For those that don’t know, myITforum was the largest 3rd party Microsoft focused community for years, running from 1999 to around 2016.
I think we might all agree that the world has gone somewhat crazy, and that people have forgotten how to community. So, after a brief hiatus, myITforum is back!
I’m taking a bit of a different tact this time, though. In addition to sharing and teaching this generation how to properly do community and providing technical content for IT Pros, I’m developing a revenue sharing model for authors.
If this is something that interests you, you can subscribe at the following link to stay informed of next steps:
…
Speaking of community…
I’ve yet to mention here, but I have accepted a new role at Microsoft. I’m excited to get started in the new role. I’m moving to a Senior Product Manager job where I’ll still be focused on all things security and AI, but dedicated to our NDA communities, i.e., Customer Connection Program (CCP), MVPs, and partners. I’m really excited about this and will have bigger details in the coming months.
…
That’s it from me for this week. Talk soon.
-Rod
Things to Attend
Learn Live: Security for AI w/ Microsoft Purview & Defender for Cloud | Microsoft Reactor - As organizations use and develop AI applications, they need to address new and amplified security risks Protect sensitive data in AI with auto-classification, encryption, and risk-adaptive controls. Prepare your environment for secure AI adoption to safeguard your data and identify threats to your AI. During this series, you will learn how Microsoft Purview and Microsoft Defender for Cloud work to secure and govern your generative AI.
Explore how to secure AI by attending our Learn Live Series - As organizations develop, use, and increasingly rely on AI applications, they must address new and amplified security risks. Are you prepared to secure your environment for AI adoption? How about identifying threats to your AI and safeguarding data? Register to attend one or all our Learn Live sessions.
Things that are Related
Because Two Isn't Enough: The Dawn of 3FA and Beyond! - Ah, April Fool’s Day. A time for pranks, laughter, and completely outlandish ideas. But here’s the thing—what if those ideas weren’t so outlandish after all? Today, we’re tackling the latest (and possibly fake) revolution in online security: the rise of 3-factor and 4-factor authentication. Because, let’s face it, two-factor authentication (2FA) is sooo last decade.
Part 3 - Inside the Attacker's Toolkit: Advanced Phishing Frameworks and Infrastructure - In this third installment of our series, we'll take a technical deep dive into the sophisticated tools threat actors use to execute phishing attacks, with particular focus on frameworks that can bypass traditional MFA solutions. This knowledge is crucial for understanding why certain defensive measures succeed while others fail against today's advanced threats.
Best Practices for Using Microsoft Intune to Manage Device Security - Managing device security is critical to safeguarding organizational data and ensuring compliance with regulations. Microsoft Intune is a powerful tool that helps organizations streamline device management while enhancing security across endpoints. By adopting best practices, organizations can maximize the potential of Intune and ensure their devices remain protected against threats.
Things to Watch/Listen To
Microsoft Sentinel Things
Alert: ThreatIntelligenceIndicator Table Retirement - If you’re currently using the ThreatIntelligenceIndicator table to provide data intelligence to your Sentinel Analytics Rules or in Workbooks (and other things), you have just a couple months to make some changes.
Introducing Intel Management in Microsoft Sentinel - Another week, another name change in Microsoft Sentinel. The former Threat Intelligence page has been renamed to Intel Management. This seems to be more than just a name change but a shift in a focused effort to streamline and enhance cyber threat intelligence (CTI) workflows.
Watching The Dns Watcher: Pihole Logs In Sentinel - In this blog, we’re going full nerd 🤓: spinning up Pi-hole on a Raspberry Pi from scratch, tricking it out with a real-time ad detection display 📺✨, and then pushing that juicy network telemetry up to Microsoft Sentinel like it’s a Fortune 500 SOC. It’s home lab meets enterprise security — and it’s glorious. 🏡🔐🚀
Integrating Radware WAF Logs with Microsoft Sentinel Using Logic Apps - If you're using Radware Web Application Firewall (WAF) within your organization for security monitoring, integrating it with Microsoft Sentinel provides enhanced visibility and analytics. While Radware does not have a built-in connector for Microsoft Sentinel, we can leverage Azure Logic Apps to ingest logs via API calls, process the data, and send it to Microsoft Sentinel. This guide walks you through the steps required to integrate Radware WAF logs with Microsoft Sentinel using Logic Apps.
Case Management is now Generally Available - We are excited to announce the general availability of our new Case Management service. This represents our first step in providing a unified, security-focused case management system for Security Operations (SecOps) teams. Customers are actively using case management for threat hunting, detection tuning, and managing multiple incidents. And so can you!
Automated incident triage with Security Copilot and Microsoft Sentinel/ Defender XDR - With the use of Security Copilot, it is possible to enrich and triage alerts automatically using GenAI data. Microsoft recently developed new SOC automation playbooks to accelerate AI-automated triage based on Security Copilot and Microsoft Sentinel.
Revolutionizing Threat Intelligence In Microsoft Sentinel: Transitioning To Enhanced Modeling And Advanced Threat Hunting - Cybersecurity is an ever-evolving field, and staying ahead of potential threats requires constant innovation. Microsoft Sentinel continues to lead the way with its advanced threat intelligence capabilities.
Sentinel+AMA: Log duplication by DCRs - In this post I'll discuss SecurityEvent, some bad {UI or assumptions}, and an approach to fix it.
Defender for Cloud Things
The Future of CIEM in Microsoft Defender for Cloud - Today, Microsoft announced the planned retirement of Microsoft Entra Permissions Management, targeted for October 1, 2025. As we navigate this transition, we want to reassure customers of our ongoing commitment to deliver Cloud Infrastructure Entitlement Management (CIEM) capabilities within Microsoft Defender for Cloud. Our investment in CIEM remains a strategic priority and an integral component of our comprehensive Cloud-Native Application Protection Platform (CNAPP).
Defender XDR Things
Deploy Microsoft Defender XDR today and start protecting your entire digital estate - The urgency to secure assets is real, but sometimes the struggle is too. Learn how FastTrack for Microsoft 365 can help you streamline setup of Microsoft Defender.
Microsoft Entra Things
NEW Microsoft Entra ID Governance deployment guide is now available - You can now streamline identity governance and strengthen security with this revamped Microsoft Entra ID Governance Deployment Guide. The guide aligns every phase of the identity lifecycle—onboarding, role transitions, offboarding—to ensure the right people get the right access at the right time.
Important change announcement: Microsoft Entra Permissions Management end of sale and retirement - We have an important update related to Microsoft Entra Permissions Management, which will require immediate action from the customers who are currently using this product. Thank you for your ongoing partnership, and for reviewing and taking the needed actions.