Hardening Entra ID

This is an update to a previous article I wrote on hardening Azure Active Directory. The idea of this update is to provide a table of default settings that I would change in any Entra ID-tenant I manage.

Posted on October 18, 2024

The layout for this article will be quite straightforward. I will create a table for each setting-menu and list the settings I would change. I will also provide a short explanation for why I would change the setting, as well as what the setting is by default. [Read More]
Tags: Microsoft Sentinel, Entra ID, Hardening, Logging, App registration, Enterprise applications, Consent

Security Monitoring - Threat Modeling and Data Sources

One of the most misunderstood aspects of security monitoring is determining what data sources to use for what purpose. In this post, we will go through the process of determining what data sources to use for what purpose, where to prioritize developing use cases and how to plan for the future.

Posted on August 25, 2024

The idea that ingesting all the data and enabling all the use cases is the best approach to security monitoring is something we have explored time and time again here on this blog. So I thought, instead of just ranting about it, let’s show you how I would go about... [Read More]
Tags: Security Monitoring, Log Management, SIEM, Use Cases, Microsoft Sentinel

5 Years On - The Microsoft Sentinel Experience

Around 5 years ago, Microsoft announced the general availability of Azure Sentinel. This post aims to assess how far we along we have come - the good, the bad and the ugly.

Posted on July 9, 2024

To briefly prepare you for what you are about to read and the context in which it is written; I work for an MSSP and have been working primarily with Microsoft Sentinel and the Microsoft stack since the release of Sentinel. Some of the things I will talk about and... [Read More]
Tags: Cyber Security, Security Monitoring, Microsoft Sentinel, Microsoft Security