Auditing Changes in Azure Security Center Configuration

Azure Security Center uses Role-Based Access Control (RBAC), which provides built-in roles that can be assigned to users, groups, and services in Azure. When planning to adopt Security Center, make sure to read the Permissions in Azure Security Center article for more information about the key roles and the actions that these roles can perform….


Holistic Approach to Enhance your Security Posture

This month the ISSA Journal released my article, which is called Holistic Approach to Enhance your Security Posture. In this article I cover some important capabilities that must be in place to enhance the overall security posture of your organization. This is a vendor neutral approach, that will give you the general considerations and rationale behind…


Failed to connect to mdsd error in a Linux machine monitored by Azure Security Center

Some customers are already monitoring Linux machines using Security Center for a quiet sometime, many of them just want to visualize security recommendations for Linux platform. Some Linux machines monitored by Security Center, may experience the error described in the title of this blog post, this error appears in the log as shown below: XXXX…


Unable to start Azure ATP Service

Take in consideration a scenario where you deployed Azure ATP, and after the service has worked for some time, one day the service Azure Advanced Threat Protection Sensor keeps on Starting, and after some time it quits (doesn’t show any status), it comes back to Starting, and keeps on this loop. If you go to…


Exploring Microsoft Antimalware Alert in Azure Security Center

Azure Security Center leverages Microsoft Antimalware engine to trigger antimalware related alerts such as the one shown below: While this alert brings awareness about the current threat status, which in this case it was remediated, sometimes you want to know more information about the threat itself (threat name, process, etc). You can use the Search…


Using Azure Monitor to send an Email Notification for Azure Security Center Alerts

Azure Security Center allows you to provide a security contact that will receive email notifications for Security Alerts, keep in mind that these notification will be sent only on the first daily occurrence of a high severity alert. You can read Provide security contact details in Azure Security Center for more information on how to…


Recap of Microsoft Inspire + Ready

Last week I had the opportunity to attend Microsoft Inspire and Ready in Las Vegas. It was great to meet Microsoft Partners at the Azure Security booth, where I was primarily demoing Azure Security Center. Below the top five questions that I received: 1) Where my customer can learn more about Azure Security Center and…


Azure Essentials

What if you had a place where you could quickly learn more about Azure Security, track your learning progress and master the skills you need for your role? Well, now you have this place, is called Azure Essentials (https://www.microsoft.com/en-us/azureessentials). The reason I said Azure Security, is because you can filter the topic for security and…


New Azure Security Center Dashboard

Today we released the new Azure Security Center dashboard, and in the video below I present a quick overview of what’s new in this dashboard: For more information about the new dashboard, read the articles below: For the Overview dashboard, read What is Azure Security Center? For the Identity & Access dashboard, read Monitor identity and access…


File Integrity Monitoring in Azure Security Center

Following the previous posts about new Azure Security Center capabilities that we released at RSA Conference, this one is about File Integrity Monitoring (FIM), which is available in public preview. This capability helps to protect the integrity of your system and applications as Security Center will be continuously monitoring the behavior of your registry and configuration…