Azure Security Center – June Updates

I would like to share with you some updates that we had during this month in the Azure Security Center documentation, which directly reflect some changes in this service. The main changes are: Platform Migration: Beginning in early June 2017, Azure Security Center rolls out important changes to the way security data is collected and stored. These…


Respond to advanced threats with Azure Active Directory identity protection

The EMS + Security Team released a new series of demo videos with different common scenarios that EMS + Security can assist you to protect your organization’s assets. This one uses risk based conditional access helps admins and end users to ensure that their identities are not compromised. This is very important as advanced threats target user credentials a…


Azure Security Center UI Update

If you are using Azure Security Center you probably noticed that yesterday the main dashboard was different, that’s right, it was updated. You can watch this short video below that I recorded with an explanation about these changes: We also updated our articles that were impacted by this UI change, such as the Security health monitoring…


New Azure Security Paper Series

Today we are releasing a series of new articles about Azure Security, which includes the following articles: • Azure Operational Security • Azure Advanced Threat Detection • Azure Logging and Auditing • Introduction to Azure Security • Isolation in the Azure Public Cloud We hope you enjoy and make sure to leave your feedback in the…


New Alerts in Azure Security Center

As new attacks are discovered and validated, new security alerts will be created in Azure Security Center. This is an ongoing process, which is part of the “Detection Factory”, explained below: Yesterday we updated the Security alerts by type in Azure Security Center article to include the following new virtual machine behavioral analysis type of alerts:…


Security Incident in Azure Security Center

Azure Security Center has the capability to aggregate security alerts that are correlated in one single bucket called Security Incident. The intent is to enable the incident response team to understand the attacks that occurred as part of the same campaign. In the video below, I’m going to show you how to use Security Incident and some benefits…


Book Signing Session at Ignite

I’m pleased to announce that my great friend Tom Shinder and I are going to be at Ignite next month in Atlanta, we are working with OMS Security Product Team to deliver a very cool OMS Security presentation (to be announced soon). Also, in partnership with Microsoft Press, we will have a book signing session (date and time…


Crash Dump Analysis in Azure Security Center

For five years I worked at Microsoft CSS Security as Support Escalation Engineer, back in the ISA/TMG days and part of my job during that time was to analyze memory dump files (here an old example of those ISA days – good times). There were many scenarios where analyzing a dump file was the only way to understand the…


Azure Security Center – from planning to operations in 10 steps

In a recent conversation with a customer, I received a question regarding Azure Security Center and the best way to adopt and leverage this service for daily operations. The answer for that can be found at Azure Security Center documentation page, but I decided to put together the top 10 questions (in order) that can…