Azure Information Protection Scenarios

Just a quick follow up on my post about the demo video series from the Enterprise Mobility + Security Team, the following demos are going to cover the Information Protection space. The first one below shows how automatic classification of documents based on the data classification policies an organization is triggered: The next one shows a…


Respond to advanced threats with Azure Active Directory identity protection

The EMS + Security Team released a new series of demo videos with different common scenarios that EMS + Security can assist you to protect your organization’s assets. This one uses risk based conditional access helps admins and end users to ensure that their identities are not compromised. This is very important as advanced threats target user credentials a…


Leveraging Microsoft Enterprise Mobility + Security (EMS) to Protect against Cyberattacks

I’ve been working with EMS since 2013 (when it was not really EMS – but the idea of People Centric IT), when I first delivered a presentation at Microsoft CSO Council – Fall 2013. We came along way to build a very solid platform, which includes using the Microsoft Threat Intelligence platform to identify cyberattacks,…


New Azure Security Paper Series

Today we are releasing a series of new articles about Azure Security, which includes the following articles: • Azure Operational Security • Azure Advanced Threat Detection • Azure Logging and Auditing • Introduction to Azure Security • Isolation in the Azure Public Cloud We hope you enjoy and make sure to leave your feedback in the…


New Alerts in Azure Security Center

As new attacks are discovered and validated, new security alerts will be created in Azure Security Center. This is an ongoing process, which is part of the “Detection Factory”, explained below: Yesterday we updated the Security alerts by type in Azure Security Center article to include the following new virtual machine behavioral analysis type of alerts:…


Security Incident in Azure Security Center

Azure Security Center has the capability to aggregate security alerts that are correlated in one single bucket called Security Incident. The intent is to enable the incident response team to understand the attacks that occurred as part of the same campaign. In the video below, I’m going to show you how to use Security Incident and some benefits…


New Enterprise Mobility + Security Solutions at DOCS

This week our team (CSI Enterprise Mobility + Security ) in partnership with EMS Product Team, released a series of solutions. Each solution may use one or more Enterprise Mobility + Security product. The solutions are organized in four pillars, located in the left navigation at DOCs, as shown below: As of today, the following solutions were released:…


Crash Dump Analysis in Azure Security Center

For five years I worked at Microsoft CSS Security as Support Escalation Engineer, back in the ISA/TMG days and part of my job during that time was to analyze memory dump files (here an old example of those ISA days – good times). There were many scenarios where analyzing a dump file was the only way to understand the…


New Articles about Azure Security Center

Hello Security community! Quick update here just to bring awareness about some new articles (and some updates) that we had recently at Azure Security Center: Provide security contact details in Azure Security Center Add a web application firewall in Azure Security Center Update OS version in Azure Security Center Enable Network Security Groups in Azure…