Earlier today, Microsoft released DevBox into Public Preview (which is a feature that was announced at Microsoft build earlier this summer. Microsoft DevBox can be seen as an alternative to Windows 365 and Azure Virtual Desktop but is aimed at Developers, as it is still about providing developers with a VDI desktop in Azure running …
About a week ago, Microsoft released a new product called Microsoft Defender EASM which is based upon an earlier product from RiskIQ and is now a part of Microsoft Azure. You can look at this as a Shodan-light alternative where you can see your organization from an outside view—looking at what kind of external services …
Getting started with Microsoft Defender EASM (External Attack Surface Management) Read More »
A long time ago I wrote a blog post around Microsoft RDS vs Citrix XenDesktop at the time where I looked at the overall functionality and end-user experience, which you can read about here https://msandbu.org/so-why-choose-citrix-over-microsoft-rds-2/ (and now fast forward to 2022 not much of that is that much relevant anymore.) A Couple of weeks ago I saw …
Citrix (CVAD) vs Azure Virtual Desktop – Part One Read More »
With the recent announcement of a new partnership between Microsoft and Oracle for Oracle database services, I wanted to look further into setting up log collection from Oracle Cloud to Microsoft Sentinel. When I started digging there wasn’t much information available (except some minor blog posts from the Oracle side, but I wanted to use …
Streaming of audit logs from Oracle Cloud to Microsoft Sentinel Read More »
In the Summer of 2021, Microsoft announced that they stopped one of the largest DDoS attacks ever recorded (Microsoft says it mitigated one of the largest DDoS attacks ever recorded – The Verge) saying they were able to mitigate a 2.4Tbps Distributed Denial-of-Service (DDoS) attack in August. This attack was a UDP-based reflection attack, which was …
I was currently in a project where we needed to have a multi-tenant Microsoft Sentinel environment. We had multiple Sentinel / Log Analytics workspaces where we needed to do cross queries to look at the datasets which is typically the case with MSSP environments. When it comes to using Microsoft Sentinel as a multi-tenant solution such as …
Cross Analytics queries with a multitenant Azure Sentinel setup Read More »
Yesterday, many Norwegian websites were targeted in a DDoS attack by an activist group called Killnet as you can read more about here –> Norway hit with cyberattack, temporarily suspending service (yahoo.com) Killnet does primarily DDoS attacks using either flooding with POST or GET operations on layer 7 or TCP SYN flood attacks on layer 4. …
Microsoft Sentinel – Kusto queries for Killnet and geo lookup Read More »
One of the sessions that I had the Nordic Infrastructure Conference was about how to provide secure access for users in 2022, which I also wanted to go into more depth here to showcase what kind of options we have and how some of the different vendors provide this capability. It is important to note …
Consider the following, you are building a new set of services that is using the Public Cloud and the service consists of different resources such as virtual machines, PaaS services, and container-based workloads. You want to leverage PaaS services to minimize operational overhead and be able to gain from the evolution of the PaaS services …
One of the things I do miss from the old days with System Center Operations Manager, was the ability to create distributed applications. Which allowed us to drag components together that was monitored as a service. This could be components like Hardware Network components Windows Servers TCP Probes or HTTP probes Which then was grouped …
Distributed applications monitoring with Serverless360 Read More »
