SlideShare ist ein Scribd-Unternehmen logo

Protect Office 365 with Azure Sentinel

Als PPTX, PDF herunterladen
Nanddeep Nachan
Nanddeep Nachan

Protect Office 365 with Azure Sentinel

Technologie
1 von 27
11 May, 2021 Protect Office 365 with Azure Sentinel Nanddeep Nachan @NanddeepNachan Smita Nachan @SmitaNachan
AGENDA  Challenges with Microsoft 365 environment monitoring  Monitor Office 365 Logs from Azure Sentinel  Threat detection with Azure Sentinel analytics  Respond to Threats  Q&A
Office 365 Consultant Speaker | Author | Blogger Nanddeep Nachan  Pune, India  Twitter Handle: @NanddeepNachan  LinkedIn: /in/NanddeepNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365, MS Azure
 Pune, India  Twitter Handle: @SmitaNachan  LinkedIn: /in/SmitaNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365 Lead Software Engineer @TietoEVRY Speaker | Author Smita Nachan
Challenges with Microsoft 365 environment monitoring
 With the increase in usage, it is essential to keep track of user activities  Potential security risk with admin activities  Audit logs in the compliance center Monitoring Microsoft 365 environments
Demo Audit log in the compliance center
License Retention period Office 365 E5 or Microsoft 365 E5 1 Year (non-E5) Office 365 or Microsoft 365 90 Days O365 Audit logs retention
 Auditing & Historical purpose  Compliance  Legal Why we need O365 logs?
Azure Sentinel Cloud-native SIEM platform
 Security Information and Event Manager (SIEM)  Security Orchestration Automated Response (SOAR) Azure Sentinel Overview Image reference: https://docs.microsoft.com/azure/sentinel/overview
Demo Set up Azure Sentinel
Connect Office 365 logs to Azure Sentinel O365 Audit Logs User / Admin Activities O365 Data Connector Azure Sentinel Log Analytics Workspace Office 365
 Read and write permissions on your Azure Sentinel workspace.  Global administrator or security administrator rights on Office 365 tenant.  Office 365 deployment must be on the same tenant as your Azure Sentinel workspace. Prerequisites
Demo Connect Office 365 logs to Azure Sentinel
Workbooks Monitor the data
 Monitor data using the Azure Sentinel integration with Azure Monitor Workbooks  Create custom workbooks across your data  Combine data from various data sources and data types  Visualize related data in a single interactive report Workbooks
Demo Azure Sentinel Workbooks
Analytics Monitor the data
 Detect, investigate, and remediate cyber security threats  Analyzes data from various sources to identify correlations and anomalies  Trigger alerts based on the attack techniques  Get insights of attack  Create rule from Rule templates Analytics
Demo Create Analytics Rule
Respond to Threats Use playbooks with automation rules in Azure Sentinel
 Create an automation rule  Create a playbook  Add actions to a playbook  Attach a playbook to an automation rule or an analytics rule to automate threat response Automate your incident response
Demo Use playbooks with automation rules
 Azure Sentinel  https://docs.microsoft.com/en-us/azure/sentinel/overview  Monitor Office 365 Logs from Azure Sentinel  https://nanddeepnachanblogs.com/posts/2021-03-14-monitor-o365-logs-azure-sentinel/  Threat detection with Azure Sentinel analytics  https://nanddeepnachanblogs.com/posts/2021-04-15-threat-detection-with-azure-sentinel-analytics/  Log analytics samples (KQL queries) by Brian T. Jackett  https://github.com/BrianTJackett/log-analytics-samples References
Q&A
Thank You! @NanddeepNachan /in/NanddeepNachan Nanddeep Nachan @SmitaNachan /in/SmitaNachan Smita Nachan

Empfohlen

Getting Started with Azure Sentinel
Getting Started with Azure SentinelGetting Started with Azure Sentinel
Getting Started with Azure SentinelSamik Roy
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelAshwin Patil, GCIH, GCIA, GCFE
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Azure sentinal
Azure sentinalAzure sentinal
Azure sentinalAllied Consultants
 
Journey to Azure Sentinel
Journey to Azure SentinelJourney to Azure Sentinel
Journey to Azure SentinelCheah Eng Soon
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365Cheah Eng Soon
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure SentinelMighty Guides, Inc.
 

Empfohlen

Getting Started with Azure Sentinel
Getting Started with Azure SentinelGetting Started with Azure Sentinel
Getting Started with Azure SentinelSamik Roy
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelAshwin Patil, GCIH, GCIA, GCFE
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Azure sentinal
Azure sentinalAzure sentinal
Azure sentinalAllied Consultants
 
Journey to Azure Sentinel
Journey to Azure SentinelJourney to Azure Sentinel
Journey to Azure SentinelCheah Eng Soon
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365Cheah Eng Soon
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure SentinelMighty Guides, Inc.
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...wwwally
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Microsoft Azure News - April 2021
Microsoft Azure News - April 2021Microsoft Azure News - April 2021
Microsoft Azure News - April 2021Daniel Toomey
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...azuredayit
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...Karl Ots
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceMatt Soseman
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about securityArjan Cornelissen
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigateMatt Soseman
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam ClearyRencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam ClearyRencore
 

Weitere ähnliche Inhalte

Was ist angesagt?

Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...wwwally
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Microsoft Azure News - April 2021
Microsoft Azure News - April 2021Microsoft Azure News - April 2021
Microsoft Azure News - April 2021Daniel Toomey
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...azuredayit
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...Karl Ots
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceMatt Soseman
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about securityArjan Cornelissen
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigateMatt Soseman
 

Was ist angesagt? (20)

Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Microsoft Azure News - April 2021
Microsoft Azure News - April 2021Microsoft Azure News - April 2021
Microsoft Azure News - April 2021
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic Stack
 
20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
 

Ähnlich wie Protect Office 365 with Azure Sentinel

Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam ClearyRencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam ClearyRencore
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft 365 Developer
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
 
Debugging and Interacting with Production Applications - MS Online Tech Forum
Debugging and Interacting with Production Applications - MS Online Tech ForumDebugging and Interacting with Production Applications - MS Online Tech Forum
Debugging and Interacting with Production Applications - MS Online Tech ForumDavide Benvegnù
 
Tspug 2015 dirsync_amit_v_momentum
Tspug 2015 dirsync_amit_v_momentumTspug 2015 dirsync_amit_v_momentum
Tspug 2015 dirsync_amit_v_momentumamitvasu
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore
 
Debugging and interacting with production applications
Debugging and interacting with production applicationsDebugging and interacting with production applications
Debugging and interacting with production applicationsMichel HUBERT
 
Stay Productive, Collaborative, and Secure with Microsoft 365
Stay Productive, Collaborative, and Secure with Microsoft 365Stay Productive, Collaborative, and Secure with Microsoft 365
Stay Productive, Collaborative, and Secure with Microsoft 365Chris Bortlik
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Todd Whitehead
 
SharePoint Saturday Madrid 2017 - Serverless para Office 365
SharePoint Saturday Madrid 2017 - Serverless para Office 365SharePoint Saturday Madrid 2017 - Serverless para Office 365
SharePoint Saturday Madrid 2017 - Serverless para Office 365Alberto Diaz Martin
 
Windays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with AzureWindays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with Azureatwork
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarRobert Crane
 
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...Nanddeep Nachan
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 

Ähnlich wie Protect Office 365 with Azure Sentinel (20)

Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam ClearyRencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
 
Office 365 Directory Synchronization
Office 365 Directory SynchronizationOffice 365 Directory Synchronization
Office 365 Directory Synchronization
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
Debugging and Interacting with Production Applications - MS Online Tech Forum
Debugging and Interacting with Production Applications - MS Online Tech ForumDebugging and Interacting with Production Applications - MS Online Tech Forum
Debugging and Interacting with Production Applications - MS Online Tech Forum
 
Tspug 2015 dirsync_amit_v_momentum
Tspug 2015 dirsync_amit_v_momentumTspug 2015 dirsync_amit_v_momentum
Tspug 2015 dirsync_amit_v_momentum
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
 
Debugging and interacting with production applications
Debugging and interacting with production applicationsDebugging and interacting with production applications
Debugging and interacting with production applications
 
Stay Productive, Collaborative, and Secure with Microsoft 365
Stay Productive, Collaborative, and Secure with Microsoft 365Stay Productive, Collaborative, and Secure with Microsoft 365
Stay Productive, Collaborative, and Secure with Microsoft 365
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...
 
SharePoint Saturday Madrid 2017 - Serverless para Office 365
SharePoint Saturday Madrid 2017 - Serverless para Office 365SharePoint Saturday Madrid 2017 - Serverless para Office 365
SharePoint Saturday Madrid 2017 - Serverless para Office 365
 
Windays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with AzureWindays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with Azure
 
M365 updates for GDPR
M365 updates for GDPRM365 updates for GDPR
M365 updates for GDPR
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know Webinar
 
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
 

Mehr von Nanddeep Nachan

Prompt to Pixel: DALL-E Magic
Prompt to Pixel: DALL-E MagicPrompt to Pixel: DALL-E Magic
Prompt to Pixel: DALL-E MagicNanddeep Nachan
 
Knowledge Quest Teams Bot.pptx
Knowledge Quest Teams Bot.pptxKnowledge Quest Teams Bot.pptx
Knowledge Quest Teams Bot.pptxNanddeep Nachan
 
Building Bots with Teams Toolkit
Building Bots with Teams ToolkitBuilding Bots with Teams Toolkit
Building Bots with Teams ToolkitNanddeep Nachan
 
Power Apps for Azure Cloud Professionals
Power Apps for Azure Cloud ProfessionalsPower Apps for Azure Cloud Professionals
Power Apps for Azure Cloud ProfessionalsNanddeep Nachan
 
aMS Pune - Building apps for Teams meetings
aMS Pune - Building apps for Teams meetingsaMS Pune - Building apps for Teams meetings
aMS Pune - Building apps for Teams meetingsNanddeep Nachan
 
Universal Actions for Adaptive Cards on Microsoft Teams
Universal Actions for Adaptive Cards on Microsoft TeamsUniversal Actions for Adaptive Cards on Microsoft Teams
Universal Actions for Adaptive Cards on Microsoft TeamsNanddeep Nachan
 
Building Bots with Azure and consume anywhere.pptx
Building Bots with Azure and consume anywhere.pptxBuilding Bots with Azure and consume anywhere.pptx
Building Bots with Azure and consume anywhere.pptxNanddeep Nachan
 
Power Platform Custom Connector Deep Dive.pptx
Power Platform Custom Connector Deep Dive.pptxPower Platform Custom Connector Deep Dive.pptx
Power Platform Custom Connector Deep Dive.pptxNanddeep Nachan
 
Sessionize Custom Connector
Sessionize Custom ConnectorSessionize Custom Connector
Sessionize Custom ConnectorNanddeep Nachan
 
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 GroupsSharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 GroupsNanddeep Nachan
 
Bring your SharePoint apps to MS Teams
Bring your SharePoint apps to MS TeamsBring your SharePoint apps to MS Teams
Bring your SharePoint apps to MS TeamsNanddeep Nachan
 
Microsoft Viva Connections - Set up and Extend with SPFx
Microsoft Viva Connections - Set up and Extend with SPFxMicrosoft Viva Connections - Set up and Extend with SPFx
Microsoft Viva Connections - Set up and Extend with SPFxNanddeep Nachan
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS TeamsNanddeep Nachan
 
PL-100 Microsoft Power Platform App Maker
PL-100 Microsoft Power Platform App MakerPL-100 Microsoft Power Platform App Maker
PL-100 Microsoft Power Platform App MakerNanddeep Nachan
 
Explore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceExplore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceNanddeep Nachan
 
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFxSharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFxNanddeep Nachan
 
SharePoint PnP Demo - react-manage-o365-groups
SharePoint PnP Demo - react-manage-o365-groupsSharePoint PnP Demo - react-manage-o365-groups
SharePoint PnP Demo - react-manage-o365-groupsNanddeep Nachan
 
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extensionVirtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extensionNanddeep Nachan
 
PL-900 Microsoft Power Platform Fundamentals
PL-900 Microsoft Power Platform FundamentalsPL-900 Microsoft Power Platform Fundamentals
PL-900 Microsoft Power Platform FundamentalsNanddeep Nachan
 
SharePoint PnP Demo - react-display-hierarchy
SharePoint PnP Demo - react-display-hierarchySharePoint PnP Demo - react-display-hierarchy
SharePoint PnP Demo - react-display-hierarchyNanddeep Nachan
 

Mehr von Nanddeep Nachan (20)

Prompt to Pixel: DALL-E Magic
Prompt to Pixel: DALL-E MagicPrompt to Pixel: DALL-E Magic
Prompt to Pixel: DALL-E Magic
 
Knowledge Quest Teams Bot.pptx
Knowledge Quest Teams Bot.pptxKnowledge Quest Teams Bot.pptx
Knowledge Quest Teams Bot.pptx
 
Building Bots with Teams Toolkit
Building Bots with Teams ToolkitBuilding Bots with Teams Toolkit
Building Bots with Teams Toolkit
 
Power Apps for Azure Cloud Professionals
Power Apps for Azure Cloud ProfessionalsPower Apps for Azure Cloud Professionals
Power Apps for Azure Cloud Professionals
 
aMS Pune - Building apps for Teams meetings
aMS Pune - Building apps for Teams meetingsaMS Pune - Building apps for Teams meetings
aMS Pune - Building apps for Teams meetings
 
Universal Actions for Adaptive Cards on Microsoft Teams
Universal Actions for Adaptive Cards on Microsoft TeamsUniversal Actions for Adaptive Cards on Microsoft Teams
Universal Actions for Adaptive Cards on Microsoft Teams
 
Building Bots with Azure and consume anywhere.pptx
Building Bots with Azure and consume anywhere.pptxBuilding Bots with Azure and consume anywhere.pptx
Building Bots with Azure and consume anywhere.pptx
 
Power Platform Custom Connector Deep Dive.pptx
Power Platform Custom Connector Deep Dive.pptxPower Platform Custom Connector Deep Dive.pptx
Power Platform Custom Connector Deep Dive.pptx
 
Sessionize Custom Connector
Sessionize Custom ConnectorSessionize Custom Connector
Sessionize Custom Connector
 
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 GroupsSharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
 
Bring your SharePoint apps to MS Teams
Bring your SharePoint apps to MS TeamsBring your SharePoint apps to MS Teams
Bring your SharePoint apps to MS Teams
 
Microsoft Viva Connections - Set up and Extend with SPFx
Microsoft Viva Connections - Set up and Extend with SPFxMicrosoft Viva Connections - Set up and Extend with SPFx
Microsoft Viva Connections - Set up and Extend with SPFx
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS Teams
 
PL-100 Microsoft Power Platform App Maker
PL-100 Microsoft Power Platform App MakerPL-100 Microsoft Power Platform App Maker
PL-100 Microsoft Power Platform App Maker
 
Explore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceExplore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of Excellence
 
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFxSharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
 
SharePoint PnP Demo - react-manage-o365-groups
SharePoint PnP Demo - react-manage-o365-groupsSharePoint PnP Demo - react-manage-o365-groups
SharePoint PnP Demo - react-manage-o365-groups
 
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extensionVirtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
 
PL-900 Microsoft Power Platform Fundamentals
PL-900 Microsoft Power Platform FundamentalsPL-900 Microsoft Power Platform Fundamentals
PL-900 Microsoft Power Platform Fundamentals
 
SharePoint PnP Demo - react-display-hierarchy
SharePoint PnP Demo - react-display-hierarchySharePoint PnP Demo - react-display-hierarchy
SharePoint PnP Demo - react-display-hierarchy
 

Kürzlich hochgeladen

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

Protect Office 365 with Azure Sentinel

  • 1. 11 May, 2021 Protect Office 365 with Azure Sentinel Nanddeep Nachan @NanddeepNachan Smita Nachan @SmitaNachan
  • 2. AGENDA  Challenges with Microsoft 365 environment monitoring  Monitor Office 365 Logs from Azure Sentinel  Threat detection with Azure Sentinel analytics  Respond to Threats  Q&A
  • 3. Office 365 Consultant Speaker | Author | Blogger Nanddeep Nachan  Pune, India  Twitter Handle: @NanddeepNachan  LinkedIn: /in/NanddeepNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365, MS Azure
  • 4.  Pune, India  Twitter Handle: @SmitaNachan  LinkedIn: /in/SmitaNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365 Lead Software Engineer @TietoEVRY Speaker | Author Smita Nachan
  • 5. Challenges with Microsoft 365 environment monitoring
  • 6.  With the increase in usage, it is essential to keep track of user activities  Potential security risk with admin activities  Audit logs in the compliance center Monitoring Microsoft 365 environments
  • 7. Demo Audit log in the compliance center
  • 8. License Retention period Office 365 E5 or Microsoft 365 E5 1 Year (non-E5) Office 365 or Microsoft 365 90 Days O365 Audit logs retention
  • 9.  Auditing & Historical purpose  Compliance  Legal Why we need O365 logs?
  • 11.  Security Information and Event Manager (SIEM)  Security Orchestration Automated Response (SOAR) Azure Sentinel Overview Image reference: https://docs.microsoft.com/azure/sentinel/overview
  • 12. Demo Set up Azure Sentinel
  • 13. Connect Office 365 logs to Azure Sentinel O365 Audit Logs User / Admin Activities O365 Data Connector Azure Sentinel Log Analytics Workspace Office 365
  • 14.  Read and write permissions on your Azure Sentinel workspace.  Global administrator or security administrator rights on Office 365 tenant.  Office 365 deployment must be on the same tenant as your Azure Sentinel workspace. Prerequisites
  • 15. Demo Connect Office 365 logs to Azure Sentinel
  • 17.  Monitor data using the Azure Sentinel integration with Azure Monitor Workbooks  Create custom workbooks across your data  Combine data from various data sources and data types  Visualize related data in a single interactive report Workbooks
  • 20.  Detect, investigate, and remediate cyber security threats  Analyzes data from various sources to identify correlations and anomalies  Trigger alerts based on the attack techniques  Get insights of attack  Create rule from Rule templates Analytics
  • 22. Respond to Threats Use playbooks with automation rules in Azure Sentinel
  • 23.  Create an automation rule  Create a playbook  Add actions to a playbook  Attach a playbook to an automation rule or an analytics rule to automate threat response Automate your incident response
  • 24. Demo Use playbooks with automation rules
  • 25.  Azure Sentinel  https://docs.microsoft.com/en-us/azure/sentinel/overview  Monitor Office 365 Logs from Azure Sentinel  https://nanddeepnachanblogs.com/posts/2021-03-14-monitor-o365-logs-azure-sentinel/  Threat detection with Azure Sentinel analytics  https://nanddeepnachanblogs.com/posts/2021-04-15-threat-detection-with-azure-sentinel-analytics/  Log analytics samples (KQL queries) by Brian T. Jackett  https://github.com/BrianTJackett/log-analytics-samples References
  • 26. Q&A

Hinweis der Redaktion

  1. https://docs.microsoft.com/en-us/azure/sentinel/overview
  2. https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview
  3. https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook