Even though it may seem obvious as „best practice“ („ Actively monitor for suspicious activities“), it is sometimes underrated. From my point of view a comprehensive monitoring of “identity security events must be an essential part of deployment plans and daily operations. In the recent year, I‘ve talked about monitoring of Azure Active Directory in community sessions and talks. You’ll find the latest version here Identity Security Monitoring in a Hybrid Environment NOTE (April 13th, 2021): I’ve updated the content of this blog post as part of the “Azure AD Attack and Defense” playbook. Considerations and References of “Azure Sentinel”.Integration and Response in “Azure Sentinel”.Incidents and Workbooks in “Azure Sentinel” blade.Investigation of Incidents in “Azure Sentinel”.Device / Endpoint Security (Microsoft Defender for Endpoint) in “Azure Sentinel”.Collaboration Platforms (Office 365 Services) in “Azure Sentinel”.Cloud Sessions (Microsoft Cloud App Security) in “Azure Sentinel”.On-Premises Identity (Active Directory) in “Azure Sentinel”.Cloud Identity (Azure Active Directory) in “Azure Sentinel”.Azure Security Center (ASC) and “Azure Sentinel”.IaaS/PaaS (Cloud and on-Premises) in “Azure Sentinel”.Azure Sentinel: “Single pane of glass” across Azure, Microsoft 365 and 3rd party (cloud) platforms.Considerations and References of “M365 Defender”.Integration and Response in “M365 Defender”.Investigation of Incidents in “M365 Defender”.Monitoring and Reporting (“Cards” in M365 Security Home).Analyze and Visualize with “M365 Defender”.Device / Endpoint Security (Microsoft Defender for Endpoint) and “M365 Defender”.Collaboration Platforms (Office 365 Services).Cloud Sessions (Microsoft Cloud App Security) in “M365 Security”.On-Premises Identity (Active Directory) in “M365 Defender”.Cloud Identity (Azure Active Directory) in “M365 Defender”.IaaS/PaaS (Cloud and on-Premises) and “M365 Defender”.Microsoft 365 Defender: Unified SecOps of M365 Services.Considerations and References of Microsoft Defender for Identity (MDI).Considerations and References of “Cloud App Security”.Identity Security Posture and Apps Inventory with MCAS.User and Entity Behavior Analytics (UEBA) in MCAS.Device / Endpoint Security (Microsoft Defender for Endpoint) Integration in MCAS.Collaboration Platforms (Office 365 Services) in MCAS.Cloud Session Monitoring by Cloud App Security.On-Premises Identity (Active Directory) in MCAS.Azure Security Center (ASC) and MCAS-Integration.IaaS/PaaS (Cloud and on-Premises) in MCAS.MCAS and “Defender for Identity”: Unified SecOps of connected “Cloud Apps” and “Hybrid Identity”.Considerations and References of Azure AD Logging by “Azure Monitor”.Integration and Response in “Azure Monitor”.Analyze and Visualize with “Azure Monitor”.Cloud Identity (Azure Active Directory) in “Azure Monitor”.Azure Security Center (ASC) and “Azure Monitor”.IaaS/PaaS (Cloud and on-Premises) in “Azure Monitor”.Azure Monitor: Operational Logs and Alerts of Azure AD and Azure Workloads.Identity Security Monitoring in a Hybrid Environment.
0 kommentar(er)
