Microsoft Sentinel – Using Watchlists
This article details using Watchlists with Microsoft Sentinel, including how to get a Watchlist setup and example KQL queries.
Microsoft Defender – Device Actions Cheat Sheet
This post contains the download link for my Microsoft Defender Device Actions Cheat Sheet which details the device actions available.
Microsoft Defender – Cheat Sheet
This post contains the download link for my Microsoft Defender Cheat Sheet which details each of the Defender components.
Defender for Endpoint – Device Tagging
This post details the different methods of Device Tagging with Microsoft Defender for Endpoint. Methods include manual & dynamic methods.
Microsoft Sentinel – Azure Activity Scoped by Management Groups
This guide details the configuration for Azure Activity Scoped by Management Groups, as well as scoping by Subscription.
Microsoft Sentinel – Archiving Logs Guide
This guide covers the methods of archiving logs within Microsoft Sentinel, including how to bulk update tables via Cloud Shell.
Microsoft Sentinel – KQL Cheat Sheet
This page contains the download link for the KQL Cheat Sheet, that contains key information on Microsoft Sentinel.
Microsoft Sentinel – Cheat Sheet
This page contains the download link for the Microsoft Sentinel Cheat Sheet, that contains key information on Microsoft Sentinel.
Microsoft Sentinel – Ingesting Intune Logs
This post details the configuration steps for ingesting Intune logs in Microsoft Sentinel and looks at some of the use cases for doing so.
Microsoft Sentinel – Optimise costs
This post looks to detail how to optimise costs with Microsoft Sentinel by using Commitment Tiers & Pre-Purchase Plans.