Hybrid Cloud Archives - Microsoft Industry Blogs - United Kingdom http://approjects.co.za/?big=en-gb/industry/blog/tag/hybridcloud/ Tue, 25 Jul 2023 16:43:38 +0000 en-US hourly 1 What is a ‘security culture’? Best practices for implementing your security strategy http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2023/03/28/what-is-a-security-culture-best-practices-for-implementing-your-security-strategy/ Tue, 28 Mar 2023 10:21:37 +0000 Over 100 million attacks against remote management devices were observed in May 2022. Today, a Zero Trust security approach is crucial in a world of remote work.

The post What is a ‘security culture’? Best practices for implementing your security strategy appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
In a world of remote work and cloud-based digital infrastructure, it is understood that security strategy needs to take a more agile and proactive approach centred around identity verification. Microsoft partners and customers have confirmed that the incremental, ongoing development of an organisation-wide security culture is the best way to implement a Zero Trust approach.

Sophisticated cyberattacks are on the rise

According to the Microsoft Digital Defense Report 2022, over 100 million attacks against remote management devices were observed in May 2022, up 500 percent on the past year. Human-operated ransomware remains the most prevalent cybercrime, however. One-third of targets are successfully compromised by criminals using these attacks, and 5 percent of them are ransomed.

Remote management device attacks increased by 500 percent from 2021 to 2022.

Old perimeter-guarding strategies are no match for these increasingly sophisticated threats. An organisation needs to embrace a modern, data-driven and people-centred approach to managing security risk. This can help to identify and tackle existing threats more effectively while learning to anticipate new ones.

What is a security culture?

An organisation’s security culture is built on shared values, attitudes and ways of acting. It’s therefore hard to change, and it takes time. Creating a culture of security needs colleagues to understand the potential costs of a security lapse. They must also understand how bad actors tend to operate, and why existing security strategies are no longer adequate.

In the current climate, digital communications and cloud data management provide multiple ways to access organisations that previously didn’t exist. Once inside your network, cybercriminals can move laterally, seeking out value.

Zero Trust relies on strong identity verification

Adopting strong identity verification is key to Microsoft’s Zero Trust approach. Real-time data provides information on the user, the device, and the location – which is crucial in a hybrid world of work. Connecting both cloud and legacy systems to a single identity solution provides end-to-end visibility of an organisation’s digital presence. This helps to protect against internal threats that old-fashioned firewalls would miss. Where there is doubt, a Zero Trust approach applies conditional access. Where there is risk, it is assumed a breach.

A security strategy that enhances overall performance

Adopting a Zero Trust approach brings immediate improvements to an existing security posture, and builds a path that continuously improves risk management. It simplifies security processes to enhance customer experience, and potentially lowers costs by eliminating the need for external security providers.

Adopting a best-in-class security strategy can also make an organisation more forward-focused and risk-responsive in general. Nurturing a security culture brings long term benefits to a company as a brand and to its overall effectiveness in the marketplace. Security is not just a cost; it drives trust and therefore adds value.

Security culture starts small and collaboratively

When implementing a new security protocol, take a step-by-step approach beginning with a small, controlled group and a security risk that qualifies as low-hanging fruit. Once new protocols have been validated, and teams have given feedback, it can be expanded to another part of the business, such as identities, infrastructure, devices, data, networks or apps.

As for implementing organisation-wide security culture change, this will benefit from full and visible support from your senior leadership team. Aim to implement your new strategy collaboratively, and through a phased programme of activities. Taking a creative approach to security skilling and education helps stimulate staff engagement. Microsoft for example produces a successful video series that follows the security-themed adventures of its protagonist, Nelson, which gets promoted internally.

Understand and work with colleagues who may express resistance to change. While moving to new day-to-day practices – for example, new ways of working with different classes of data – openness and empathy will be crucial in empowering all teams to own, understand and learn from their inevitable mistakes.

Data-driven monitoring spots emerging risks

In time, your security strategy can become more sophisticated. AI can be deployed to detect abnormal behaviour and protect your organisation’s most sensitive information from accidental exfiltration as well as bad actors. Microsoft Azure, Azure Sentinel and Microsoft 365 apps can document your compliance with regulations, monitor access, and apply data analytics to predict where the next security risk might emerge.  Data metrics can guide security strategy on the principle of maximising costs to the attacker and prioritising your most valuable data. Many of Microsoft’s UK customers and partners have benefited from this security-first approach.

LGL money managers find security on the cloud

LGL Group are a financial services company who were frustrated by the cost and complexity of enterprise-grade cybersecurity. Microsoft worked collaboratively with LGL to design a roadmap that modernised their security controls, enhanced their security posture and reduced their reliance on third-party application subscriptions, driving down costs. By migrating to the latest Microsoft 365 and Azure security stack, LGL also benefited from a more streamlined and simplified hybrid security system.

Meanwhile Microsoft continues to work with schools and colleges to close the cybersecurity skills gap, with targeted investments here in the UK. Salford City Council leveraged the skills and resources of the Microsoft Enterprise Skills Initiative to develop a cyber strategy and a security operations centre using Microsoft Sentinel. It now aims to share its best-in-class skills with other public sector organisations to proactively monitor, detect and respond across Greater Manchester.

Zero Trust is a journey

Zero Trust is a journey, not a destination. Visit the security hub at Microsoft Business Security Solutions and discover how Microsoft can help you implement an identity environment with cloud identity federation, strong authentication and conditional access at its core.

Find out more

Microsoft security blogs

Strong identity management provides Zero Trust security

Microsoft Sentinel strengthens Salford Council’s cybersecurity


Security animation banner

The post What is a ‘security culture’? Best practices for implementing your security strategy appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Azure Workbook: This will show Public IP Address that you have http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/07/15/azure-workbook-this-will-show-public-ip-address-that-you-have/ Wed, 15 Jul 2020 19:09:52 +0000 This Azure Monitor Workbook can help identify by using KQL (Kusto Query Language) data from AzureActivity and Azure Resource Graph (ARG) which IP addresses are configured and when. Tip you can also use the queries to form an Alert in Azure Monitor or Azure Sentinel to detect when a IP address is made public. Demo:

The post Azure Workbook: This will show Public IP Address that you have appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
This Azure Monitor Workbook can help identify by using KQL (Kusto Query Language) data from AzureActivity and Azure Resource Graph (ARG) which IP addresses are configured and when.

Tip you can also use the queries to form an Alert in Azure Monitor or Azure Sentinel to detect when a IP address is made public.

Demo: Demo Gif file

Installation instructions: https://github.com/CliveW-MSFT/KQLpublic/blob/master/README.md

Download: https://github.com/CliveW-MSFT/KQLpublic/blob/master/KQL/Workbooks/PublicIP/PublicIP%20v0.1.workbook

 

Overview

Use this Workbook to compare any Public IP address (PIP) in Azure Montor Logs and Azure Resource Graph (ARG). ARG may have more data that is useful to compare logged data against.

- e.g. If you create a Resource but never start it, ARG will have data, whereas Log Analytics wont have a log entry.  
- Also Log Analytics has data retention, so the data you seek may have been removed if the retention period has passed.
Data Source required:
AzureActivity
| where ResourceProvider == "Microsoft.Network"
Permission:
Access to ARG

The post Azure Workbook: This will show Public IP Address that you have appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Log Analytics: Queries, how to find and run them in a Workbook – part 2 http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/07/02/log-analytics-queries-how-to-find-and-run-them-in-a-workbook-part-2/ http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/07/02/log-analytics-queries-how-to-find-and-run-them-in-a-workbook-part-2/#comments Thu, 02 Jul 2020 17:34:21 +0000 I hadn’t intended a Part 2 on this topic, but I also managed to add Tabs into the “FindMySyntax” Workbook for Azure Monitor Workbooks and Azure Resource Graph. Please see part1: http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/06/18/log-analytics-kql-saved-queries-how-to-find-and-run-them-in-a-workbook/ For future versions please look here: https://github.com/CliveW-MSFT/KQLpublic/tree/master/KQL/Workbooks/findMySynatx Summary So why do I have a Azure Monitor Workbook to find Workbooks, two main reasons:

The post Log Analytics: Queries, how to find and run them in a Workbook – part 2 appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
I hadn’t intended a Part 2 on this topic, but I also managed to add Tabs into the “FindMySyntax” Workbook for Azure Monitor Workbooks and Azure Resource Graph.

Please see part1: http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/06/18/log-analytics-kql-saved-queries-how-to-find-and-run-them-in-a-workbook/

For future versions please look here: https://github.com/CliveW-MSFT/KQLpublic/tree/master/KQL/Workbooks/findMySynatx

Summary

So why do I have a Azure Monitor Workbook to find Workbooks, two main reasons:

  1. In Shared Workbooks, I can again search within the code for a keyword – highly useful for finding specific syntax.  Shared Workbooks are those other people are granted access to view.
  2. You can filter by Time Modified – again useful if you have a lot of Workbooks to search through.  This is also true for Private Workbooks (only the ones the author can see).  

I have 100s of Workbooks from various projects, so a search by date is extremely useful.   Unfortunately you cant do a keyword search within these, private workbooks.

Example:

I also created a similar Tab for Azure Resource Graph saved queries (saved Queries only), again the main benefit is a Time and Keyword search.

 

Please see the latest file in my Github:  https://github.com/CliveW-MSFT/KQLpublic/tree/master/KQL/Workbooks/findMySynatx

If you’d like to give it a try please read how to Import a Workbook from here: https://github.com/CliveW-MSFT/KQLpublic/blob/master/README.md

 

Special thanks to Gary Bushey for testing some of this, sorry Gary, but not all the bugs I’ve fixed yet!

 

Thanks Clive

 

 

The post Log Analytics: Queries, how to find and run them in a Workbook – part 2 appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/07/02/log-analytics-queries-how-to-find-and-run-them-in-a-workbook-part-2/feed/ 2
Log Analytics Workspace Retention Reporting Options (Part 2) http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/06/18/log-analytics-workspace-retention-reporting-options-part-2/ Thu, 18 Jun 2020 14:53:22 +0000 In my previous post I talked about using Postman to make a REST API call to a Log Analytics workspace to view and change the retention settings. Equally I mentioned that I would look to utilise an Azure Monitor workbook to visualise the settings. Azure Monitor workbooks are a fantastic way to visualise data within

The post Log Analytics Workspace Retention Reporting Options (Part 2) appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
In my previous post I talked about using Postman to make a REST API call to a Log Analytics workspace to view and change the retention settings. Equally I mentioned that I would look to utilise an Azure Monitor workbook to visualise the settings.

Azure Monitor workbooks are a fantastic way to visualise data within a Log Analytics workspace and there are a number available in the Azure Portal.

Useful references

The workbook uses a combination of Azure Resource Graph (ARG) and the Log Analytics REST API to collect the required pieces of information that are needed, which is available from my repository on GitHub, where you will also find instructions on how to download and import it.

On importing the workbook, you will notice two dropdown pickers (as shown below), one which allows you to select the subscription where the Log Analytics workspace(s) are and the other is for what I refer to as the Report Option.

 

workbook screenshot 1

 

Use the Subscription dropdown picker to select the appropriate subscription, which will use Azure Resource Graph (ARG) to retrieve all the workspaces that exist in that subscription and the results are presented in a table as shown below:

workbook screenshot 2

 

The Report Option picker gives you two choices:

  1. Full List – where the REST API call returns the Data Retention settings for all tables
  2. View by Table – where you choose or search for a particular table and its associated Data Retention setting

workbook screenshot 3

NOTE: The Report Option is dependent on you having selected a particular workspace which is displayed in a table above as this exports some values into parameters that are used by the API queries.

 

So, here are some screenshots showing the results of both of those options:

 

Full List view

workbook screenshot 4

You will note that I have highlighted a couple of tables in the Full List report option that I changed as part of my previous post.

 

View by Table

workbook screenshot 5a

workbook screenshot 5b

You see the picker allows you to scroll through the list of available tables or you can do a text search. Once you have chosen a table the result will be presented to the right of the dropdown.

 

workbook screenshot 5c

 

I will look at making some enhancements to this workbook in the future.

 

Thanks Paul

The post Log Analytics Workspace Retention Reporting Options (Part 2) appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Log Analytics: KQL saved Queries, how to find and run them in a Workbook http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/06/18/log-analytics-kql-saved-queries-how-to-find-and-run-them-in-a-workbook/ Thu, 18 Jun 2020 06:53:31 +0000 Summary Log Analytics has a option called Query Explorer (note, this is due to be updated, so this example is applicable for a short period of time).  If like me you have 100’s of saved queries, managing them can be a challenge (my #1 challenge!), lets fix that with a Azure Monitor Workbook… One of

The post Log Analytics: KQL saved Queries, how to find and run them in a Workbook appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Summary

Log Analytics has a option called Query Explorer (note, this is due to be updated, so this example is applicable for a short period of time).  If like me you have 100’s of saved queries, managing them can be a challenge (my #1 challenge!), lets fix that with a Azure Monitor Workbook…

One of the ways Query Explorer is used, is to save your KQL queries in a Category, with a Name – to help you find them again.  So I may have saved a query in Category:Demo and with a  Name: “This is a demo query”.   If I wanted to use this query again, I’d open Query Explorer, search for the name and re-run it.  However the challenge is, the search only looks at the “name”.  So for example if I had some KQL using the “externaldata” operator, unless I had that in the name as well, I couldn’t find it (without opening all my files), which is only ok, if you have a few saves.  It’s a reason I started to store more in Github, as that has a keyword search.

John Gardner a Principal Software Engineer in the Azure Monitor Workbooks team recently shared an example of using an api within a Workbook, similar to what I did here: https://techcommunity.microsoft.com/t5/azure-sentinel/using-the-sentinel-api-to-view-data-in-a-workbook/ba-p/1386436   John has kindly let me share his example,  the workbook he produced retrieved the ‘Saved Searches’ from the Log Analytics api, displayed them, then if you clicked one, shows the KQL and tries to run it in a workspace.

Solution

This was great, but whilst having a conversation about this, I thought why can’t it be used to solve my #1 challenge; how to find a keyword or command within a saved KQL query.  A light bulb moment.  Fortunately it was easy to make a few simple changes to the code from John.  Now from the search control in this Workbook you can type and find any text.

You can see in the next screenshot, we can search on a string, that can be the category, name or content/key word in the code.  This is a great time saver for me – just today I wanted a “regex” example and had to open 10+files to find it, with this workbook, I only needed one go!

You can see here, I looked for the word ‘extend‘ which was found in the Demo category, in a file called services-running – prior to this Workbook…would I have remembered it was in a file with that name, probably not?

key word search

Demo

Please click here to see a recorded Demo stored as a GIF from my Github.

find my keyword example gif

 

Download the example

If you’d like to give it a try please read how to Import a Workbook from here: https://github.com/CliveW-MSFT/KQLpublic/blob/master/README.md

Then download the Workbook here: https://github.com/CliveW-MSFT/KQLpublic/blob/master/KQL/Workbooks/findMySynatx/FindmySyntax%20v0.2.4.workbook (remember to use ‘RAW’ mode)

 

Thanks Clive

 

 

 

 

The post Log Analytics: KQL saved Queries, how to find and run them in a Workbook appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Log Analytics Workspace Retention Reporting Options (Part 1) http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/06/17/log-analytics-workspace-retention-reporting-options-part-1/ Wed, 17 Jun 2020 12:29:28 +0000 Hi all, This is the first of two posts that I will be doing on how you can report on the Retention settings of an Azure Log Analytics workspace. In the second post I will provide a sample Workbook for displaying the settings. It is often that during my conversations with customers about Azure Monitor,

The post Log Analytics Workspace Retention Reporting Options (Part 1) appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Hi all,

This is the first of two posts that I will be doing on how you can report on the Retention settings of an Azure Log Analytics workspace. In the second post I will provide a sample Workbook for displaying the settings.

It is often that during my conversations with customers about Azure Monitor, Azure Security Center and Azure Sentinel, the topic of data retention comes up. In most cases discussing the default global settings of:

  • 31 days for Log Analytics
  • 90 days for Application Insights
  • 90 days for an Azure Sentinel linked workspace
  • and the maximum retention time of 730 days

are sufficient but then there are those occasions when a customer wants to retain certain data types for either a longer or shorter period of time, because either the data becomes stale and therefore not of value or they are thinking about cost optimisation.

Note: the above global defaults do not apply to Free Pricing tier, which has a retention of 7 days.

The process to change the data retention period is part of the Azure Monitor documentation in the Usage and Cost section. Changing the data retention period using the Azure portal is a global change across all data types. The ability to set retention by data type has been available since October 2019 and can be changed by utilising the Azure Resource Manager REST API.

Using this method it is possible to set different retention settings for individual data types from 30 to 730 days. I should note that both Usage and AzureActivity data types are retained for a minimum of 90 days by default and these cannot be set any lower.

So now that we know that it is possible to set individual settings, how do we go about setting it? The documentation provides a link to an OSS tool – ARMClient but I decided to take a slightly different approach and used Postman as it allowed me to save individual requests and then come back to them at a later date.

After downloading and installing the Postman client, I used this great blog post from Jon Gallant to configure Postman to work with Azure AD. It also provides some examples to make sure that everything is working correctly.

One of the things that I like about using Postman is that I can set variables for an environment and then reuse them when constructing the REST API calls. Although not shown in the screenshot below, I created variables for each of my workspaces and then inter-changed the variable as I needed.

postman variables

With that bit done, it was now a case of creating the API requests applicable to the Azure Monitor Log Analytics workspace. The Azure Monitor documentation provides some example code for a GET request to list the retention for all the tables in a workspace:

GET /subscriptions/00000000-0000-0000-0000-00000000000/resourceGroups/MyResourceGroupName/providers/Microsoft.OperationalInsights/workspaces/MyWorkspaceName/Tables?api-version=2017-04-26-preview

Getting the current settings

Rather than walk through the creation of a new request, below are some screenshots showing what a GET request looks like in Postman (note: I have utilised the variables in the construction of the GET request, so it now looks like this:

{{resource}}/subscriptions/{{subscriptionId}}/resourceGroups/{{ala-workspace}}/Tables?api-version=2017-04-26-preview

Params section:

Headers section:

headers section

Once these have been set, clicking the SEND button will connect to the workspace and return the current settings as shown below:

get request results

The screenshot above shows that I have already updated the retention settings for the ConfigurationData table to 30 days.

Setting the Retention

To change the setting(s) I created a new PUT request and the settings in the Params and Headers sections are the same as the GET request but now I needed to add the necessary code to the Body section to actually set the retention period – see below:

put request body

And like the GET request, clicking the SEND button connected to the workspace and updated the setting for the chosen table. In the screenshot below, I changed the setting for the ConfigurationData table to 60 days.

get request results after setting change

 

In summary, once you have Postman set up to work with Azure AD and you get your environment variables configured, it is a very simple and straightforward process to:

  • check the existing settings across all tables or individual tables,
  • but you can easily update the retention periods to suit your needs whether it is from a cost optimisation point of view or you simply don’t want to retain specific data types.

 

In the next post I will use the same REST API calls but will display the results in a workbook.

The post Log Analytics Workspace Retention Reporting Options (Part 1) appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Log Analytics or Azure Sentinel – how schedule a report http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/06/17/log-analytics-or-azure-sentinel-how-schedule-a-report/ Wed, 17 Jun 2020 07:40:42 +0000 In this post I show how you can schedule a report to run, using a Log Analytics query, its a frequent ask and one I have answered a few times in posts like this: https://techcommunity.microsoft.com/t5/azure-log-analytics/log-analytics-for-report-generation/m-p/1469610 Question: Can I schedule a query to run in Azure Monitor Logs / Log Analytics (or even for Azure Sentinel)

The post Log Analytics or Azure Sentinel – how schedule a report appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
In this post I show how you can schedule a report to run, using a Log Analytics query, its a frequent ask and one I have answered a few times in posts like this:

https://techcommunity.microsoft.com/t5/azure-log-analytics/log-analytics-for-report-generation/m-p/1469610

Question: Can I schedule a query to run in Azure Monitor Logs / Log Analytics (or even for Azure Sentinel) and email the results?

Answer:  Yes, I think there are two ways.  The first which I don’t go into detail about here is to provide a Azure Monitor Workbook – that way anyone with access can see the data whenever they need (you can also enable a download control if required).

 

However if you do need automation, please use a Logic App (playbook).  These are great for running a Daily/Weekly/ Monthly report schedule.

This is one of mine as a example:

1. The Recurrence – sets the schedule, this one runs on Friday at 23:00 – you decide when.

2. We use the “Run query..” to send the KQL commands and create a output.  I actually run two queries, as I need a Capacity report (shown) and a Performance report.  By adding a parallel branch you can do more or less.

3. Use an email connector like “send an email…” – as I use O365, to send the output to the desired people/team.

 

Annotation 2020-06-17 081316.jpg

Step 1: example

recurrence Logic App

 Step 2

I used a time chart, you can see the other options here:

 

Annotation 2020-06-17 081751.jpg

 

Step 3

I send a very simple email, with the output as an attachment.  You could also send via Microsoft Teams, or any other supported messaging or social platforms – Logic Apps has 100’s of 3rd party connectors?   You use Dynamic content (click from a list, to fill in the Attachment Content / Name field)

Email Logic App

 

 

Please see more details: https://docs.microsoft.com/en-us/azure/logic-apps/tutorial-process-email-attachments-workflow

The post Log Analytics or Azure Sentinel – how schedule a report appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Audit at scale. Workspaces and Azure Security Center http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/06/04/audit-at-scale-workspaces-and-azure-security-center/ Thu, 04 Jun 2020 13:45:57 +0000 A few times this week I’ve had two discussions. How is my Azure Security Center (ASC) licenced and configured? And how many workspaces do I have, and what retention policy is set.   You can look in the portal, however to do this at scale, lets use Azure Resource graph:   I suggest you use

The post Audit at scale. Workspaces and Azure Security Center appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
A few times this week I’ve had two discussions.

  1. How is my Azure Security Center (ASC) licenced and configured?
  2. And how many workspaces do I have, and what retention policy is set.

 

You can look in the portal, however to do this at scale, lets use Azure Resource graph:

 

I suggest you use Azure Resource Graph (ARG) for this (some of which my recent Workbook does as well, but for a quick check you can load ARG in the Azure Portal.  these are some basic query examples, but they could be the basis of more complex queries.

ARG

 

1. Azure Security Center:  free vs. Standard licence

securityresources 
| where type == “microsoft.security/pricings”
| extend tier = trim(‘ ‘,tostring(properties.pricingTier))
| summarize  resource = make_set(name), tier = make_set(tier) by  subscriptionId, tenantId

 

2. Workspace details

resources
| where type == “microsoft.operationalinsights/workspaces”
| extend sku = tostring(properties.sku.name), retention = tostring(properties.retentionInDays), created = tostring(properties.createdDate), modified = tostring(properties.modifiedDate)
| summarize by subscriptionId, name, sku, retention, created, modified, location
| order by sku asc

 

Example output from Query #2:  This shows that most of my workspaces are set for 30day retention but one is 90days (in this case that’s the one that supports my Azure Sentinel., so that is correctly set as 90days is part of the free retention for Azure Sentinel).

ARG output

Query 3:  Much like Query2 but shows if its free or Standard per Subscription ID and Resource Name

 

securityresources 
| where type == “microsoft.security/pricings”
| extend tier = trim(‘ ‘,tostring(properties.pricingTier))
| summarize   tier = make_set(tier) by  subscriptionId, name
| order by subscriptionId
Query 4: For Azure Sentinel workspaces

resources
// Just show Workspaces that have Azure Sentinel enabled
| where type == “microsoft.operationsmanagement/solutions”
| where name contains “SecurityInsights”
| project WorkspaceName=name, S_CreatedDate=properties.creationTime, S_ModifiedDate=properties.lastModifiedTime , day = datetime_diff(‘day’,now(),todatetime(properties.creationTime))

 

The post Audit at scale. Workspaces and Azure Security Center appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Log Analytics: Improved rendering of Charts http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/05/11/log-analytics-improved-rendering-of-charts/ Mon, 11 May 2020 10:11:59 +0000 Hi all,   I just found out today that the Render operator now supports more features in Log Analytics.   Event | summarize dcount(EventID) by Computer , bin(TimeGenerated, 1h) | render timechart with (legend = hidden, title = “My Title here”, xtitle = “X title”, ytitle = “Y title”, ymin = 3, ymax = 10)

The post Log Analytics: Improved rendering of Charts appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
Hi all,

 

I just found out today that the Render operator now supports more features in Log Analytics.

 

Event
| summarize dcount(EventID) by Computer , bin(TimeGenerated, 1h)
| render timechart with (legend = hidden, title = “My Title here”, xtitle = “X title”, ytitle = “Y title”, ymin = 3, ymax = 10)
# Note: previously you could only set a Title in Log Analytics
Now you can set X and Y axis names, and values !   Thanks Dan for the tip!
Log Analytics chart example

The post Log Analytics: Improved rendering of Charts appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
How Azure can help the public sector to innovate and stay resilient http://approjects.co.za/?big=en-gb/industry/blog/government/2020/04/30/azure-pricing-arrangement/ http://approjects.co.za/?big=en-gb/industry/blog/government/2020/04/30/azure-pricing-arrangement/#comments Thu, 30 Apr 2020 09:29:56 +0000 The public sector can innovate, and transform for the future by moving to the cloud with the help of the Azure Pricing Arrangement.

The post How Azure can help the public sector to innovate and stay resilient appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
In these rapidly changing times, it is more important than ever for the public sector to be able to respond to new opportunities, threats, and innovate and transform for the future.

Moving to the cloud means organisations can take advantage of new technology such as AI, intelligent security, and improve resilience and scalability. The UK Government has taken a public cloud first policy and has recently reaffirmed this approach in its new Cloud Guide for PS.

In order to keep providing great experiences for citizens, empowering employees with real-time information, and optimise and streamline services and operations, the public sector needs to adopt hyper-scale public cloud capabilities. Azure has been used to help police tackle crimes, support NHS Trusts with AI, and support social care.

Improving access to cloud capabilities

We want the public sector to have access to these capabilities in Azure. This is why we’ve worked closely with the Crown Commercial Service to agree a new non-binding Azure Pricing Arrangement (APA). It builds on the recently announced One Government Cloud Strategy and Cloud Guide for PS. It also ensures better value for money, by providing discounted pricing and beneficial terms for eligible public sector organisations when using Azure.

Doing this opens up the opportunity for public sector customers to address three important things. These are:

  • Create a hybrid cloud journey – Protect existing investments by providing tools to support and manage hybrid cloud and multi-cloud capabilities, both technically and commercially.
  • Turbocharge data insights and application development – Leverage tools such as Power Platform (PowerApps, PowerAutomate, Power Virtual Agents and Power BI) and Azure AI to rapidly develop solutions that offer users insights from vast quantities of data. Azure GitHub also provides the largest world-class platform for sharing code and ensuring the public sector family can take advantage of collaboration and sharing.
  • Microsoft’s commitment to sustainability – Microsoft is working to become carbon negative by 2030. By using Azure, the public sector can be sure it is working with a supplier that is having a positive, constructive, and tangible impact on climate change.

The Azure Pricing Arrangement will also help public sector customers accelerate their digital transformation journey and address some important points from the Cloud Guide for PS.

Be more innovative

It’s hard to be innovative when you have to stick to budgets, but the APA gives you an opportunity to re-imagine and redesign citizen services, as well as improve and make operations more resilient and scalable.

Take advantage of analytics, AI, and machine learning to quickly analyse large government datasets. Azure services such as Azure Cognitive Services brings AI within reach of every developer – without requiring machine learning expertise. Azure Synapse Analytics is a service that brings together enterprise data warehousing and Big Data analytics. Azure Blockchain Service offers the opportunity to quickly build, govern and expand blockchain networks at scale, providing new ways to track and secure important data in distributed citizen processes.

Azure Digital Twins can create comprehensive models of physical environments using spatial intelligence graphs to model the relationships and interactions between people, places, and devices. This helps discover opportunities to improve customer experiences, create new efficiencies, and improve spaces in which people live and work.

Futureproofing your employees

Empower your employee’s up-skill and re-skill. Microsoft Learn has free, on-demand modules and learning paths to help learner’s up-skill. They can also gain industry-recognised Microsoft Certifications, including Azure Data Scientist and AI Engineers. This not only ensures your employees have the skills to get the best out of Azure and its capabilities, but its futureproofing their careers.

Supporting a hybrid and multi-cloud journey

Some organisations use multiple cloud providers, or have a hybrid model with some data stored on their own servers and some in the public cloud. The new public sector APA will enable discounts for Azure services and products that build on existing investments and support the journey to cloud. Azure Arc allows management of complex and distributed environments across on-premises, edge, and multi-cloud scenarios, and offers features such as cloud billing for existing on-premises workloads which can help optimise costs. Azure Stack is a unique hybrid cloud solution that expands the Azure cloud and lets customers run Microsoft Azure Services on-premises from their own data centre. Azure Stack shares a standardised architecture, including the same portal, unified application model, and common DevOps tools.

Intelligent security

Security is a critical component for the public sector, especially as they hold large amounts of sensitive and personal data. Azure provides the opportunity to build next-generation security operations using the cloud and AI, while ensuring organisations meet compliance and regulatory standards. Azure Sentinel uses advanced AI and security analytics to help detect, hunt, prevent, and respond to threats across the organisation. Azure Security Center helps strengthen the security posture of data centres, and provides advanced threat protection across cloud and on-premise workloads.

Helping you achieve more

The new APA has been agreed as an addendum to the existing Digital Transformation Arrangement (DTA) MoU between Microsoft and the Crown Commercial Service, which runs until April 2021. The DTA featured packages and tools to help with GDPR compliance and governance, as well as Microsoft 365, Enterprise Security, Microsoft Teams, and Windows 10 Enterprise capabilities.

Get guidance and support

In order to help the public sector on their Azure journey, we’ve launched some programmes to provide guidance, learning, and help accelerate projects. Take a look at FastTrack for Azure and the Azure Migration Programme. The new public sector APA has also launched some special offers for Azure Support.

The Azure Pricing Arrangement for eligible public sector customer will also be available until April 2021. To unlock the opportunity from this deal please talk to your Microsoft Account Manager or Microsoft certified reseller for more details on the options available.

The post How Azure can help the public sector to innovate and stay resilient appeared first on Microsoft Industry Blogs - United Kingdom.

]]>
http://approjects.co.za/?big=en-gb/industry/blog/government/2020/04/30/azure-pricing-arrangement/feed/ 1