Sign up to save your podcasts
Or
Share Corissa Koopmans and Mark Morowczynski: Azure AD Threat Detection and Logging
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Corissa Koopmans and Mark Morowczynski: Azure AD Threat Detection and Logging
Click here to send us your ideas and feedback on Blueprint!
Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa Koopmans, and 3rd time returning guest Mark Morowczynski, to tell us about the important work that’s been done to help organizations understand their data and detect Azure AD attacks. We cover log sources, the new Microsoft security operations guide, standardized dashboards and visualizations you can leverage to jump right in with best practice, and much more. You don’t want to miss this one!
Corissa Koopmans and Mark Morowczynski
Corissa Koopmans (@Corissalea) is part of the "Get to Production" team in the Microsoft Identity and Network Access Division, focusing on incorporating customer feedback to improve our products. She is very active in driving community contribution to AzureMonitor Log Analytics and increasing awareness of the power of log data by presenting at industry events including BSides, The Experts Conference (TEC), SPARK, & Microsoft MVP Summits.
Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. He's spoken at various industry events such as Black Hat, Defcon Blue TeamVillage, Blue Team Con, GrayHat, several BSides, and more. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.
Azure AD SecOps - aka.ms/azureadsecops
Azure Monitor Log Analytics and KQL resources: aka.ms/KQLBlueTeam
For community contribution, please follow these prerequisites (these steps are also available at aka.ms/KQLBlueTeaml):
1. Have a GitHub account
2. Belong to the Microsoft Organization in GitHub
a. If you do not yet belong, click on this link: https://repos.opensource.microsoft.com/ and then select “Microsoft” to join their organization
3. Be a member of the @azure-ad-workbooks team in GitHub
a. if you are not yet a member, go to the
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
View all episodes
By SANS Institute
4.9
131131 ratings
Click here to send us your ideas and feedback on Blueprint!
Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa Koopmans, and 3rd time returning guest Mark Morowczynski, to tell us about the important work that’s been done to help organizations understand their data and detect Azure AD attacks. We cover log sources, the new Microsoft security operations guide, standardized dashboards and visualizations you can leverage to jump right in with best practice, and much more. You don’t want to miss this one!
Corissa Koopmans and Mark Morowczynski
Corissa Koopmans (@Corissalea) is part of the "Get to Production" team in the Microsoft Identity and Network Access Division, focusing on incorporating customer feedback to improve our products. She is very active in driving community contribution to AzureMonitor Log Analytics and increasing awareness of the power of log data by presenting at industry events including BSides, The Experts Conference (TEC), SPARK, & Microsoft MVP Summits.
Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. He's spoken at various industry events such as Black Hat, Defcon Blue TeamVillage, Blue Team Con, GrayHat, several BSides, and more. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.
Azure AD SecOps - aka.ms/azureadsecops
Azure Monitor Log Analytics and KQL resources: aka.ms/KQLBlueTeam
For community contribution, please follow these prerequisites (these steps are also available at aka.ms/KQLBlueTeaml):
1. Have a GitHub account
2. Belong to the Microsoft Organization in GitHub
a. If you do not yet belong, click on this link: https://repos.opensource.microsoft.com/ and then select “Microsoft” to join their organization
3. Be a member of the @azure-ad-workbooks team in GitHub
a. if you are not yet a member, go to the
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
More shows like Blueprint: Build the Best in Cyber Defense
View all
Security Now (Audio)
1,971 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
CyberWire Daily
1,007 Listeners
Smashing Security
311 Listeners
Click Here
406 Listeners
Darknet Diaries
7,865 Listeners
CISO Series Podcast
187 Listeners
![Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' About [Infosec] News, Powered by Black Hills Information Security
91 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
129 Listeners
How to Fix the Internet
117 Listeners
Cloud Security Podcast by Google
38 Listeners
Risky Bulletin
33 Listeners