Modern SecOps Management with Unified XDR, SIEM and Microsoft Security Copilot

In the realm of modern security operations (SecOps) management, the integration of XDR, SIEM, threat intelligence and Microsoft Security Copilot has revolutionized the landscape.

Throughout the session, we'll delve into subjects encompassing unified security administration, improved threat identification and response, and the utilization of AI-driven insights. Additionally, we'll explore how AI can simplify operations by correlating and integrating data across diverse security systems.

Witness live demonstrations illustrating how SOC Analysts can seamlessly navigate from detection and prevention to investigation and swift response using generative AI. These demos will showcase the effortless integration and management of security data across various environments, including endpoints, SaaS platforms, on-premises networks, and cloud infrastructure.

If you're seeking to elevate your security management practices, this session is a must-not-miss opportunity.

Entra Private Access: Secure identity based access to any app, anywhere from any device

Learn how Microsoft Entra Private Access provides your users - whether in an office or working remotely - secured access to your private, corporate resources using any private resource, port, and protocol – all using technologies that your admins knows and using licenses you might already have.

During the session, you will see how you can provision a secure tunnel access with SMB, RDP, SSH, HTTPS access to internal servers - all using technologies like Entra ID Enterprise Apps, Entra Conditional Access, Entra App Proxy, Windows Hello Cloud Kerberos Trust and Global Secure Access; Microsoft's Security Service Edge solution.

Microsoft Entra Private Access is a game-changer !

Mastering Microsoft Security Exposure Management: Become a Security Ninja!

Are you often asked by management about your defenses against phishing emails, ransomware attacks, and how your critical assets are protected, but find it challenging to explain? This session is designed just for you.

During the session, you'll learn how to deepen your grasp of security posture management through detailed exposure insights and explore various security initiatives, including domain-specific and threat-focused areas. You will learn to master attack surface management to identify and mitigate potential attack paths. We'll also teach you how to assess the security status of your infrastructure using detailed metrics and how we recommend how to implement Microsoft's recommendations to enhance your protections.

Furthermore, you'll discover effective strategies for reporting to management in a way that builds trust in your security reporting. Finally, you'll leave equipped with a comprehensive plan for successful implementation, aimed at improving the maturity of processes and organizational support throughout your security journey.

In-depth Security Posture Management: Gain detailed insights into your security environment to improve defense mechanisms.

Attack Surface Management: Learn techniques to identify and mitigate vulnerabilities and potential attack paths.

Detailed Security Metrics: Understand how to assess and track the security status of your infrastructure using comprehensive metrics.

Implementation of Microsoft's Recommendations: Discover how to effectively implement Microsoft's strategies to enhance your security protections.

Communication Strategies: Develop effective methods for reporting to management to build trust and clarity in your security measures.

Seeing is Believing: Cool Demos of Azure Copilot & Copilot for Security

Get ready for 55 min of cool demos of Microsoft Copilot for Security & Azure Copilot.

Microsoft Copilot for Security
You will learn how integrations are configured. What is embedded & standalone version? See how Copilot for Security can help analyze security incidents. We will also learn to ask the right questions and discuss capacity planning - and lots more

Azure Copilot - learn how you can use it to deploy new environments, troubleshoot performance, make better decisions in Azure.

Get your coffee ready, it will go fast and be fun !

* demos of Microsoft Copilot for Security
* demos of Azure Copilot

How to become a Security Ninja using Copilot for Security & the new "Secure Score V2", MSEM

Get ready for 60 min of cool demos of Microsoft Copilot for Security & Microsoft Security Exposure Management.

Microsoft Copilot for Security - What is embedded & standalone version? How can I create custom plugins. See how Copilot for Security can help analyze security incidents. You will also learn how integrations are configured with your own data with custom plugins.

Microsoft Security Exposure Management - Learn how to deepen your grasp of security posture management through detailed exposure insights and explore various security initiatives, including domain-specific and threat-focused areas. You will learn to master attack surface management to identify and mitigate potential attack paths. We'll also teach you how to assess the security status of your infrastructure using detailed metrics and how we recommend how to implement Microsoft's recommendations to enhance your protections.

Get your coffee ready, it will go fast and be fun !

1: (Almost) pure demos for 60 min
2: Microsoft Copilot for Security deep-dive
3: Microsoft Security Exposure Management deep-dive

Good Prompt, Bad Prompt: How to Interrogate Copilot

Join us for an in-depth exploration into the art of prompting, where we dive into the nuances of effective and ineffective techniques through our guide on '10 Tips of Good & Bad Prompting.'

This session is designed to enhance your understanding of prompting by discussing the 'costs' associated with AI capacity. We will also explore how prompt books can serve as invaluable tools in this process. Additionally, you'll learn how to integrate your own data with custom plugins, enabling more personalized and efficient prompting strategies.

Whether you're a beginner or looking to refine your skills, this session will equip you with the knowledge to excel in prompting."

1: Good & Bad prompting in AI - with focus on Microsoft Copilot for Security
2: Custom integration into Microsoft Copilot for Security

Mastering Your Logging Ninja Skills with LogAnalytics v2

Are you prepared for the deprecation of Azure LogAnalytics (v1) with Microsoft Monitoring Agent and HTTP Data Collector API? If not, this session is designed to provide you with comprehensive insights on navigating the transition smoothly to DCR-formatted logs, Azure Monitor Agent, and Log Ingestion API (LogAnalytics v2).

Get ready to delve into understanding Data Collection Rules, the Data Collection Endpoint, Table management, and mastering schema management. Additionally, learn effective methods to transform your data to address cost optimizations or comply with regulatory requirements.

For those new to LogAnalytics, this session offers inspiration on how leveraging custom log data can provide significant value for desired state reporting, monitoring, and troubleshooting.

By the session's conclusion, you'll also have learned about a Powershell module, AzLogDcrIngestPS, which is recommended by Microsoft in the official Learn documentation and has surpassed 1.1 million downloads within its first year. During this session, you'll have the opportunity to hear from the module's creator, empowering you to become proficient in logging like a ninja.

Level 300-400.
Duration of 45-60 min.

Objectives:
1) Get everyone ready before deprecation of MMA and HTTP Log Collector API
2) Understand the pitfalls and how to navigate around this using the provided PS module and guides
3) Learn the power of Data Collection Rules including data transformation (cost, compliance, normalization)

Previous sessions (pictures):
https://mortenknudsen.net/?page_id=112

Unleash the Power of Azure Resource Graph

In this session, you'll gain profound insights into effectively querying the status of your Azure resources on a large scale, almost in real-time. This will encompass utilizing various tools such as the portal, Azure CLI, Powershell, .NET, Go, Java, JavaScript, Python, Ruby, and REST.

Expect an engaging demo-packed session that will showcase numerous samples illustrating use-cases such as automation, change tracking, health monitoring, resource inventory, and security and compliance audits.

Furthermore, by the session's conclusion, you'll have learned about an helpful (and free) Powershell module known as AzResourceGraphPS. This module offers over 100 pre-built KQL queries for Azure Resource Graph, and you'll have the opportunity to hear from the module's creator during this session.

Level 300. Duration of 45-60 min

Objectives:
1) Learn the power of Azure Resource Graph to query the state of Azure Resources at scale in near real time
2) Show real-life examples of how to query the data from lots of use-cases
3) Introduce participants to repository with +100 queries ready to use in their own environment

Privileged Access Strategy: Best Practices and Common Mistakes when Tiering Cloud and AD

Gain insights from real-life experiences on how to craft an effective privileged access strategy that supports "Just Enough, Just In Time" access while maintaining control and avoiding potential security breaches.

Explore the various use-cases, potential pitfalls, and limitations inherent in implementing privileged access using the Microsoft Enterprise Access Model, tailored to scale across multi-cloud environments and on-premise Active Directory setups.

Discover how to manage delegations to IT personnel and end-users using Entra Privileged Identity Management. This session will showcase specific examples of privileged access designs for platforms like Power BI, Azure Landing Zones, Intune, and more.

Still using legacy Active Directory, but would like to get PIM for AD, then come to this session to see it - based on PIM for Entra ID combined with AD TTL group membership.

By the session's conclusion, you'll also have learned about various useful (and free) community add-ons developed by the speaker, including tools like PIM Assignment Revoker, PIM Assignment Wizard, PIM Assignment Exporter, and PIM Baseline Automation.

Time 45-60 min.

Objectives:
1) Lessons learned of how to design privileged access strategy to scale to on-prem and multi-scale
2) Show real-life examples (templates) of how to support well-known workloads like Power BI, Azure landing zones, Intune, Exchange, etc.
3) Introduce participants to extra (free) add-ons to support advanced needs in PIM

Become a Intune Logging Ninja using Azure Custom Logs and Dashboards

Get ready to delve into understanding how you can use Intune and Azure to harness valuable custom data for insightful analysis of your infrastructure's security, operational health, costs, warranties, and more. Gain exclusive access to a community package of 15 dashboards and essential scripts – all complimentary and readily deployable.

For those new to LogAnalytics, this session offers inspiration on how leveraging custom log data can provide significant value enabling comprehensive state reporting, proactive monitoring, and troubleshooting.

Acquire the expertise to utilize KQL effectively, empowering you to query and present collected data across diverse formats, from dynamic dashboards to responsive alerting systems and versatile workbooks.

In addition, uncover the power of a highly recommended PowerShell module, AzLogDcrIngestPS, endorsed by Microsoft within their official Learn documentation. Boasting over 1 million downloads in its inaugural year, this session offers a unique opportunity to engage with the module's creator, empowering you to become proficient in logging like a true ninja.

Empower Your Security: Leverage Microsoft's KPIs for End-to-End Control

Are you in control with the security of you endpoints, cloud, identity, and can you maintain that control consistently? If you're facing challenges, this session is for you. We'll show you how to harness Microsoft technologies and KPIs to identify and address deviations in your infrastructure and workloads, ensuring ongoing management and security.

Expect a demo-rich presentation featuring tools like Microsoft Security Exposure Management, Azure LogAnalytics & Dashboards (ClientInspector), and Microsoft Copilot for Security. We'll showcase an AI solution developed by the speaker, focusing on detecting anomalies and automating fixes.

We'll explore the lifecycle of working with KPIs and discuss the various stages of maturity typically encountered.

By the end of this session, you'll have a clear strategy for implementing KPIs, managing recommendations, and handling exceptions. Plus, you'll get a preview of free tools that you can start using immediately.

Comprehensive Use of Microsoft Technologies: Learn how to utilize Microsoft technologies and KPIs to consistently monitor and manage security across your endpoints, cloud, and identity systems.

Demo-Rich Presentation: Experience practical demonstrations using Microsoft Security Exposure Management, Azure LogAnalytics, Dashboards (ClientInspector), and Microsoft Copilot for Security to enhance your security operations.

AI-Driven Security Solutions: Explore an AI solution developed by the speaker that focuses on detecting anomalies and automating fixes to maintain optimal security.

KPI Lifecycle Management: Delve into the lifecycle of working with KPIs, from initial implementation to navigating various maturity stages and making adjustments based on performance data.

Strategic Implementation and Tools: Gain a clear strategy for effectively implementing KPIs, managing recommendations, and handling exceptions, complemented by a preview of free tools available for immediate use to bolster your security measures.