Morten Knudsen

Morten Knudsen

Microsoft MVP Security & Azure Hybrid MVP, MCT, Cloud & Security Architect

Kolding, Denmark

Morten is Microsoft MVP Security & Azure Hybrid MVP, MCT and holds +20 active certifications. As a Cloud & Security Architect, he is very passionate about Azure Infrastructure, M365, Automation, Security, Hybrid Cloud - and blogs about these topics on mortenknudsen.net. He loves to travel with his family and is a PADI Dive Master & PADI Master Scuba Diver.


Area of Expertise

  • Information & Communications Technology


  • Logging
  • Security
  • defender for endpoint
  • Microsoft 365 Defender
  • Microsoft Defender for Cloud
  • Microsoft sentinel
  • Automation with PowerShell
  • Azure AD
  • Azure Arc
  • Defender for Identity
  • Microsoft Defender for Office 365
  • Microsoft Defender for Cloud Apps
  • Defender
  • azure defender
  • Microsoft Defender for Endpoint
  • Azure Identity Management
  • Identity Management
  • Identity Governance
  • Office 365 Identity
  • Azure Hybrid Identity
  • Microsoft (Azure) Identity
  • Identity and Access Management
  • microsoft defender
  • Microsoft Identity
  • Cloud Adoption Framework
  • Cloud Security
  • Cloud Automation
  • Cloud Technology
  • Cloud Security Architecture
  • Cloud Native Infrastructure
  • Cloud strategy
  • Cloud Advisory

Mastering Your Logging Ninja Skills with LogAnalytics v2

Are you prepared for the deprecation of Azure LogAnalytics (v1) with Microsoft Monitoring Agent and HTTP Data Collector API? If not, this session is designed to provide you with comprehensive insights on navigating the transition smoothly to DCR-formatted logs, Azure Monitor Agent, and Log Ingestion API (LogAnalytics v2).

Get ready to delve into understanding Data Collection Rules, the Data Collection Endpoint, Table management, and mastering schema management. Additionally, learn effective methods to transform your data to address cost optimizations or comply with regulatory requirements.

For those new to LogAnalytics, this session offers inspiration on how leveraging custom log data can provide significant value for desired state reporting, monitoring, and troubleshooting.

By the session's conclusion, you'll also have learned about a Powershell module, AzLogDcrIngestPS, which is recommended by Microsoft in the official Learn documentation and has surpassed 1 million downloads within its first year. During this session, you'll have the opportunity to hear from the module's creator, empowering you to become proficient in logging like a ninja.

Level 300-400.
Duration of 45-60 min.

1) Get everyone ready before deprecation of MMA and HTTP Log Collector API
2) Understand the pitfalls and how to navigate around this using the provided PS module and guides
3) Learn the power of Data Collection Rules including data transformation (cost, compliance, normalization)

Previous sessions (pictures):

Unleash the Power of Azure Resource Graph

In this session, you'll gain profound insights into effectively querying the status of your Azure resources on a large scale, almost in real-time. This will encompass utilizing various tools such as the portal, Azure CLI, Powershell, .NET, Go, Java, JavaScript, Python, Ruby, and REST.

Expect an engaging demo-packed session that will showcase numerous samples illustrating use-cases such as automation, change tracking, health monitoring, resource inventory, and security and compliance audits.

Furthermore, by the session's conclusion, you'll have learned about an helpful (and free) Powershell module known as AzResourceGraphPS. This module offers over 100 pre-built KQL queries for Azure Resource Graph, and you'll have the opportunity to hear from the module's creator during this session.

Level 300. Duration of 45-60 min

1) Learn the power of Azure Resource Graph to query the state of Azure Resources at scale in near real time
2) Show real-life examples of how to query the data from lots of use-cases
3) Introduce participants to repository with +100 queries ready to use in their own environment

Privileged Access Strategy: Best Practices and Common Mistakes when Tiering Cloud and AD

Gain insights from real-life experiences on how to craft an effective privileged access strategy that supports "Just Enough, Just In Time" access while maintaining control and avoiding potential security breaches.

Explore the various use-cases, potential pitfalls, and limitations inherent in implementing privileged access using the Microsoft Enterprise Access Model, tailored to scale across multi-cloud environments and on-premise Active Directory setups.

Discover how to manage delegations to IT personnel and end-users using Entra Privileged Identity Management. This session will showcase specific examples of privileged access designs for platforms like Power BI, Azure Landing Zones, Intune, and more.

Still using legacy Active Directory, but would like to get PIM for AD, then come to this session to see it - based on PIM for Entra ID combined with AD TTL group membership.

By the session's conclusion, you'll also have learned about various useful (and free) community add-ons developed by the speaker, including tools like PIM Assignment Revoker, PIM Assignment Wizard, PIM Assignment Exporter, and PIM Baseline Automation.

Time 45-60 min.

1) Lessons learned of how to design privileged access strategy to scale to on-prem and multi-scale
2) Show real-life examples (templates) of how to support well-known workloads like Power BI, Azure landing zones, Intune, Exchange, etc.
3) Introduce participants to extra (free) add-ons to support advanced needs in PIM

European Cloud Summit 2023 Upcoming

Automating the Transition to Log Ingestion API & Data Collection Rules for your Logs in LogAnalytics

December 2023 Wiesbaden, Germany

NIC Cloud Connect 2023

November 2023 Oslo, Norway

Azure Back to School 2023

September 2023

Global Azure 2023 - Bengaluru

May 2023 Bengaluru, India

Morten Knudsen

Microsoft MVP Security & Azure Hybrid MVP, MCT, Cloud & Security Architect

Kolding, Denmark