Improving Threat Hunting Efficiency using Copilot for Security

Join us for a transformative session on enhancing threat hunting efficiency with Copilot for Security. Discover innovative strategies to streamline your security operations, leverage Copilot's advanced AI capabilities for faster threat detection, and reduce response times. Learn how to integrate Copilot seamlessly into your security workflow, empowering your team to stay ahead of emerging threats. This session is a must-attend for security professionals seeking to elevate their threat hunting prowess with cutting-edge AI technology.

Clash of Colors: The Red vs. Blue Team Showdown

Electrifying conference session where these two opposing forces go head-to-head.

The Duel Rule: Attacker executes attacks against untested environment. Defender doesn't know what techniques attacker is going to use.

Session constains
- Ethical Hacking Demos. Attacker demonstrates ethical hacking techniques, revealing how they breach systems.
- Incident response. Defender counters with live demonstrations of incident response with Microsoft 365 XDR, Microsoft Sentinel and Copilot for Security.
- Attack mitigation. Defender fixes the environment to prevent this from happening again

Mastering Identity with Entra ID: Regain the Control !

If you don't feel you are 100% in control with your identities, this session is for you so you can regain control!

Join us for an in-depth session on mastering identity control using Entra ID. This session will guide you through essential steps such as tagging user classifications and authentication methods, establishing over 55 targeted conditional access policies, learning about authentication strengths and methods and leveraging reporting tools to manage non-compliant identities.

We will also discuss the importance of challenging existing processes and establishing new ones to enhance security and efficiency.

Key Topics:
(1) User Classification and Authentication Methods:
• Learn how to effectively tag users based on classification.
• Explore various authentication methods and their implementation.

(2) Conditional Access Policies:
• Establish and configure over 55 conditional access policies tailored to your organization’s needs.
• Target specific user groups and scenarios to ensure robust security measures.

(3) Reporting and Compliance:
• Gain control over non-compliant identities by utilizing reporting tools.
• Monitor key metrics such as last logon, authentication methods, MFA status, and identity license compliance.

(4) Process Evaluation and Improvement:
• Discuss the necessity of challenging existing processes.
• Explore the establishment of new processes to align with modern security requirements.

(5) Managing Conditional Access Policies:
• Utilize scripts to manage and automate conditional access policies.
• Roll out policies using pilot groups to ensure smooth implementation and minimal disruption.

Takeaways:
• You will have a comprehensive understanding of how to manage identities in Entra ID, implement and monitor conditional access policies, and continuously improve your security processes.
• You’ll also gain practical insights into using scripts for policy management and the benefits of pilot group rollouts.
• Don’t miss this opportunity to take control of your identity management and enhance your organization’s security posture!

Anomaly Detection and Modern Iaas & Paas Management with Azure

Join us for an insightful session on modern availability and performance management, as well as anomaly troubleshooting in Microsoft Azure.

This session will cover a range of Azure services and tools, including Azure Monitor Investigator, Azure Monitor VM Insights, Azure Monitor Application Insights, Azure Resource Graph, Azure Monitor Starter Pack, Azure Logic Apps, and Azure Log Analytics.

We will also demonstrate how machine learning and AI, powered by Azure Copilot, can integrate these tools seamlessly.

Key Topics:
(1) Monitoring IaaS and PaaS:
• Understand the essentials of monitoring both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments.
• Learn how to configure and utilize Azure Monitor and related tools for comprehensive monitoring.

(2) Azure Monitoring Tools:
• Explore Azure Monitor Investor, Azure Monitor VM Insights, Azure Monitor Application Insights, Azure Resource Graph, and Azure Log Analytics.
• Discover the capabilities of the Azure Monitor Starter Pack for quick setup and monitoring.

(3) Machine Learning and AI with Azure Copilot:
• See how Azure Copilot leverages machine learning and AI to bring together various monitoring tools.
• Enhance your monitoring and troubleshooting processes with advanced AI capabilities.

(4) Setting Up Prerequisites for IaaS:
• Learn in-depth about setting up Data Collection Rules, Data Collection Endpoints, and the Azure Monitor Agent.
• Ensure your monitoring setup is robust and working - with DCR monitoring

(5) Management Packs:
• Discuss the concept and implementation of management packs for monitoring IaaS and PaaS services – using Azure Monitor Starter Packs
• Customize management packs to fit your specific monitoring needs.

6) Monitoring of Legacy Services:
• Integrate Logic Apps into your existing monitoring framework for extended capabilities.
• See practical examples of using Azure Logic Apps to monitor legacy Windows services.

(7) Cost Control Strategies:
• Discuss methods to ensure your monitoring setup is cost-effective.
• Learn tips and tricks to manage and optimize costs without compromising on monitoring quality.

Takeaways:
• You will have a thorough understanding of modern availability and performance management in Microsoft Azure.
• You will be equipped with the knowledge to monitor IaaS and PaaS environments effectively, utilize a variety of Azure tools, and implement cost control strategies.
• You will learn how to troubleshoot using anomaly troubleshooting tools

Mastering Your Logging Ninja Skills with LogAnalytics v2

Are you prepared for the deprecation of Azure LogAnalytics (v1) with Microsoft Monitoring Agent and HTTP Data Collector API? If not, this session is designed to provide you with comprehensive insights on navigating the transition smoothly to DCR-formatted logs, Azure Monitor Agent, and Log Ingestion API (LogAnalytics v2).

Get ready to delve into understanding Data Collection Rules, the Data Collection Endpoint, Table management, and mastering schema management. Additionally, learn effective methods to transform your data to address cost optimizations or comply with regulatory requirements.

For those new to LogAnalytics, this session offers inspiration on how leveraging custom log data can provide significant value for desired state reporting, monitoring, and troubleshooting.

By the session's conclusion, you'll also have learned about a Powershell module, AzLogDcrIngestPS, which is recommended by Microsoft in the official Learn documentation and has surpassed 1.1 million downloads within its first year. During this session, you'll have the opportunity to hear from the module's creator, empowering you to become proficient in logging like a ninja.

Level 300-400.
Duration of 45-60 min.

Objectives:
1) Get everyone ready before deprecation of MMA and HTTP Log Collector API
2) Understand the pitfalls and how to navigate around this using the provided PS module and guides
3) Learn the power of Data Collection Rules including data transformation (cost, compliance, normalization)

Previous sessions (pictures):
https://mortenknudsen.net/?page_id=112

Unleash the Power of Azure Resource Graph

In this session, you'll gain profound insights into effectively querying the status of your Azure resources on a large scale, almost in real-time. This will encompass utilizing various tools such as the portal, Azure CLI, Powershell, .NET, Go, Java, JavaScript, Python, Ruby, and REST.

Expect an engaging demo-packed session that will showcase numerous samples illustrating use-cases such as automation, change tracking, health monitoring, resource inventory, and security and compliance audits.

Furthermore, by the session's conclusion, you'll have learned about an helpful (and free) Powershell module known as AzResourceGraphPS. This module offers over 100 pre-built KQL queries for Azure Resource Graph, and you'll have the opportunity to hear from the module's creator during this session.

Level 300. Duration of 45-60 min

Objectives:
1) Learn the power of Azure Resource Graph to query the state of Azure Resources at scale in near real time
2) Show real-life examples of how to query the data from lots of use-cases
3) Introduce participants to repository with +100 queries ready to use in their own environment

Privileged Access Strategy: Best Practices and Common Mistakes when Tiering Cloud and AD

Gain insights from real-life experiences on how to craft an effective privileged access strategy that supports "Just Enough, Just In Time" access while maintaining control and avoiding potential security breaches.

Explore the various use-cases, potential pitfalls, and limitations inherent in implementing privileged access using the Microsoft Enterprise Access Model, tailored to scale across multi-cloud environments and on-premise Active Directory setups.

Discover how to manage delegations to IT personnel and end-users using Entra Privileged Identity Management. This session will showcase specific examples of privileged access designs for platforms like Power BI, Azure Landing Zones, Intune, and more.

Still using legacy Active Directory, but would like to get PIM for AD, then come to this session to see it - based on PIM for Entra ID combined with AD TTL group membership.

By the session's conclusion, you'll also have learned about various useful (and free) community add-ons developed by the speaker, including tools like PIM Assignment Revoker, PIM Assignment Wizard, PIM Assignment Exporter, and PIM Baseline Automation.

Time 45-60 min.

Objectives:
1) Lessons learned of how to design privileged access strategy to scale to on-prem and multi-scale
2) Show real-life examples (templates) of how to support well-known workloads like Power BI, Azure landing zones, Intune, Exchange, etc.
3) Introduce participants to extra (free) add-ons to support advanced needs in PIM

Empower Your Security: Leverage Microsoft's KPIs for End-to-End Control

Are you in control with the security of you endpoints, cloud, identity, and can you maintain that control consistently? If you're facing challenges, this session is for you. We'll show you how to harness Microsoft technologies and KPIs to identify and address deviations in your infrastructure and workloads, ensuring ongoing management and security.

Expect a demo-rich presentation featuring tools like Microsoft Security Exposure Management, Azure LogAnalytics & Dashboards (ClientInspector), and Microsoft Copilot for Security. We'll showcase an AI solution developed by the speaker, focusing on detecting anomalies and automating fixes.

We'll explore the lifecycle of working with KPIs and discuss the various stages of maturity typically encountered.

By the end of this session, you'll have a clear strategy for implementing KPIs, managing recommendations, and handling exceptions. Plus, you'll get a preview of free tools that you can start using immediately.

Comprehensive Use of Microsoft Technologies: Learn how to utilize Microsoft technologies and KPIs to consistently monitor and manage security across your endpoints, cloud, and identity systems.

Demo-Rich Presentation: Experience practical demonstrations using Microsoft Security Exposure Management, Azure LogAnalytics, Dashboards (ClientInspector), and Microsoft Copilot for Security to enhance your security operations.

AI-Driven Security Solutions: Explore an AI solution developed by the speaker that focuses on detecting anomalies and automating fixes to maintain optimal security.

KPI Lifecycle Management: Delve into the lifecycle of working with KPIs, from initial implementation to navigating various maturity stages and making adjustments based on performance data.

Strategic Implementation and Tools: Gain a clear strategy for effectively implementing KPIs, managing recommendations, and handling exceptions, complemented by a preview of free tools available for immediate use to bolster your security measures.

Entra Private Access: Secure identity based access to any app, anywhere from any device

Learn how Microsoft Entra Private Access provides your users - whether in an office or working remotely - secured access to your private, corporate resources using any private resource, port, and protocol – all using technologies that your admins knows and using licenses you might already have.

During the session, you will see how you can provision a secure tunnel access with SMB, RDP, SSH, HTTPS access to internal servers - all using technologies like Entra ID Enterprise Apps, Entra Conditional Access, Entra App Proxy, Windows Hello Cloud Kerberos Trust and Global Secure Access; Microsoft's Security Service Edge solution.

Microsoft Entra Private Access is a game-changer !

Mastering Microsoft Security Exposure Management: Become a Security Ninja!

Are you often asked by management about your defenses against phishing emails, ransomware attacks, and how your critical assets are protected, but find it challenging to explain? This session is designed just for you.

During the session, you'll learn how to deepen your grasp of security posture management through detailed exposure insights and explore various security initiatives, including domain-specific and threat-focused areas. You will learn to master attack surface management to identify and mitigate potential attack paths. We'll also teach you how to assess the security status of your infrastructure using detailed metrics and how we recommend how to implement Microsoft's recommendations to enhance your protections.

Furthermore, you'll discover effective strategies for reporting to management in a way that builds trust in your security reporting. Finally, you'll leave equipped with a comprehensive plan for successful implementation, aimed at improving the maturity of processes and organizational support throughout your security journey.

In-depth Security Posture Management: Gain detailed insights into your security environment to improve defense mechanisms.

Attack Surface Management: Learn techniques to identify and mitigate vulnerabilities and potential attack paths.

Detailed Security Metrics: Understand how to assess and track the security status of your infrastructure using comprehensive metrics.

Implementation of Microsoft's Recommendations: Discover how to effectively implement Microsoft's strategies to enhance your security protections.

Communication Strategies: Develop effective methods for reporting to management to build trust and clarity in your security measures.

Seeing is Believing: Cool Demos of Azure Copilot & Copilot for Security

Get ready for 55 min of cool demos of Microsoft Copilot for Security & Azure Copilot.

Microsoft Copilot for Security
You will learn how integrations are configured. What is embedded & standalone version? See how Copilot for Security can help analyze security incidents. We will also learn to ask the right questions and discuss capacity planning - and lots more

Azure Copilot - learn how you can use it to deploy new environments, troubleshoot performance, make better decisions in Azure.

Get your coffee ready, it will go fast and be fun !

* demos of Microsoft Copilot for Security
* demos of Azure Copilot