Welcome to My Faber Security
Through my blogs I hope to share security content including lessons learned, generic concept details, deeper dives, best practices, workarounds, and tips & tricks I’ve learned over the years.
My goal is to share information that is useful to anyone that is interested in security, regardless of experience level.
Latest from the Blog
Sentinel Incident Report using Azure OpenAI
Generating an Incident Report based on data from a Sentinel incident using a custom Logic App that connects to Azure OpenAI (gpt-3.5-turbo and gpt-4).
Global watchlists?
Managing lists globally and locally, i.e., on a customer-by-customer basis, using watchlists and externaldata.
Sentinel Playbook and Azure OpenAI
Sentinel automation playbooks using a custom Logic App connector that uses the new Chat API with gpt-3.5-turbo and gpt-4. This time with Azure OpenAI vs OpenAI.
Sentinel and OpenAI Chat API with gpt-3.5-turbo and gpt-4
Sentinel automation playbooks using a custom Logic App connector that uses the new Chat API with gpt-3.5-turbo and gpt-4.
Sentinel POC – Architecture and Recommendations for MSSPs – Part 3
Common topics that come up when partners, specifically MSSPs, are testing Microsoft Sentinel features to evaluate its SIEM and SOAR capabilities. Part 3.
Sentinel POC – Architecture and Recommendations for MSSPs – Part 2
Common topics that come up when partners, specifically MSSPs, are testing Microsoft Sentinel features to evaluate its SIEM and SOAR capabilities. Part 2.
Sentinel POC – Architecture and Recommendations for MSSPs – Part 1
Common topics that come up when partners, specifically MSSPs, are testing Microsoft Sentinel features to evaluate its SIEM and SOAR capabilities. Part 1.
My adventures with Sentinel and the OpenAI Logic App Connector
Sentinel automation playbooks using the OpenAI Logic App connector.
MSSPs and Identity: Q&A
Follow-up to the previous blog post to answer common questions on MSSPs and Identity
MSSPs and Identity
Identity configuration recommendations for MSSPs.
Sentinel Repositories
A quick introduction to Sentinel Repositories.
Safely integrate playbooks with custom APIs when there is no pre-built Logic App connector.
How to create a custom logic app connector, so you can store your API key securely and use it within your playbooks, when there is no pre-built connector.
Review any “Don’t know” reviewees prior to the end of an access review
Steps to create access reviews that meet strict compliance requirements by allowing auditors to review any “Don’t know” reviewees prior to the end of a review.
Defender for IoT: OT sensor POC
Steps to configure a virtual OT sensor to use for a Defender for IoT POC.
Azure Lighthouse and Sentinel: Assigning access to managed identities in the customer tenant
MSSP – To trigger playbooks in the customer tenants sometimes you need to assign the managed identities of those playbooks permissions to execute actions within the customer tenant. This post covers the steps to configure the access required to assign those roles and the steps to assign the roles as well.
Delegate access using Azure Lighthouse for a Sentinel POC
Steps to delegate access to users on another tenant for a Sentinel POC using Azure Lighthouse.
A few of my favorite MDCA features
Just a few of my favorite MDCA features, which you may already be paying for.
With a little help from MDC
Testing the new MDC governance rules to automatically assign and track owners for recommendations
Disguising data
Testing the new ingestion time transformation features in Microsoft Sentinel.
My adventures (so far) with verifiable credentials.
Sharing my initial experience with verifiable credentials.
No, really, you don’t need that access
CloudKnox initial setup and the incredible value it brings to organizations and the security professionals working hard to keep them secure.
Cross-tenant workload identities with a single secret
You can have cross-tenant workload identities authenticating using the secret or certificate from their home tenant.
Leave it open and they will come
A story of how I left an RDP port wide open (oops!) and MDC and Sentinel came to my rescue when my resource was attacked.
Sorting out the Azure Activity Connector in Microsoft Sentinel
Just a few tips and tricks for configuring the Azure Activity Connector in Microsoft Sentinel.
RiskIQ Illuminate Content hub solution within Microsoft Sentinel
An overview of RiskIQ Illuminate solution available through Microsoft Sentinel Content hub.
Joiners – Movers – Leavers (JML) Part 4
An overview of the Joiners-Movers-Leavers process and how it can be implemented using Microsoft Azure Active Directory.
Joiners – Movers – Leavers (JML) Part 3
An overview of the Joiners-Movers-Leavers process and how it can be implemented using Microsoft Azure Active Directory.
Joiners – Movers – Leavers (JML) Part 2
An overview of the Joiners-Movers-Leavers process and how it can be implemented using Microsoft Azure Active Directory.
Joiners – Movers – Leavers (JML) Part 1
An overview of the Joiners-Movers-Leavers process and how it can be implemented using Microsoft Azure Active Directory.
Building secure applications using modern authentication (part 4)
You don’t need to disable MFA for users in the name of “automation”. Basic authentication is considered legacy authentication because there are safer options available. Keep reading to learn about OAuth, OIDC, modern authentication and how to use the valet key to create secure applications.
Building secure applications using modern authentication (part 3)
You don’t need to disable MFA for users in the name of “automation”. Basic authentication is considered legacy authentication because there are safer options available. Keep reading to learn about OAuth, OIDC, modern authentication and how to use the valet key to create secure applications.
Building secure applications using modern authentication (part 2)
You don’t need to disable MFA for users in the name of “automation”. Basic authentication is considered legacy authentication because there are safer options available. Keep reading to learn about OAuth, OIDC, modern authentication and how to use the valet key to create secure applications.
Building secure applications using modern authentication (part 1)
You don’t need to disable MFA for users in the name of “automation”. Basic authentication is considered legacy authentication because there are safer options available. Keep reading to learn about OAuth, OIDC, modern authentication and how to use the valet key to create secure applications.
Restrict downloads for sensitive (confidential) documents to only compliant devices
Yes, you can restrict file access within a folder. Keep reading to see how you can restrict downloads or other actions for specific files to only allow certain access from compliant devices.
Guest Access Reviews
A super simple way to review all guests with access to a tenant.
Passwordless Azure VM SSH login using FIDO2 security keys (Part 3)
Passwordless ssh to Azure VMs using FIDO2 security keys. *Part 3*.
Passwordless Azure VM SSH login using FIDO2 security keys (Part 2)
Passwordless ssh to Azure VMs using FIDO2 security keys. *Part 2*.
Passwordless Azure VM SSH login using FIDO2 security keys (Part 1)
Passwordless ssh to Azure VMs using FIDO2 security keys. *Part 1*.
Federating AWS with Azure AD
For an enterprise level authentication and authorization solution, federate AWS single-accounts with Azure AD.
Roles vs Groups
For an enterprise level solution that authorizes user access, use application roles as much as possible instead of security groups.
For additional information on me, check out my LinkedIn Profile.
My Faber Security 