Workplace Ninja's Blog
Our goal is to share knowledge with the community and to make Workplace Management with Microsoft Technologies simpler for everybody. We wish you happy reading!
Featured Posts
Exploring Baden, Switzerland: An Evening Guide for Workplace Ninjas Conference Attendees
Welcome to the charming city of Baden, Switzerland! Nestled in the picturesque Limmat Valley, Baden offers a delightful blend of historical heritage. As a tech conference attendee, your evenings in Baden can be just as rewarding as your conference days. In this blog post, we’ll explore the best activities to
Unveiling a new version of M365Documentation PowerShell Module: Creating Markdown Documentation with Ease
The Microsoft 365 community has a reason to rejoice as a new release of the M365Documentation PowerShell module was published PowerShellGallery.com. With the latest update, users can now create comprehensive documentation in Markdown format, complete with an intuitive table of contents. This feature has been highly anticipated and requested by
Latest Posts
Sentinel Automation use case – custom Alerting with LogicApps
Intro I recently stumbled over a LogicApp (Microsoft Sentinel Playbook) I’ve created a long time ago where I needed to fix some stuff. The use case of the LogicApp is to handle the phone alerting process for customers with specific alerting requirements (no 24/7, only dedicated times during the day).
Microsoft Purview Information protect predefined permission groups demystified
When working with Information Protection Sensitivity Labels it’s common to create labels which also enforce encryption. Today we have multiple predefined groups available, but which users do they really include. Because of this I have played through the different scenarios and provide an overview within this blog. Test environment Tenant
Microsoft Sentinel Security Incident statistics with Workbooks
Apparently the contents from the screenshots taken is not easy to read and some zoom-in is required. Layer 8 issue. Table of Contents Intro You/your company has just signed up for a SIEM/SOAR solution where data from multiple, different external systems/platforms is aggregated, analyzed and (worst case) processed into Security
Extending Microsoft Sentinel with important device data
During security Incident Analysis, Threat and Vulnerability Management and security activities it’s important to have enough data available to correlate them. Especially Microsoft Intune contains a lot of valuable information, but also other resources which are available via Microsoft Graph can be helpful. It is simple to add this information
Sentinel Incident Automation – Playbook dependencies
Intro In this blog post I follow up on my previous blog post. There we addressed the challenge to to handle the (potentially massive) delay in entity mappings for security incidents. Here’s the link in case you missed the blog post: Sentinel Incident Automation – handle entity mapping delay in
Sentinel Incident Automation – handle entity mapping delay in Playbooks
Intro Automation is a key element to improve SOC efficiency. Many different use cases exist where automation can be applied Tagging of Security incidents Severity level adoptions Auto-Closure Security incident information enrichment …and many more Most of the automation is based on pre-defined conditions. To auto-close a security incident one