Видео

Friend, I just started my first job, and my first challenge is working in Purview with another colleague. We were running tests and realized that we created the labels, then published them, but we only applied them to our users. However, we were later informed that other users in the organization reported labeled files, even though they weren’t included. I’m not sure if you might have an idea of how to fix this. We also added groups, but the labels didn’t apply. Another thing is that the DLP part is something to include later (Sorry, I’m still documenting myself). What could have happened?

Just brilliant - exactly what I have been looking for. Dank je wel.

Thanks for the content. Is this the same process as the one for onboarding to Defender for Endpoint? In other words I don't have MDE so I can't onboard devices but I do get the option from Purview..

Thanks man very helpful

You are a life saver. Thanks man!

Can you help me with more repro of the deception feature please please..if u can help me with the test commands so that I can reproduce it

Can you at least "try" to speak English well...? 😑

Hi, I need to know the ip address of the machine I'm connected to...

More pls

Thanks

need more of this pls! but how do you give the permissions to the RG? do you do that under logic apps role assignment and scope to the RG of the workspace?

thank u man

You are a living legend, thanks for the TIps

Came for azure stayed for the coffee

Good tip!

Nice introduction! Please keep sharing 👍

Good demonstration 🎉

awesome content

Hi, I'm always trying to replicate in a lab all your videos, so that I can truly learn and understand, Thanks a lot for all your videos. Can you provide more details on the App Registration and on the "Parse JSON" action? I'm stuck in those two...

i think sentinel can automatically do this now...saw a video about auto integration with virus total

really nice, really cool

Just what I needed to onboard my first servers using Defender for Cloud tomorrow.

It always says the following error: Can't get account information Try again in a few minutes. If the issue persists, contact an administrator. please help me

How do you connect and setup the azure firewall

The problem is this is very expensive. 😂

Congratulations on your channel; it's helping me a lot. It's always bringing new information and helping those who want to stay updated in the world of Microsoft cybersecurity. You are very good! Thank you for sharing with us

In sentinel log in OperationName column nothing is appearing what to do?

Nice introduction, I'm looking forward to see some of the uses for Copilot for Security. I just deployed it in my tenant and began using it. I'm currently working on having it automatically provide an executive summary for incidents using the one from the promptbook. Since there isn't a way to run a whole promptbook automatically, I am writing a Logic App in Sentinel that basically runs each prompt of that promptbook, and will continue using the same session ID for each one until the executive summary is complete. Then, it can add the summary to the incident as a comment. Since this normally takes some time, having it run automatically so the comment is already present by the time you review the incident will be nice. Another tip to optimize SCU resource utilization is to limit using Copilot for queries. If there is something that can be defined by a KQL query, you can do that and feed the results to Copilot instead of asking it to do that query. For example, instead of saying "Go back and tell me about Security Incidents in Sentinel that happened in the last 12 hours", you can run a KQL query to return the Incident numbers during your desired time, and then instead ask Copilot "Tell about about the following Security Incidents" and then list the KQL results. This way Copilot doesn't have to use resources to figure out simple things like "what time is it now and how far is 12 hours back" and "What incidents were created in that time range". Cheers!

I need to be able to collect and change alerts' status from an external alert management system. Should I use Graph Security API or Azure Management API? What are the prerequisites for the Sentinel alerts appearing in the graph API? Thanks!

tried this, said it no longer works at open ai model is deprecated. is there any workaround?

can you make a video to show how to auto add ip addresses or urls detected in your TI feed to your org's block list automatically

Security Copilot is not living up to the potential promised in current version. It can not decode base64 and it can not decode powershell obfuscated script if it has more then a few words. the limitations here are massive. And the code analyser uses so much SCU even if it fails (6 to 8.5).

Good job and Nice video! Please keep sharing❤ Looking forward to seeing Purview related video, thanks

Kudos to you mate, great high level tutorial. Implementing similar to gather response for risky users :).

Can you create openai do a simple video in sentinel to reduce false positives ?

Is there anyway to reduce false psotives in azure ?

Hello, do you know if Multi Tenant Support for the unified Portal will be available (for example if I have multiple Sentinel Workspaces with Azure Lighthouse or Multiple XDR Tenants via MTO Defender)?

Greetings and thank you for all your great content. I've really been looking forward to the unification of Defender Portal and Sentinel but once connected I felt there is alot missing still. Playbooks for example. We use those extensively to enrich our entities in Sentinel Incidents but I have yet to find a way to do that in the Defender Portal

How does this work when you use Lightouse to "see" multiple tenants?

Thanks for video. Logs in advanced threat hunting option in defender are limited to 30 days? Or microsoft extended as new tables from sentinel appear?

first

Thank you!

Download overproduced video. Too much music pictures of coffee beans. Come on, bro, you're wasting our time. I'm not following later.

Thanks for uploading this kind of New interesting stuff regrading MDE ...

Great video… GitHub repo u are using is it public?

really don't need to see your face that much !

The customer has several Azure subscriptions with several standalone Sentinel configs. Do you think it will be possible to attach several Sentinel workspaces into one Defender portal? Thanks

Sorry, the background music made it hard to follow your content at the beginning. Thank you for switching it off at the main part of the video.

Does this apply to aws as well

Hi nice share, commenting the below out if context topic but it's important Texting you this after not receiving any reply from Microsoft tech community. I have this Azure recommendation "SQL databases should have vulnerability findings resolved" where I had one of the SQL Server in healthy resource but the databases inside are in not applicable databases i want to set it in healthy databases - what would be a solution for this and please note we are using the express configuration. Thankyou..!!