Use Splunk to Collect Logs from Office 365 and Azure AD

Microsoft has a lot of options to view Azure log data in one form or another. There is the Security Center, Azure Sentinel, Log Analytics, and Insights.  This is fine for an Azure centric organization, but many organizations already have log collection systems in place such as Splunk, and using multiple logging platforms is not efficient.  This article walks through sending Azure AD and Office 365 logs to Splunk.

Continue reading “Use Splunk to Collect Logs from Office 365 and Azure AD”

Azure Privileged Identity Management (PIM) For Beginners

Azure Privileged Identify Management, or PIM, is a Microsoft service that enables management, control and monitoring of privileged access in Azure.  In this video, I give you an introduction to Azure PIM.  We go over the basics of on boarding a user to PIM, adding a user for active and eligible access, activating an eligible role, requiring an activation approval on a role and creating access reviews.