Another week, another ton of Azure to share. Here are some of the headlines we're covering this week: SOC operational metrics now available in Azure Sentinel, Azure Monitor for containers with Azure Portal now supports Kubernetes resource view, Azure AD My Sign-Ins goes GA, Selective disks backup for Azure Virtual Machine is in public preview, and Microsoft Authenticator app lock now enabled by default.
SOC operational metrics now available in Azure Sentinel
Azure Sentinel incident data is now available within the Log Analytics workspace. The data can be used to report on metrics within the Security Operations Center (SOC). Typical SOC metrics include incidents created over time, mean time to triage, mean time to closure, etc. Administrators will now be able to run queries to get the metrics that are operationally important for the SOC via the new Security Incident table now available in Log Analytics. In addition, Microsoft has added the Security Operational Efficiency workbook into your templates, so you have a pre-built SOC metrics workbook out-of-the-box for use.
Azure Monitor for containers with Azure Portal now supports Kubernetes resource view
With the public preview of Azure portal providing Kubernetes resource view, administrators can use point and click navigation to see live, in-depth details of the workloads they have access to. The public preview includes multiple resource types (including deployments, pods, and replica sets) and supports the following key capabilities:
Workloads running on a cluster, including the ability to filter resources by namespace
Find the node an application is running on and their Pod IP address
See pods in the replica set, ready status of each pod, and images associated with each
Drill down to individual deployments to see live status and specification details
Execute on the fly changes to YAML to validate dev/test scenarios
With Azure Monitor for containers enabled, users can view deployment hierarchy, insights such as CPU usage and memory usage in the Kubernetes resources view, and seamlessly transition to Azure monitor for more in-depth insights.
Azure AD "My Sign-In's" is now Generally Available
In public preview, this new Identity feature allowed Enterprise users to review their sign-in history to check for any unusual activity. They could see:
If anyone is trying to guess their password.
If an attacker successfully signed into their account from a strange location.
What apps the attacker accessed.
My Sign-Ins has just moved to General Availability and now allows end users to report “This wasn’t me” or “This was me” on unusual activities.
Selective disks backup for Azure Virtual Machine is in public preview
Microsoft recently announced the public preview of selective disks backup and restore capability for Azure Virtual Machines. Using the selective disks backup functionality, provides an option to back up a subset of the data disks in a VM. Each recovery point contains only the disks that are included in the backup operation which further allows you to have a subset of disks restored from the given recovery point during the restore operation. This applies to both restore from snapshot and vault.
Microsoft Authenticator app lock now enabled by default
Some time ago, Microsoft released the App Lock feature in response to feedback that organizations wanted to make sure apps they used were secured by a PIN or biometric. Last month, Microsoft expanded App Lock’s protection. Now, if App Lock is enabled, when you approve any notification, you’ll also have to provide your PIN or biometric. In the latest release, App Lock will be enabled by default if you’ve set up a PIN or biometric on your device.
Learn about modern authentication and the security benefits it provides to your organization, such as enabling multi-factor authentication (MFA) and a passwordless environment.
This module will detail how to:
Define modern authentication.
Understand how to enable multi-factor authentication.
Explain how passwordless authentication improves security.
Let us know in the comments below if there are any news items you would like to see covered in next week show. Az Update streams live every Friday so be sure to catch the next episode and join us in the live chat.