Monitoring Zoom with Azure Sentinel
In a recent blog we talked about the explosion in usage we had seen with Microsoft Teams as the world has moved to working from home. However, Microsoft Teams is not the only application to see such as surge, Zoom is another remote productivity tool that has seen a massive increase in users, with more than 200 million daily meeting participants being reported in March. Just as Security Operation Centers (SOCs) need to monitor Microsoft Teams activity they also need to be able to secure and monitor other productivity applications such as Zoom. One of the great features of Azure Sentinel is its ability to ingest and analyze data from any source not just from Microsoft products. In this blog I will show you how you can collect logs from Zoom, ingest them into Azure Sentinel, and how a SOC team can start to hunt in the logs to find potentially malicious activity.
