by Scott Muniz | Aug 6, 2020 | Alerts, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
This blog is authored by Brian Delaney and Jon Shectman — with hearty thanks to our collaborator and pal Clive Watson.
In this article, we’ll share significant, functional enhancements we’ve made to the Insecure Protocols Workbook (IP Workbook) and we’ll detail how you can leverage these improvements to mitigate with speed, accuracy, and efficiency. If you’re new to the IP Workbook, we suggest starting with the implementation guide, which covers basic configuration steps, and sets you up for success in usage. Once you’ve completed the steps there, pop back over here to learn how to best use the recent enhancements and features.
One of the first things you’ll notice in the new release is the new Show Help section in the top menu. By sliding the toggle, you can display Help for each protocol section. You can also display the Change Log.
By comparing your workbook version to the version in the Azure Sentinel Workbook Templates section, it’s easy to ensure you’re using the newest version. (At the time of this writing, Version 1.7 is the latest.)
We have also reimagined the navigation experience by adding Tabs. Tabs mean you no longer need scroll down to the protocol data you want to research; gone are the days of a single linear page.
Clicking a tab hides all of the other protocol pages, making available only the protocol data that you wish to research at that given moment.
This way, there is no confusion about which protocol data you are viewing, and you can clearly display a mitigation success (e.g. a data void) when you have removed a particular protocol from your estate. Tabs should make for a visually simpler, more actionable data comprehension experience.
Next, let’s examine Timebrushing and Groupings. Groupings is a back-end feature that will be largely transparent to you. Groupings maximizes efficiency in the way that each set of queries runs, making them load faster and with more efficiency. You should see better performance, with fewer lags for data paging as your workbook sections populate.
Timebrushing is one of the most significant functional changes we have introduced with this update to the IP workbook. As its name implies, Timebrushing allows you to “paint” a particular slice of time in a graphical interface and to export that parameter to filter your subsequent queries.
The value here is that Timebrushing allows for very specific, precise data analysis. Put differently, it allows us to filter our data to zero in on a specific activity that might have happened during a specific time. By way of example, let’s examine how we might use Timebrushing and several other filters to research Insecure LDAP.
The Insecure LDAP tab features one of two starting points to parse our data: Account or IP addresses. In this example, we’ll start by filtering by Account. Let’s filter on the most active account, svc1:
This outputs the query parameter (e.g. display only accounts containing the value svc1) in the subsequent filters. Then let’s say I want to understand how svc1 was used during a time of heavy activity in the logs.
From the time graph, I can see that there’s a particularly heavy, sustained usage of svc1 to make insecure LDAP calls from about 3:50am through about 6:50am. Let’s Timebrush that slice and examine the data further:
And here a story emerges. Because of time binning (necessary to group the data into understandable chunks), we get a nice breakdown of the Insecure LDAP activity that can be sorted by BindingType, count or TimeGenerated (as I have done here). In other words, we see that during this time slice, svc1 made significant numbers of Insecure LDAP calls each and every (time binned) hour. I can then drop down on the page and take what I’ve just learned (e.g. that svc1 is being used in an insecure manner) and I can research it by Source IP address.
Here I can fill in the blanks in the story from the account. svc1 made Insecure LDAP calls during multiple slices of time from a computer with IP address 192.168.2.74. Instead of having to sift through thousands of log files or (worse yet) try mitigating Insecure LDAP without a solid understanding of its presence in the environment, we now have a place to focus our mitigation activities. And, of course, once we have mitigated all of our Insecure LDAP in the environment, we will configure our domain controllers to no longer accept it at all — thereby effectively mitigating significant business risk to the organization.
The final enhancement that you’ll see in examining the IP Workbook is the Help section I mentioned earlier.
Each Help section is tab-specific, as you can see while moving between tabs with the Help toggle switch turned on.
The Help sections mainly follow the same format and contain sections that provide insight into each insecure protocol:
- Protocol Risk: risk of having the protocol active
- Auditing Settings: how to populate the data in the IP Workbook
- Mitigation Planning: concrete, actionable steps to take in order to remove the protocol from your estate
- Data Filters: available data filters on the particular tab
By way of example, let’s examine the Help file for Azure Active Directory Legacy Authentication (AAD Legacy Auth Tab). From the start, Protocol Risk gives us some compelling reasons to remove these insecure, outdated protocols.
The AAD tab is the only tab that does not include Auditing Settings, since we simply use AAD Sign-in logs here (e.g. this is a cloud-native SaaS data source). Instead, this tab lists the Legacy Authentication Protocols that you should consider as in-scope for this project.
The Mitigation Planning and Data Filters sections will look familiar from other tabs and once you start using the IP Workbook’s Help section frequently. Of course, once you’re familiar with each protocol, you can and should toggle off the Help section in order to maximize your screen real estate and to focus on understanding your data.
In this article, we covered enhancements to the IP Workbook, discussed how to leverage them to aid your data understanding, and drilled a bit deeper into the Timebrushing and Help features. Let us know how the IP Workbook is working for you and especially if you have ideas for enhancements. And until then, as always, happy auditing.
by Scott Muniz | Aug 6, 2020 | Alerts, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
Hello folks … I recently presented at the VMware UserCon for Florida and Carolina. If you didn’t get a chance to attend and want to check it out, here is the video.
by Scott Muniz | Aug 6, 2020 | Alerts, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
Global parameters are now generally available in Azure Data Factory. Global parameters are constants across a data factory that can be consumed by a pipeline in any expression. They are useful when you have multiple pipelines with identical parameter names and values.
Creation and management of global parameters is done in the management hub.
In any pipeline expression or dynamic content, global parameters can be referenced by pipeline().globalParameters.<parameterName>.
When promoting a data factory using the continuous integration and deployment process (CI/CD), you can override these parameters in each environment.
For more information, see the global parameters documentation.
by Scott Muniz | Aug 6, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Hi, everyone!
I’m Pablo Veramendi, Global Program Director for the new Microsoft Learn Student Ambassadors. Today, I’m thrilled to congratulate our first group of Student Ambassadors on their acceptance! I and the rest of the team are so excited to welcome you all, and we can’t wait to see where you take this opportunity.
As Student Ambassadors, you’re in a unique position to solve real-world problems, establish yourselves as mentors and leaders in your communities, and amplify your impact. And now, your experience is fully online with support for students in virtual learning, making it easier than ever to build on your knowledge while you make a difference. Microsoft Learn is where everyone comes to learn—and as Student Ambassadors, you’re everywhere, learning new skills and helping others do the same.
You’re joining a global online network to collaborate with Leagues that are focused on specific issues and technologies that you’re passionate about. You’ll also be able to:
- Connect directly with experts and mentors at Microsoft.
- Learn the skills that will help you land your dream job.
- Earn recognition and build your reputation as a tech insider and leader.
- Pay it forward by sharing your expertise, creating opportunities for other students, and making meaningful progress on issues—not just locally, but globally.
You and other university students who share your passion will contribute to creating the future that you want for your communities, yourselves, and the world.
“Being a Student Ambassador also means being a mentor. It’s really fulfilling to help other students learn skills that will help them reach their career goals.”
—Althani, Philippines
Make a difference with like-minded peers from around the world
Find your virtual community and make a real difference. The global community of Learn Student Ambassadors is at the heart of the program, and as a participant, you’re connected to them all on Microsoft Teams. Within that community, you’ll find Leagues—groups of students who are excited to apply their skills and make progress on a meaningful issue or technology like green tech, healthcare, or AI. Then apply your League’s work to local and global challenges with opportunities like the Microsoft Imagine Cup and student hackathon events.
Expand your impact and pay it forward. Build your reputation, résumé, and influence by creating and sharing your own videos and blog posts, which could be amplified through Microsoft social channels. Create opportunities for others by offering your guidance and encouraging them to learn and grow through opportunities like virtual coding boot camps. Provide your expertise to other students at your university and beyond who are interested in technology. And because Microsoft stands for empowering everyone on the planet to achieve more, you can proudly share your Learn Student Ambassadors affiliation on and off campus.
Grow your skills and build your reputation as a tech insider
Learn and grow on a guided path. Expand your skills at your own speed with online courses through Microsoft Learn, master a topic that you’re passionate about, and share that knowledge with other students. Earn a free certification by completing steps like a Microsoft Learn path, writing a blog post, or recording a video tutorial that helps others learn from your passion for technology.
Make a name for yourself with support from Microsoft. Take advantage of unique access to Microsoft experts through the virtual community on Teams. They can offer remote mentorship, guide your League’s efforts, and provide opportunities for you to be part of the team while you prepare for graduation. These experts are also here to help you plan and run events, including virtual live events.
Score opportunities to attend Microsoft events. As a Learn Student Ambassador, you may be invited to join Microsoft at sponsored events online. You might even get a chance to share your knowledge at one of these events. For example, Microsoft Build 2020 included several Student Zone sessions that were led by Student Ambassadors.
Become a leader in your local tech community and empower your peers
Collaborate remotely and build your big dream. Learn Student Ambassadors get free access to best-in-class Microsoft 365 apps like PowerPoint and Excel, cloud services like OneDrive and Microsoft Teams, and all of the development tools in Visual Studio. As you achieve your milestones, you can use the Azure credit that comes with your Visual Studio Enterprise subscription to explore new services and build a proof of concept for your idea.
Develop leadership skills and amplify your influence. Dive deep into organization, teamwork, public speaking, and social communication—leadership skills that set you up for success and influence throughout your life and career. Then amplify your influence by taking advantage of free tools offered by Microsoft technology partners. Use the built-in advanced image editing features of Techsmith Snagit screen capture software, and create polished, professional-looking videos using the Camtasia screen recorder and video editor.
“The truth is, you don’t have to be an expert. What’s important is something that we all share: a passion for technology and passion for our community.”
—Sharif, Mexico
Onward and upward
I’m excited to see the impact our new Student Ambassadors will have across the globe. And for those of you who are passionate about using technology to make a difference and haven’t yet explored becoming a Student Ambassador, I hope you’ll consider joining us in the future.
Find more information and learn how to apply
Applications are open all year, and new students are accepted quarterly. Explore the program.
![[Guest Blog] Voices of Tech Students: The Speech Only my Professor Got to Hear](https://www.drware.com/wp-content/uploads/2020/08/large-224)
by Scott Muniz | Aug 6, 2020 | Uncategorized
This article is contributed. See the original author and article here.
This article was written by Elizabeth Kiernan, former Microsoft Ignite 2018/2019 Humans of IT student ambassador and current Student Advisor mentoring incoming cohorts of new student ambassadors. She shares about the impact of her Humans of IT experience during her speech class.
Elizabeth Kiernan at Microsoft Ignite 2019
Each person experiences the same thing in a different way. For me, I usually don’t realize how much an experience has impacted me until much later.
In 2018 and 2019, I participated in Microsoft Ignite as a Diversity & Tech Student Ambassador (as it was known back then), and now, a Humans of IT Student Ambassador. Both years were a lot of fun with many opportunities to learn new things, connect with other like-minded people, and be presented with opportunities that come with being at a large conference. In September 2018, I even got the opportunity to be interviewed during a livestream and was featured on a podcast – both for the very first time! Many of the sessions I went to I found to be valuable and insightful; however, my initial reflections were still pretty surface-level then. I could identify why the topics being talked about were important and how others related to them, but there were very few that I could personally relate to. When it was still known as the Diversity and Tech track at the time, I recall how there were many speakers, especially women, who were amazingly authentic and vulnerable when recounting experiences in their career where they were mistreated, talked down to, or harassed, and how it impacted them. Back then, I was only halfway through college. I hadn’t experienced anything like that firsthand (yet!) – it was an eye-opener indeed.
Elizabeth being on a community livestream interview with MVP Toni Solarin-Sodara at Microsoft Ignite
Fast forward several months to spring semester of this year when I took a public speaking course. I enjoyed the class and did much better in it than I thought I would. Our third speech was supposed to be something commemorative – one that celebrates or pays tribute to the subject. I wanted to choose something unique that I felt people could benefit from hearing about.
So I chose to talk about the Microsoft Humans of IT Community. It was pretty simple for me to start my speech outline and introduce the topic. I knew who created it, why it was created, and what the community does. But I still had an important question to answer about why I chose this topic and why it was personally important to me. So I thought, “How has the Humans of IT Community and being at Microsoft Ignite impacted me?” That’s an easy question to answer… or was it?
As it turns out, it wasn’t all that easy, because I realized that I had never actually thought about this in depth before, nor put words on a paper (or fingers to a keyboard, in my case). Until now.
This fall is my last full semester of college before I graduate with my Bachelor’s degree, so when I tried to answer that question to help write my speech, I had a lot to reflect on. My mind went to an experience I had towards the end of 2018 which escalated shortly after Microsoft Ignite ended. During that period I was not having the best time academically, but not in terms of grades. That fall semester I was in a course working on a term-long software project with a group. The group comprised three guys and me. I was excited about the project when the class first started. I took the class online because other time slots didn’t fit with my schedule. We met over Skype and had to submit screen-recorded meetings, one being the final presentation. Our project was a website, and despite them being fully aware of my front-end programming knowledge, to my dismay I discovered that my male project-mates had subtly pushed me out of programming and technical roles, and discounted my experience entirely.
It was a bunch of small stuff that added up. I was supposed to work on the front-end with another member, but while I waited for responses on planning, he had already completed a good chunk of code. My suggestion to use GitHub for source control was not taken, so it was difficult to add to code and understand what was going on. During one meeting we were discussing the database for the website. A team member singled me out specifically and (condescendingly, no less) said, “Elizabeth, if you don’t know how to install MySQL, I can send you a link.” But I already had MySQL installed. I knew how to use MySQL. I even got an “A” on a project using MySQL! He kept on talking and I didn’t say anything. Why didn’t I speak up and SAY something?
My main role for the project ended up being me doing all of the backend research and writing all of the content for the website. During our final presentation recording, I discovered that a team member had added another page to the site as a surprise – an “About Us” page that had an avatar and role description for everyone on the team. Everyone except me. I didn’t say anything, again. I felt like the cartoon dog in that famous meme sitting in a room on fire saying “this is fine”. It felt almost shameful to not say something when I should have.
This is Fine meme – image credit: KC Green (http://gunshowcomic.com/648)
I had talked to a few people (my mom, friends, mentors) about the project throughout the semester, but I tried convince myself to let it slide. I don’t like confrontation and didn’t really want to make a big deal out of it. I didn’t want to accuse anyone of doing anything. I didn’t want it to seem like I was incapable of working with others. But towards the end of the semester I finally acknowledged that it wasn’t okay, and that I needed to speak up. I talked to my professor and he was very understanding and felt terrible that it had happened. I think it also helped that I had done well in previous classes of his, so he knew what I am capable of. But what made all the difference was that he didn’t just feel bad – he actively sought feedback and asked how the class could be improved. The next semester I got an email from him saying that he implemented several new policies for that class, which included reflections for every virtual meeting to ensure everyone had the opportunity to participate equally, and an understanding to bring attention to what students felt was unfair treatment.
I told a close friend about what happened during the final presentation meeting, and before I finished telling the story she could already predict that they didn’t add me to the “About Us” page. We laughed about it because, in a weird way, it was a little funny because of how ridiculous it seemed. Even though I made the decision to talk about it, that situation still affected me more than I realized at that time. In fact, because of that experience I almost convinced myself I shouldn’t be a software developer. Thankfully, I did not give up. So many people have talked about bad experiences in the field, but experiencing it yourself is different. It can start to make it seem like it’s not worth it even if it’s something you’re passionate about. In my mind, I thought that if situations like that are things I may have to face frequently, is it even worth it? The following semester I registered for only Gen Ed classes I still needed to take because I wasn’t positive on what I wanted to do.
Throughout the next several weeks after that I was constantly reminded of my Humans of IT experience (which was still Diversity & Tech at the time). I was reminded on Twitter that you could watch all the recorded sessions on demand online. A video was released highlighting the community at Microsoft Ignite. A BizBash article was published listing Microsoft Ignite as one of the “Most Innovation Meetings in 2018”, specially illustrating why the Diversity and Tech track at Microsoft Ignite was so successful. I was reminded of so many people who experienced similar things and shared their stories, people who allowed themselves to be left out in the past, but didn’t give up and learnt to speak up. I remembered that I was not alone; that I was part of a community.
I was reminded of all the human-centric talks and sessions I knew were important, but couldn’t relate to back then. Now I do.
Over those weeks, I made up my mind to persevere in achieving my dream of becoming a software developer. I’m glad I did, because my story will help encourage other young women technologists like me to press on and not be disheartened by those who try to make us feel like we don’t belong in tech. We will pave the way for others to realize that they, too, are amazing humans who have earned their seat at the table, and have valuable skills to offer.
I wrote that story into the outline of my speech and was excited to commemorate the community and tell my full circle story for the first time. Unfortunately, like most other schools in the country, my college campus had to close due to COVID-19, so I didn’t get to give my speech in person. Instead, I had to record a video of me speaking and submit it for my assignment. Only my professor heard my speech. Nonetheless, just speaking it out loud felt good – cathartic, even.
Now all of you out here in the community have read my story as well. I hope this inspires you or someone you know who might be going through the same thing.
To finish my degree I need to complete a capstone course that is another semester-long group project, but I’m somehow no longer dreading it. Thanks to lessons I’ve learnt from the Humans of IT Community, I’m now much more confident in my technical abilities and my power to speak up – both for myself and others.
Back in March 2020, I told @ShonaBang (who founded the Humans of IT Community) about my commemorative speech idea and she suggested that I write a blog post to document my experience. I had no idea how I would go about writing about a speech, and was also initially a little reluctant to share a story about how I felt mistreated. However, I realized that sometimes the story isn’t about how people mistreated you, but instead reframing that into a battle story about how you grew, what you will not put up with again, and how your story can help someone else.
I think that’s what community is all about: Taking your experiences to empower yourself and helping others do the same. Now go tell your story and help someone do the same.
#HumansofIT
#StudentAmbassadors
Recent Comments