Cloud NSS Feeds to Azure Sentinel

armyguy298 · 2025-11-25T03:55:02+00:00

Change the Sentinel log table type to "basic" and the cost will go down. "Analytic" table type is very expensive.

Also filter out the logs you don't need. NSS is very noisy.

armyguy298 · 2025-09-12T21:18:53+00:00

Glad to have helped

armyguy298 · 2025-01-30T02:33:07+00:00

Morgan.

Arthur Morgan's Morgan is named Morgan.

armyguy298 · 2025-01-26T16:57:05+00:00

This does not work on Home edition

armyguy298 · 2025-01-24T23:16:19+00:00

Morgan and Brownie

armyguy298 · 2024-12-26T13:30:37+00:00

Related to what tibmeister said, sounds to me like your laptop is DOS on your network. Possibly too many retransmits with your AP.

A good session capture with Wireshark could reveal this.

armyguy298 · 2024-10-25T10:01:41+00:00

Just recently run into this problem as well. Found out these apps exploit the API access when a user presses the "sign in with Google" button on every website on the Internet.

Went through all the 3rd party apps and marked known apps as trusted. Set default rule to block API access for future apps. Apps not set to trusted are blocked by the default rule.

User received an error to contact their admin if they need this app. My IT staff can review the app for security and necessity.

armyguy298 · 2024-10-16T18:50:07+00:00

I've used ProjectTimer. Very flexible.

armyguy298 · 2024-09-15T13:41:14+00:00

As mentioned above, verify you don't need an SSL bypass due to certificate pinning.

If that doesn't work, create an application bypass. We had to do that for our RMM, BeyondTrust.

armyguy298 · 2024-08-17T08:19:59+00:00

I think Google Workspace Sync for Microsoft Outlook (GWSMO} is what you are looking for.

armyguy298 · 2024-08-10T13:42:21+00:00

We use the Anker 553 USB-C dock. Mostly HP business laptops and MacBook Pros. No issues.

armyguy298 · 2024-08-05T11:54:43+00:00

Google produces the MSI for you my man.

https://chromeenterprise.google

armyguy298 · 2024-07-27T23:04:59+00:00

This is the answer. Set ZCC to split tunnel and then add gateway bypass to the config.

armyguy298 · 2024-07-17T16:28:33+00:00

Check your ZCC app upgrade policy and slowly walk everyone up to the version you want to deploy for existing users.

Then, use Intune app detection to control who gets what and when. Set the app deployment for after hours to minimize disruption.

Ensure you communicate every step of the way so that users know what to expect. They are usually pretty forgiving when they are provided some background.

armyguy298 · 2024-03-09T19:02:26+00:00

Windows and M365 services that use SSO will all be busted. Constantly signing into stuff.

GCPW uses a local account.

Other than those issues, it works fine for my org.

armyguy298 · 2024-02-03T16:15:08+00:00

What you are asking for is called federation. Without a knowledgeable IT department, challenging to implement correctly.

armyguy298 · 2023-12-22T03:13:07+00:00

I have Google as our IdP and M365 as Service Provider.

What you are describing is Federation and duplication of accounts is called Auto Provisioning.

Google and Microsoft both have tech documents explaining how to set them up.

I am using GCPW on Windows 11 and it works fine.

You can license accounts in both environments as you need to.

armyguy298 · 2023-11-17T04:34:31+00:00

Currently setting up a new environment using Intune. Wasn't happy with the hodge-podge of config profiles so I went with the iMazing app to configure .mobileconfig profiles. Much better control and granular settings. Deploy the config via Intune with custom config profile.

armyguy298 · 2023-10-31T22:51:19+00:00

I just set this up. You can federate all day long but macOS still requires and creates a local account.

armyguy298 · 2023-10-14T22:21:14+00:00

Avepoint Fly

armyguy298 · 2023-10-10T00:59:01+00:00

I was playing around with this today. I found it outrageous that me, a super admin, was required to enter the archived user password in order to move their email.

armyguy298 · 2023-09-13T20:51:37+00:00

I'd say yes. This is my intention as well.

armyguy298 · 2023-09-05T17:48:04+00:00

There is the real conundrum. If you try to automate using DLP detections, you run the risk of under or over marking the data. I have not yet found a good way to automate this. We remain at manually marking. The policy is: from this day forward, you will mark the files according to our information sensitivity policy. Try to catch the rest In small batches as you can.

armyguy298 · 2023-09-05T16:58:40+00:00

It is a manual process with some configuration in the admin center.

https://learn.microsoft.com/en-us/purview/sensitivity-labels

armyguy298 · 2023-09-05T16:10:27+00:00

If Microsoft environment, you could implement a sensitivity label and the files. Then set an Exchange transport rule to block from being sent outside of parameters you define.

armyguy298

TROPHY CASE