Microsoft Sentinel & Defender XDR Permissions in Microsoft Defender Portal

🚀 Simplifying Azure Authentication with Managed Identity In one of our earlier videos, we explored how to connect with Azure resources—like Key Vault—from a local machine using a Service Principal registered on Microsoft Entra ID. But here’s the real challenge: 👉 How do we securely manage these credentials in a Production environment, where everything is deployed directly on Azure? The good news is, Azure has already solved this for us! With Managed Identity, you can seamlessly connect to different Azure resources without the hassle of storing or maintaining credentials. 🔑 Managed Identity = Secure, Simple, and Automatic authentication across Azure services. 🎥 And in this video, we’ll go one step further—exploring Managed Identity in action so you can see exactly how it works in real-world scenarios. https://lnkd.in/gEEPMU8J

Setting up a custom domain in Microsoft Entra ID is more than a branding choice – it’s a foundation for secure, consistent identity management across Microsoft 365 and Azure. In this guide, we break down why custom domains matter, how to configure them correctly, and common mistakes to avoid – especially in regulated or government-adjacent environments. Read the full guide: https://lnkd.in/e2pSZ4Cr

Identity Bindings: A Cleaner Model for Multi‑Cluster Identity in AKS. AKS has supported assigning Azure Managed Identities to pods for some time, first through Pod Identity and then later through Workload Identity. Using these tools it is possible to give a pod an Azure Identity that it can use to interact with other Azure services - pull secrets from Key Vault, read a file from Blob Storage or write to a database. Workload Identity is the latest incarnation of this feature and significantly simplified this feature, removing the need to run additional management pods in the cluster and to have the identity injected in every node however it does have some issues of it's own. These issues are particularly evident when operating at scale and wanting to share the same Managed Identity across multiple workloads in the same cluster, or across multiple clusters. Workload Identity relies on creating a Federated Identity Credential... #techcommunity #azure #microsoft https://lnkd.in/gMHzPMps

Azure in the Real World — A Technical Series (with Real Patterns) Part 1: Identity as the Control Plane (Azure Entra ID) In production Azure environments, Azure Entra ID is the primary control plane—not the firewall. Real-world implementation includes: Conditional Access with device compliance MFA enforced via Entra ID + Microsoft Authenticator RBAC scoped at Management Group, Subscription, and Resource Group levels Hybrid identity using Azure AD Connect / Cloud Sync This aligns directly with the Zero Trust Architecture model. Part 2: Hub-and-Spoke Networking (Landing Zone Pattern) Enterprise Azure networking follows the Cloud Adoption Framework (CAF) Landing Zone pattern. Typical design: Hub VNet: Azure Firewall, VPN Gateway, Bastion Spoke VNets: Application workloads NSGs + UDRs for traffic control Private Endpoints for Azure Storage, SQL, and Key Vault Public IPs are minimized; private connectivity is the default. 👉 continue.. #AzureEntraID #ZeroTrust #CloudSecurity #EnterpriseIT #AzureNetworking #LandingZone #HybridCloud #AzureFirewall #CloudComputing

Legacy on‑premises systems can no longer deliver the agility, security, and resilience modern businesses demand. Migrating client‑facing applications to Microsoft Azure unlocks scalability, lowers costs, reduces risk, and accelerates innovation. Explore the latest in cloud-based applications from Microsoft Ignite 2025: https://lnkd.in/g4NFHH-A Daniel Marquez

Nice little 🎄🎁 below - a great blog Microsoft #Sentinel and RBAC permissions. Quick note - NO Changes to Sentinel permissions, if you could see incidents before, you still will! BUT SOC teams may likely ADD #Defender roles like Security Reader, Security Admin if you didn't have them already. 🥁🥁🥁 Sentinel support for URBAC is coming soon!!! Unwrap the blog 👇 😁 https://lnkd.in/gjFSzWPi

🛡️ Managing Sentinel and Defender XDR permissions in Defender portal 👉 As we introduced the new portal experience, many customers naturally had questions, particularly around permissions. Common concerns included: How will permissions be managed going forward? What changes should I expect with my existing Azure permissions? And do I still need the Sentinel Contributor role? In this post, we break down the answers and clarify what the transition means for you. 💡 Read more: https://lnkd.in/gaB842at

For defense contractors, the cloud is not about convenience. It is about control. Azure Government gives you the ability to run modern cloud systems while keeping your data inside an environment designed for federal requirements. That means your Federal Contract Information stays protected, access is tightly managed, and you are not handing sensitive workflows over to generic SaaS platforms. When you control the environment, you also control how applications are deployed. Self hosted systems, custom apps, and internal tools can live alongside collaboration and AI workloads without breaking CMMC compliance or visibility. The real advantage is not just meeting requirements. It is building a cloud foundation that lets you move faster, modernize safely, and scale without giving up ownership of your data. #CMMC #FCI #CUI #GovContracting #DefenseContracting #DoW #IT #AzureGovernment

Azure Arc simplifies management across multiple sites by allowing you to organize them within the Azure portal. Granting specific permissions via role-based access control enables fine-grained control, ensuring the right individuals have access to the right resources. This structure supports scalability and centralized governance. For organizations managing distributed environments with Azure Local, this approach offers a streamlined, secure, and efficient way to operate. #AzureLocal #AzureArc #HybridCloud #CloudManagement

APIM: Disable Trusted Connectivity by March 2026 — Plan & Detect ⚠️ Microsoft retires Trusted Service Connectivity for Azure API Management on 15 Mar 2026 — APIM instances that rely on it risk disruption. 🔎 Detect affected APIM using Azure Resource Graph by checking customProperties for Microsoft.WindowsAzure.ApiManagement.Gateway.ManagedIdentity.DisableOverPrivilegedAccess != 'True'. ✅ Remediation steps: • Identify and remove dependencies • Update networking to alternative access methods • Test in lower environments • Disable trusted connectivity and re-run the query Act now to avoid March 2026 outages. https://lnkd.in/dKmUyVYr #Community #Azure #Azure APIM #Azure APIM policy configuration #Microsoft Azure #troubleshooting #APIM #AzureResourceGraph