Hidden features of “resetting” passwords of VMs in the Azure Portal

In the Azure Portal, Azure conveniently allows you to reset the password of the local Administrator on a Virtual Machine. To use this functionality it requires you to enter the username and the new password for this account. All good and well, you’d say. That’s what it is supposed to do after all. Color me… Continue reading Hidden features of “resetting” passwords of VMs in the Azure Portal

Logging User Access Admin elevations to Microsoft Sentinel

This week I was surprised to figure out that elevation logs that indicate a Global Admin becoming a User Access Administrator don’t flow to Log Analytics. It’s not possible to enable diagnostics settings for it. TL;DR I built a Logic App that forwards those logs to Log Analytics so I can have Analytic rules in… Continue reading Logging User Access Admin elevations to Microsoft Sentinel

Querying Log Analytics from Logic Apps

I spent some time this week at work trying to get a correct setup in querying the (Sentinel) Log Analytics store from a Logic App in Microsoft Azure. So I thought it would be good idea to document it for myself and others. 🙂 The problem Logic Apps allow you to perform actions in Microsoft… Continue reading Querying Log Analytics from Logic Apps