Just wanted to say a big thanks for your continuous effort. I'm sure it's massively time consuming to put together these videos, please be assured that they are very much appreciated.

@NTFAQGuy

3 жыл бұрын

You're very welcome!

@danielegianetti5599

2 жыл бұрын

I couldn't agree more! Not only all the video are precious in the contents, but the way how things are explained, capturing the viewer attention, making much easier to remember and put the various pieces together. We all cannot thank you enough John! You are amazing 💪

This is really great, looking forward to a deep dive Sentinel session, John

This is so awesome!!! Helped me perform my workshops more efficiently!!!

really good timing on your videos recently. I have noticed a lot in my stream of work that many people think ASC and sentinel achieve the same objective and get confused, especially when talking about log analytics and how it works with ASC and sentinel. Only watched 20 mins so far but good video.

Good overview and introduction of Azure Security and Defender for Cloud. Thanks John!

you are a true gem, take care John.

Talk about timing, I was asked to implement sentinel within the next two weeks. Thanks for the work you do John.

@NTFAQGuy

3 жыл бұрын

Perfect!

very comprehensive, well paced and detailed intro to AZ-500. great job!

@NTFAQGuy

2 жыл бұрын

Thanks

Excellent training from John.

Thanks John for great videos on Azure. Big fan of yours from the past 6 years when I started listening to your courses on Pluralsight.

@NTFAQGuy

3 жыл бұрын

Very kind, thank you

Great training video! I have learned a great deal. I take the SC200 exam this week. Your content has been invaluable. THANK YOU!!!

@NTFAQGuy

2 жыл бұрын

Glad it was helpful and good luck!

John, what you create for our community is nothing short of phenomenal. I remember I once "helped" you on some advanced networking stuff a few years ago but seeing the breath of things you cover absolutely amazes me. Keep it up!

@NTFAQGuy

2 жыл бұрын

Very kind, thank you!!!

Thanks John. Great breakdown of ASC!

Man, another awesome lecture from John. Could listen and watch all day. Thanks again for creating this lecture - we all know how much time it takes (you really work your ass off ;-). Helps me do my job even better, John.

@NTFAQGuy

3 жыл бұрын

Glad it helps!

Another great video John, thanks

John, you are awesome!!! I can't thank you enough. The way you deliver everything in Azure is so unique and engaging that I haven't seen anyone else in any of the well-known e-learning platforms able to do so. Appreciate your hard work!

@NTFAQGuy

2 жыл бұрын

I appreciate that, thank you

@dimitriyates2701

2 жыл бұрын

Hear hear!

Another show from John to give us a good understanding. Sometimes, we got a little confused about the scope of each tool, but John put our feet on the ground for us to grow. Thank you, John.

@NTFAQGuy

2 жыл бұрын

You bet!

Hi John, I just wanted to thank you again for the immense effort required to put together these videos. I am happy to announce I just passed my AZ-500 exam today after three months of study and watching your videos. A million thanks or not enough!!!

@NTFAQGuy

2 жыл бұрын

Congrats and thanks for the kind note

Great explanation. Thank you!

Best Azure tutorials i have seen so far. Thanks a lot for all your efforts to help learning

@NTFAQGuy

3 жыл бұрын

Glad you like them!

thanks for your time and effort !!!!!

merci John. Very interesting.

These are great, very helpful, thank you John!

@NTFAQGuy

3 жыл бұрын

My pleasure

I just have to say that your videos are a great example of teaching. When I shared your videos with some colleagues the other day, I thought about the Albert Einstein quote (At least I think it was Einstein): If you can't explain it simply, you don't understand it well enough. Well, you clearly understand it well enough. Thank you for making these. They really make the technology understandable. Your PowerShell videos for instance, made me understand and therefore use PowerShell much more than I did before, when I just googled the commands I needed.

@NTFAQGuy

3 жыл бұрын

That is very kind and appreciate the feedback. Take care.

very nice end to end view of how things work in Azure Security .

@NTFAQGuy

2 жыл бұрын

Glad you liked it

Nice job with great tutorial.

thats super timing! exam is next week.. Thanks man!

@NTFAQGuy

3 жыл бұрын

You can do it!

youre the best john! cant thank you enough for content like this :)

I passed SC200 today! Thankyou for your continued hard work and support. I couldn’t have done it without these videos. MS500, you’re next.

@NTFAQGuy

2 жыл бұрын

Congrats!

Great content as usual! Much appreciated.

@NTFAQGuy

3 жыл бұрын

Glad you enjoyed it!

I am fan of teaching stuff ...I am greatful to find you ..

@NTFAQGuy

2 жыл бұрын

Thanks!

Great video and something I watched a couple of times before doing my SC-200 exam. More of the same please :)

@travelmore9626

3 жыл бұрын

Hi Jase, What other content did you use for the SC-200? Thanks

@Tkid33

2 жыл бұрын

Yeah I would like to know 2!

This was extremely useful. Thank you very much!

@NTFAQGuy

3 жыл бұрын

Great to hear, thank you

Thank you for this - it is much appreciated

@NTFAQGuy

3 жыл бұрын

You're very welcome!

Super helpful - Thank you so much john !! #StayBlessednHappy

Awesome job John! greetings from SA

@NTFAQGuy

3 жыл бұрын

Thanks!

I have a sentinel deployment planned in az gov and this was great help . Thanks John . Any chance you would consider a video with pointers on SC-300 beta exam .

Very informative and helpful

@NTFAQGuy

2 жыл бұрын

Glad it was helpful!

High quality, focus on principal instead of details as always. Thanks!

@NTFAQGuy

3 жыл бұрын

You got it!

Good work keep it up, Thank you it helped me a lot.

@NTFAQGuy

2 жыл бұрын

Glad to hear that

Great info as usual, thanks!

@NTFAQGuy

3 жыл бұрын

Thanks!

Great video, very informative!

@NTFAQGuy

3 жыл бұрын

Thank you!

I am again on your channel. You are great 👍

Sentinel is awesome!

Amazing - as always

@NTFAQGuy

2 жыл бұрын

Thanks

S stands for security/ Sentinel. I like when you bring humour into it. 👍 video

You are the Shon Harris of Azure.. Thanks a lot!

@NTFAQGuy

2 жыл бұрын

No clue who that is but thanks ? :-D

@pavrao

2 жыл бұрын

@@NTFAQGuy - en.m.wikipedia.org/wiki/Shon_Harris . She helped me clear CISSP and was the best I have ever come across. Unfortunately, she is no more.

Hey John, Thank you for putting this together. It is awesome. Just one small comment is that at @1:19 you mentioned that ASC is proactive and Azure sentinel is reactive. Actually, it is the other way round. Sentinel with built-in AI is proactive.

@NTFAQGuy

3 жыл бұрын

I still say it’s mostly other way round. Asc driven by policy is telling you things to protect to avoid attack, ie proactive, sentinel is triggered by logs which are things that have mostly happened, ie reactive. Yes sentinel has aspects of proactive but fundamentally it’s reactive. That’s also how product groups see the technology.

@AzureTrainingSeries

3 жыл бұрын

@@NTFAQGuy Thank you for the clarification, John

Excellent video. Liked

@NTFAQGuy

3 жыл бұрын

Many thanks!

Great content, keep up the good work :-)

@NTFAQGuy

3 жыл бұрын

Thsnks

The man of Microsoft Security Stack.

Very nice lecture, thanks keep it up... :)

@NTFAQGuy

3 жыл бұрын

Thank you, I will do my best!

Excellent!

@NTFAQGuy

2 жыл бұрын

Thanks

Another Good Video. Can't help but wonder Why MSFT makes everything so complicated and confusing. OMG, Azure Security Center, Azure Defender, Azure Sentinel, Azure Monitor, Workboos, Playbooks, Runbooks..... How does this company stay in business!! "-)

Thanks for Sharing this John. Can you please make videos for SC-300 exam

@rickcondon8706

3 жыл бұрын

He's got a great Master Class video on Identity that should help you with SC-300

awesome, I've been struggling on the architecture now am certain Thank you @John Savill's

Long-time subscriber, first time commenter. Did a lot change between making this video and the changes introduced in September 2021?

@NTFAQGuy

2 жыл бұрын

Not major

Thanks!

@NTFAQGuy

3 жыл бұрын

No problem!

As always, great video with explanation. Would it be posible for you to share the photo image of Whiteboard in the session, John?

@NTFAQGuy

2 жыл бұрын

While I post for newer videos I didn't keep for old ones.

@SiddheshPrabhugaonkar

2 жыл бұрын

@@NTFAQGuy No problem. Thanks as always

My first video. There will be more, for sure. T H A N K S ! ! !

@NTFAQGuy

3 жыл бұрын

Thanks and welcome!

RESPECT! great video sir

@NTFAQGuy

3 жыл бұрын

Thanks!

Hey John, great explanation skills you got there. However I was wondering if it's possible to stream the alerts and incidents to a different ticketing system like ServiceNow, ConnectWise etc.

@NTFAQGuy

3 жыл бұрын

yes you can send via event hub for example. Look up continuous export. no need to type "please answer" lol

@yashmudaliar6590

3 жыл бұрын

@@NTFAQGuy I tried this out but my real concern is I don't get a page where I can actually select ServiceNow for integrating it with Security center.😭

@NTFAQGuy

3 жыл бұрын

@@yashmudaliar6590 Thats not how it works. You send from ASC to event hub then ServiceNow you configure to pick up from Event Hub.

@yashmudaliar6590

3 жыл бұрын

@@NTFAQGuy Thank you John for the help. I'll try to get it done (which I'm feeling is going to be very difficult for me) but please help me with any relatable resources if you get in future. Thanks once again.

@NTFAQGuy

3 жыл бұрын

@@yashmudaliar6590 Look at ServiceNow for docs on reading from publish/subscribe sources like event hub. Good Luck

Hi John! As always, great video! Thank you very much! :) I would like to share a couple of considerations with you. OS Logs - Azure Security Center uses them for VM protection and it requires the deployment of a Log Analytics agent that stream such OS logs to a Log Analytics workspace. I would say that it would be smart to stream them to the same Log Analytics workspace on which Azure Sentinel sits. Would you agree? Are there any other factors to be taken into account? What do you think? Azure Sentinel Connectors - Let's take the Activity Logs as an example. What is the difference between setting the Diagnostic Settings on the Azure Subscription and streaming the Activity Logs to the Log Analytics workspace on which Azure Sentinel sits, and enabling the Azure Activity Logs Connector of Azure Sentinel? Are these two options the same thing? Or am I losing any security feature (e.g. the Analytics Rules)? Thanks once again John. This channel is awesome!

@mmkmur1

3 жыл бұрын

Hello Giovanni, I have had exactly the same question that you raised here. I did a bit of work and found out the below. Again I would appreciate an expert opinion to know if what I found is right. 1. Yes. That will be the smart idea so Sentinel gets the view of all raw windows logs and it can enable detections based on ML. But please note that these would have only windows event logs. Security Center doesn’t capture and store Linux workload logs. We will have to enabled that from Log analytics advance settings by switching on the Syslog and the required facilities you need. I just added this here since I didn’t know how this in the very beginning when I stated working with Azure. We can map as many workspace to Sentinel as possible. 2. This is a very common doubt one can have esp when we start using Sentinel. If we are actually storing any logs that is security relevant ( when I say security relevant, it means logs that can have security use cases and interested for securing team ) in log analytics we could just enable Sentinel on top of it. When we use a data connector what it is doing behind the scenes is to enable the diagnostic setting and switching on the stream of logs to the respective log analytics workspace that Sentinel is mapped to. So if we already have these logs streamed to a LA workspace, we don’t need to use the connector option. If we use it , I think it will cause duplication of logs. And we don’t loose out of any feature say analytics or hunting as workspace is the base or backend for all these features. I hope it helps. We could connect on LinkedIn to exchange our ideas and views if that helps. Thanks.

Hi John, Regarding the Connectors for Azure Sentinel, what are the differences between Azure Active Directory connector and Azure Active Directory Identity Protection connector? New-AzSentinelDataConnector command only has param -AzureActiveDirectory which is for Azure AD Identity Protection connector. No param for Azur AD connector.

@NTFAQGuy

3 жыл бұрын

The docs walk through what is captured. docs.microsoft.com/en-us/azure/sentinel/connect-data-sources. AAD is the sign-in/audit type logs while IP gives security alert type info.

@MyJapaneseLife

3 жыл бұрын

@@NTFAQGuy Hi John, thanks. Because it took ~3-4h for the Azure Active Directory connector to be "connected" while in Azure AD Identity Protection case it is almost instant, I was confused...Also the misleading Powershell command which uses -AzureActiveDirectory for Azure AD Identity Protection... Don't know why the hell it took so long just to connect to my test Azure AD...

All good stuff, but it is hard to find a course (happy to pay) that focuses on the knowledge required to pass the AZ 500 exam. Not a cram, what I'd love to see is how to approach the exam. I am happy I have covered all the security interfaces in Azure, and I can work efficiently but the logic of the exam questions is a long way from just being proficient in Azure. Some of the questions I don't feel I could ever know how to answer (question breakdown really).

@kauffmann101

2 жыл бұрын

You can try the" measure up"to get prepare your azure exam . The exam format is almost identical to real exam and it also provides the explanation for each answer and the referring document. It is not a cram but it examine your knowlege of specific area in Azure. I got pass without cram through measure up on every azure exam. Hope this can help .

_/\_ Awesome explanation....

@NTFAQGuy

2 жыл бұрын

Glad it was helpful!

Hey John, thanks for your great instructional videos. They've helped me a great deal with Azure! Are you planning to cover the new SC-200 certification at some point in the future?

@NTFAQGuy

3 жыл бұрын

Glad they help, thanks for watching. I don’t discuss future plans, sorry

@ville6633

3 жыл бұрын

@@NTFAQGuy Okay, thanks. Appreciate the response!

For the algorithm!

Would you still add alerts in defender for endpoint, defender for azure etc or would it be all done in sentinel?

@NTFAQGuy

2 жыл бұрын

Would consider delay vs centralization, native ml etc

I need some pointer Could you help me on these two questions? Q.1) How to get raw payload of incident related events using KQL? Q.2) How to get volume of day using API? I am new to Sentinel Thank You

@NTFAQGuy

2 жыл бұрын

there are log analytics insights that shows detail and various queries you will find from a quick search. The payload is available as part of result set from queries.

Hi, I'm kinda new to Azure but where is Microsoft defender in this. Isnt that a different dashboard to Azure defender?

@NTFAQGuy

2 жыл бұрын

Defender is not really in scope of this. My focus was ASC and Sentinel but you can drive Defender from ASC and its results would show in ASC. Look at todays video :-)

Hey, Is this Az-500 playlist enough to clear the Az-500 exam?

@NTFAQGuy

2 жыл бұрын

No. Supplemental help

@vishalpathak143

2 жыл бұрын

@@NTFAQGuy I was thinking of going through your playlist, Microsoft labs & practice tests. Would these help? Or do you recommend some more I should go through?

@loganhemphill3604

2 жыл бұрын

@@vishalpathak143 Depending on how well you retain information you can pass going through Microsoft labs + reading material + Savills videos. Do them at the same time (Watch PIM while going through PIM material and labs, etc.)

Is there by chance a link to that git hub ?

@NTFAQGuy

2 жыл бұрын

It’s in description

finally passed 104 tempted to move onto az500 just not sure . could be very hard... ?

@NTFAQGuy

2 жыл бұрын

The harder the obstacle the greater the accomplishment. Just requires study and practice.

@ZeNex74

2 жыл бұрын

@@NTFAQGuy true wise words. 104 was starting to do my head in. plan was to get some aws next but maybe i should push forward for az500

@NTFAQGuy

2 жыл бұрын

@@ZeNex74 whatever you think best for you.