2025
April
April 15, 2025 8 min read Blog
Comprehensive Guide to Configuring Advanced Auditing
Comprehensive Guide to Configuring Advanced Auditing
Purview Azure Automation Auditing
This post provides everything you need to ensure Advanced Auditing is fully configured and auditing everything we possibly can for both existing and new users. I recently shared guidance for this via social media (see below), and it felt like a perfect time to revisit my previous posts and combine everything into one comprehensive guide :) You likely aren't collecting all available events to the Unified Audit Log First, not all events are enabled or retained optimally. Consider creating this policy in the Purview portal (leave users and record types blank to collect everything). Retention is based on license... pic.twitter.com/IEKKfrkpI8
April 3, 2025 4 min read Blog
Managing Restricted Groups with Access Packages
Managing Restricted Groups with Access Packages
Access Packages Entitlement Management Entra PIM
👮 Restricted Management Admin Units (RMAU) in #EntraID Hackers HATE This Hidden Entra ID Feature Most Admins Never Use@NathanMcNulty breaks it down for us 👇 🎧 Get the full podcast episode at https://t.co/gnvH23WorW pic.twitter.com/nxBwCQ6BwS — Merill Fernando (@merill) March 29, 2025 I recently had a chance to discuss Restricted Management Administrative Units (RMAUs) with Merill, and one of my favorite uses for these is to protect groups that are used in Conditional Access policies so they aren’t accidentally modified or deleted. I’m also a big fan of using Access Packages to control membership of these groups for things like exclusions from geofencing policies, user action policies, blocking policies, etc.
March
March 27, 2025 1 min read Media
Entra Chat with Merill Fernando
Entra Chat with Merill Fernando
It was such an honor to join Merill Fernando on Entra Chat, and I hope to join him again in the future. Be sure to check out Entra Chat: https://entra.news/p/operational-groups-in-entra-with
Feburary
February 2, 2025 1 min read Solutions
Operational Collections 2.0
Log Analytics Intune Remediations Microsoft Graph
Automate security group membership based on device hardware, software, vulnerabilities, and other inventory data
February 1, 2025 2 min read Notes
Getting more data from the CA Insights and Reporting Workbook
Conditional Access
Quick tip on using workbooks to create KQL queries and get more data than provided by the workbook
January
January 27, 2025 1 min read Solutions
Super Advanced Auditing
Ensure all available audit records are collected to Unified Audit Log
January 26, 2025 1 min read Solutions
Defender AutoConfig
Defender
A tool to assess and automate configuration in the Defender portal
January 26, 2025 1 min read Solutions
One Full Scan
Defender
Improve Defender performance by performing one full scan
January 23, 2025 1 min read Solutions
CAPremortem
A tool to assess historical impact of report-only policies
January 22, 2025 1 min read Solutions
MDE Analyzer²
Defender
Automate analysis of MDE Client Analyzer output for common issues
January 22, 2025 1 min read Solutions
Device cleanup
Comprehensive automation for device cleanup
January 20, 2025 2 min read Notes
Enable all auditable events
Purview
The defaults are better than they used to be, but you can still do better.