Are your Entra ID (AAD) logs getting too expensive in Sentinel? I have a theory on this. These logs appear to be created primarily for reporting purposes. Optimal sizing may not have been a primary consideration. In my experience these logs can grow rapidly and may become too expensive to retain in Sentinel. The two… Read More »
I recently passed AZ-500! I found the exam to be rather challenging; partially due to a lack of training resources. Here is a brief summary and some general prep-tips in case you are heading down the same path. Exam AZ-500: Microsoft Azure Security Technologies This a broad exam covering many topics. I recommend passing at… Read More »
Here is the last ported post from my old bog site. The vast archive of SCOM knowledge (3 full posts) have now been migrated to the new blog! I’ve worked with a variety of management packs over the years. One headache that I have often encountered when implementing a new MP has been the inconsistency… Read More »
Here is another article ported from my old blog dating back to 2012. I recently revised a few key points. Once again, these observations haven’t changed significantly over time. Deploying SCOM Agents using the Discovery Wizard appears to have at least four distinct phases: setup, discovery, installation, and initialization. Each of these stages has unique… Read More »
Here are some SCOM tuning tips that I published back in 2012 that are just as relevant today as they were back then. This was taken from a SCOM support guide that I created for a large insurance company. Reasons why we create new MP rules and monitors: To generate new monitoring that was not… Read More »