How to use Azure Sentinel to follow a Users travel and map

How to use Azure Sentinel to follow a Users travel and map their location ‎Nov 04 2019 02:07 PM. This post is in two parts. 1. Workbook import instructions. 2. The finished workbook . UPDATE - September 2020: There have been some updates since 2019 to the map controls, so you may need to edit the Map Settings fields and sometimes the Latitude

fridaynightfunkin.ninja

View More ...

CAS Impossible Travel Alerts

@AleA79 While analyzing the impossible travel alert, its always advised to check the reputation of the two IPs.For True positive cases, you will generally see the other IP to be blacklisted. In such cases, you should go ahead with resetting of user's password and …

techcommunity.microsoft.com/t5/microsoft-cloud-app-security/cas-impossible-travel-alerts/m-p/2071742

View More ...

Impossible travel alerts on failed logins

The Impossible Travel alerts description also includes all those failed login locations. For accounts that we know have been compromised based on some criteria, I see an automated flow that logs them out of all apps, resets their password and then text them that password to their MFA phone number. I know I'm dreaming but one day we will get there.

techcommunity.microsoft.com/t5/microsoft-cloud-app-security/impossible-travel-alerts-on-failed-logins/td-p/745206

View More ...

New impossible travel policy

@stromnessian the Impossible Travel Policy is based on Machine Learning and UEBA - there's no supported way to create a custom policy using UEBA. Those are all built-into the product. Is there a reason the built-in "Impossible Travel Policy" is not satisfying your requirements? You can recommend a change to the development team.

techcommunity.microsoft.com/t5/microsoft-cloud-app-security/new-impossible-travel-policy/td-p/2155764

View More ...

Corporate IP & Impossible Travel issues

Adding your corporate IP’s to the data enrichment section is a great first step to improving the detection. However, you can take a few additional steps to help with this issue. As an example, to reduce the number of false positives within the impossible travel alert, you …

techcommunity.microsoft.com/t5/microsoft-cloud-app-security/corporate-ip-amp-impossible-travel-issues/td-p/1150332

View More ...

Impossible travel to atypical locations

Re: Impossible travel to atypical locations Hi @wmorais , If that users do not left the business, did not connect to other networks and does not have an VPN, the user maybe is compromised their credentials, or gave access to an app that can login on their behalf.

techcommunity.microsoft.com/t5/office-365/impossible-travel-to-atypical-locations/td-p/738212

View More ...

Spike in impossible travel false positives

I've noted recently a spike in impossible travel alerts in my MCAS. When looking at the activity all the activity appears in my home country (AU) but dotted throughout is activity from other MS DC IP's in other countries causing an impossible travel alert. When I look at the type of activity that

techcommunity.microsoft.com/t5/office-365/spike-in-impossible-travel-false-positives/m-p/1117361

View More ...

Using Office 365 while Travelling to China or having a

I am looking for Guidance for Multinational companies having Regional offices in China. I am aware that the Office 365 in China is managed by 21Vianet. If a multinational organization (assume base tenant in US) wants to rollout office 365 for its China employees; - What are …

techcommunity.microsoft.com/t5/office-365/using-office-365-while-travelling-to-china-or-having-a-regional/td-p/360842

View More ...

Apache Spark in Azure Synapse

Very simple ways to build indexes on your data (e.g., CSV, JSON, Parquet), including Delta Time Travel feature. The ability to incrementally refresh an index in the data is suitable for streaming workloads. An easy-to-use optimize() API to handle index fragmentation.

techcommunity.microsoft.com/t5/azure-synapse-analytics/apache-spark-in-azure-synapse-performance-update/ba-p/2243534

View More ...

Templates & Downloads

Travel approval. This solution allows employees to easily submit travel requests to SharePoint lists from desktop or mobile devices using PowerApps. Requests are automatically routed using Flow to the appropriate manager and travel department for approval. Learn more

resources.techcommunity.microsoft.com/templates-downloads/

View More ...

Change Event Risk Level Azure AD Identity Protection

Is there a way to change the Risk Level for "Impossible travel to atypical location" from medium to high? In 99% of our cases this is a very bad occurance and needs immediate attention. I at least need to way to alert on this event.

techcommunity.microsoft.com/t5/azure-active-directory/change-event-risk-level-azure-ad-identity-protection/td-p/45426

View More ...

Atypical travel: no logs in MCAS

HI all, We often encounter the MCAS raises the alerts: "Risky sign-in: Atypical travel" The alerts us 2 IP addresses, in this case the IP where the user is normally active from and the atypical IP. The IP's are also translated to their corresponding GEO locations. As you can see that aler

techcommunity.microsoft.com/t5/microsoft-cloud-app-security/atypical-travel-no-logs-in-mcas/td-p/1890382

View More ...

Labor and Travel Calculator

Starting with the Travel Schedule Tab: this tab is where the majority of the information comes from. I get this list of travel dates and places by Department. This is the raw data. I then figure out which FY it falls into based on the dates (Table H3:J7).

techcommunity.microsoft.com/t5/excel/labor-and-travel-calculator/m-p/2218607

View More ...

Guided UEBA Investigation Scenarios to empower your SOC

Figure 2: impossible Travel activity alert /incident In this scenario we have an incident indicating that a user – [email protected] has either logged on to an application/ portal through multiple destinations within a short period of time, deeming that the user wouldn’t have been able to travel between locations within the time period.

techcommunity.microsoft.com/t5/azure-sentinel/guided-ueba-investigation-scenarios-to-empower-your-soc/ba-p/1857100

View More ...

Try the Planner Add-in for Outlook

Over 25.000 has downloded the Planner and Planner Pro Outlook add-in from iGlobe. We are continuously looking to improve the Add-in. At this point we have developed the add-in to the limit of what the API make possible. However feed back from users might help …

techcommunity.microsoft.com/t5/planner/try-the-planner-add-in-for-outlook/td-p/19375

View More ...

Azure Security Center and MCAS

We would like to underrated if alerts in Azure Security Center and MCAS are related. For example MCAS alert: Impossible travel activity and Azure Unfamiliar sign-in properties or Atypical travel. The issue for us is to monitor both environments for these same activities. There is more examples I …

techcommunity.microsoft.com/t5/microsoft-cloud-app-security/azure-security-center-and-mcas/td-p/1506119

View More ...

Best Setup for Office 365 Vacation Calendar

I was hoping to get advice on the best way to set up a calendar in Office 365 for vacation/time-off request approvals. Would the best way be to create an email address and have the calendar items associated with that email? Or creating a group? Or creating a room for those requests and calendar even

techcommunity.microsoft.com/t5/office-365/best-setup-for-office-365-vacation-calendar/td-p/150923

View More ...

Sample online forms to help organizations stay connected

An example used by some customers in high-risk areas is a travel and health declaration form, which can help identify groups within an organization that may be more at-risk. If you are a multi-national company, you can easily create one form with multiple languages to meet the needs of …

techcommunity.microsoft.com/t5/microsoft-forms-blog/sample-forms-to-help-organizations-stay-connected-while-working/ba-p/1256627

View More ...

Risky Business in Azure AD…

Atypical travel. Sign in from an atypical location based on the user's recent sign-ins. Anonymous IP address. Sign in from an anonymous IP address (for example: Tor browser, anonymizer VPNs). Unfamiliar sign-in properties. Sign in with properties we've not seen recently for the given user. Malware linked IP address. Sign in from a malware

techcommunity.microsoft.com/t5/core-infrastructure-and-security/risky-business-in-azure-ad/ba-p/1564669

View More ...

Unfamiliar sign-in properties, alert flagged in AAD

Atypical travel is the AADIP signal and Impossible Travel is the MCAS signals. 2 things have changed in the last year: 1) we previously called the AADIP signal “Impossible travel to atypical locations” and renamed it to “Atypical travel." We integrated with MCAS to consume their Impossible Travel signal, which now shows in our UI and can

techcommunity.microsoft.com/t5/security-compliance-and-identity/unfamiliar-sign-in-properties-alert-flagged-in-aad-identity/td-p/1195827

View More ...

Solved: SharePoint custom list calendar view End Date

For example: events, training, travel, bookings, etc. Problem: You will face this peculiar problem. If you have set the column as Date Only, the End Date automatically takes its time as 12:00:00 am internally. As a result, the calendar visual shows event ending on previous date. So, if your event starts 01-Feb-2019 and ends 05-Feb-2019, on the

techcommunity.microsoft.com/t5/sharepoint/solved-sharepoint-custom-list-calendar-view-end-date-problem/td-p/355153

View More ...

How to use Azure Monitor Workbooks to map Sentinel data

Now I want to enrich this data, in this case not only do I want to know which Country the inbound attack is happening from, I also want to know the distance from me and the attacker. You could use this same technique for Impossible Travel scenarios as well, if you have Longitude and Latitude information.. Introduction to a geospatial query

techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-monitor-workbooks-to-map-sentinel-data/ba-p/971818

View More ...

Calling Plans for Teams with International Calling

We have a small group of staff members who travel internationally to various middle eastern countries. This group travels between, Saudi Arabia, Kuwait, Bahran and UAE. The problem is our cell phone provider has limited or different calling plans for each country which makes it …

techcommunity.microsoft.com/t5/microsoft-teams/calling-plans-for-teams-with-international-calling/td-p/327411

View More ...

Go hybrid with the Microsoft 365 Collaboration Conference

The Microsoft 365 Collaboration Conference is a unique 'hybrid' event in Orlando, Florida. 'Hybrid' for everyone = speakers and attendees participating in person and virtually; for those who can travel safely as the vaccine rollout continues and virtually for those who are unable to join us in-person safely. The event brings together business leaders, IT pros, developers, and consultants to

techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/go-hybrid-with-the-microsoft-365-collaboration-conference-in/ba-p/2373916

View More ...

Query Delta Lake using T-SQL in Synapse Analytics

Some features such as temporal/time-travel queries, automatic synchronization of Delta Lake tables created in Spark pools, and updates of Delta Lake data are still not available in the public preview. We would be happy to get your feedback related to the new features in this scenario, so you can post your ideas in Azure Feeback site.

techcommunity.microsoft.com/t5/azure-synapse-analytics/query-delta-lake-files-using-t-sql-language-in-azure-synapse/ba-p/2388398

View More ...

Where is the data saved after a form is submitted

Hi all, We're starting to use MS forms and I had a few questions concerning the responses submitted. Where are they stored? I know you can open the responses in Excel, but where exactly are they stored? Also, if an employee creates a form/survey, and they leave the …

techcommunity.microsoft.com/t5/microsoft-forms/where-is-the-data-saved-after-a-form-is-submitted/td-p/1169617

View More ...

Update on new Cloud App Security discovery, investigation

First published on CloudBlogs on Aug 10, 2017 We believe in continuous innovation to bring you deeper visibility, better data control, and strong threat protection for your cloud apps. The Cloud App Security team provides frequent releases and continuously updates …

techcommunity.microsoft.com/t5/microsoft-security-and/update-on-new-cloud-app-security-discovery-investigation-and/ba-p/250294

View More ...

impossible travel exclude one user best practice

We want to exclude one user from impossible travel and are wanting to know the best way to do this, the recommended way so we do not go down the wrong path. I was thinking make a group with all users, but then we would have to constantly keep updating that …

techcommunity.microsoft.com/t5/security-compliance-and-identity/impossible-travel-exclude-one-user-best-practice/td-p/313622

View More ...

How to use Surface hub with multiple displays

We just recently installed a Surface Hub in the office to use for scrum meeting etc. We have, right next to it, a regular screen (previously used to connect laptop to). What we would like to do is to use the Surface to call into Skype for Business meetings, …

techcommunity.microsoft.com/t5/surface-hub/how-to-use-surface-hub-with-multiple-displays/m-p/137156

View More ...

AutoPilot Time Zone configuration and policy settings

Even those people in the PST are effected when they travel to any other time zone. How many users total do you anticipate this impacts? Every one in the company is affected. Since we support multiple companies, I can safely say that this effects all users in all companies that use Intune deployments at some point.

techcommunity.microsoft.com/t5/microsoft-endpoint-manager-ama/autopilot-time-zone-configuration-and-policy-settings/td-p/1436616

View More ...

Error Message when booking appointment through bookings

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

techcommunity.microsoft.com/t5/microsoft-bookings/error-message-when-booking-appointment-through-bookings/td-p/101777

View More ...

The new Edge(release) is displaying only in Chinese

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

techcommunity.microsoft.com/t5/discussions/the-new-edge-release-is-displaying-only-in-chinese/td-p/1116328

View More ...

Using KQL functions to speed up analysis in Azure Sentinel

Security operations can often be a very repetitive role. As a security analyst, you will often find yourself conducting the same actions and tasks as you work through an investigation. Whilst it is a good objective to automate these tasks as much as possible, it is often not suitable or practical to

techcommunity.microsoft.com/t5/azure-sentinel/using-kql-functions-to-speed-up-analysis-in-azure-sentinel/ba-p/712381

View More ...

COVID-19 “Back to Work” Solution Template using Microsoft

Update: This blog was last edited on 8/4/2020. This blog outlines using Healthcare Bot for COVID-19 Back to Work use case with authentication and data persistence in Azure API for FHIR or Azure SQL Database. The template in Healthcare Bot's template catalog has been updated to a …

techcommunity.microsoft.com/t5/azure-ai/covid-19-back-to-work-solution-template-using-microsoft/ba-p/1460240

View More ...

The new Yammer is generally available worldwide

The new Yammer, generally available, delivers a modern design and features for employee engagement, company-wide communications, and knowledge sharing in communities that connect people across the organization.

techcommunity.microsoft.com/t5/yammer-blog/the-new-yammer-is-generally-available-worldwide/ba-p/1521869

View More ...

What's the best way to add a Shared Calendar into a Teams

Howdy, We have some Channels in Teams that would like to have a calendar added to them for everyone in the channel to see and schedule things. I've heard for a while that team calendars are coming to Teams but I don't know if they're here yet and I'm looking for a …

techcommunity.microsoft.com/t5/microsoft-teams/what-s-the-best-way-to-add-a-shared-calendar-into-a-teams/td-p/1166819

View More ...

6 ways to bring some fun to your Yammer network

Travel; Books; While some of these groups may come and go, consider which ones should be nurtured to reinforce your organisations culture and give life to your network beyond work. A list of Yammer groups both fun and functional - NEXTDC

techcommunity.microsoft.com/t5/yammer-blog/6-ways-to-bring-some-fun-to-your-yammer-network/ba-p/459006

View More ...

10 Yammer communities considered the backbone of many

Sometimes we need to see examples of how things are done elsewhere to spark our own creativity and figure out how to use communities in our own networks. Regardless if you are starting your Yammer network from scratch or re-igniting your Yammer …

techcommunity.microsoft.com/t5/yammer-blog/10-yammer-communities-considered-the-backbone-of-many-yammer/ba-p/681007

View More ...

Office 365 URL based filtering is just better and easier

For example a traveling North American Office 365 customer in Europe will be given a European Office 365 entry point. This will prevent the user’s network traffic from having to travel long distances across the public Internet before reaching the desired services.

techcommunity.microsoft.com/t5/exchange-team-blog/office-365-url-based-filtering-is-just-better-and-easier-to/ba-p/589499

View More ...

Return On Investment (ROI) for Teams with UAR

Organisation all across the globe have been implementing or preparing to deploy Teams. As with any new tool, training and support is important and being able to measure the impact of the uptake of a tool is critical to see if they’re achieving the Return On Investment (ROI) both of …

techcommunity.microsoft.com/t5/microsoft-teams/return-on-investment-roi-for-teams-with-uar/m-p/253007

View More ...

New infographic templates for Word, Outlook, and

Check out the new infographic templates that you can customize for your team! Download infographics and templates here.

techcommunity.microsoft.com/t5/driving-adoption/new-infographic-templates-for-word-outlook-and-powerpoint/m-p/122884

View More ...

Teams desktop app not observing daylight savings time

I'm currently having an issue with my Teams. I'm in the Mountain time zone, which recently switched to daylight savings. My system clock (Windows 10) has updated correctly, but Teams still believes it's behind an hour, despite multiple restarts. This …

techcommunity.microsoft.com/t5/microsoft-teams/teams-desktop-app-not-observing-daylight-savings-time/td-p/1218593

View More ...

No audio when sharing the Surface Hub screen

Hi, just wanted to know if it is a normal behavior that when listening to a video on the Surface Hub (a link pointing to a website hosting a video), there is no audio sent to remote users assisting to the meeting. We where trying to figure that out but there is also no sound if we are using a comp

techcommunity.microsoft.com/t5/surface-hub/no-audio-when-sharing-the-surface-hub-screen/td-p/70490

View More ...

MS Forms data stored in SharePoint List

It would be really great if the questions / data collected could be promoted into a SharePoint List (like it used to be with InfoPath) because it is much easier to use than PowerApps. Users find it difficult to work with the phone layout and if they can …

techcommunity.microsoft.com/t5/microsoft-forms/ms-forms-data-stored-in-sharepoint-list/td-p/279290

View More ...

Investigating Alerts in Defender for Office 365

The extensive use of collaboration tools during the COVID-19 remote work era is putting many organizations at even higher risk for phishing attacks: via business emails or video conferencing solutions. This may be a good opportunity to refresh your workflows in …

techcommunity.microsoft.com/t5/microsoft-defender-for-office/investigating-alerts-in-defender-for-office-365/ba-p/1824188

View More ...

ADS