CIAOPS MS-900 Exam prep course now available


I’ve just taken the wraps off my latest online Microsoft exam prep training. This time it is for the Microsoft MS-900 Microsoft 365 Fundamentals exam. This exam isn’t as technical as others but is still a very good broad overview of the what Microsoft 365 is all about and I certainly recommend people look at doing this exam, especially as a starting port for their certifications.

I am a big believer in industry certifications as I have details previously here:

The benefits of certification

The major benefit is provide a good base of knowledge to move forward in today’s ever changing technology world. This is important today because so many new cloud services are dependent on technologies like Azure AD, Identity and so on. Also, certification exams force you to learn the breadth of the product, which then allows you to provider better solutions and security.

You can sign up for this new course here:

and look out for more courses coming soon from the CIAOPS.

Techwerks 10–Sydney 12th February 2020


I am happy to announce that Techwerks 10 will be held in Sydney on Wednesday the 12th of February 2020. The course is limited to 20 people and you can sign up and reserve your place now! You reserve a place by completing this form:

or  sending me an email ( expressing your interest. This training is just before the Microsoft Ignite the Tour in Sydney, so if you are in town for that you can hopefully also take advantage of this training.

The content of these all day face to face workshops is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into the Microsoft Cloud including Microsoft 365, Azure, Intune, Defender ATP, security such as Azure Sentinel and PowerShell configuration and scripts, with a focus on enabling the technology in SMB businesses.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend is:

Gold Enterprise Patron = Free

Gold Patron = $33 inc GST

Silver Patron = $99 inc GST

Bronze Patron = $176 inc GST

Non Patron = $399 inc GST

I hope to see you there.

Keep calm and Twitter

Generally, the cloud is pretty reliable. However, it is not perfect and there will be downtimes and outages. Just because you move your information to the cloud doesn’t mean that you abdicate your responsibilities for it. Disaster planning is as important in the cloud as it is on prem.


The first place to start if you are having issues with what you believe to be related to Microsoft 365 is the Microsoft 365 Service Health page shown above, which can be found at:

Of course, if you are unable to access your tenant for any reason, then you’ll have to try another resource.


Your next point of call should be the Office 365 status page here and shown above:

This is fairly generic and also just links back to the Service Health in your own portal. However there maybe information here around any wider scale issues so it is always worthwhile checking.


Next, you should follow the @MSFT365Status Twitter account as shown above. Here you’ll find information posted that is on infrastructure outside Microsoft’s. You can also communicate with this account if you need to.


You can also find an Azure Status page at:

Given that many Microsoft 365 services are built on Azure, it is another area that may give you some insight.


There is also an Azure support Twitter account @azuresupport that will post information concerning issues and something you can also interact with if you need to.

There are also numerous third party services that will track whether a web site active.

Finally, a good approach is also to do a search across Twitter to see whether others are also having similar issues. People tend to be pretty vocal on social media when they are inconvenienced, so that should a source of both good and bad information.

As Noah knows, you prepare for the flood BEFORE it rains. In the event of cloud issues, how will you know the extent of the issues and where will you get good information? For me, that source has typically been Twitter as the major source. You do have to filter those results a tad to get helpful information there, but that is the nature of social media.

In short, you need a plan. Take my advice and start monitoring Twitter to get a better idea of what might be happening beyond your own screen.

Another great security add on for Microsoft 365

Previously, I have spoken about Cloud App Security being a ‘must have’ add on for any Microsoft 365 environment:

A great security add on for Microsoft 365

I now believe that the next ‘must have’ security add on you should integrate with your tenant is Azure Sentinel.


In a nutshell, Azure Sentinel will allow you to monitor, alert and report on you all you logs from just about any location, whether on prem or in the cloud.


Once you have created the Sentinel service and assigned it a log workspace, the first place to go is to the Connectors option as shown above.

Here you can connect up your services. There is a huge range of options from Office 365, Azure, on prem and third parties like AWS, At a minimum I would suggest you connect up your Azure and Office 365 services.


Next, go to the Analytics option, then select Rule templates from those available. These rules are basically queries across your data sources from your connectors. Add in the rules that make the most sense for your environment.


As you create these rules you be stepped through a wizard as shown above.


The Set rule logic step allows you to define the rule based on the data being received. You will notice there are lots of options. The great thing about using the templates is that this is already done for you but you can certainly modify these or create your own.


The real power of Azure Sentinel lies in the Automated response step shown above. Here you define what actions will be taken when a alert is generated by the rule. This means that you can have something automatically execute when an alert happen. This could be a remediation process, advanced alerting and more. This allows the response action to threat to be immediate and customisable.


Next, go into the Workbook options as shown and then the Templates area and add all the options that make sense.


A workbook is basically an interactive dashboard where you can graphically query and report on data as shown above.


When rules are triggered they will appear as Incidents that you investigate as shown above.


You’ll be able to explore incidents in greater depth using the graphical explorer as shown above.


Good security is about being pro-active and Azure Sentinel gives you this via the Hunting option as shown above. This allows you to run standard queries against the data to discover items that may need further investigation and analysis. Note the option highlighted here that allows you to Run all queries at the touch of button. This is yet another hugely powerful option as you can now ‘hunt’ across all your information so quickly. Show me another tool that can do this for both cloud and on prem?


There are lots more features, but by now you are probably wondering what the costs are? As you can see from above, they are based on storage and you can reserve a storage size to suit your needs. However, you can also opt, as I have, for a pay as you go option.


This means the Azure Sentinel cost to analyse all my data is AUD$3.99 per GB of data and


on the pay as you go plan I also need to factor in data ingestion, which is shown above in AUD$. Note that you get 5GB of data ingestion free per month. After that, I’d be paying AUD$4.586 per GB.


As you can see from the above usage figures I am no where near the 5GB ingestion limit, so all I am currently paying for just Azure Sentinel analysis.

The amount of data you ingest and analyse will depend on the services you connect and well as things like data retention periods. All of these can be adjusted to suit your needs. There are also many other Azure pricing tools you can use to control your spend. However, if you are concerned about running up an excessive bill, just connect and few services and scale from there.

In my case, I have logs from Microsoft 365 Cloud services, Azure, on premises machine monitoring, Defender ATP and more all going into Sentinel. Basically, everything I can, is going in there and the costs remain low.

I have always maintained that when you sell Microsoft 365, you should also sell an Azure subscription:

Deploy Office 365 and Azure together

Azure Sentinel is yet further confirmation that you should be doing this to add greater functionality and security to your environment. I will be spending more time deep diving into Azure Sentinel so make sure you stay tuned.

Allowing extensions with Edge Baseline


One of the handy things that Microsoft has now enabled is the ability to control the modern Edge browser (i.e. the one based on Chromium) via policy and services like Intune. In fact, if you visit Intune and look for Security Baseline you’ll find a new Microsoft Edge Baseline policy as shown above.


There are lots of great settings you can enforce by using this baseline to create a policy as you can see above.

I enabled the policy without making any changes initially so I could determine the impact, if any. It turns out that the default baseline actually disables any and all existing browser extensions you may have and also prevents you from adding new extensions.

I understand that this approach makes your environment more secure but I really can’t live with both the Lastpass and GetPocket extensions.


Unfortunately, by default with the baseline policy, these got blocked as you see above. This meant that I needed to adjust the policy.


As it turned out, you need to set the option:

Control which extensions can be installed = Not Configured

Just disabling and removing other options didn’t seem to do the trick.


After making that change and forcing the updated policy to sync to the workstation, I was back in business as you see above. I didn’t need to do anything in the browser, the previously disabled extensions were re-enabled automatically.

Enabling extensions is the only change I have made to the default baseline policy so far and now everything is working as expected and is more secure which I like.

I’d like the option to select ‘approved’ extensions so the baseline policy could be applied in total. Hopefully, that feature will make an appearance in the policy soon as I thing many will want it. However, this is quick and easy way to lock down the new Edge browser and another reason that, like me, it is my primary browser.

Need to Know podcast–Episode 219

We are just past Halloween and it’s time for something that seems to scare most people who administer Microsoft 365. PowerShell. However, to hold your hand while we dive deep we one of the best in business – Elliot Munro from GCITS – to guide you. Also, Brenton and I bring you all the latest news from the fire hose of Microsoft Ignite 2019, so much so that we’ll have more next time. Holey moley, there lots in the episode, so lean back, listen in an enjoy.

This episode was recorded using Microsoft Teams and produced with Camtasia 2019

Take a listen and let us know what you think –

You can listen directly to this episode at:

Subscribe via iTunes at:

The podcast is also available on Stitcher at:

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.


Elliot Munro



Introducing the new Edge and Bing

Microsoft 365 Productivity score

New Office Mobile App

Microsoft Fluid Framework

Introducing Microsoft 365 Business voice to UK and Canada

What’s new in Microsoft Teams from Ignite

Microsoft Endpoint Manager vision

The future of Yammer

Empower your people with Project Cortex

Check off your To-Do tasks in Teams

Security and Compliance announcements from Ignite

Their sacrifice shall live on

We pause today to remember all of those who gave their lives in war. Soldiers, sailors, airmen, civilians and more. We pause to remember lives cut short. Today, at 11am on the 11th of November is the anniversary of end of World War One in 1918. An anniversary of the first conflict where war truly became industrialised. Where weapons more than men had the advantage on the battlefield and a few could now kill so many thanks to the power of modern weapons.

The Australian landings at Gallipoli in 1915 are largely credited with giving ‘birth’ to Australia as a nation. They marked the beginning of a commitment of 313,814 Australians to the war of which around 53,000 died in France and Belgium alone. 152,171 were also wounded in this theatre as well, so the impacts on a young nation were marked.

It is not only the past the we remember today, it is also the ongoing service of those that protect us today. Not just soldier, sailor and airmen but emergency workers and more. Their service, like their forbearers, stands as a shining beacon of what can be achieved with the service to others. We don’t honour the methods or the reasons, we honour those that chose to serve. Those that put themselves in harms way for others. Those who were asked to perform a duty for others and did so without question, with many paying the ultimate price.

This is why we remember them. This is why we today pause and say:

Lest We Forget

for there would be nothing more tragic or disrespectful than to neglect to say ‘thank you’ to those that made our world a better place to be and gave us the opportunity to enjoy it. If nothing else, we owe them that. So today, take a moment to pause, reflect, say thank you and hopefully ask how you can make the world a better place in some small way as a way of honouring those who did not return because, sadly, there are still those suffering.

For more information on the Australian battlefields of World War One wish my website