Another great security add on for Microsoft 365

Previously, I have spoken about Cloud App Security being a ‘must have’ add on for any Microsoft 365 environment:

A great security add on for Microsoft 365

I now believe that the next ‘must have’ security add on you should integrate with your tenant is Azure Sentinel.


In a nutshell, Azure Sentinel will allow you to monitor, alert and report on you all you logs from just about any location, whether on prem or in the cloud.


Once you have created the Sentinel service and assigned it a log workspace, the first place to go is to the Connectors option as shown above.

Here you can connect up your services. There is a huge range of options from Office 365, Azure, on prem and third parties like AWS, At a minimum I would suggest you connect up your Azure and Office 365 services.


Next, go to the Analytics option, then select Rule templates from those available. These rules are basically queries across your data sources from your connectors. Add in the rules that make the most sense for your environment.


As you create these rules you be stepped through a wizard as shown above.


The Set rule logic step allows you to define the rule based on the data being received. You will notice there are lots of options. The great thing about using the templates is that this is already done for you but you can certainly modify these or create your own.


The real power of Azure Sentinel lies in the Automated response step shown above. Here you define what actions will be taken when a alert is generated by the rule. This means that you can have something automatically execute when an alert happen. This could be a remediation process, advanced alerting and more. This allows the response action to threat to be immediate and customisable.


Next, go into the Workbook options as shown and then the Templates area and add all the options that make sense.


A workbook is basically an interactive dashboard where you can graphically query and report on data as shown above.


When rules are triggered they will appear as Incidents that you investigate as shown above.


You’ll be able to explore incidents in greater depth using the graphical explorer as shown above.


Good security is about being pro-active and Azure Sentinel gives you this via the Hunting option as shown above. This allows you to run standard queries against the data to discover items that may need further investigation and analysis. Note the option highlighted here that allows you to Run all queries at the touch of button. This is yet another hugely powerful option as you can now ‘hunt’ across all your information so quickly. Show me another tool that can do this for both cloud and on prem?


There are lots more features, but by now you are probably wondering what the costs are? As you can see from above, they are based on storage and you can reserve a storage size to suit your needs. However, you can also opt, as I have, for a pay as you go option.


This means the Azure Sentinel cost to analyse all my data is AUD$3.99 per GB of data and


on the pay as you go plan I also need to factor in data ingestion, which is shown above in AUD$. Note that you get 5GB of data ingestion free per month. After that, I’d be paying AUD$4.586 per GB.


As you can see from the above usage figures I am no where near the 5GB ingestion limit, so all I am currently paying for just Azure Sentinel analysis.

The amount of data you ingest and analyse will depend on the services you connect and well as things like data retention periods. All of these can be adjusted to suit your needs. There are also many other Azure pricing tools you can use to control your spend. However, if you are concerned about running up an excessive bill, just connect and few services and scale from there.

In my case, I have logs from Microsoft 365 Cloud services, Azure, on premises machine monitoring, Defender ATP and more all going into Sentinel. Basically, everything I can, is going in there and the costs remain low.

I have always maintained that when you sell Microsoft 365, you should also sell an Azure subscription:

Deploy Office 365 and Azure together

Azure Sentinel is yet further confirmation that you should be doing this to add greater functionality and security to your environment. I will be spending more time deep diving into Azure Sentinel so make sure you stay tuned.

Need to Know podcast–Episode 219

We are just past Halloween and it’s time for something that seems to scare most people who administer Microsoft 365. PowerShell. However, to hold your hand while we dive deep we one of the best in business – Elliot Munro from GCITS – to guide you. Also, Brenton and I bring you all the latest news from the fire hose of Microsoft Ignite 2019, so much so that we’ll have more next time. Holey moley, there lots in the episode, so lean back, listen in an enjoy.

This episode was recorded using Microsoft Teams and produced with Camtasia 2019

Take a listen and let us know what you think –

You can listen directly to this episode at:

Subscribe via iTunes at:

The podcast is also available on Stitcher at:

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.


Elliot Munro



Introducing the new Edge and Bing

Microsoft 365 Productivity score

New Office Mobile App

Microsoft Fluid Framework

Introducing Microsoft 365 Business voice to UK and Canada

What’s new in Microsoft Teams from Ignite

Microsoft Endpoint Manager vision

The future of Yammer

Empower your people with Project Cortex

Check off your To-Do tasks in Teams

Security and Compliance announcements from Ignite

Governance is always important


There are many times I’m called in to help people design their Microsoft 365 compliance environment. In other words, help with SharePoint, Teams, etc. I generally use my trusty framework that I have spoken about here before:

A framework for file migrations to Microsoft 365

Most of the time I find that people have already ‘given it a go’ themselves but generally ‘mucked it up’ and that’s the reason I’m now there.

I have no issues if someone has in fact ‘mucked it up’ because at least they have tried and it is generally easy to rectify. What I do seriously wonder about is the response to the first question I ask them – ‘Why did you do it that way?’.

The answer to this question I receive is generally a blank stare or silence, even a shoulder shrug. I point out that this is largely why things has been ‘mucked up’ in the first place,  because there was no governance.

In short, what I really want to see with collaboration in Microsoft 365 is the fact that thought has been invested beforehand. Why? Simple. A collaboration system in Microsoft 365 is something you build, not something you buy or magically appears. Microsoft 365 gives you the tools to create the best system, in the world for you. Tailored exactly to your business. Uniquely flexible for your business. Able to adapt to your needs, unlike any off the shelf system. However, it can never achieve that if it doesn’t know who you are what you want. You have to tell it (via governance) what you want it to be. In short, it is clay that you need to mould and governance tells you the shape into which you want to mould it.

Like any good project, the secret is to stop and think before acting. Planning before diving in makes a world of difference to the outcome. But most importantly, write down what you want to achieve! The one common thing about EVERY ‘mucked up’ Microsoft 365 collaboration project I see is simply the lack of documentation prior to commencement.

This documentation doesn’t have to be complex or involved and should be at the very minimum a single page that defines the ‘need’ for a collaboration system. What business pain point does it need to solve? What are the expected benefits? Why will it be used? Think of this document like a specification for the project, the plans if you like. You’d never build a house without foundations and plumbing before you put the walls up now would you? A plan helps make sure that you know what the desired outcome is, helps you understand how to get there and how avoid problems along the way. Without that, you are building something effectively blindfolded.

That one page governance document should hopefully be born before the Microsoft 365 collaboration project even starts. However it is by no means a static document. It is a living breathing entity. It should be added to, edited, enhanced, expanded constantly. But above all else, it should become the single point of truth for why we have this thing. Having such a document is both a guide and a reference. As you move through the various stages of development, which occur over a period of time, you can reference this document and understand the reasons for doing things the way you did. As the system grows it again becomes the reasons for what you are looking to achieve and how you approached that. If you don’t already have a governance document for your Microsoft 365 collaboration environment, then now is always the best time to start one.

The importance of this is that at some stage, maybe, the people initially charged to build the collaboration system move on or there is a decision to out source or change builders. If you have a document that sets out your manifesto for the Microsoft 365collaboration system it is so much easier for everyone involved. Everyone is on the same page and knows where to go to get answers if needed. That’s what I want to see if I become involved as a ‘collaboration consultant’. It means I can quickly understand what you want Microsoft 365 to achieve for your business. It is the platform on which your future solution is built. Remember, collaboration in Microsoft 365 is not a product you buy it is a solution you build.

Sadly, even the most generally organised business overlooks the need to have governance in any Microsoft 365 collaboration system. Governance at the very least should be everyone’s understanding of what is project is and what the aim is. The best way to achieve that, is to write it down beforehand! Without it then, there is no a single reference point that be used to guide the outcome and things unsurprisingly get ‘mucked up’.

As they say – ‘failing to plan, is planning to fail’. Governance is important for Microsoft 365 collaboration, if for nothing else because it is succeeding through planning!

CIAOPS Need to Know Microsoft 365 Webinar–November


We are expecting a big month in November with news from the Microsoft Ignite event. I’ll do my best to provide you a summary of all the important announcements before we dive deep into all the automation options that are available in Microsoft 365. You’ll actually be surprised at how many there are! There will also be the opportunity to ask questions on your burning Microsoft 365 and Microsoft Cloud topics. You won’t want to miss this month!

You can register for the regular monthly webinar here:

November Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – November 2019
Thursday 28th of November  2019
10.30am – 11.30am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

or purchase them individually at:

Also feel free at any stage to email me directly via with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Need to Know podcast–Episode 218

I talk to industry veteran and Microsoft MVP Tony Redmond about a variety of topics including Exchange Online, Teams, PowerShell as well as his fantastic Office 365 administration eBook offering. He shares lots of great insights on a variety of Microsoft offerings. Brenton and I also talk about news and updates in the Microsoft Cloud and get you ready for what we are potentially expecting from the upcoming Microsoft Ignite conference. Listen along and get ready for the tsunami from Microsoft Ignite.

This episode was recorded using Microsoft Teams and produced with Camtasia 2019

Take a listen and let us know what you think –

You can listen directly to this episode at:

Subscribe via iTunes at:

The podcast is also available on Stitcher at:

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.


@12knocksinna = Tony Redmond



Tony’s blog

Office 365 for IT Pros eBook

Surface laptops are finally repairable

Microsoft’s cloud earnings

CIAOPS MS-101 online training course now available

New Microsoft partner CSP agreement

Microsoft acquires

How to check user sign in history

Tamper protection in Microsoft Defender ATP

End user self service for Power Platform

What is Microsoft 365 Business [VIDEO]

Call of Duty – Modern Warfare

Microsoft 365 Automation presentation

These are the slides from my recent presentation on the automation options available in Microsoft 365.

The most important take away I believe is that we live in a world dominated by software. This fact is highlighted that:

Software is eating the world

There are plenty of reasons not to focus on software as a success path but that major reason to is simply the opportunity it provides, especially if most others believe it is all too hard.

It is important remember that software is a skill not a talent. This means it is something that can learned and improved continually over time. There is no such thing as a born developer. Some may have a higher aptitude to software development than others but that doesn’t means it isn’t something you can develop and learn.

As you ponder the worth of automation, have a look at all the simple processes you repeat continually throughout your day. Why is that? Why are these not automated? We live in a world of abundant technology. Most people carry a computer with them that is more powerful that the one that landed on the moon, yet it seems we all have less time to do the things we really enjoy. Why is that? We have allowed technology to master us, rather than using software to make it do our bidding.

The place to start with Microsoft 365 automation is on the desktop. Applications like Word, Excel, and so on contain the ability to record processes via macros and replay these quickly and easily. In fact it will actually convert these actions into code that can be further modified. Every Office application has a huge set of tools to assist with automating processes.

Although tools like SharePoint Designer have now been depreciated they are still available to use. If you are doing work with SharePoint, especially migration, it is important that you have some idea about the workflows SharePoint Designer creates and how they can be maintained.

Third party services like IFTTT and Zapier provide the ability to connect to Microsoft 365 services. One place that I use IFTTT is to save a backup of each of my blog articles directly to a OneNote file I have saved in OneDrive. I use Zapier to automate my free SharePoint email course offering.

The important consideration here is that the automation does not have to be purely focused on a technical outcome. It can be used in many places inside a business, including marketing.

The Microsoft equivalent of tools like IFTTT is known as Microsoft Flow. It allows to connect to both Microsoft 365 and third party services and map a process around these. The great thing about Flow is that it can integrated to includes on premises resources as well as be extended. More power is also available with tools like Azure Logic App and Azure Functions, which can be easily integrated into Microsoft 365.

Introduction to Microsoft Flow

Automation is also available in Microsoft Teams by utilising either the built in bots or even going far as to build your own. You will also find that Teams has a Flow bot that you can incorporated. This shows you the power of the power of the Microsoft solution via the integration of tools throughout the stack. Delivering automation for a business through a services like Teams makes a lot of sense as many of your users are already here most of the time.

The automation tool that most IT Professionals should be focusing on without doubt is PowerShell. Unfortunately, this seems to be the one that garners the most resistance and there is no doubt that getting started with PowerShell can be challenging. However, there are options like Azure Cloud Shell that make this much easier and also allow you to access PowerShell through a browser or even a mobile app.

The way forward with PowerShell is to use it’s ability to integrate and take advantage of the Microsoft Graph. This avoids the need to load multiple cumbersome service modules. If you are looking to invest your time in PowerShell with Microsoft 365 then you should be investigating how to take advantage of the Microsoft Graph using it.

As a final point to consider, I’d recommend you take a look at the following video from Daniel Pink, especially at this point (from about 29 minutes in):

CIAOPS MS-101 Certification prep course now available

I am happy to announce that the CIAOPS MS-101 Certification prep course is now available for purchase. This builds on the existing successful CIAOPS MS-100 Certification course.

The good news is that if you are one of the first few to purchase the course you’ll receive a 50% discount off the purchase price as a “beta tester”. Please the code MS101BETA at check out or this link to receive the discount. Remember, there are only a limited number of discounted places available so hurry. No matter when you purchase the, you’ll continue to have access to all the current and any new material added.

I’ll continue to build on the content that is available in the course, however currently there is over 75 individual lessons, study guides, links to additional material and more. This material should give you the best chance of passing the MS-101 certification course. Of course, you could just take the course to improve your knowledge of Microsoft 365 if you wanted, but why not also go for the certification if you are going to invest the learning time?

As I said, I will continue to add more content to the course over time and I hope that the early adopters will provide feedback on what extra needs to be added to make the course even better.

remember, if you want the 50% discount, you’ll need to hurry!