I swear to all that is unholy, I can SMELL so called network engineers who learned base concepts on RouterOS at this point.

@nuintari @mwl Hey, thanks for the info and pointers!

@nuintari @mwl For those learning, what does one google for this junos basic escape hatch system?

@cynicalsecurity I speak purely to it existing, not if it is good nor bad. But sans has a cloud forensics course https://www.sans.org/cyber-security-courses/enterprise-cloud-forensics-incident-response. But as with everything sans, it’s hideously expensive. The author’s blog and/or the sans white paper library may contain enough nuggets for you to make progress with what youre trying to accomplish. My personal experience trying to understand azure logs is ‘here there be dragons.’ and is over the top with dumb design decisions. Actually, the more common response is azure going, ‘logs? lol. lmao.’

Cisa also has some m365/azure related tooling that may or may not help, https://github.com/cisagov , untitledgoose and scuba something may help point you in the right direction as well.