Securing and Monitoring Microsoft Azure

Microsoft Sentinel

Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It aggregates and analyzes security data from across your environment to provide centralized threat detection, visibility, proactive hunting, and incident response capabilities.

• Microsoft Sentinel Overview
• Sentinel Pricing and Log Data Retention
• Activate Microsoft Sentinel
• Onboard Security Sources: Data Connectors and Content Hub
• Threat Intelligence
• Watchlists
• User and Entity Behavior Analytics (UEBA)
• LAB: Microsoft Sentinel

Kusto Query Language

The Kusto Query Language (KQL) is used to query and analyze log, telemetry, and security data collected by Azure services. It allows security professionals to explore large datasets, detect patterns, and investigate anomalies using a readable and efficient query syntax optimized for log analytics and threat detection.

• Kusto Query Language
• Writing Basic Log Queries
• Filter Data
• Aggregate Data
• Using Variables
• Joining Multiple Tables in a Single Query
• Functions and Computer Groups
• LAB: Kusto Query Language

Microsoft Sentinel Incident Investigation and Threat Hunting

Microsoft Sentinel collects security data from a wide range of sources, including Microsoft Defender services, Microsoft Entra ID, Azure logs, and third-party security solutions. By correlating and analyzing this data, Sentinel enables security administrators to investigate incidents, perform threat hunting, and reconstruct attack paths to understand the full scope of a security event and respond effectively.

• Sentinel Analytics and Investigation
• Security Orchestration Automation: Automation Rules and Playbooks
• Threat Hunting
• Workbooks and Notebooks
• LAB: Microsoft Sentinel Incident Investigation and Threat Hunting

Securing Access to Azure Resources

Controlling access to Azure resources is a fundamental aspect of securing cloud environments. Azure provides a comprehensive identity and access management model that allows administrators to assign permissions, manage privileged access, and securely handle credentials and secrets used by applications and services.

• Microsoft Entra ID and Azure Identity Model
• Role Based Access Control
• Privileged Identity Management (PIM) for Azure Roles
• Azure Key Vault
• Secrets, Keys and Certificates Lifecycle
• Managed Identities
• LAB: Securing Access to Azure Resources

Microsoft Defender for Cloud

Microsoft Defender for Cloud provides centralized security management and threat protection for Azure, hybrid, and multi-cloud environments. It helps organizations improve their security posture by enforcing policies, identifying misconfigurations, protecting workloads, and detecting and investigating security threats across their cloud resources.

• Microsoft Defender for Cloud Overview
• Defender for Cloud Plans and Pricing
• Security Policies and Initiatives
• Security Recommendations and Secure Score
• Regulatory Compliance
• Workload Protection Features: Just in Time VM Access, File Integrity Monitoring
• Security Alerts, Incidents and Investigation
• LAB: Microsoft Defender for Cloud