Securing and Monitoring Microsoft Azure

Azure Monitor

Collect, analyze, and act on telemetry data from your Azure and on-premises environments. Azure Monitor helps you maximize performance and availability of your applications and proactively identify problems in seconds.

• Azure Monitoring Overview
• Azure Monitor
• Azure Advisor
• Activity Log
• Alerts and Metrics
• Workbooks
• LAB: Azure Monitor

Azure Log Analytics

Azure Log Analytics collects logging and monitoring data across a wide variety of resources and platforms. Data is stored in a log analytics workspace where it can be queried.

• Azure Monitor Logs
• Log Analytics Workspace
• Data Collection
• Log Data Structure
• Workspace Design
• LAB: Azure Log Analytics

Kusto Query Language

A Kusto query is a read-only request to process data and return results. The request is stated in plain text, using a data-flow model designed to make the syntax easy to read, author, and automate. The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.

• Kusto Query Language
• Writing Basic Log Queries
• Filter Data
• Aggregate Data
• Using Variables
• Joining Multiple Tables in a Single Query
• Functions and Computer Groups
• LAB: Kusto Query Language

Microsoft Defender for Cloud

Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads. With Microsoft Defender for Cloud, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

• Microsoft Defender for Cloud
• Defender for Cloud Tiers and Pricing
• Security Policies
• Security Recommendations and Secure Score
• Just in Time VM Access
• Adaptive Application Controls
• File Integrity Monitor
• Adaptive Network Hardening
• Security Alerts and Incidents
• LAB: Microsoft Defender for Cloud

Microsoft Sentinel

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

• Microsoft Sentinel Overview and Pricing
• Activate Microsoft Sentinel
• Onboard Security Sources: Data Connectors and Content Hub
• Threat Intelligence
• Watchlists
• User and Entity Behavior Analytics (UEBA)
• LAB: Microsoft Sentinel

Microsoft Sentinel Incident Investigation and Threat Hunting

Sentinel collects data from a wide variety of security tools: Microsoft Defender products, Microsoft Entra, Azure logs and lot's of third-party firewall solutions. By analyzing all this data and identifying possible security breaches and suspicious activities, Sentinel helps you to identify threats that need investigation. Because Sentinel collects data from so many sources, it is a lot easier for a security admin to understand the full attack story and take appropriate action.

• Sentinel Analytics and Investigation
• Security Orchestration Automation: Automation Rules and Playbooks
• Threat Hunting
• Workbooks and Notebooks
• LAB: Microsoft Sentinel Incident Investigation and Threat Hunting