Collect, analyze, and act on telemetry data from your Azure and on-premises environments.
Azure Monitor helps you maximize performance and availability of your applications and proactively identify problems in seconds.
- Azure Monitoring Overview
- Azure Monitor
- Azure Advisor
- Activity Log
- Alerts and Metrics
- LAB: Azure Monitor
Azure Log Analytics
Azure Log Analytics collects logging and monitoring data across a wide variety of resources and platforms. Data is stored in a log analytics workspace where
it can be queried.
- Azure Monitor Logs
- Log Analytics Workspace
- Data Collection
- Log Data Structure
- Workspace Design
- LAB: Azure Log Analytics
Kusto Query Language
A Kusto query is a read-only request to process data and return results.
The request is stated in plain text, using a data-flow model designed to make the syntax easy to read, author, and automate.
The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.
- Kusto Query Language
- Writing Basic Log Queries
- Filter Data
- Aggregate Data
- Using Variables
- Joining Multiple Tables in a Single Query
- Functions and Computer Groups
- LAB: Kusto Query Language
Microsoft Defender for Cloud
Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads.
With Microsoft Defender for Cloud, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.
- Microsoft Defender for Cloud
- Defender for Cloud Tiers and Pricing
- Security Policies
- Security Recommendations and Secure Score
- Just in Time VM Access
- Adaptive Application Controls
- File Integrity Monitor
- Adaptive Network Hardening
- Security Alerts and Incidents
- LAB: Microsoft Defender for Cloud
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.
Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
- Microsoft Sentinel Overview and Pricing
- Activate Microsoft Sentinel
- Onboard Security Sources: Data Connectors and Content Hub
- Threat Intelligence
- User and Entity Behavior Analytics (UEBA)
- LAB: Microsoft Sentinel
Microsoft Sentinel Incident Investigation and Threat Hunting
Sentinel collects data from a wide variety of security tools: Microsoft Defender products, Microsoft Entra, Azure logs and lot's of third-party firewall solutions.
By analyzing all this data and identifying possible security breaches and suspicious activities, Sentinel helps you to identify threats that need investigation.
Because Sentinel collects data from so many sources, it is a lot easier for a security admin to understand the full attack story and take appropriate action.
- Sentinel Analytics and Investigation
- Security Orchestration Automation: Automation Rules and Playbooks
- Threat Hunting
- Workbooks and Notebooks
- LAB: Microsoft Sentinel Incident Investigation and Threat Hunting
It departments have to manage lots of different services and applications, hosted on-premises or in a cloud infrastructure. Following up on what is going on in your
organization can become quite cumbersome. Azure provides various tools that can help you to accomplish this task.
In this course you will learn the ins and outs of the monitoring and security features that are available in the Azure Cloud platform.
If you are interested in Microsoft 365 security as well, we recommend you to follow our 5-day course Mastering Microsoft Cloud Cybersecurity.
This course is intended for IT professional specialists responsible for analyzing and securing the cloud IT environment.