Cloud Security Overview
Security matters. Every company is faced with several kinds of attacks and must implement different tools to protect themselves.
- Threat Landscape
- Common Threats and Attack Types
- The Defender's Dilemma
- Zero Trust Model
- Identity and Access Management
- Threat Protection
- Security Management
- Information Protection
- LAB: Cloud Security Overview
Securing Your Cloud Identities
The first thing you should protect are your identities. Especially in a cloud infrastructure, this should be your number one priority.
Azure Active Directory provides a lot of security related features to control access to your environment.
- Multi-Factor Authentication
- Privileged Identity Management
- Identity Protection
- Conditional Access
- LAB: Securing Your Identities
Microsoft Defender for Identity
If your identities are hosted on-premises, Microsoft Defender for Identity can provide protection for Active Directory accounts.
- Microsoft Defender for Identity Features
- Configuring Defender for Identity
- Protecting Your Accounts
- Identify Threats: Reconnaissance and Lateral Movement
- Detect Pass-the-Hash and Pass-the-Ticket Attacks
- LAB: Microsoft Defender for Identity
Microsoft Defender for Office 365
Safeguard your organization against malicious threats from email messages, links and collaboration tools. Implement policies to detect malware, spam and phishing mails.
Define what action to take when malicious content is detected.
- Protect Against Malware, Spam, Phishing, Spoofing
- Email Authentication: SPF, DKIM and DMARC
- Attack Simulator
- Safe Attachments and Safe Links
- Threat Protection for Collaboration: SharePoint, OneDrive and Teams
- LAB: Microsoft Defender for Office 365
Microsoft Defender for Endpoint
Devices can get compromised because of missing updates or vulnerabilities in applications. Microsoft Defender for Endpoint provides you with an inventory and gives you
recommendations to make your environment more secure. This service also detects suspicious activities and alerts you about possible attacks.
- Protect Your Devices
- Onboarding Devices
- Threat and Vulnerability Management
- Endpoint Detection and Response
- Device Investigations
- Automated Investigation and Remediation
- LAB: Microsoft Defender for Endpoint
Microsoft Defender for Cloud Apps
In this cloud-based world, it can become difficult to find the right balance between flexibility for your users and protecting your critical data.
Microsoft Defender for Cloud Apps acts as a gatekeeper to broker access between your users and the cloud apps they use. At the same time, it can safeguard your sensitive information.
- Cloud Discovery
- App Connectors
- Control Access to Apps with Policies
- Conditional Access App Control
- Protect Sensitive Information
- LAB: Microsoft Defender for Cloud Apps
Detect and Stop attacks with Microsoft 365 Defender
So many different tools that collect so much data. You may be flooded with information. Microsoft 365 Defender brings it all together. It gives you better insights
in attacks by showing you the devices, identities and apps that were involved. You can hunt for threats and be proactive, making sure the attacker doesn't stand a chance.
- Protect Your Environment
- Onboard Security Services
- Attack Investigation
- Threat Hunting
- LAB: Microsoft 365 Defender
Information Governance and Protection
Microsoft 365 is designed to help meet your organization's needs for content security and data usage compliance with legal, regulatory, and technical standards.
You must be able to protect your sensitive data by implementing rules and conditions to control access and secure files and services. You should be able to define how long data is kept and when it must be deleted.
- Microsoft Purview Compliance Portal Overview
- Sensitive Information Types
- Trainable Classifiers
- Sensitivity Labels
- Data Loss Prevention
- Retention Labels and Policies
- Communication Compliance
- LAB: Information Governance and Protection
Information Insights and Discovery
Find out what is going on in your organization by checking Audit logs and running eDiscovery searches.
Compare your configuration with a predefined set of policies and get recommendations on how to improve your compliance score.
Manage insider risks and control data privacy.
- Auditing and Alert Policies
- Compliance Manager
- Data Classification
- Insider Risk Management
- Privacy Management
- LAB: Information Insights and Discovery
Collect, analyze, and act on telemetry data from your Azure and on-premises environments.
Azure Monitor helps you maximize performance and availability of your applications and proactively identify problems in seconds.
- Azure Monitoring Overview
- Azure Monitor
- Azure Advisor
- Activity Log
- Alerts and Metrics
- LAB: Azure Monitor
Azure Log Analytics
Azure Log Analytics collects logging and monitoring data across a wide variety of resources and platforms. Data is stored in a log analytics workspace where
it can be queried.
- Azure Monitor Logs
- Log Analytics Workspace
- Data Collection
- Log Data Structure
- Workspace Design
- LAB: Azure Log Analytics
Kusto Query Language
A Kusto query is a read-only request to process data and return results.
The request is stated in plain text, using a data-flow model designed to make the syntax easy to read, author, and automate.
The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.
- Kusto Query Language
- Writing Basic Log Queries
- Filter Data
- Aggregate Data
- Using Variables
- Joining Multiple Tables in a Single Query
- Functions and Computer Groups
- LAB: Kusto Query Language
Microsoft Defender for Cloud
Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads.
With Microsoft Defender for Cloud, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.
- Microsoft Defender for Cloud
- Defender for Cloud Tiers and Pricing
- Security Policies
- Security Recommendations and Secure Score
- Just in Time VM Access
- Adaptive Application Controls
- File Integrity Monitor
- Adaptive Network Hardening
- Security Alerts and Incidents
- LAB: Microsoft Defender for Cloud
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.
Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
- Microsoft Sentinel Overview and Pricing
- Activate Microsoft Sentinel
- Onboard Security Sources: Data Connectors and Content Hub
- Threat Intelligence
- User and Entity Behavior Analytics (UEBA)
- LAB: Microsoft Sentinel
Microsoft Sentinel Incident Investigation and Threat Hunting
Sentinel collects data from a wide variety of security tools: Microsoft Defender products, Azure AD, Azure logs and lot's of third-party firewall solutions.
By analyzing all this data and identifying possible security breaches and suspicious activities, Sentinel helps you to identify threats that need investigation.
Because Sentinel collects data from so many sources, it is a lot easier for a security admin to understand the full attack story and take appropriate action.
- Sentinel Analytics and Investigation
- Security Orchestration Automation: Automation Rules and Playbooks
- Threat Hunting
- Workbooks and Notebooks
- LAB: Microsoft Sentinel Incident Investigation and Threat Hunting