SC-900 C.E.R.T David Branscome https://aka.ms/SC-900 https://aka.ms/YouTube/SC-900 Session objectives and takeaways At the end of this session, you should be better able to… Understand the exam objectives https://aka.ms/SC-900 Learn some tips and tricks to augment your learning Learn some real-world stuff too! Using this Deck to Study… https://aka.ms/SC-900Slides Some slides have multiple animations They may hide really important content! To use this deck to study with use in “Slide Show” mode F5* Then you will see all content AND links will work The “Click to Zoom” slide next allows you to jump to topics * SC-900 Preparation Menu https://aka.ms/SC-900 https://aka.ms/SC-900 Related Certification Microsoft Certified Fundamentals certification SC-900 Study Guide Charbel Nemnom, MVP Skills Measured Describe the concepts of Security, Compliance, and Identity Describe the capabilities of Microsoft Identity and Access Management Solutions Describe the capabilities of Microsoft Security Solutions Describe the capabilities of Microsoft Compliance Solutions https://aka.ms/SC-900StudyGuide * How to prepare for the exam… Know the exam objectives! Study the Microsoft documentation related to the exam objectives If you find a practice exam, take one...maybe soon! Get hands-on, if possible Learning Paths for SC-900 SC-900 Part 1: Describe the concepts of security, compliance, and identity SC-900 Part 2: Describe the capabilities of Microsoft identity and access management solutions SC-900 Part 3: Describe the capabilities of Microsoft security solutions SC-900 Part 4: Describe the capabilities of Microsoft compliance solutions https://aka.ms/SC-900StudyGuide * Describe security methodologies • • • describe the Zero-Trust methodology describe the shared responsibility model define defense in depth Describe security concepts describe common threats • • • • • • • • phishing/spear phishing dictionary attack/password spray ransomware DDoS rootkit/exploit kit coin miners trojans/worms describe encryption • • • symmetric asymmetric Describe Microsoft Security and compliance principles describe Microsoft's privacy principles • • • • • • • control security transparency legal protections no content-based targeting data collection should benefit you describe the offerings of the Service Trust Portal audit reports pen test and security assessments compliance manager Azure Blueprints regional solutions (Australia, Germany, UK, etc..) • compliance offerings • law enforcement requests • etc… • • • • • Define identity principles/concepts define identity as the primary security perimeter • define authentication • • “who are you?” define authorization • • “what are you allowed to do?” Define identity principles & concepts describe what identity providers are describe what Active Directory is • • • • Active Directory (on-premises directory • Azure AD Domain Services (managed • Azure Active Directory (managed, services) cloud service supporting LDAP and Kerberos/NTLM authentication) cloud-based identity provider) describe the concept of Federated services Define identity principles/concepts (cont’d) define common Identity Attacks • • • • password spray phishing spear phishing Describe the basic identity services and identity types of Azure AD • describe what Azure Active Directory is • describe Azure AD identities (users, devices, groups, service principals/applications) Describe the basic identity services and identity types of Azure AD describe what hybrid identity is • • • • password hash sync (PHS) pass-thru authentication (PTA) federation (ADFS) • describe the different external identity types (Guest Users) • B2B/B2C - a.k.a., “external identities” Describe the authentication capabilities of Azure AD • • • • • describe the different authentication methods describe self-service password reset describe password protection and management capabilities describe Multi-factor Authentication describe Windows Hello for Business Describe access management capabilities of Azure AD • • • describe what conditional access is describe uses and benefits of conditional access describe the benefits of Azure AD roles Describe the identity protection & governance capabilities of Azure AD describe what identity governance is • describe what entitlement management and access reviews are • Video: What is Azure Active Directory entitlement management? - YouTube Access Reviews - License scenarios As always, know who is allowed to do what with which permissions! Describe the identity protection and governance capabilities of Azure AD • describe the capabilities of PIM • What licensing do you need? • describe Azure AD Identity Protection • What scenarios are considered “risks”? Video: What is Azure Active Directory Privileged Identity Management? - YouTube Describe basic security capabilities in Azure • describe Azure Network Security groups • describe Azure DDoS protection • describe what Azure Firewall is Describe basic security capabilities in Azure • describe what Azure Bastion is • describe what Web Application Firewall is • describe ways Azure encrypts data Describe security management capabilities of Azure • describe the Azure Security center • describe Azure Secure score Describe security management capabilities of Azure describe the benefit and use cases of Azure Defender • • describe cloud security posture management (CSPM) • • • Windows and Linux machines supported Disrupt attacker ROI describe security baselines for Azure Describe security capabilities of Azure Sentinel • define the concepts of SIEM, SOAR, XDR • describe the role and value of Azure Sentinel to provide integrated threat protection Describe threat protection with Microsoft 365 Defender describe Microsoft 365 Defender services describe Microsoft Defender for Identity • • Defender for Identity components • describe Microsoft Defender for Office 365 • Microsoft Defender for Office 365 Plan 1 and Plan 2 • describe Microsoft Defender for Endpoint • Licensing requirements Hardware and software requirements • • describe Microsoft Cloud App Security • • Working with App risk scores Describe security management capabilities of Microsoft 365 describe the Microsoft 365 Security Center describe how to use Microsoft Secure Score • • • • • Microsoft Secure Score Permissions describe security reports and dashboards describe incidents and incident management capabilities Describe endpoint security with Microsoft Intune describe what Intune is describe endpoint security with Intune • • • Cloud only management describe endpoint security with the Microsoft Endpoint Manager admin center • • Cloud and on-premises management Video: What is Microsoft Endpoint Manager? Interactive Guide: Manage devices with Microsoft Endpoint Manager Describe the compliance management capabilities in Microsoft describe the compliance center • • Compliance tool “home page” describe compliance manager • • Measure and manage compliance in your organization describe use and benefits of compliance score • • Track current state of compliance Describe information protection and governance capabilities of Microsoft 365 describe data classification capabilities describe the value of content and activity explorer describe sensitivity labels • • • • Protect the confidential data describe retention polices and retention labels • • Make sure the data doesn’t get deleted describe Records Management • • Are you following the rules for data retention? describe Data Loss Prevention • • Don’t let the data leave the organization Describe insider risk capabilities in Microsoft 365 describe insider risk management solution • • Identify users who may be engaged in behaviors that violate policy or data privacy standards describe communication compliance • • Enable the audit log! describe information barriers • • Requires “scoped directory search” describe privileged access management • • Users request access to a privileged role describe customer lockbox • • Requires Microsoft to explicitly request access to data when troubleshooting an issue Describe the eDiscovery capabilities of Microsoft 365 • • • • describe the purpose of eDiscovery describe the capabilities of the content search tool describe the core eDiscovery workflow describe the advanced eDisovery workflow (Image) Advanced eDiscovery architecture models Describe the audit capabilities of Microsoft 365 describe the core audit capabilities of M365 • • Default 90-day retention of audited data describe purpose and value of Advanced Auditing • • • Default 1 year retention of audited data; can extend to 10 years with additional license High bandwidth access to O365 Activity API for queries Describe resource governance capabilities in Azure describe the use of Azure Resource locks • • Protects against accidental deletion of resources describe what Azure Blueprints is • • Ensures that “what should be deployed = what actually gets deployed” define Azure Policy and describe its use cases • • Enforce standards and assess compliance at scale describe cloud adoption framework • • Know the purpose of CAF – not necessarily the details! https://aka.ms/SC-900Deck