SC-900T00 - Security, Compliance and Identity Fundamentals

Microsoft Se<utlty
SC-900TOO-A: Secu rity,
Com plian ce and Iden tity
Fund amen talsCourse Intro ducti on
Welcome
Thank you for' joining us t·o day.
We've worked together with the Microsoft
Partner Network and Microsoft IT Academies to
bring you a world·class learning experience.
At the end of class, please complete an
evaluation of today's experience. We value your
feedback!
Microsoft Certified Trainers + Instructors. Your
instructor is a premier technical and
instructional expert who meets ongoing
certification requirements.
Certification Exam Benefits. After training,
consider pursuing a Microsoft Certification to
help distinguish your technical expertise and
experience. Ask your instructor about available
exam promotions and discounts.
Customer Satisfaction Guarantee. Our partners
offer a satisfaction guarantee. and we hold
them accountable for it.
We wish you a great learning experience and
ongoing career success!
•
Microsoft
Hello! Instructor Introduction
· Instructor: Fred Brandon
· Technical Consultant, MIE, MCP. ITIL, Security+
· Fred Brandon FLAMES Foundation
· 20+ years of IT experience
· Bestselling Author, Adopting Blockchain & Cryptocurrency
· Certified Financial Education Instructor
· Web3 Evangelist and Educator
• Advocate for STEAM programs for youth
• • Microsoft
About this course
This course provides foundational level knowledge on security, compliance, and identity (SCI) concepts,
and related cloud·based Microsoft solutions and technologies.
The audience for this course wants to understand how Microsoft SCI solutions can span across solution
areas to provide a holistic and endato~end solution.
Learners should have the following prerequisite general knowledge:
General understanding of networking aod doud computing concepts.
General IT knowledge or any general experience working in an rr environment.
General understanding or Miaosoh Azure and Microsoft 365.
•
The content for this course aligns to the SC-900 exam objective domain.
-
Microsoft
Course Agenda
Module 01- Describe the concepts of Security, Compliance, and Identity.
•
Module 02- Describe the capabilities of Microsoft Identity and Access Management Solutions.
•
Module 03 - Describe the capabilities of Microsoft Securi ty Solutions.
Module 04 - Describe the capabilities of Microsoft Compliance Solutions.
. . Microsoft
Certification areas (SC-900)
Study areas
Describe the Concepts of Security, Compliance. and Identity.
Weights
5· 10%
Describe the capabilities of Microsoft Identity and Access Management 25·30%
Solutions.
30·35%
Describe the capabilities of Microsoft Security Solutions.
Describe the Capabilities of Microsoft Compliance Solutions.
25·30%
This course maps directly to the exam SC · 900 Microsoft Security. Compliance, and Identity
Fundamentals.
•
Percentages indicate the relative weight of each area on the exam.
•
The higher t he percentage. the more questions you are likely to see in that area.
• • Microsoft
Microsoft Se<utlty
SC-900TOO-A Modu le 1:
Describe the Conc epts of
Secu rity, Com plian ce, and
Iden tity
Describe security and compliance concep ts and method ologies
....·····
- '.
... ~
! ~/ :
•......,..·•
Describe identity concept s
Lesson 1: Describe security and compliance
concepts and methodolog ies
-•
Lesson 1 Introduction
After completing this lesson, you'll be able to:
Describe the Zero Trust and shared responsibility models.
Describe common security threats and ways to protect through the defense in-depth security model.
Describe the concepts of encryption and hashing.
Describe the cloud adoption framework.
Zero-t rust metho dology
Zero Trust Methodology
Zero Trust guiding prin<iples
"TM1 no ont. 'lt'tefy ~ng·
Verify explicitly
•
Lt&st privileged access
• Assume bteach
Six foundational pillars
ldflttities may be usetS. s.emas, or devices..
O.Vkes aeate a large attadt surfOKe as data flows..
Appfkatlon s are the way that data is consumed
01tt should be dassUitd, labeled, and encrypted l»stod on
Its attnbutes.
lnff'utrvctu re whft.hef on·Pfenlrses or dood blstd.
rtpftifnts a d'W't1t YKCOf
Nt'-<b shoold be - l e d .
c C..,......._,..,.(.o., .......... - -
Defense in depth
OefenM in d.-p1h uses 1 la)'ffttd ~pp«Nch to MCUrhy:
Physical Security
P'hysk.tl secur.ry such as limiling accas to • ct.tKe-nter to Ot'ly authori:r.ed
Pf"C"nol
Identity & Access
Identity •nd •«eu security conuolllng teem to lnfraS1ructure 1nd cha:nge
control
~rimtt.er security Including diS1ributl!'d don£111 of s~r-vice (OOoS) protection
liltC!r l:uge·scale attiKks befo~ they can c&ust a den~l of service for users.
Perimeter
to
Network security an limit convnunlc.ation bc!twetn rts.our~ using
segmentldon tnc1 access controls.
Tht compute J,yer Qn s.ecure ICCtsS to Wtu.al mac:Nnts tlthef on-pttme:s.es 0t
'"the c~ byctos.ng c..uin potts..
--
...,..lc>tlon ~~yo< -...y..,..... ohot
>Pt>b"""'.,......,. ond ' - ol
O.ta 11ytr socumyconttols access to business and C\IA.om« ~~ .nd
encryption to prolect data.
Network
Compute
Application
Data
Confidentiality, Integrity, Availability (CIA)
CIA .. A way to think about security trade·offs.
Confidentiality refers to the need to keep confidential
sensitive data such a.s customer information, passwords, or
financial data.
Integrity refers to keeping data or messages correct.
Availability refers to making data available to those who
need it.
Avuilability
The shared responsibility model
The responsibilities vary based
Sh111ed re:sport~ iblllty model
on where the workload is hosted:
Software as a Service (Sa aS)
Rnpon.sibility
lnfOI"!MMIon aNI
Platform as a Service (PaaS)
Infrastructure as a Service
(laaS)
On-premises datacenter (Onprem)
d"•
Dtwlc.. iMOWt 1nd IICJJ
-_.,.
-.
A((OUf'h
MCiikterll!llft
ldl!f!l!ly ~ doAalll')' lnltKm.C~-
...
N ttwoR <O<IIIok
..............
~M'I-k
ll!wc-.1 ~~-"~
._
Common threats
/.·a
. ···. .\..
(~··..)
...'• \..!./ .·...
...." ....·
.'
\ ..............·/
Dat;J br•ach
• Dictionary attadc
lndude:
1
Tt<h support scams
SOl injection
M~1warC! dtslgned
to stt~l
passwcwds or bank details.
It is a type of identity attack.
A h.aUer nnempts to stNit~n
identity by trying a large number
of known passwords.
' Olctionory .ltUIC:ks tu·e olso
lr;nown ns brute force attM.ks.
t'i..... .....'·\
\
"
/·~
·:·····..\
.!
.:
··.........··./
\,
/
DiJruptiv. •tt<Kia:
It is a type of malware that
encrypts files and folders.
It attempts to extort money from
victims.
A Distributed Denial of Sef'llic:e
(DDoS) au.-.c:k auemplS to
exh3ust i'ln applielltton's
resource-s.
DOoS atta<k.s can be targeted at
arry endpoint.
Phishlng
Other common threats include coin miners, rootkits, trojans, worms, and exploits and exploit kits.
Encryption
unusable to unauthorized vi~
Enayptoon ol datil ot rest
• Encryption ol datil on traron
Two top-level types of encryption:
Symtntlric- U5CS same key to encrypt and decrypt data
• Asymm<itric • uses o public key and private key pair
... ...
... ...
Symmetric Encryption
Encrypllon is the process of malcing dala un,.,adable and
........,
._..,.
n ··:- - - •i.......~,··.:
, ..t---wv--+ i·............
..t.........-....
....... ~....i
.......~..../
.......:..../
Asymmetric Encryption
········-..
.-,
\ .
:
""""...,
········ .
..··n
· ~.-. ;
.: -,.,.~ \
I .....__...
.
,..,_""
! _ _ __
;
' - .•••.••
, ·,.
,·.-·......
\
'-._
.
Hashing
Hashing uses an algorithm to convert the original
text to a unique fixed-length hash value. Hash
functions are:
Detenninistic. the same Input produces the same outpUL
A unique identifier of its associated data
Different to encryption in that the hashed value isn't
S\lbs<q~Jeotly decrypted bad< to the o<iginal.
Used to store passwol'ds. T~ password is ·salted~ to
mitigate risk of bMe-force d'JCtion.aryatta<k.
.......
(~rigln:;;··., ....
\ .•.~.~:.../
.... ··.•..........•·
/·;~:~;~·\
:
010101
:
... 101010 .:
Microsoft Cloud Adoption Framework
Microsoft Cloud Adopllon Framework
Consists of documentation,
implementation guidance, & be-st
practices that support increased
security and compliance
•••
0
....-....•••
···---~
v
....,
Help bvsinesses implement strategies
necessary to succeed in the doud.
......
Q
Mlgnte
lifecyde
Q
Dc!fineo str.uegy
Plan
In-~•
..Oldy
Adop1 (Migrate / Innovate)
Govtrn
Manage
rl~
Lesson 2 Introduction
After completing this module, you'll be able to:
• Describe the concept of identity as a security perimeter
• Understand the difference between authentication and authorization
• Describe identity-related services
Common identity attacks
•
Password-based attacks
...
•
Phishing
.L
._
•
Spear phishing
Types of security threats:
....
A.UMJ"
S..mow2016
.L
Jllt)'201&
hU....Itdl
.L
....
.L
-
.L
~ll)
("""*"'1'
•••
Identity as the primary security perimeter
Identity has become the new security f)(!rimet~ that enables otgl'lniultions to se<:uro thl'lr assets.
An identity is how someone or something can be verified
and authenticat ed and may be associated with:
-,_I-
User
Appllcation
Device
Other
Four pillars of identity:
Administration
Authentication
Authorization
Auditing
n -/
rJ
~--
-
~ ---.1.
-
Modern authentication and the role of the identity provider
Modern authentication is an umbrella term for authentication and authorization methods berween a
dient and a server.
......
(! .J
At the center of modern authentication is the role of the i dentity provider (ldP) .
~
'•
.·8
·····••
.......}
ldP offers authentication. authorization, and auditing services.
(@J
......·
ldP enabfes organizations to establish authentication and authorization policifi:, monitor user behavior; and more•
(~fi
·.....•.·
A fundamental capability of an ldP and "modern
tQ;.
··.......\..
Microsoft Azure Active Directory is an example of a cloud-based identity provider.
authenti<:<~tion~ is the support for single sign-on (SSO).
The concept of Federated Services
Simplification method of federat ion scenario:
The website uses the authentication services of ldP·A
A simplified way to think about federation
-·
~-
... ----- - --
The user authenticates with ldP-B
-·
-- ~t-OIWf'<liuo)
ldP·A has a trust relar•onship configured with ldP·B
When the user's credenti als are passed to the website,
the website trusts the user and allows access
•-
;,u;,t t
IIIIi
The concept of directory services and Active Directory
..·a
······..~
:
~
~
··...........
A directory is a hierarchical structure that stores information about objects on the network.
A directory service stores directory data and makes it available to network users, administrators,
services, and applications.
(jj\
•·.. ......··
The best·known service of this kind is Active Directory Domain Services (AD OS), a central component
in organizations with on-premises IT infrastructure.
tQ;:\
Azure Active Oire<:tory is the evolution of identity and access management solutions, providing
organizations an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises.
,
\ ........ .
Module Summary
In this module, you have:
l earned about some important security concepts and methodologies.
-
learned about the Zero Trust methodology, the guiding prindples and the six foundational elemMts used in the
Zero Trust model
-
looked at the shared responsibility model.
-
teamed about defense in depth and the tradeoffs as.sodated with CIA triad.
-
learned about common cybersecufity threats ii\Ciuding threats to business and pei'Sonal data.
l earned about some important identity concepts.
-
learned about the concept of identhy as a security perimeter & the four piltars of identity
leamed about identity· related services. including the role of identity provider, federation. Md dlre<tory services
Mkroso ft Security
SC-900TOO-A Module 2:
Describe the Capabilities of
Microsoft Identity and Access
Man agem ent Solutions
tw
.. . i. .\.
·.•.....··
,...8--···-,
'··.......·:'
~
Explore the services and identity types of Azure Active Directory
Explore the authentication capabilities of Azure Active Directory
Explore the access management capabilities of Azure Active Directory
...·-.....
:
•.' ~ :'
;
•········•
Describe identity protection governance capabilities of Azure Active
Directory
Lesson 1: Explore the services and identity
types in Azure Active Directory
Lesson 11ntroduction
After completing this module, you'll be able to:
• Describe what is Azure AD
• Describe the identity types that Azure AD supports
Azure Active Directory
Azure AD is Microsoft's cloud-based identity and access
mMagement setvice. Capabilities of Azure AD lnclud.:r.
Organiutions can e~bl e their employees, guests, and
others to sign in and access the resources they ne-ed.
Provide a single identity system for their cloud and on·
premises appllcatlons.
Protecl user identities and credentials and to meet an
organization's access governance requirements.
Each Microsoft 365. Office 365, Ature, and Dynamics 365
Online subsaiption automatically use an Azure AD tenant
aA a
-~
.\
.
-- ---I
.._ .._
I
~
0
)
[ ll
-- --'-··
Azure AD identity types
Azure AD manages different types of identities: users. service principals, managed identities, and devices.
/: ·······
®- \
'!/JJ :
··..•.....··
User - Generally speaking, a user is a representation of an individual's identity that's managed by Azure AD.
Employees and guests are represented as users in Azure AD.
Device ·A piece of h<udware. such as mobile devices. laptops,. servers. or printer. Device identities can be set up in
different ways in Azure AD, to determine properties wch as who owns the device.
rw.,
.........
- ~•'·
( o····\
\
- ..:
·.......
Service prindpal · You can think of it as an identity for an application. A service principal is created in every tenant
the application is used & defines who can access the app, what resources the app can access, and more.
Managed identity- A type of service principal, a managed identity provides an identity for applications to use
when connectjng to resources that support Alure AO authentication.
Microsoft Se<:urity
Demo
Azure Active Direc tory user
settings
External identities in Azure AD
Two different Azure AD Extemalldentities:
828 collaborati on
828 collaboration allows you to share your apps and
resources with external users
B2C access management
B2C is an identity management solution lor consumer
and customer lacing apps
..............__
·-
•
D
The concept of hybrid identities
Hybrid identities
Hybrid identity model
I]
• With the hybrid model, users accessing both
on- premises and cloud apps are hybrid users
managed in the on-premises Active Directory.
• When you make an update in your onpremises AD OS, all updates to user accounts,
groups, and contacts are synchronized to your
Azure AD with Azure AD Connect
--.. _.....
--
aR a
....
__,
Lesson 2: Explore the authentication
capabilities of Azure Active Directory
Lesson 2 Introduction
After completing this module, you'll be able to:
• Describe the secure authentication methods of Azure AD
• Describe the password protection and management capabilities of Azure AD
Authentication methods of Azure AD
Multifac1or authentication {MFA) & Security
Defaults
MFA requires more than one fotm of verification.:
Something you know
Something you ha~
~thing you llfe
Scct.Jrity defaults:
A set of basic Identity securf1)' me<.hani:sms
r«.omm~nded by Mkr0$0ft.
Agreat option for org4nia:ations that w;)nt to incr~Nse
tlwlf security pMtu~ but don't know wbeft to start. or
f01 organizations using the free tier of Azure AD
licensing.
,._
--
A-·--..v--
El••
- - -.. - -
o ...~-
Multi-factor authentication (MFA) in Azure AD
Different authentication methods that can be used with MFA
Passwords
Good: P•uword
and_
Password & additional verification
Phone {voice or SMS)
11ld6
Microsoft Authenticator
Open Authentication (OATH) with
software or hardware tokens
Passwordless
Biometrics (Windows Hello)
M icrosoft Authenticator
FID02
........
h.»word I
kttet': P•uword
hit: P»swordleu
llld...
~
"''
-
~
-..,_- [!)
...............
......
,......""'
<4!!!!!1
.........
l!MMOTP
....-
"""""'
[!)
..........
...............
•
fiDOl wocutlty Wy
Windows Hello for Business
Windows Hello lets users authenticate to:
A Microsoft account
An Active Directory account
An Azure Active Directory (Azure AD) account
Identity Provider Services or Relying Party Services that support Fast ID Online v2.0 authentication
Why is Windows Hello safer than a password?
Be<ause it's tied to the specific device on which it was set up. Without the hardware, the PIN is useless
Self-service password reset (SSPR) in Azure AD
Benefits of Self-service password reset
It inc:reas.s security.
•
II saves tho O<gonoul- money by reducing the number of calls •nd roq_,. 10 help desl< .,.ft
·
h incren~s PfOductrv•ty. allowmg the user to return to worlc qstet.
Self-service password reset works in the following scenarios:
PasswOfd change
•
·
Passwotd reset
Account unlock
Authentication method of SSPR:
Mobile app notification
Mobile app code
Email
Mkroso ft Security
Demo
Azure Active Direc tory
self-service password reset (SSPR)
Password protection & management capabilities in Azure AD
. .a.· ··.
. .:
·...........
Global banned password list
(CD)
.......
Custom banned password lists
()~(
.........•'
Protecting against password spray
;
~.
Hybrid security
Lesson 3: Explore the access managemen t
capabilities of Azure Active Directory
Lesson 3 Introduction
After completing this module, you'll be able to:
• Describe Condit ional Access and its benefits
• Describe Azure AD roles
Conditional access
Conditional Acce.ss signals:
User or group membership
Named location information
Device
Applic,tion
Re~Hime sign•in ris:k detection
Cloud apps or ;,ctions
User risk
Access controls:
Block access
Grant CKcess
Require one or mOte conditions to be
me1 btfore grJmlng llCcess
Control us~' ae<l"SS based on session
controls to enable limited eltperien<es
within specific doud appr~tations
--- @ © - -l
ffi --....
-®
......
Verify._.,.~
- 0
®
/
'@ -:.- - 0
_.......
=
Mkroso ft Security
Demo
Azure Active Direc tory
Cond itiona l Access
Azure AD role-based access control (RBAC)
Azure AD roles control permissions to manage Azure AD resources.
(;?.
Built-in roles
(Q)':
;
··........·
Custom roles
)
1
..·@
·······.
!
f... ~ ..·j
Azure AD role-based access control
·······
/;;;\'··.•• Only grant the access users need
· ~ =
\ .......... .
Lesson 4: Describe the identity protection
and governance capabilities of Azure Active
Directory
0
Lesson 4 Introduction
After completing this module, you' ll be able to:
• Describe the identity governance capabilities of Azure AD.
• Describe the benefits of Privileged Identity Management (PIM).
• Describe the capabilities of Azure AD Identity Protection.
Identity governance in Azure AD
The tasks of Azure AD identity governance
Govern the identity lifecycle.
Govern access Ufecycle.
Secure privil eg~ access for administration.
Identity lifecycle
Join; A new digital iden,ity is created.
Move; Update access authorizations.
Leave: AccMs may need to be removed.
Entitlement management and access reviews
Entitlement management
It is an identity gcwemance feature that en.ables organizations to
manage identity and access 11fecyde at scale.
It automates access request workflows, access assignments.
reviews. and ex:plra!ion.
Access reviews
Enable organitations to effidently manage group memberships,
acctss 10 entf(pri~ appliclltlons. and role assignmel"'1.
Ensur~ that only dtoe rj,ght
people havt <K<tSS to r~urt-H
Used to ri!View and man<lg(' access for both US(>fS and guests
Terms of use
Allow information to be presented to users. before they oJC:cess
data or an applicatK!n.
Ensure users read relevant disclaimers fOf Segal or compliance
requifemenlS.
Comoso
__
·-- ___ ____ _
·------ ----·
---------·-- __ ____
·Please reovlew users' ~ttteu to the Rn.wM:e Web
tpp In Frid:e!kof1N£T
___ ______ -
..'"''"'_·_...__.....,__,..
_..._.. ... .....
_
.... _ 1 " ' . . . -
....
... ......- --~
.
...
....,._..
...
---·~----
_,
Privileged Identity Management (PIM)
PIM enables you to manage, control, and monitor access to important resources in your organization.
{~)':
··.......··
Just in time, providing
·····1••.:
i.·llll!l
·....... ..
Time-bound, by Dssigning s'tart and end dates that Indicate when a user can acce-ss resources.
t0
·f
'•....•·.
Approval-based, requiring specific approval to acttvate privileges.
..-;;;;;;:.
privileg~ access only when needed, and not before.
~.'\!?.v}
Visible. sending notifications when privileged rotes are activated.
tfrj':
•..........
Auditable. allowing a full access history to be downloaded.
·······
Azure Identity Protection
Enables organizations to accomplish three key tasks:
Automate the dete<don ind remfdiition of tdtruity·based risks.
Jnvestigite rrslts using daca in the portal.
Expo« ns~ deloctoen dolo 10 thord·par1y ut~•tios IO< lunhe< onolysos.
It can categorize and calcutlte rislc
C..tegorize risk into thoee """' low. mecfourn ond Ngh.
• C<llrulate the "!)1>-in riSk. and user odenlity riSio.
II provides organizations with three reports:
Risky users
Risky sign·ins
Risk detections
Module Summary
In this module, you have:
• Learned about Azure AD and services and identity types Azu re AD supports
• Explore the authentication capabilities of Azure AD, including MFA
• Explore the access management capabilities of Azure AD with Conditional
Access and Azure AD RBAC
• Describe identity protection and governance capabilities of Azure AD, including
PIM, entitlement management, and access reviews.
• Learned about the capabilities of Azure AD Identity Protection.
Mkroso ft Security
SC-900TOO -A Mod ule 3:
Describe the Capa bilitie s of
M icros oft Secu rity Solu tions
Describe basic security capabilities in Azure
(q})
........'
Describe se<:urity management capabilities of Azure
~
/·8·····\
·.... " ......:
Describe security capabilities of Azure Sentinel
,.......
'[. !§)
Bl .....;
··.•.....·
Describe threat protection with Microsoft 365 Defender
····\
...-~-:•
··...........
Describe security management capabilities of Microsoft 365
•·.
.....
((d)
'•......·
Describe endpoint security with Microsoft lmune
Lesson 1: Describe basic security capabilities
in Azure
Lesson 1 Introduction
After complet ing this module, you should be able to:
. ··········....
[ .··o
1
.\
'
.·..............
Describe
Azure security
capabilities
for protecting
your network
....o
···········...
i'
~
.\
'
·..........•'/
Describe
how Azure can
protect your VMs
,....o
···········\
:
\ '•
/
..
i
·····.·····
Describe
how encryption
on Azure can
protect your data
Azure Network Security groups
Network security groups (NSG) let you allow or deny network
traffic to and from Azure resources that exist in your Azure
Virtual Netwo rk.
An NSG can be associated with multiple subnets or networ1c interfaces
in a VNet.
An NSG is made up of inbound and outbound security rules.
Each rule specifies one or more of the following properties:
- Name
- Ptiotity
- Source or destination
- Protocol
- Port range
- Oire<tion
-Action
A:;ttme'l
I
HTTPIS
....
T·~·
ll!il
""'
Subneot 1
"'"
"'"""'
Microsoft Se<:urity
Demo
Azure Netw ork Security Groups
Azure DDoS protection
A Distributed Denial ol Service
(DDoS) attack makes resources
unresponsive.
Azure DOoS Protection analyzes
network traffic and diS<:ards
anything that looks like a DOoS
anack.
AzurG DDoS Protection tiers:
Basic
• Standard
·-·,...------····-··---··--·
..,.(> ~ ~ ·~
-
-CC.......,.~(.I:aa
:11 ...... _.....
Azure Firewall
Azure Firewall protects your Azure Virtual Network
(VNet) resources from attackers. Features include:
Built-in high availability & Availability Zones
Outbound SNAT & inbo und DNAT
Threat intelligence
Network & application-level filtering
Multiple public IP addresses
Integratio n with Azure M onitor
-·•
•-·
••
-·-
.....
H'--• -
l"lr-•11
I
.._
r~l
@
--
Azure Bastion
Azure Bastion provides secure
connectivity to your VMs directly from
the Azure portal using Transport layer
Security (TLS). Fearures include:
ROP and SSH directly in Azure
portal.
Remot~ session over ns and
firewall traversal for ROP/SSH.
No Public IP required on the Azure
VM.
No has'Sie of managing NSGs.
Protection against port s.<anning.
Protect against zero-day exploits.
.........
Web Application Firewall
Web Application Firewall (WAF) provides centralized
protection of your web applications from common exploits
and vulnerabilities.
,.•
.j.
! J 1"
•
-
Simplet security management
Improves the response time to a se<urity threat
!=---
Patching a known vulnerability in one place
Protection against threats arwJ intrusions.
•
•
lii!J
@
I
c-.
.._._.......
---·
I
" --
..
•........
•
......_
~
1;1.
-~
---
I.
Ways Azure encrypts data & use of Key Vault
Encryption on Azure
What is Azure Key Vault?
'
Azure Storag~ Service Encryption
8~-
-~
SecretS management
Azure Disk Encryption
@
Key managemen1
Transparent data encryption (TOE)
@
Certificate management
@
Stote secrets backed by HW or SW
r
. i.
Lesson 2: Describe security managemen t
capabilities of Azure
Lesson 2 Introduction
After completing this mod ule, you'll be able to:
.··o
··········......:
~..
.
..i
:"
i
......o
···········...~
i
:
·..........
\.............../
Describe
the security
management
capabilities of
Azure.
Describe
the benefits and
use cases of Azure
Defender.
,....o
···········\
:
\
/
i
··...........··
Understand Cloud
Security Posture
Management and
the security
baseline.
Azure Security Center
Azure Security Center - A unified infrastructure security management system that strengthens the security
posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud
- whether they're in Azure or not - as well as on premises. Azure Security Center's features cover two broad
pillars of cloud security:
.·.........•,
\·.........•·f Cloud security posture management(CSPM):
c··,···--;
Cloud workload protection (CWP):
•......•
~·
CSPM uses a combination of tools & se.vices to
strengthen your hybrid doud posture and track
compliance with the built-in policies.
Features include secure score, detection of security
Security Cente(s integrated cloud wor1<1oad
protection platform (CWPP), Azure Defender, brings
advanced, intelligent protection of your Azure, nonAzure, and hybrid resources and workloads.
misconfigurations in your Azure machines, asset
inventory, and more.
DEfender plans include Azure DEfender for servers,
App Service, SQL. Key Vaul~ and more. ..
Azure Secure Score
_,_
The secure score is shown in the Azure portal pages as a percentage value. To
improve your secure score, remediate security recommendations from your
recommendations list.
. .....
~ "\
v: AP9lf l}'«tlfl upcWn.
~ -;eotC IM.IswtS ~~ttsofWdot!10W fNd'liriH
._..o-g ~ ~ bt -uUIIt<l OtiWWI ~ l«ft kl~
lot SOrt~
l'l:ll.nwf-o.M
45&
("'""' M1"-KOICO •
O ss% ,.
j.OII
~ .t c:C M 'li1u;M _,.,..,.
"- ~ d
~ l dH\'Ml6UMR
vc..t ~1111o\Ad bot I•W.rttdto •I!Pf l'fi! tm upcsii H
~ l of Jf \o'Ms •
$rsltfn \111411t' Oft WIIWIIUC"- $Oht \t'IS \Mo.4d bt IMialtll
'
pptw
OS "n;on shoukl be wpdi!N IOf your doucl , _ . 'ol<ts 0
!Cubtrnttn~ ~ bt ~fd 101 ~_.,
KlbtnwtnWOIOft-
'•"""'
t of S w!WI ftiA(hllf ~ MU
~;a <!)
-
s wn;;,t-wnt ~ wu.
S,Sttm updJI.t1 ~ bt lrm<llotd CfiJOIIIINCflio>n
lrlsUI"""""omrl ~ Cfl ~ wt.iii!NctwiH 0
..-·
~·
N(lnt
<·:· NOnf
'
'
Microsoft Se<:urity
Demo
Azure Security Center
Security baselines & the Azure Security Benchmark
Security baselines for Azure offer a consistent experience when securing your environment They apply prescriptive best
practices and recommendations from the Azure Security Benchmark (ASB) to improve the security of workloads, data,
and services on Azure. The ASS comprises the security recommendations specific to !he Azure platform. Example
security baselines include:
Q
Azure security baseline for Azure Active Directory: Applies guidance from the ASB to Azure AD
@ Azure security baseline for Aiure Firewall: Applies guidance from the ASB to Azure Firewall.
0
Azure security baseline for Security Center: Applies guidance from the ASB to Azure Security Center.
Lesson 3: Describe security capabilities of
Azure Sentinel
Lesson 3 Introduction
After completing this module, you'll be able to:
.··o
··········......:
~..
.
..i
:"
i
......o
···········...~
i
:
·..........
\.............../
Describe
the security
concepts for
StEM, SOAR, and
Describe
how Azure
Sentinel provides
integrated threat
protection.
XDR.
,....o
···········\
:
\
/
i
··...........··
Describe
the capabilities of
Azure Sentinel.
SIEM, SOAR, and XDR
What is security incident and
event management?
A SIEM system is a tool tllat an
organization uses to coUect data from
What is security orchestration
automated response?
A SOAR system talces alerts from many
sourtes. soch as a SIEM system. The
What i.s extended detection
and response?
An XDR system is designed to deliver
across th~ ~ t:!SW.te., inducting
SOAR system lhM trj,ggers actiondrive-n automated worldlows and
processes to run security tasks that
mitigate the issue.
security across an orgMization's
infrastructure. software. and resources.
It does analysis. looks for correlations
or anomalies, and geoetate$ alerts and
incidents.
intelligent. automated. and integrated
domain. It helps prevent. detect. and
respond to threats across identities.
endpoints. applications. emai~ loT.
infrastructure.. and doud plt~~tfonns.
Sentinel provides integrated threat protection (Siide 1>
Collect data at cloud scale across all users. devices, applications,
and infrastructure, both on-premises and in multiple clouds.
.
----
Detect previously uncovered threats and minimize false positives
using analytics and unparalleled threat intelligence.
Investigate threats with AI and hunt suspicious activities at
scale, tapping into decades of cybersecurity work at Microsoft.
Respond to incidents rapidly with built-in orchestration and
automation of common security.
.
•••
••0
-
~
/
--··
.~..
Sentinel provides integrated threat protection (Siide2J
0
ConnKt Sentinel to your data: use connectors for
Workbooks~ monitor the data using the Azure
Sentinel integration with Azure Monitor Workbooks.
®
Investigation: Understand the scope of a potential
security threat and find the fOot cause.
Analytics: Using built in an.alytics alerts. you'll get
notified when anything suspicious occurs.
@)
Hunting: Use search·and-quecy tools. to hunt
proactively for threat$. before an alert is triggered.
4
@
Playbooks: A collection of procedures that can help
automate and orch<!'Strilte your response.
Microsoft solutions providing real·time integration.
Manage Incidents: An incident Is created when an
a lert that you've enabled is ttiggNed.
Security a utomation a nd o rchestration: Integrate
with Azure logic Apps, to create workAows
Integrated thl'e~t pl'otKtlon: XOR with Microsoft
365 Defender and Azure Oefendet integration.
Sentinel provides integrated threat protection (SiideJ>
- ...
- - -- --w--- w--
Ll
--1. ...
.... alll _.,.,..
~-
~
"o
~
I
••
eoo
••
m•
--1.
...
II
---
--
--
Microsoft Se<:urity
Demo
Azure Sentinel
Lesson 4: Describe threat protection with
Microsoft 365 Defender
Lesson 4 Introduction
At the end of t his module, you'll be able to:
..··o
··········....
[
1
.\
'
.·..............
Describe
the Microsoft
365 Defender
service.
....o
···········...~
i'
.....
/'
·..........•'
Describe
how Microsoft 365
Defender provides
integrated
protection against
sophisticated
attacks.
,. .0. . . . . .\
i
:
\ '•
../
·····..···'
Describe
how Microsoft
CloudApp
Security can help
defend your data
and assets.
Microsoft 365 Defender services
Microsoft 365 Defender
®
A
o-\..,
')
Natively coordinate the
detection, prevention.
investigation. and response
to threats.
Protects identities,
endpoints, apps and email
& collaboration.
Integrated Microsoft 365 Defender experience
Apps
....,.,.a....
...~
fM•IVCoUabof'ltion
....._...,......,
-~.No)
Microsoft Defender for Identity
Microsoft Defender for Identity covers following key areas
r\.:@
.....
Monitor and prome u.s«
behavior and activities
Dtfcnd~r for Identity monitors
and analyzes user activitie-s and
Information across your
netwCH'k, including permissions
and group membership,
cre~ting <'I bthbvi()(al baseline
f01 cM:h us~r.
©
Protect u.s« Identities and
reduce the attack surface
Ol!(~tr fCK ldtntity givM
ii'!V,lluable insights on identity
confJgurations and suggested
security best practices.
Thtough security reports and
uset proflle analytics.
®
Identify suspldous activities
and advanced attacks across
the cyt.e-r.Utadc kUI·chaln
Reconnaissance
Compromised credentials
lateral m~ments
Domain dominance
®
lnVMtlgate alerts and
user activities
Defender for Identity is
designed to reduce general
aler1 noist, providing only
relevant. important security
alerts in a simple, real-tlme
Dfganluuional attack
timelint.
Microsoft Defender for Office 365
Microsoft Defender for Office 365 covers:
<D
®
Threat protection
policies
Threat investigation and
response capabilities
(4)
,_,
Automated investigation
and response capabil~ies
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is a platform designed to help enterprise networks protect
endpoints.
Microsoft Defender for Endpoint
-
......,.
..t
-
Thrut and
Vuln~n.billly
Man.agemen1
('I
~
AHack su rface
reduction
Next
gcnerOttlon
prolettlon
Ctntrali%~
Endpoint
dclecllon
1nd response
Automllled
IA'Vfltigatlon and
remedl11tlon
configuration, admini.str.~tion. and APis
....
Micro~ft
Threat Expen
Microsoft Cloud App Security
Mi<rosoft Cloud App Se<urily provides ri<h visibility to yoor doud servi<es. <ontrol over data travel. and sophisti<ated
analytia; to identify and <ombat cyberthreats a<ross all your Microsoft and third·party dood services.
---e-.
The Cloud App Security fr-llmework
• Discover and control the use of Shadow fT
~
• Protect your sensitive Information anywher~
in thedoud
• Protect against cyberttveats and anomalies
• Assess: your cloud apps' compliance
Offke 365 Cloud App Sta~rlty
Enhanced Cloud App Dlscov~ry In
A%ur e Adive Dlre«ory
Mkrosoft Cloud App
S.Curity 11rc.hite<ture
...
It
-~-
~ ~
-
_.,...__..,._
m
e. --. -...,
$'(1 ::..~
J
--•
I
--
Microsoft Se<:urity
Demo
Micro soft Cloud App Security
(MCAS)
Lesson 5: Describe security management
capabilities of Microsoft 365
0
Lesson 5 Introduction
In this module, you will:
@
Describe and
explore the
Microsoft 365
Defender
portal
@
@
@
Describe
how to use
Microsoft
Secure Score.
Explore
security
reports and
dashboards.
Describe
incidents and
incident
management
capabilities.
Microsoft 365 Defender portal
The Microsofl 365 Defender portal combines
protection, detection, investigation, and
response to email, collaboration, identity,
and device threats, in a central portal.
View the security health
of your organization.
Act to configure devices,
users, and apps.
Get alerts for suspicious activity.
The Microsoft 365 Defender navigation pane include these
options and more:
@ ~ @)
lnd dents
&alerts
Hunting
@
~)
·-.
~aming
hub
Action
center
../
Endpoints
~
Email &
f;OiluboraUon
©
r:=:-,
w
Threat
analytJcs
Retports
@
Secure
Scoro
ct.~
Permissio ns
& roles
Describe how to use Microsoft Secure Score
·--
Microsoft Secure Score is a
representation of a company's
security posture.
Will show all possible
improvements for the product.
whatever the license edition.
subsCI'iption. or plan.
,.•
Supporu re<ommendations for:
Microsoft 365
~ure Active Directory
Microsoft Defender for
Endpoint
Microsoft Defender for Identity
Cloud App Security
•
•
•
•
•
__
...
--·
-...
.._-·-----·-·
--
_
. -
-·--
·-,
,,
-------__ ------·
--·------. -- . - --- - - - -- -------. -·
,.. _
-·-------~
Microsoft Se<:urity
Demo
The Micro soft 365 Defender portal
Security reports a nd dashboards
_____...__________
The Microsoft 36S Defender portal Includes a Reports section. Shown below is the general security report.
-·---·
By default. cards are grouped by che
-~-
~
-
following categories:
ldentitiM - user accOUIHS and
c:redentia1s.
Data - email alld document
contents.
1- 1
v
•
•
Devices - computei'S, mobile
phones, and other devices.
Apps - programs and attached
online services.
•
•
You can group cards by topic (risk.
detection uends, configuration and
health. and other.
•
•
-·1 IIMft •t ,.;,"
•
-·-
--------·-
--
---- - -- ---
__..,.__
Incidents & incident management
Incidents are a collection of correlated alerts created when a suspicious event is found and provides a
comprehensive view and context of an attack .
(;;;··\
~
·.•
"\-I' .
..··
.........·····
•
Incident management
Managing incidents is critical in ensuring that threats are contained
and addressed. In Microsoft 365 Defender. you can manage
incidents o n devices, users accounts, and mailbo xes.
Lesson 6: Describe endpoint security with
Microsoft Intune
•
•
Lesson 6 Introduction
After complet ing this module, you should be able to:
. ··········....
[ .··o
1
....o
···········...
.\
'
.·..............
i'
~
.\
'
·..........•'/
Describe
what Intune is.
Describe
the tools available
with Intune.
,....o
···········\
:
\ '•
/
..
i
·····.·····
Describe
how to manage
devices with
Microsoft Endpoint
Manager:
Intune
Microsoft Intune is a cloud· based service that focuses on mobile device management (MOM) and mobile
application management (MAM).
/\
( MoM )
................/
When devkts are enrolled l)nd ~~ in ln1une. odmlri:stri3't01'$ Gllrt
See the devkes enrolled ard gee an inYen(OI')' of the ones accessing
organization resowces.
Conf;gure do-Ac., "' 1hey m«< yow S«Wty ond hoi!llh <Wd.l.,j<
Push certificates to devices so users can easiy access your Wi..fl
nei'WOft. Of use a VPN to <Onnea 10 it.
See ~ on usm and dtMces to dll'lemWM! if lhey"re <Onl)llant
Remove organization data if a devke is lost. .stoler\ or 001 used
·"""""'·
When apps are ma~td In lntunt. admlnlswtorS C'bn;
Add and assign mobil e apps to user groups and devkes.
Configure apps to S!41tt C)( rUn with specifiC Soe(tings etlo)bled and
updM<' eOsting apps :.lreldv on ~ cklvicl!'.
· See reports on Ydtit apps oo.o used and tr.rl ti'W us-age.
Do a ~ wipe by reMOW..g only Qt9.'niultion d3Ul ftotn :.pps.
Endpoint security with Intune
Manage
Manage
devices
security baselines
Configure
conditional access
Integration with
Microsoft Defender
for Endpoint
Oevice·based cooditiooat
Use policies to
manage device
security
Use device
compliance policy
Role·based access control
with M ic.r osoft Intune
access, to ensure only
managed iod compliant
devices eM acce:s.s network
«!SSurc:K
App•ba.wd conditional
acct>SS to manage access to
neiWOrtc resources by users
on devices th;u aren't
INIWiged with rmune.
Android
iOS/iPbdOS
Windows 10 or Mlet
Microsoft Se<:urity
Demo
Microsoft Intune
Module Summary
In this module, you have:
Learned about threat protection with Microsoft 365 Defender and its component solutions: Microsoft
Defender for Identity, Microsoft Defender for Endpoints, MCAS, and Microsoft Defender for Office 365.
Learned about the security management capabilities of Microsoft 365 with the Microsoft 365 Defender
portal and Secure Score.
Learned about Microsoft Intune.
Mkroso ft Security
SC-900TOO-A Mod ule 4:
Desc ribe t he Capabilities of
Micro soft Com pliance
Solut ions
Describe the compliance management capabilities in Microsoft
i'ep\
..............
Describe inrormation protection and governance capabilities of
Microsoft 365
Describe insider risk capabilities in Microsoft 36S
.....
t@fi
··.......••·
·······.~
.•.(6
:
·.•.." ....!
~
Describe eDiscovery, & audit capabilities in Microsoft 365
Describe resource governance capabilities in Azure
Lesson 1: Describe the compliance
managemen t capabi lities in Microsoft
Lesson 11ntroduction
After completing this module, you should be able to:
• Describe the benefit of the Service Trust Portal.
• Describe Microsoft's privacy principles.
• Explore the Microsoft 365 compliance center.
• Describe the benefits of Compliance Manager.
Common compliance needs
Several measures to protect data:
<.::.:.\
~)
Granting individuals the right to access their data at any time.
0
Granting individuals the right to correct or delete data about them if needed.
@
@
@
Introducing minimum or maximum retention periods for data.
Enabling governments and regulatory agencies the right to access and examine data when necessary.
Defining rules for what data can be processed and how t hat should be done.
Service Trust Portal
The Service Trust Portal provides:
•
Information
•
Tools
•
Other resources about Microsoft security,
privacy, and compliance practices.
You can access below offerings:
Service Trust Portal
•
Compliance Manager
Trust Documents
•
Industries & Regions
•
Trust Center
•
Resources
My Library
Microsoft's privacy principles
;:fS.; Control: Putting you, the customer, ln control of your privacy with easy-to-use took and dear chokes..
·'{!)'·
·.....·
Transp.arency: Being transparent about data collection and use so that everyone c<~n make informed decisions.
·'Kij'
·
•.....·
Se-curity. Protecting the data that's enlrusted to Mluosoft by using strong security and encryption.
·~··
·.....· Strong legAl prote«Jons: Respecting local privM:y laws and fighting ror legal protection or privacy as a fundame:ntal human right.
···.....
a··
No contont•b.ased targotin9= Not using ~m:uL C;hi.IL f..M. or other pc!C'SOOOI content to to\rget actv~rtis.lng.
~·.!.~:
Benefits to you; When Microsoft does collect datil, it's used to benefit you. the customer, and to make your experiences better.
Microsoft Se<:urity
Demo
Service Trust Porta l
Microsoft 365 Compliance Center
---·
Microsoft 365 Compliance center portal
A view of how the organization is
meeting its compliance requirements
::. - -
•
---
And more...
Navigation
--
to alerts. reports. policie-s, compliance
Add or remove options for a customized
navigation pane.
Customize navigation conuol.
.
____
Information about active alerts
and more.
•
·-
-
I
_
- ...... -----------
compliance ctt~ttr
compliance
solution~
Welcom• to the
Microsoft 365
Solutions that can be used to help with
Acc~s
•
-
--
"---·-'-·
Compliance Manager
Compliance Manager simplifies
compliance and reduces risk by providing;
Prebuilt assessments based on common standards
Wotkflow capabilities to complete risk assessments
Step·by·stcp improvement actions
Compliance score, shows overall compliance posture
Key elements of Compliance Manager
·---
------- •
____ __ -·-- ---..__ _
-- - - -----____
.. _ ...
-·-..
.....----_...__ -----·--- -· - -------~·-
,
....
Controls
1 --
Assessme-nts
1- - - ..___
Templates
Improvement actions
...
...
~
~=;;;
..
------
~
~
~
Comp liance score
Benefits of complianc e .score:
Help an organl:zation understand Its current
---
-~-
0
------- -
con,pllance poscure.
·-----------......
Help pnoritize actions based on their potent•al
to reduce risk.
Underst&~nd your complianc e score
Actjons
Your improved actions
MICtOSOft actioM
Acto0n types ( & actiOn subcotogcxyl
Mondatory (-tiYO, clele«JVe. 0< contc:.....)
Ot.screhonary (prewntrw., de-tKIM. 01 c«rtct~)
"
----__
__..,.......,_
---- ....--- ·-·
...,.__ _ _...,. ...
_..__
_____
f.=!
~
14111 _ __ ___J
-
IM-Jior~---
Microsoft Se<:urity
Demo
Micro soft 365 Compliance Center
Lesson 2: Describe information protection
and governance capabilities of Microsoft 365
Lesson 2 Introduction
After completing this module, you should be able to:
• Describe data classification capabilities.
• Describe records management.
• Describe data loss prevention.
Know your data, protect your data, and govern your data
..\/ 8······.../.
Know your data.~ Undetstand your data landscape Md identiry important
data across on-premlses, c:loud, and hybrid environments.
(rTJ'j
• \,!./ .
·........•'
Prot«t your data: Apply flexible protection actions including encryption.
access restrictions, and visual markings .
([j'·:
Prevent data loss= Detect risky behavior and prE!Vent acddental oversharing
of sensitive Information.
·: "··.••
./~
'
\ ......./
Govern your data: Automatically keep, delete, and store da1a and records
in a compliant manner.
.......
··...........
Data classification capabilities in the Microsoft 365 Compliance Center
·······...
.,.-8
t.
'•,
.....·}
Sensitive information types.
(CD")•'
.......
Trainable classifiers: Pre-trained classifiers and Custom trainable classifiers.
(!~i)
·........
Understand and explore the data.
•,
;"~\ The content explorer: It enables administrators to gain visibility into the content that has been
............/
,.-; ;··.
l.....
La
.....)
summarized in the overview pane.
The activity explorer: It can monitor what's being done with labeled content across the organization .
Sensitivity labels and policies
Label~
tabetsa1~
Cunomcuble
Ot.tl
lt:~
Ptrslsutnt
usagl':
Encrypt tma.•l and documents.
M~rk the content.
AfJ9ly lho lob<~ automotically.
Ptoct« content in containers: sites and groups.
Extend ......!Mty labels to UWd·potty- one! SOMCOS.
Oo"'ly con1en1 wrthout us;,g •rry pootoctlon ~bog<.
Policits en~ble ldmlns to;
Choose tM users and gfOUps that can see labfts
new emails and documeots
Require juS1ificlltions for t.abei changes
Appty a default tabtlto all
Requlrt users to apply a laix'l (mandlltory ~~lng)
Link users to custom M lp p&g~
Onct a sensit•vity Ia~ k applied to an ema~ or doc:umfil1.
¥'f'l configured prottchOI'I ~bn9S for thi:t labtl.,e enforctd
on the content.
Microsoft Se<:urity
Demo
Sensitivity labels
Describe data loss prevention (DLP)
DLP protects sensitive infonnation and prevents its
in;,dvertent disdosu~.
OPl policies ptO!Kt infotm.:ttlon by iderniiylng ~nd ~bCally
pootocting- d.>...
Protect sensitive int'ormaOOnacross Microsoft 365 .. ~for
Business. SharePOirn Online, bchange OriOe and Miaosolt Teams
Endpoint Data Loss Prevention
•
OLP e.l!tended to Windows tO devices.
Audit and manage activtties inducfmg creating, 'oping.
prlntjng. & renaming items
Data Loss Prevention in Microsoft Teams
OPL capabilities extended to Microsoft Teams chat and
channel message.
(OI'd tl()nl
Retention labels and policies
Retention settings work with SharePoint. OneDrive, Teams, Yammer and Exchange and help organizations manage
and gowm information by ensuring content is kept only for a required time, and then permanently delet ed.
Retention labEls:
• Are applied at an item level.
• Emails and documents can have only a single
retention label assigned to it at a time.
Retention settings from retention labels travel
with the content in your Microsoft 365 tenant.
• Can be applied manually or automatically.
Retention labels support disposition review of
the COl' tent before It's permanently deleted.
Retention policies:
Are applied at site or mailbox level,
Can be applied to multiple locations or
specific locations or users.
Items inherit the retention settings from their
container.
If an item is moved. the retention setting does
not travel to the new location.
Records management
Records management in Microsoft 365 helps an organization look after their legal obligations and helps to
demonstrate compliance with regulations.
When content is labeled as a record. the
o.n..v .... ""....... ~
following happens:
Restrictions are pvt in place to biO<k
o ~~~- -~~-® ,......... -· •.:ott~
certain activities.
..,__, . . .IOtcW•OMI• ~ ...,fritC--. . tot ..... IOCI\Mft •
Activities are loggM.
Proof of disposition is kept at the end of
the retention period.
ll'$(ho;l• . . . . . MW Ill" ........... lifO" • ~~ ,......., IIIMI•• Y'llo«il'll
To enable items to be marked as records,
an administrator sets up retention labels.
_ ,,. "'"'- r...,_, ... _" Oollo!• P.,...~o-oo..onr..l-. " " "t.-.-.
- -...
0
M.on.-··•......,.,.Notoot
,.. .... -
al ........_... . . .
@ o.....-...~
........ """"'" . _ ltc- ..._.1'-1 .. ~ -....
Lesson 3: Describe insider risk capabilities in
Microsoft 365
c ~........._ (c ;e:ts
.,....,._
Lesson 3 Introduction
After completing this module, you should be able to:
• Describe how Microsoft 365 can help organizations identify insider risks and
take appropriate action.
Insider risk solutions in Microsoft 365 (Siide l>
(if;\
·..\.!./.·•
Insider risk management helps minimize internal risks by enabling you to detect investigate, and act on
©
Communication compliance helps minimize communication risks by helping you detect. capture, and act
on inappropriate messages in your organization. Supported seiVices: Microsol\ Teams, Exchange Online.
Yammer, & 3"' party communications in an org.
.......
malicious and inadvertent activities in your organization.
Inf ormation barriers allow you to restrict communication and collaboration between two intemalgroups
to avoid a conflict of interest from occurring in your organization. Supported in Microsoft Teams, OneDrive
for Business. SharePoint Online, and more.
Insider risk solutions in Microsoft 365 (Siide2)
/~
·:······...
.
·.........•·'
'.
Privileged access management allows granular a<:cess control OVt!r privileged Elcchange Online admin
tasks in Office 365.
Customer lockbox ensures that Microsoft cannot access customer content to perfomn a sel\lice operation
without the customer'sexplidt approval. Supported services: Exchange Online. SharePoint Online,
OneOtive for Business.
Lesson 4: Describe eDiscovery & Audit
capabilities in Microsoft 365
c~...._..(c;e:ts
,...,._
Lesson 4 Introduction
After completing this module, you should be able to:
• Describe the purpose of eDiscovery & the capabilities of the content search
tool.
• Describe the core & advanced eDiscovery workflows.
• Describe the core and advanced audit capabilities of Microsoft 365.
eDiscovery & content search
Purpose of eDiscovery
Content Search
• Find electronic information to be used as
evidence when a company is involved in
litigation ..
Search for content in Exchange Online mailboxes,
Microsoft 365 Groups, Microsoft Teams,
SharePoint Online and OneDrive for Business
sites, Skype for Business conversations. and
Yammer teams.
• Use to identify, hold, and export content found in
mailboxes and sites.
•
•
Search Exchange Online mailboxes. SharePoint
Online sites, OneOrive for Business. Teams.
Microsoft 36S groups, Yammer groups
Build search queries and use conditions
Create, report on, and delete multiple searches
Vii!W keyword statistics
Search for third-party data
PowerShell scripts for more complex search
related tasks
Core and advanced eDiscovery workflows
0 . +
Op
..........
""""
...
...........
- -
Coro e Dis.covory
.......
-~-
~~IIIOul'("tof
-a
_.
0
,_.
li'My~c!Maln
0
J.
"""""..."
.....
Advanced e Dff.(overy builds on core o Di~eovery
Add persons ol •ru.erest (custodians) and dau s.owc~ tkat areri't assodat«l with a
Cteate a hold to ptes.erw COf'ltent dt.~t m.ght be
rt'lcv,lonl lO the c.a~ (m.AilboxO'S. sites, ;)ncf public
t
foldt'fs),
l.
spc<Tfic ~~K"r.
Use the buift·ln collections tool to s~rth data sources for CCH'Itent relewnt to the case.
l..
D.lta added to a rl!'kw set atl!! copied from their OtlgW\all«aHon to a s.ecure Azure
"
Use a wlde·wariety of tools aod ca~itles to vi~ and analyze the case data with go.l or
~udng the d1na set to wl\at is mou reltvMt to the use
S.
&port o11nd downi<Nd ColSCI d;~~ta
.....
Cleate and 1\.11\ ~arch~ for cont~t thlllr-~ates to the
).
-•
-..........
............
...
-..........
0 •..+ 0 p
&port and download .seaf<h tM\IIts.
Stor~go locatM)n.. The dat;) is rcind41:Kc:d t'lg~n to
optimcto fOt f•S1 seatchc:s
Audit capabilities of Microsoft 365
Core Audit
Allows organizations to view user and
administrator Ktivity.
An audited activity generate s an audit record t hat
Is stored in the audit log.
Searching the audit log requires the search
capability 10 be turned on and assigned the
appropri ate role.
The results can be filtered and exported to a CSV
file.
'
Advanced Audit - Core Audi~ plus:
Long-term retention of audit logs
Custormzed audit retentiOn poficies
High-bandwidth access to Office 365 Managem ent
Activity API
Acce-ss to crucial events for investjgations
M•dltemsAc:Ce$-Md
Sef1d
Searc.hQoerylnitiattdExc.hange
SearchQuerylnhiatedSI\arePoint
Lesson 5: Describe resource governance
capabilities in Azure
Lesson 5 Introduction
After completing this module, you should be able to:
• Describe some of the resource governance capabilities in Azure.
Azure Resource Manager locks
Azure Resource Manager Jocks
Prevent resources from being accidentally
deleted or changed.
Apply a lock at a parent scope, all resources
within that scope inherit that lock.
Apply only to operations that happen in the
management plane.
Changes to the actual resource are restricted, but
resource operations aren't restricted.
A lock level
CanNotOelete
ReadOnly
Azure Blueprints
Azure Blueprints provide a way to define a repeatable set of Azure resources.
Rapidly provision environments, that are in line with the organization's compliance requirements.
Provision Azure resources across several subscriptions simultaneously for quicker delivery.
Declarative way to orchestrate the deployment of various resource templates and artifacts, including:
-
Role Assignments
- Policy Assignments
-
Azure Resource Manager templates (ARM templales)
-
Resource Groups
Blueprint objects are replicated to multiple Azure regions.
The relationship between the blueprint definition and the blueprint assignment is preserved.
Azure Policy
Trigger a Policy
•valuation
•
0
00
0
0
0
0
()
0
00
0
0
0
0
0
Azure Policy
•
0 •••••
0
0
0
.••......·0.
Respons.sto
non-compliant
resources
H~lp
enforce standards and ass~·ss
com~i.lnct .x:ross your organization.
A comphance dashboard. to evilluate
tM owralt statr of the envtronmet'lt.
•• 0 ••••••
0
0
0
fiv
0
0
Ev•luatts resoutefl. rn Al1Jre and Arc
en~bltd
resourcu.
Otny •
······
0
}
0
•••
(~ to • l't'SOUI'(e_.
log dlalliljfS to • mourc:e.
Ah~ a teSOUI"Ce bereft Ot
ad\ange.
Depoy .....,od • ..,..,.
"""'"'...
.tter
Microsoft Se<:urity
Demo
Azure policy
Module Summary
In this lesson, you have:
•
Learned about the compliance management capabilities in M icrosoft. including the Service Trust
Portal, Microsoft 365 compliance center, M icrosoft privacy principles, and more.
•
Learned about the information protection and governance capabilities of Microsoft 365,
including sensitivity & retention labels, DLP, and more.
•
Learned about insider risk capabilities in Microsoft 365
•
Learned about eDiscovery & audit capabilities of Microsoft 365
•
Describe resource governance capabilities in Azure, including Azure policy, resource locks,
Blueprints, and more.