SC-900T00-A Learning Path:

Describe the Capabilities of

Microsoft Security Solutions

© Copyright Microsoft Corporation. All rights reserved.

 Describe basic security capabilities in Azure.

Describe security management capabilities of Azure.

Learning
Path Describe security capabilities of Microsoft Sentinel.
Agenda
Describe threat protection with Microsoft 365 Defender.

© Copyright Microsoft Corporation. All rights reserved.

Module 1: Describe basic security capabilities
in Azure

© Copyright Microsoft Corporation. All rights reserved.

Module 1 Introduction
After completing this module, you should be able to:

Describe Describe Describe

Azure security how Azure can how encryption
capabilities protect your VMs. on Azure can
for protecting protect your data.
your network.

© Copyright Microsoft Corporation. All rights reserved.

Azure DDoS protection

A Distributed Denial of Service

(DDoS) attack makes resources
unresponsive.
Azure DDoS Protection analyzes
network traffic and discards
anything that looks like a DDoS
attack.
Azure DDoS Protection tiers:
• Default DDoS infrastructure
protection (free)
• DDoS Protection Standard
(available SKU)

© Copyright Microsoft Corporation. All rights reserved.

Azure Firewall

Azure Firewall protects your Azure Virtual Network

(VNet) resources from attackers. Features include:
• Built-in high availability & Availability Zones
• Outbound SNAT & inbound DNAT
• Threat intelligence
• Network & application-level filtering
• Multiple public IP addresses
• Integration with Azure Monitor

© Copyright Microsoft Corporation. All rights reserved.

Web Application Firewall

Web Application Firewall (WAF) provides centralized

protection of your web applications from common exploits
and vulnerabilities.
• Simpler security management
• Improves the response time to a security threat
• Patching a known vulnerability in one place
• Protection against threats and intrusions.

© Copyright Microsoft Corporation. All rights reserved.

Network segmentation and Azure VNet

Reasons for network segmentation:

• The ability to group related assets
• Isolation of resources.

• Governance policies set by the organization.

Azure Virtual Network (VNet):

• Network level containment of resources with no
traffic allowed across VNets or inbound to VNet.
• Communication needs to be explicitly
provisioned.
• Control how resources in a VNet communicate
with other resources, the internet, and on-
premises networks.

© Copyright Microsoft Corporation. All rights reserved.

Azure Network Security groups
Network security groups (NSG) let you allow or deny network
traffic to and from Azure resources that exist in your Azure
Virtual Network.
• An NSG can be associated with multiple subnets or network interfaces
in a VNet.
• An NSG is made up of inbound and outbound security rules.
• Each rule specifies one or more of the following properties:
- Name - Priority - Source or destination
- Protocol - Direction - Port range
- Action
• Example default inbound rule labeled “DenyAllInbound”
Priority Source Source ports Destination Destination ports Protocol Access
6500 0.0.0.0/0 0-65535 0.0.0.0/0 0-65535 Any Any

© Copyright Microsoft Corporation. All rights reserved.

Secure remote access to VMs: Azure Bastion & Just-in-time access

Azure Bastion - secure

connectivity to your VMs from
the Azure portal.

Just-in-time access – secure

access when needed.

© Copyright Microsoft Corporation. All rights reserved.

Ways Azure encrypts data & use of Key Vault

Encryption on Azure What is Azure Key Vault?

Azure Storage Service Encryption Secrets management

Azure Disk Encryption Key management

Transparent data encryption (TDE) Certificate management

Store secrets backed by HW or SW

© Copyright Microsoft Corporation. All rights reserved.

Module 2: Describe security management
capabilities of Azure

© Copyright Microsoft Corporation. All rights reserved.

Module 2 Introduction
After completing this module, you’ll be able to:

Describe cloud Describe Understand the

security posture Microsoft Microsoft
management. Defender for Cloud Security
Cloud. Benchmark and
security baselines
in Azure.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Cloud
Microsoft Defender for Cloud is a tool for security posture management and threat protection. It strengthens
the security posture of your cloud resources, and with its integrated Microsoft Defender plans, protects
workloads running in Azure, hybrid, and other cloud platforms. Microsoft Defender for Cloud features cover two
broad pillars of cloud security:

Cloud security posture management(CSPM): Cloud workload protection (CWP):

• Tools & services designed to improve cloud security • Detect and resolve threats to resources, workloads, and
management. services.
• Monitor and prioritize security enhancements and features. • CWP provided through Microsoft Defender plans specific to
in your cloud environment. the types of resources in your subscriptions.
• Secure score in Microsoft Defender for Cloud provides • Defender plans include Microsoft Defender for servers, App
visibility to your current security situation & hardening Service, SQL, Key Vault, and more…
guidance to help improve security.

© Copyright Microsoft Corporation. All rights reserved.

Secure score in Microsoft Defender for Cloud

Your security posture at-a-glance

• Continually assesses your
resources, subscriptions, and
organization for security issue.

• Aggregates all the findings into a

single score.

• Hardening recommendations on
any identified security
misconfigurations & weaknesses.

© Copyright Microsoft Corporation. All rights reserved.

Enhanced security of Microsoft Defender for Cloud

Microsoft Defender for Cloud

plans offer Enhanced security
features for your workloads:
• Endpoint detection and response

• Vulnerability scanning
• Multi-cloud security
• Hybrid security
• Threat protection alerts
• Access and application controls

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Cloud Security Benchmark & Azure Security baselines

Microsoft Cloud Security

Benchmark (MCSB)
• Provides prescriptive best
practices & recommendations to
improve the security of
workloads, data, and services on
Azure.
Security baselines for Azure
• Apply guidance from the MCSB to
the specific service for which it is
defined.
• The image is an excerpt from the
Azure Key Vault security baseline.

© Copyright Microsoft Corporation. All rights reserved.

Module 3: Describe security capabilities of
Microsoft Sentinel

© Copyright Microsoft Corporation. All rights reserved.

Module 3 Introduction
After completing this module, you’ll be able to:

Describe Describe
the security how Microsoft
concepts for Sentinel provides
SIEM and SOAR. integrated threat
management.

© Copyright Microsoft Corporation. All rights reserved.

SIEM and SOAR

SIEM SOAR

What is security incident and What is security orchestration

event management? automated response?
A SIEM system is a tool that an A SOAR system takes alerts from many
organization uses to collect data from sources, such as a SIEM system. The
across the whole estate, including SOAR system then triggers action-
infrastructure, software, and resources. driven automated workflows and
It does analysis, looks for correlations processes to run security tasks that
or anomalies, and generates alerts and mitigate the issue.
incidents.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Sentinel provides integrated threat management (Slide 1)

Collect data at cloud scale across all users, devices, applications,

and infrastructure, both on-premises and in multiple clouds.

Detect previously uncovered threats and minimize false positives

using analytics and unparalleled threat intelligence.

Investigate threats with AI and hunt suspicious activities at

scale, tapping into decades of cybersecurity work at Microsoft.

Respond to incidents rapidly with built-in orchestration and

automation of common security.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Sentinel provides integrated threat management (Slide 2)
Connect Microsoft Sentinel to your data: Use Notebooks: Use Jupyter notebooks to extend the
connectors for Microsoft solutions providing real- scope of what you can do with Microsoft Sentinel
time integration. data.

Workbooks: Monitor the data using the Microsoft Investigation: Understand the scope of a potential
Sentinel integration with Azure Monitor Workbooks. security threat and find the root cause.

Analytics: Using built-in analytics alerts, you’ll get Hunting: Use search-and-query tools, to hunt
notified when anything suspicious occurs. proactively for threats, before an alert is triggered.

Community: Download content from the private

Manage incidents: An incident is created when an
community GitHub repository to create custom
alert that you've enabled is triggered.
workbooks, hunting queries, and more.

Security automation and orchestration: Integrate

with Logic Apps, to create workflows & playbooks.

© Copyright Microsoft Corporation. All rights reserved.

Module 4: Describe threat protection with
Microsoft 365 Defender

© Copyright Microsoft Corporation. All rights reserved.

Module 4 Introduction
After completing this module, you’ll be able to:

Describe Describe Describe and

the Microsoft how Microsoft 365 explore the
365 Defender Defender provides Microsoft 365
service. integrated Defender portal.
protection against
sophisticated
attacks.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft 365 Defender services

Microsoft 365 Defender

Natively coordinate the

detection, prevention,
investigation, and response
to threats.

Protects identities,
endpoints, apps, and email
& collaboration.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Office 365
Microsoft Defender for Office 365 covers:

1 2 3 4
Threat protection Reports Threat investigation and Automated investigation
policies response capabilities and response capabilities

Microsoft Defender for Microsoft Defender for Microsoft Defender for

Office 365 Plan 1 Office 365 Plan 2 Office 365 availability
• Safe Attachments · Threat Trackers & Threat Explorer · Microsoft 365 E5
• Safe Links · Automated investigation & response (AIR) · Office 365 E5
• Safe Attachments for SharePoint, · Attack Simulator · Office 365 A5
OneDrive, & Microsoft Teams
· Proactively hunt for threats · Microsoft 365 Business Premium
• Anti-phishing protection
· Investigate incidents and alerts
• Real-time detections

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is a platform designed to help enterprise networks protect
endpoints.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps provides rich visibility to your cloud services, control over data travel, and
sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.

The Defender for Cloud Apps framework

· Discover and control the use of Shadow IT.
· Protect your sensitive information anywhere
in the cloud.
· Protect against cyberthreats and anomalies.
· Assess your cloud apps' compliance.

Office 365 Cloud App Security

Enhanced Cloud App Discovery in

Azure Active Directory

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Identity
Microsoft Defender for Identity covers following key areas

Monitor and profile user Protect user identities and Identify suspicious activities Investigate alerts and
behavior and activities reduce the attack surface and advanced attacks across user activities
the cyberattack kill-chain Defender for Identity is
Defender for Identity monitors Defender for Identity gives
and analyzes user activities and invaluable insights on identity • Reconnaissance designed to reduce general
information across your configurations and suggested alert noise, providing only
• Compromised credentials relevant, important security
network, including permissions security best practices.
and group membership, Through security reports and • Lateral movements alerts in a simple, real-time
creating a behavioral baseline user profile analytics. organizational attack
• Domain dominance
for each user. timeline.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft 365 Defender portal

The Microsoft 365 Defender portal combines The Microsoft 365 Defender navigation pane include these
protection, detection, investigation, and options and more:
response to email, collaboration, identity,
and device threats, in a central portal.

View the security health Incidents Hunting Action Threat Secure

of your organization. & alerts center analytics Score

Act to configure devices,

users, and apps.

Learning Email & Reports Permissions

Endpoints
Get alerts for suspicious activity. hub collaboration & roles

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Secure Score
Microsoft Secure Score is a
representation of a company's
security posture.

Will show all possible

improvements for the product,
whatever the license edition,
subscription, or plan.

Supports recommendations for:

• Microsoft 365
• Azure Active Directory
• Microsoft Defender for
Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for Cloud
Apps

© Copyright Microsoft Corporation. All rights reserved.

Learning Path Summary

In this learning path, you have:

• Learned about basic security capabilities in Azure.
• Learned about the security management capabilities of Azure.
• Learned about the security capabilities of Microsoft Sentinel.
• Learned about the threat protection with Microsoft 365 Defender.

© Copyright Microsoft Corporation. All rights reserved.

© Copyright Microsoft Corporation. All rights reserved.