Mastering Microsoft Cloud Cybersecurity

Cloud Security Overview

Security matters. Every company is faced with several kinds of attacks and must implement different tools to protect themselves.

• Threat Landscape
• Common Threats and Attack Types
• The Defender's Dilemma
• Zero Trust Model
• Identity and Access Management
• Threat Protection
• Security Management
• Information Protection
• LAB: Cloud Security Overview

Microsoft Entra: Securing Your Cloud Identities

The first thing you should protect are your identities. Especially in a cloud infrastructure, this should be your number one priority. Microsoft Entra ID provides a lot of security related features to control access to your environment.

• Multi-Factor Authentication
• Privileged Identity Management
• Identity Protection
• Conditional Access
• LAB: Securing Your Identities

Microsoft Defender for Identity

If your identities are hosted on-premises, Microsoft Defender for Identity can provide protection for your Active Directory accounts.

• Microsoft Defender for Identity Features
• Configuring Defender for Identity
• Protecting Your Accounts
• Identify Threats: Reconnaissance and Lateral Movement
• Detect Pass-the-Hash and Pass-the-Ticket Attacks
• LAB: Microsoft Defender for Identity

Microsoft Defender for Office 365

Safeguard your organization against malicious threats from email messages, links and collaboration tools. Implement policies to detect malware, spam and phishing mails. Define what action to take when malicious content is detected.

• Protect Against Malware, Spam, Phishing, Spoofing
• Email Authentication: SPF, DKIM and DMARC
• Attack Simulator
• Safe Attachments and Safe Links
• Threat Protection for Collaboration: SharePoint, OneDrive and Teams
• LAB: Microsoft Defender for Office 365

Microsoft Defender for Endpoint

Devices can get compromised because of missing updates or vulnerabilities in applications. Microsoft Defender for Endpoint provides you with an inventory and gives you recommendations to make your environment more secure. This service also detects suspicious activities and alerts you about possible attacks.

• Protect Your Devices
• Onboarding Devices
• Threat and Vulnerability Management
• Endpoint Detection and Response
• Device Investigations
• Automated Investigation and Remediation
• LAB: Microsoft Defender for Endpoint

Microsoft Defender for Cloud Apps

In this cloud-based world, it can become difficult to find the right balance between flexibility for your users and protecting your critical data. Microsoft Defender for Cloud Apps acts as a gatekeeper to broker access between your users and the cloud apps they use. At the same time, it can safeguard your sensitive information.

• Cloud Discovery
• App Connectors
• Control Access to Apps with Policies
• Conditional Access App Control
• Protect Sensitive Information
• LAB: Microsoft Defender for Cloud Apps

Detect and Stop attacks with Microsoft Defender XDR

So many different tools that collect so much data. You may be flooded with information. Microsoft Defender XDR brings it all together. It gives you better insights in attacks by showing you the devices, identities and apps that were involved. You can hunt for threats and be proactive, making sure the attacker doesn't stand a chance.

• Microsoft Defender XDR
• Protect Your Environment
• Security Recommendations and Secure Score
• Attack Investigation
• Threat Hunting
• LAB: Microsoft Defender XDR

Microsoft Security Copilot

Investigating an attack or writing the ideal Kusto query can be difficult. Microsoft Security Copilot will make your life easier by helping you with the analysis of suspicious scripts, generating a Kusto query or writing a report once an incident has been handled.

• Investigate Incidents with Copilot
• Analyze Suspicious Scripts
• Hunt Like a Pro
• Copilot Plugins

Information Governance and Protection

Microsoft 365 is designed to help meet your organization's needs for content security and data usage compliance with legal, regulatory, and technical standards.

You must be able to protect your sensitive data by implementing rules and conditions to control access and secure files and services. You should be able to define how long data is kept and when it must be deleted.

• Microsoft Purview Portal
• Sensitive Information Types
• Trainable Classifiers
• Sensitivity Labels
• Data Loss Prevention
• Retention Labels and Policies
• Communication Compliance
• LAB: Information Governance and Protection

Information Insights and Discovery

Find out what is going on in your organization by checking Audit logs and running eDiscovery searches.

Compare your configuration with a predefined set of policies and get recommendations on how to improve your compliance score. Manage insider risks and control data privacy.

• eDiscovery
• Auditing and Alert Policies
• Compliance Manager
• Data Classification
• Insider Risk Management
• Privacy Management
• LAB: Information Insights and Discovery

Microsoft Sentinel

Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It aggregates and analyzes security data from across your environment to provide centralized threat detection, visibility, proactive hunting, and incident response capabilities.

• Microsoft Sentinel Overview
• Sentinel Pricing and Log Data Retention
• Activate Microsoft Sentinel
• Onboard Security Sources: Data Connectors and Content Hub
• Threat Intelligence
• Watchlists
• User and Entity Behavior Analytics (UEBA)
• LAB: Microsoft Sentinel

Kusto Query Language

The Kusto Query Language (KQL) is used to query and analyze log, telemetry, and security data collected by Azure services. It allows security professionals to explore large datasets, detect patterns, and investigate anomalies using a readable and efficient query syntax optimized for log analytics and threat detection.

• Kusto Query Language
• Writing Basic Log Queries
• Filter Data
• Aggregate Data
• Using Variables
• Joining Multiple Tables in a Single Query
• Functions and Computer Groups
• LAB: Kusto Query Language

Microsoft Sentinel Incident Investigation and Threat Hunting

Microsoft Sentinel collects security data from a wide range of sources, including Microsoft Defender services, Microsoft Entra ID, Azure logs, and third-party security solutions. By correlating and analyzing this data, Sentinel enables security administrators to investigate incidents, perform threat hunting, and reconstruct attack paths to understand the full scope of a security event and respond effectively.

• Sentinel Analytics and Investigation
• Security Orchestration Automation: Automation Rules and Playbooks
• Threat Hunting
• Workbooks and Notebooks
• LAB: Microsoft Sentinel Incident Investigation and Threat Hunting

Securing Access to Azure Resources

Controlling access to Azure resources is a fundamental aspect of securing cloud environments. Azure provides a comprehensive identity and access management model that allows administrators to assign permissions, manage privileged access, and securely handle credentials and secrets used by applications and services.

• Microsoft Entra ID and Azure Identity Model
• Role Based Access Control
• Privileged Identity Management (PIM) for Azure Roles
• Azure Key Vault
• Secrets, Keys and Certificates Lifecycle
• Managed Identities
• LAB: Securing Access to Azure Resources

Microsoft Defender for Cloud

Microsoft Defender for Cloud provides centralized security management and threat protection for Azure, hybrid, and multi-cloud environments. It helps organizations improve their security posture by enforcing policies, identifying misconfigurations, protecting workloads, and detecting and investigating security threats across their cloud resources.

• Microsoft Defender for Cloud Overview
• Defender for Cloud Plans and Pricing
• Security Policies and Initiatives
• Security Recommendations and Secure Score
• Regulatory Compliance
• Workload Protection Features: Just in Time VM Access, File Integrity Monitoring
• Security Alerts, Incidents and Investigation
• LAB: Microsoft Defender for Cloud