AZ-500: Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel

Overview

Module 1:

This module equips administrators with the skills to design, deploy, and oversee security governance in Azure, ensuring alignment with organizational policies and industry best practices.By the end of this module, participants will be able to:

Enforce compliance using Azure Policy to create and manage security policies. Streamline secure infrastructure deployment with Azure Blueprint.

Utilize landing zones for consistent Azure security and manage sensitive data with Azure Key Vault. Enhance key security with HSM recommendations, effective access control, and regular key rotation and backup processes.

Module 2:

This module focuses on equipping administrators with the knowledge and skills needed to manage and enhance the security posture of their cloud environment using Microsoft Defender for Cloud, ensuring proactive identification and remediation of security risks.By the end of this module, you will be able to:

Utilize Microsoft Defender for Cloud Secure Score and Inventory to identify and mitigate security risks, enhancing overall security posture. Assess and align with security frameworks using Microsoft Defender for Cloud to ensure adherence to security standards and best practices.

Integrate specific industry and regulatory standards into Microsoft Defender for Cloud for tailored compliance. Connect hybrid and multicloud environments to Microsoft Defender for Cloud for centralized security management, and monitor external assets to safeguard against external threats.

Module 3:

This module focuses on the essential techniques for configuring and managing threat protection exclusively with Microsoft Defender for Cloud, empowering cybersecurity specialists to strengthen the security posture of their cloud environments.By the end of this module, participants will be able to:

Master the configuration of Microsoft Defender for Cloud to effectively monitor and protect cloud resources. Implement advanced threat detection strategies using Microsoft Defender for Cloud's built-in capabilities.

Utilize Microsoft Defender for Cloud's threat intelligence to proactively identify and mitigate security risks. Configure and fine-tuning security policies within Microsoft Defender for Cloud to align with organizational security requirements.

Develop expertise in incident response and remediation using Microsoft Defender for Cloud's integrated tools and features. Module 4:

Learn to set up Azure Monitor and Microsoft Sentinel for automatic security monitoring and response in cloud settings.By the end of this module, participants are able to:

Use Azure Monitor for effective security event monitoring in cloud environments.

Implement data connectors in Microsoft Sentinel for comprehensive security data collection. Develop customized analytics rules in Microsoft Sentinel for targeted threat detection.

Assess and automate responses to security incidents in Microsoft Sentinel to enhance workflow efficiency.

Syllabus

• Module 1: Module 1: Implement and manage enforcement of cloud governance policiesIntroductionMicrosoft cloud security benchmark: Access, Data, Identity, Network, Endpoint, Governance, Recovery, Incident, and Vulnerability ManagementAzure governanceCreate, assign, and interpret security policies and initiatives in Azure PolicyAzure BlueprintsConfigure security settings by using Azure BlueprintDeploy secure infrastructures by using a landing zoneAzure Key VaultAzure Key Vault securityAzure Key Vault authenticationCreate and configure an Azure Key VaultRecommend when to use a dedicated Hardware Security Module (HSM)Configure access to Key Vault, including vault access policies and Azure role-based access controlManage certificates, secrets, and keysConfigure key rotationConfigure backup and recovery of certificates, secrets, and keysImplement security controls to protect backupsImplement security controls for asset managementKnowledge checkSummary
• Module 2: Module 2: Manage security posture by using Microsoft Defender for CloudIntroductionImplement Microsoft Defender for CloudIdentify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and InventoryAssess compliance against security frameworks and Microsoft Defender for CloudAdd industry and regulatory standards to Microsoft Defender for CloudAdd custom initiatives to Microsoft Defender for CloudConnect hybrid cloud and multicloud environments to Microsoft Defender for CloudImplement and use Microsoft Defender External Attack Surface ManagementKnowledge checkSummary
• Module 3: Module 3: Configure and manage threat protection by using Microsoft Defender for CloudIntroductionEnable workload protection services in Microsoft Defender for CloudDefender for ServersDefender for StorageMalware scanning in Defender for StorageDetect threats to sensitive dataDeploy Microsoft Defender for StorageEnable configure Azure built-in policyConfigure Microsoft Defender plans for Servers, Databases, and StorageImplement and manage Microsoft Defender Vulnerability Management for Azure Virtual MachinesLog Analytics workspace Manage data retention in a Log Analytics workspaceDeploy the Azure Monitor AgentCollect data with Azure Monitor AgentData collection rules (DCRs) in Azure MonitorTransformations in data collection rules (DCRs)Monitor network security events and performance data by configuring data collection rules (DCRs) in Azure MonitorConnect your Azure subscriptionsJust-in-time machine accessEnable just-in-time accessContainer security in Microsoft Defender for ContainersManaged Kubernetes threat factorsDefender for Containers architectureConfigure Microsoft Defender for Containers componentsMicrosoft Defender for Cloud DevOps SecurityDevOps Security support and prerequisitesDevOps environment security postureConnect your GitHub lab environment to Microsoft Defender for CloudConfigure the Microsoft Security DevOps GitHub actionKnowledge checkSummary
• Module 4: Module 4: Configure and manage security monitoring and automation solutionsIntroductionManage and respond to security alerts in Microsoft Defender for CloudConfigure workflow automation by using Microsoft Defender for CloudLog retention plans in Microsoft SentinelAlerts and Incidents from Microsoft SentinelConfigure data connectors in Microsoft SentinelEnable analytics rules in Microsoft SentinelConfigure automation in Microsoft SentinelAutomating Threat Response with Microsoft SentinelKnowledge checkSummary

---

Subjects

Programming