Course Details
Duration: 5 days; 35 hours; Instructor-led/ remote online training
Audience
- Security Engineers / Analysts / Consultants
- System Administrators / Engineers
- Certified Azure Associate and Administrators
- Cloud Engineers / Administrators
- IT Managers
- Professionals preparing for Microsoft Azure Exams : SC200, AZ500
- Penetration Testers
- Blue Team members, Defenders, and Forensic Analyst
Prerequisites
- Knowledge of Microsoft Windows ecosystem and networking
- Knowledge of Active Directory
- Basic understanding of Microsoft Azure
- Basic understanding of Microsoft 365
Methodology
This program will be conducted with interactive lectures, PowerPoint presentation, discussion and practical exercise.
Course Objectives
- Understand the MITRE ATT&CK Framework with details on techniques, tactics, and procedures (TTP) commonly used by threat actors.
- Learn about each stage of the attack lifecycle from initial compromise to full domain takeover, data hunting, and data exfiltration using various threat vectors.
- Understand how to protect an organisation from known and unknown threats in on-premise and cloud assets using end-to-end Microsoft Defender and Microsoft Azure security technologies.
- Understand how to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders.
- Learn how to configure host level security
- Understand cloud computing vulnerabilities
- Understand how to implement secure infrastructure solutions in the Microsoft Azure platform
- Understand how to configure Key Vault secrets, keys and certificates. Learn to retrieve secrets using Azure web app
- Understand how to implement security controls in Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud, Microsoft 365 Defender, Microsoft Defender for Cloud Apps, Microsoft Intune, and Microsoft Azure Sentinel
- Understand how to maintain the security posture of an organisation using Microsoft security ecosystem
- Understand how to manage Azure Cloud Security Operations
- Understand how to manage identity and access of users and assets
- Implement threat protection from endpoint security to cloud security, end-to-end using Microsoft Defender and Microsoft Azure security technologies: Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud, Microsoft 365 Defender, Microsoft Defender for Cloud Apps, Microsoft Intune, and Microsoft Azure Sentinel
- Implement host security strategies including endpoint protection, remote access management, update management, and disk encryption.
- Implement enterprise governance strategies including role-based access control, Azure policies, and resource locks.
- Implement an Azure AD infrastructure including users, groups, and multi-factor authentication.
- Implement Azure AD Identity Protection including risk policies, conditional access, and access reviews.
- Implement Azure AD Privileged Identity Management including Azure AD roles and Azure resources.
- Implement perimeter security strategies including Azure Firewall.
- Implement network security strategies including Network Security Groups and Application Security Groups.
- Implement Azure Key Vault including certificates, keys, and secrets.
- Implement application security strategies including app registration, managed identities, and service endpoints.
- Implement storage security strategies including shared access signatures, blob retention policies, and Azure Files authentication.
- Implement database security strategies including authentication, data classification, dynamic data masking, and always encrypted.
- Implement Azure Monitor including connected sources, log analytics, and alerts.
- Implement Microsoft Defender for Cloud including policies, recommendations, and just in time virtual machine access.
Outlines
Module 1: Introduction to Microsoft Defender for Cloud
- Evolution of Threat Landscape
- Cybersecurity resilience
- Microsoft Cybersecurity Reference Architecture
- Reference Architecture for Identity and Access
- Reference Architecture for Security Operations Center
- Reference Architecture for PC and Mobile Devices
- Reference Architecture for Hybrid Cloud Infrastructure
- Reference Architecture for Info Protection
- Measuring Cost of Attack
- Disrupting Attacker Return on Investment
- Cloud Security, a Shared Responsibility
- Zero Trust Principles
- Threat Protection Strategy (Detect-Respond-Recover)
- Information Protection Strategy
- Cyber Kill Chain and MITRE ATT&CK Framework TTPs
- Indicators of Compromise (IoC) and Indicators of Attack (IoA)
Module 2: Managing Cloud Security Posture
- Lab 1: Secure Score and Remediation
- Lab 2: Inventory – resource health and remediation
- Lab 3: Recommendation – Configure malware detection for existing
- Lab 4: Installing Antimalware in a new VM during creation
- Lab 5: Workbooks for Data analysis and rich visual report creation
- Lab 6: Security Alert and Workflow Automations
Module 5: Firewall Manager
Lab 1: Securing Virtual Hub Using Firewall Manager
Lab 2: Connect the Hub and spoke virtual network
Lab 3: Security Hub with firewall policy
Lab 4: Associate Firewall policy
Lab 5: Route traffic to Virtual Hub
Lab 6: Testing Application Rule
Lab 7: Testing Network Rule
Module 7: Microsoft Defender for Office 365
- Lab 1: Modify Anti Phishing Policy
- Lab 2: Modify Anti-Spam Policy
- Lab 3: Modify Anti Malware Policy
- Lab 4: Create Safe Attachment Polic
- Lab 5: Create Safe Link Policy
- Lab 6: Spoof Mail Attack Simulation
- Lab 7: Malware with Attachment Attack Simulation
- Lab 8: Hyperlink Malware Attack Simulation
- Lab 9: Test Send Hyperlink Email and Understand Scanning Process
Module 8: Office 365 Security & Compliance
- Lab 1: Configure Retention Policy
- Lab 2: Audit Search
- Lab 3: User Sign-In Log Search
- Lab 4: Mailbox Non-Owner Access Audit
Module 9: Microsoft Sentinel
- Lab 1: Create Sentinel and Link to Defender for Office 365
- Lab 2: Configure Data Retention for Sentinel
Module 10: Microsoft Intune
- Lab 1: Create Auto Enrolment Policy
- Lab 2: Create Compliance Policy
- Lab 3: Create Conditional Access Policy
- Lab 4: Create Apps Policy
- Lab 5: Enrolment PC To Intune
Module 11: Microsoft Defender for Cloud App Security
- Lab 1: Connect Apps to Microsoft Cloud App Security
- Lab 2: Configure IP Addresses and Range in Cloud App Security
- Lab 3: Configure Reporting in Cloud App Security
