Transcript for:

cyber crime is everywhere and does not favor one person over the next think about how many devices you use every day perhaps a laptop tablet and a phone these three devices are three potential gateways for cyber attacks with technology continually advancing Cyber attack activities have become easier to carry out so how do cyber criminals get it right they follow trending stories and use this to lure you it often requires you to click on a link enter your personal information through which cyber criminals gain access the good news is that there are cyber security defense mechanisms that you can practice and Implement so learning about cyber security gives you the tools to prevent cyber attacks cyber security isn't only valuable for personal safety it's also in demand at an organizational level career opportunities in cyber security include a range of roles from cyber security analysts to cyber security engineers and security Engineers with cyber crime On The Rise the demand for these roles across all business sectors is greater than ever with the right Knowledge and Skills you could be the next cyber security analyst or security engineer however maybe you don't have that specific University degree the right certifications and hands-on experience or maybe the cost is just too high now you have the opportunity to join us on a Learning Journey that prepares you for an exciting career in cyber security this program consists of several courses that will help you build the foundational knowledge you need to succeed in this field and completion will earn you a corsera professional certificate this certificate serves as proof of your job Readiness and can be shared with your Professional Network along the way you'll also create work samples that can showcase your expertise to potential Employers in addition finishing this program will help prepare you for the Microsoft certif C ified exam sc900 Microsoft security compliance and identity fundamentals earning a Microsoft certification provides industry endorsed evidence of your skills and demonstrates your willingness to stay on top of the latest trends and demands and stand out in a fast changing industry you'll begin this program with an overview of how computers work and how they are used by businesses this covers Basics such as Hardware software and operating systems before expanding into the specific infrastructure storage and networking needs of Enterprise systems this should help you understand the importance of keeping these systems secure and'll follow up by exploring the Cyber thresh landscape that businesses face and what they can do to protect themselves you'll be introduced to common types of cyber attacks how they are carried out and the impact they can have fortunately there are ways to fight back and you'll become aware of approaches for minimizing risk this includes strategy from limiting access securing communication and complying with security regulations maintaining security for Business Systems is no small task and that's why you'll learn about software solutions that can help administrators automate a lot of the work you'll become familiar with Azure active directory in particular an identity and access management service that can be configured to Grant permissions based on roles and policies setting up a security plan is one thing but you'll also need to make sure it works as intended that's why you'll dig into testing strategies for checking the Integrity of your defense system and you'll also find out what to assess for compliance with Microsoft's privacy principles as well as various International standards this program has been uniquely mapped to key job skills required in cyber security analyst roles in each course you'll be able to consolidate what you have learned by completing a Capstone project that simulates real world cyber security scenarios you'll also complete complete a final Capstone project that enables you to demonstrate your cyber security analyst skills to round off your learning you'll take a mock exam that has been set up in a similar style to the industry recognized Microsoft exam sc900 Microsoft security compliance and identity fundamentals once you complete the program it's time to start exploring potential careers and don't forget to share your corsera professional certificate to get that extra advantage congratulations on your decision to become a differen maker and help ensure a safer online experience for others now let's get started have you ever experienced a Cyber attack cyber attacks Target individuals organizations and systems having an online profile has made life more convenient by allowing you to perform transactions for purchases engage socially or work remotely via the Internet however it is also put your valuable data at greater risk cyber criminals Target your private data online including your financial information think about what might happen if someone steals your social security number date of birth credit card information and address this can make it easy to apply for credit cards in their name and run up debt being a victim of identity theft often leaves you feeling helpless as you scramble to close or freeze accounts and change your account passwords there are necessary security protocols that you can put in place to keep your personal information safe and confidential this is known as cyber security cyber security protects your digital information devices and assets such as your bank accounts files or even photos system protection is equally important it is a feature that creates restore points that allow you to set your devices to a previously healthier State before changes may have led to malfunctions or data loss it is your backup plan within a business context cyber security and system protection is essential to protecting any business from cyber attacks and vulnerabilities think about the importance of protecting staff anonymity product developments and Innovations from competitors or even payroll data the introduction to computers and operating systems and security course is designed for anybody that's interested in learning about cyber security and system protection within a business context it establishes a foundation for anyone's striving to become a cyber security analyst a cyber security engineer or a security engineer you'll focus on identifying the various components of a computer system and how the components interact with an operating system you'll familiarize yourself with the cyber security landscape and the various business Computing environments you'll then gain some context by unpacking the threat landscape so that you recognize where and how cyber crime takes place furthermore you'll be introduced to Computing Dev devices and how hardware and software interact you'll learn about various operating systems with their respective advantages and disadvantages your Learning Journey will continue to explore Enterprise systems and security it involves the comprehensive security framework required by larger companies or corporations the focus is on servers storage and backups Computing environments and the process of Maintenance and patching next you'll examine different business software Solutions you'll draw a correlation between the appropriate business software as a solution to a particular business need you'll learn how email apps came to exist and how common functions can boost your communication and productivity you'll also investigate Storage Solutions such as large scale types of data storage data lakes and data warehouses finally you'll have a chance to recap on what you've learned and Zone in on areas you feel you can improve upon throughout your learning you'll have an opportunity to apply appy your knowledge through interactive exercises and real world examples assess your progress with knowledge checks and a practice exam all this prepares you for the Microsoft exam sc900 at the end of this program giving you a career stepping stone in the right direction good luck as you start this exciting Learning Journey this course can help you jumpstart your career whether you're new to the field or just wanting to refresh your knowledge as a seasoned professional as technology evolves and becomes more robust with security protocols hackers also become savier in their Cyber attack methods by taking advantage of technological advancements businesses are required to increase their security measures to secure and Safeguard their information devices and assets because of this sought after professionals such as cyber security analysts cybercity engineers and security Engineers are in demand to actively anticipate detect and mitigate cyber attacks or system vulnerabilities are you intrigued by this career field and wondering how to get started let's meet a few candidates and explore their career paths and how they got started Alex is currently a successful customer service representative at a call center she is a high school graduate and is well vered in Microsoft 365 applications she's also upskilling herself with macros and Visual Basic for applications to automate some processes in Microsoft Excel Alex's natural career progression is to move to a managerial role where she can receive promotional benefits and a salary increase however Alex has her sight set on moving to an IT role within the digital technological industry she has identified cyber security as interesting and her research has confirmed that specialists in this field are in demand she favors the career of a cyber security analyst it'll allow her to help protect a company's Network and assets including hardware and software from cyber attacks she'll be responsible ible for staying AB breast of cyber Trends within the threat landscape and identifying suspicious behavior that may threaten the company's confidentiality or damage the devices her plan is to focus on gaining qualifications in this area which will allow her to begin applying for entry-level cyber security jobs Alex is a beginner but has already mapped out her career and certification path with a view to getting ahead Alex has enrolled in the Microsoft cyber security analyst professional certificate which began with the introduction to computers and operating systems and security she enjoys self-paced learning because she works shifts in her current job once she has completed the sc900 exam she will begin applying for jobs as a junior cyber analyst Alysa has worked as a clerk in the motor vehicle sector for four years and security of information is part of her work-related tasks she became interested in it related issues when an online website that she subscribed to suffered a data breach as a result she has become conscious of how her personal information is gathered stored and used online Alysa wants to know more about cyber security in hopes of understanding and assessing how security is handled by online companies that she deals with she would also like to be able to protect her own devices prior to enrolling in the Microsoft cyber security analyst professional certificate program Alyssa completed several in-house workshops on data protection and data security upon completing the sc900 exam she has a deeper understanding of the threat landscape and how to mitigate risks against cyber attacks through this program she has extended her Professional Network with the relationships she has developed with her classmates during these courses Alysa has also been promoted to her company's in-house security engineer where she maintains all the computers and networks against suspicious cyber activity in her private capacity she's continuously broadening her skill set to to not only identify suspicious cyber Behavior but to create protocols and software that defend the business against cyber crime as the business expands Alyssa hopes to be promoted in the future to security engineer manager and expand her team through the recruiting process you may find yourself in a similar situation to Alyssa deciding to change careers can be daunting Alyssa found the change rewarding so taking the step can lead to you being instrumental in identifying a need in your current workplace and pioneering a new role that is mutually beneficial and fulfilling for you and the company Josh would like to Advan his career he graduated with a masters in computer science Josh has more than four years working as a software developer he wants to add new credentials to his portfolio and expand his expertise Beyond software into cyber security Josh aspires to become a qualified cyber security engineer based on his research of the role he feels that his attention to detail and inclination to problem solve would stand him in good stead a cyber security engineer develops and implements security systems they monitor and evaluate an organization security measures to protect their data from cyber attacks or unauthorized access some of the day-to-day tasks include performing security assessments and audits crafting solutions to security vulnerabilities and investigating cyber criminals and threat models if this describes your ideal workday then this is the program for you Josh completed the series of courses in the Microsoft cyber security analyst professional certificate program as well as the sc900 exam he is actively pursuing his cyber security career by ear marking his next Microsoft security certification program in his Learning Journey congratulations on taking this first step toward a career in the cyber security field by the end of this program you'll emerge with a stronger Foundation knowledge and you'll be able to make more informed decisions about where to proceed next some additional links to the various Microsoft certifications are provided at the end so that you can explore them in more detail good luck imagine that you have decided to take steps to improve the security of your home what options do you have available you could reinforce the locks or install a gate perhaps you could set up a camera system to monitor your property so which is the best choice well before deciding on a solution you first need to consider the threats that you are most likely to face similarly cyber security threats exist in many forms and the first step toward implementing effective safeguards is to better understand the types of threats that are out there in this video you will become familiar with the threat landscape what it is and how it can potentially affect you you'll be introduced to several Concepts that we'll be explored in Greater depth later on on completion of this video you should have a highlevel understanding of the threat landscape and how it has changed over time you'll also be able to describe the manner and environment in which cyber attacks take place to illustrate the importance of these Concepts let's examine them from the perspective of the local ice cream shop Sam Scoops with a recent surge in popularity the shop is struggling to keep up with phone and email orders Sam has been advised to use business software to manage these tasks but she knows little about the options available she is also wary of taking any operations online because of security issues associated with the threat landscape let's first break down what is meant by threat landscape this is an all-encompassing term that refers to three major areas which are all potential vulnerabilities of an application the attackers that may be targeting this area and the attacks that are used traditionally threats to a business include Intruders accessing a physical location and removing items of value but as you may know a large volume of business these days takes place online with this trend new threats and attacks begin to manifest the resources being guarded become less distinct as companies had to care for physical damage or theft as well as guarding information and access to a company's digital infrastructure during this transition there was a clear distinction between internet which is the internal Communications of a company and internet or the worldwide connected web companies and individuals would typically set a firewall to guard important internal resources a firewall can be defined as a block or filter that prevents some external items from entering a system this firewall was placed at the Gate of a company's digital infrastructure and much like a security guard prevents any potentially harmful elements from entering threats of note would include malware which is software intended to cause harm or Discord ransomware which prevents an organization from accessing its own applications denial of service which bombards a system with requests so that it cannot respond to legitimate digital requests and spam related activities these attacks are typically clicked or triggered and access a company's internal system to prevent this a firewall limits the content that is allowed to enter however the threat landscape has further evolved as an increasing number of individuals work from home this added to the complexity of Defending a system due to the need to increase the level of external access that is required for remote work the proliferation of remote access tools which allow workers to access an organizations's Network content from outside and the practice of bring your own devices has drastically expanded the threat landscape reducing the efficacy of firewalls and giving potential attackers far more scope for infiltration much like the security guard mentioned earlier firewalls typically relied on their being a limited number of entry points defensive strategies have evolved to identify past attack patterns and develop Solutions based on them however cyber criminals have evolved with these approaches to continue gaining illicit access some Modern approaches don't even require a direct vulnerability to exploit but instead attempt to harvest personal data on an individual this stolen data is then used to spoof or imitate their identity and then gain access through legitimate channels you've observed that the nature of accessing Network changes regularly which means that potential attackers look for new vulnerabilities to exploit and new security strategies must be developed as a result as you progress through this course you will learn about these approaches and many more including both offensive and defensive techniques in this video you have learned about the threat landscape and how it has evolved over time this includes being aware of how defensive and offensive actors are constantly competing with one another another to construct and deconstruct security initiatives designed to secure digital applications if you have any online accounts such as those for email or social media then you're no doubt familiar with the practice of setting a password for each one that is used to log in to save yourself some trouble perhaps you've developed the habit of using the same email address and password across several different accounts while this creates convenience it could also increase the risk of unauthorized access if you're not careful with your choice of password in this video you will learn why strong passwords are so important with any online account you'll also discover the potential consequences of weak passwords and how a breach of one account can present a linked threat to other accounts to help illustrate this threat let's check in on Sam Sam has been building a social media presence for Sam Scoops by creating accounts with different social media providers along with a personal email account Sam also has a work email that she uses to take ice cream orders and field questions from customers with so many different accounts to keep track of Sam has opted for easy to remember passwords so they are not forgotten like many people Sam's Logic for coming up with a password involves tying it to personal data like a birthday or something that is Meaningful to her like a pet's name Sam does not want to lose access to these accounts or go through the password reset process so keeping it simple seems to be the best option for her Sam has chosen an email address and password combination for each social media account she knows that it's a good idea to have different passwords on each account so to keep it simple she adds a number at the end of each one to make them a little different Sam is happy with this approach of using different passwords and she feels confident that her accounts are all well projected however there are a couple of problems for one each password contains the name of her favorite place this information isn't known only to Sam as she talks about it often on social media and with her friends many of these details are accessible to anyone else on the platform Additionally the practice of using incremental numbers in passwords is more common than Sam realizes making it an easy pattern for attackers to pick up on this weak password has allowed an attacker to easily guess the password to gain access to one of the accounts this password has also allowed them easy access to the other newly created accounts the attacker has also tried to gain access to one of the email accounts that is used by Sam to sign in and respond to clients but this has failed this is because in contrast to her approach with the social media accounts Sam has followed a strong password policy for her Sam Scoops email account this policy requires a combination of uppercase and lowercase letters numbers special characters and a length of a at least 12 characters long however this is not the end of the attack as now the hacker has access to one of the social media accounts they can use this to send a message to one of Sam's colleagues explaining that they need a password reset link so Sam Scoops is now also exposed even though they have a good password policy any attack that results in someone gaining unauthorized access to devices services or networks is considered a security breach imagine a security breach as similar to a break-in where an intruder successfully breaks into a building in Sam's case the Intruder was an attacker and the building was an online account in this example you've witnessed how Sam was exposed on several different fronts first one of her passwords was discovered due to it being weak along with some leaving hints in her social media posts then her usage of a predictable pattern led to her other passwords being compromised finally a door is open for for the attacker to use Sam's social media account to impersonate her and potentially access accounts associated with Sam Scoops in this video you learned that using weak passwords or reusing passwords on multiple accounts is a frequent practice that puts internet users at risk of account takeover data compromise and identity theft this is already a big deal when it affects an individual but the damage can be exponentially worse when a single breach impacts an entire network or organization having a strong password policy across all of your online accounts is critical to stop these linked threats right now you're using a computer tablet or smartphone to navigate through this course despite these devices being different they function in the same way in that you can input data the data is stored and then process to produce an output a computer connects you to the digital world you use it to enjoy entertainment interact socially via social media platforms or work efficiently from anywhere in a paperless environment so what makes up a computer a computer consists of two overarching parts the hardware and the software the hardware relates to the physical devices that make up a computer it is the part that the software runs on software gives the hardware instructions on what to do and how to do it the desirable components for a gamer's personal computer PC differ from those found on a college laptop or within a tablet or phone but fundamentally there are a few key components that are involved in this video you'll unpack essential Hardware components that make up a computer the motherboard is the Hub in the form of a circuit board with slots for the components required to make up a computer when dealing with Apple devices it is referred to as a logic board following on from the motherboard a predominant item required in creating a computer is the central processing unit more commonly referred to as the CPU the capacity of a CPU is measured by its clock speed or how fast it can run the unit of measurement is called a gigahertz CPUs are typically found on integrated circuit microprocessors that contain one or more CPUs you may hear the expression multicore processors that means several CPUs are present these can be configured to tackle a job in tandem the microprocessor attaches to the motherboard and functions as the computer 's reasoning Center modern phones would typically run on quad cores quad here is a reference to four meaning there are four CPUs used for processing content CPUs have limited scope for holding memory so this is stored in the ram which stands for Random Access Memory the ram specs are important when purchasing a computer because they relate to how large a task the computer can process at one time think of ram in the same way as a human's short-term memory how many well-informed decisions can you make without referencing additional information externally such as using a book for research which takes time the more information you mentally retain at any time the greater your ability to recall information instantaneously therefore the larger the ram the quicker and more powerful a computer is typically the minimum RAM size of a small desktop or PC starts at 8 GB and increases in increments of eight 16 GB of RAM achiev most standard operations however high-end Gamers opt for up to 64 GB of RAM a tablet would typically have between 2 and 16 GB of RAM the motherboard will have unique slots where Ram fits in it is also possible to upgrade computers by buying more RAM and manually plugging it into your motherboard if Ram is associated with short-term memory then long-term memory can be related to hard drives these are additional memory sources that hold more more information hard drives come in many forms the two most common types being hard disc drives and solid state drives you'll commonly find these names shortened to HDD and SSD hard drives allow permanent storing of information and are attached to the motherboard with adapters called serial advanced technology attachment cables otherwise known as SATA cables a flash drive is an example of an SSD meaning it has quicker lookup speeds HDD is considered and older technology the final crucial element required to make a computer function is the power source large computers will require more power than mobile devices one might need 500 to 1,000 watts of power to run a computer this dwarfs the power consumption of a mobile phone it typically only requires 2 to six watts of power in this video you learned about the essential components that create a computer with reference to smartphones and tablets some of the fundament mental components discussed include the motherboard CPU Ram long-term memory storage and the power supply you'll expand upon these Concepts and learn about how software interacts with them a bit later Sam the owner of Sam Scoops is currently operating her business from a single homebound personal laptop the demand for local ice cream is continuously growing within the community there is an expansion plan for Sam Scoops that includes opening a storefront to meet the growing demand Sam realizes that getting more hands on board to meet the demands of her growing customer base means that more computer devices with adequate security measures are needed soon with Sam's desire to grow the Brand's footprint and expand the team she needs to have a basic understanding of the hardware and software requirements for Sam Scoops to operate efficiently this allows Sam to advise the team on using the technological infrastructure to create future product developments in addition Sam can implement the appropriate security measures to protect Sam scoop's employees and her customers let's join Sam on her journey to learn about computer Basics so that she'll be able to make more informed decisions about the right tools for her business this video summarizes what a computer is and what it consists of you'll gain more clarity as to what happens when inputed data is entered into a computer and the various Transformations it undergoes before it displays on the screen knowing how a computer works will set the stage for the cyber security Concepts that you'll learn about later so to start let's think about the components required to take in user input and display it on screen a computer must perform the following four tasks which are inputting storing processing and outputting information let's begin by discussing input taking input can be done through a host of devices consider how you access this course today did you do it from a laptop phone or personal computer devices used also include cameras microphones keyboards and computer mice depending on the device once the signal begins a conversion happens between the input and the storage it is sent to consider what happens when you push a key on your keyboard the key triggers a series of zeros and ones and transports it to the storage unit of your device devices communicate with software by means of a device driver so what is stored after receiving the input when a computer receives input it immediately stores the information in memory there are different types of memory available but generally it can be classified as volatile or non-volatile volatile memory such as RAM is temporary and saves data only while the computer is used items that are stored in Ram are not permanent and are sustained as long as the ram receives power this means that if the power is cut then the items are lost nonvolatile memory is permanent and data is stored whether the computer is on or off typically computers will come with some secondary memory built in for additional storage to hold items permanently additional memory is stored in hard drives commonly referred to as secondary drives it is categorized as non-volatile memory alternatively you can make use of external hard drives or USB drives so once the input data is stored it needs to be processed let's explore the processing aspect all processing on a computer is done by the CPU the CPU has two parts which are the control unit and the arithmetic or logic unit a CPU has a small memory component called a register but mostly reads information from the secondary memory it then performs the required operation and stores the result back into the memory to help you understand this process think of a CPU like a human brain the control unit receives a signal whereas a computer takes input from a mouse or keyboard the brain does so through senses like sight or touch the arithmetic unit contains Logic for how to handle the input like the reasoning part of the brain that holds math formulas you learned in school registers are like short-term memory while secondary storage is closer to long-term memory that may take more time to recall the CPU is the computer's brain where all the calculations and processes run a control unit will receive an instruction to code this instruction and then issue signals based on the results of the decoding CPUs follow cycle which includes three steps the first step is fetch here data is collected from memory the Second Step decode is where the data is interpreted finally in the execute step an action is performed based on the instructions provided memory on a bus retrieves the information a bus is a set of physical components that connects and transfers data from the memory to the CPU next the information is returned to where it is stored on the computer once the data has been processed the memory bus Returns the information for storage notice that information is loaded constantly from and to memory this accounts for much of the time used for executing a program so the last step to processing information that is displayed on your computer is the output the output reflects the final transaction in the process once the input has been received by the device and the appropriate process applied to it by the CPU it generates an output this might be performing an action streaming a video or executing a program depending on the device and its use the output manifests differently it usually takes the form of an image or a light showing that a process successfully executed an example of this is a toll booth a green light indicates that your payment is accepted to summarize a computer goes through four basic steps information is taken in through an input where the signal is stored in short-term memory before being processed by the CPU much like how the the human brain works the CPU performs a series of actions that pulls items from memory then it performs some computation and returns a result the final step is the output for humans this might be verbalizing the thought that has been processed for a computer it could be displaying a text message in this video you learned what a computer is and what it consists of you have a better understanding of what happens when inputed data is entered into a computer and the various Transformations it undergoes before it displays on screen with this knowledge you are ready to continue on your cyber security Journey think of Sam scoops and all the employees working together to ensure the business runs smoothly this might include attendants dishwashers and cashiers while their duties are clearly defined it doesn't mean that they work in isolation their tasks must be monitored to ensure that the whole team can work together without blocking each other computers work on a similar principle different components are competing for limited resources and their access to such resources must be regulated to avoid conflict this role is fulfilled by an operating system in this video you'll learn what exactly an operating system is you'll be able to explain the role it plays and how it interacts with the various software and Hardware components to create a smooth experience for the user the operating system is the software component that interacts with the hardware and software programs to provide users with a standard computer experience you can think of it as a goet that starts up the computer hardware and file systems and allows for the interaction between multiple users CPUs and tasks you can simplify the responsibilities of the operating system into three broad categories which are controlling Hardware access providing a user interface and managing files and applications let's explore each of these one at a time starting with how an operating system controls Hardware access when interacting with the hardware of a computer the operating system will communicate instructions through a device driver these are essentially small pieces of code written by a device manufacturer which allow messages and instructions to be passed between the hardware and other software to control the device most devices are installed to a computer through a plug andplay process which means that a device connects to a computer and sends a signal to the operating system the software then installs a device driver that enables interaction and stores this application settings in a central location this is saved in the registry on a Windows computer or the preferences folder on a Mac plug-and play comes from a time when all devices were physically connected but these days devices can be connected digitally as well consider printers or any device found on the internet of things that can connect via Bluetooth which are still examples of Plug and Play You'll explore the Internet of Things in Greater detail later on another role goal of an operating system is to provide a user interface which facilitates the way a user communicates with the hardware and software of a computer this interface is available in two forms one is the command line or terminal window you'll be familiar with this from many movies dealing with hackers breaking into computers command line or terminals allow for access to every part of a computer system but require the user to provide very detailed instructions often as programmer code the other type is the graphical user interface this is the most common way for users to interact with computer programs including controlling the options for the operating system it involves using a mouse to click on menus and icons to initiate programs most operating systems will provide the user with both CLI and GUI options finally let's find out how an operating system manages files and applications an application is a software program that performs a task Microsoft Excel Microsoft Word or your web browser are examples of commercial applications that you likely use every day however users can also develop their own applications which the operating system can run an application will typically have an application programming interface more commonly known as an API which determines a set of rules for interacting with the program in other words an API ensures that a program is compatible with a given operating system when an application is called for use through a user interface the operating system loads the the program from its place in memory into the ram recall that Ram is immediate storage that holds files currently in use the operating system then determines how much space and CPU power an application will be given some applications such as a word processor require relatively few resources While others such as a game with high resolution Graphics are CPU intensive and will dominate a computer's resources in this video you've received an overview of what an operating system is and the rooll plays on a computer you should now know that the responsibilities of an operating system fall into three General categories which are controlling Hardware access providing a user interface and managing files and applications by now you should be familiar with the role of an operating system and the several major types that are available but what is the specific software that people are actually using despite the many options available the modern operating system scene is dominated by just a few major competitors Each of which offer unique advantages over the others in this video you'll explore the five most popular operating systems in use today which are windows Mac Android iOS and Linux you'll become aware of the key characteristics of each one and find out how they compare with each other recall that the core function of an operating system is to allow you to access various software and Hardware components and to facilitate communication between them all there are different types of operating systems that you may encounter but all of them should fulfill this role for desktop and laptop computers the three most common operating systems are Microsoft Windows Apple's Mac OS and Linux these are primarily found on PCS whereas other devices such as phones tablets and music players run on different operating software because they have different specifications the most notable examples of operating systems for mobile devices are Google Android and Apple iOS so why are there distinct operating systems across devices generally a PC is expected to perform more complex varied and process intensive tasks as such it requires a more sophisticated operating system in contrast mobile devices typically do not have the same memory or processing capacity so mobile operating systems are tailored to instead maximize the devic's resources and utilize them more efficiently in spite of this it's wor worth noting that the processing power found in a current day phone is greater than that of the computers that were used to First send a man to the moon now that you know what the most popular operating systems are let's explore them one at a time more deeply starting with one of the oldest programs which is Windows Windows is proprietary software that is often pre-loaded into PCS as the default operating system as such the popularity of Windows ensures that developers are highly likely to make their applications compatible with this system while windows can be used with a command line interface it heavily favors a graphical user interface approach this means there is greater emphasis on pop-up menus and clickable icons as a means of navigating applications the second most popular OS for computers is Apple's Mac OS it is pre-loaded on all Apple computers and is also proprietary software so users are discouraged from altering the code and instead should use the software as sold as with Windows it is typically used with a graphical user interface while Apple and Windows are the systems of choice for PCS mobile devices need something else to handle their unique needs so let's move on to those next first is Android which receives regular updates and additional features while it can be used for devices such as cameras and gaming consoles this software is most frequently found on smartphones and tablets Android is open source making it highly customizable overall Android is the most most popular operating system for mobile devices worldwide however it does have one major competitor another mobile device OS Apple's IOS is a popular alternative to Android a key difference is that rather than being available to numerous device makers it is proprietary software that is exclusive to Apple products compared to Android users have limited ability to customize the software iOS is run on iPhones iPads and iPods and is the second most widely used OS for mobile devices lastly let's examine an operating system that doesn't currently have the mainstream appeal of the previous four but is noted for playing a large role in OS Innovation an alternative to proprietary software Linux is an open-source OS for both Computing and mobile devices this means that the code is freely available for people to alter as they feel fit this has led to a large community of enthusiasts who develop and optimize many variations Linux offers a command line interface CLI over a GUI based approach while Linux is not as widely distributed as Windows or Mac it is popular for cloud computing and will likely experience growth as more people Embrace this format Mac OS is descended from Unix and while similar to Linux it is different enough that an Android app won't work on iOS Windows now ships with a built-in Linux kernel allowing Linux apps to run on Windows to now that you're familiar with the five major operating systems systems let's observe each of them in action specifically you'll witness the startup process of each one along with the interface that is first presented once that process completes in a typical Windows setup you'll begin by logging in with a password after a few moments you'll arrive at the desktop which is the main workspace and a core part of the windows GUI the bar at the bottom is the taskbar this can hold several apps at once making it easy to switch between them starting up Mac OS is similar to Windows and you'll need to log in first a difference you might notice this time around is the bar with the icons this is the dock and you can customize it to hold your favorite apps so that you can access them more quickly on the mobile side you have Android most Android devices can be unlocked with a pin or a biometric feature like a fingerprint because the software is open source the appearance capabilities and the overall experience of one device can be different from those of another this depends on how the manufacturer has altered it the other major mobile operating system is IOS which you'll find on Apple devices like the iPhone and iPad the software can't be customized as much as Android but it's well known for giving a consistent experience across different devices and finally there is Linux Linux is open- source and has a very active developer Community which means that it takes on many forms one of the most popular versions for cloud computing is Ubuntu this is because cloud computing relies on resources that are stored online and Ubuntu can access these Resources with both speed and Security in this video you've become familiar with the five most popular operating systems for both computers and mobile devices you should now be aware that Windows Mac and Linux are the most common programs for desktops and laptops while Android and iOS are the dominant software for smartphones and tablets well done on completing introduction to computers and operat in systems and security before you continue let's recap on some key takeaways after familiarizing yourself with the course learning objectives you began with an introduction to the threat landscape here you learned about how cyber attacks occur you can now describe current Cyber attack statistics and Trends and explain how unauthorized access gained has a huge impact on multiple devices or domains you discovered that the threat landscape is broken up into three distinct areas the vulnerabilities of the application the types of attex used and the perpetuators of the crime next you are introduced to Computing devices and discuss the basic components that make a Computing device whether it is a laptop desktop or mobile device it requires some basic components let's recap on four of these components the first component is the central processing unit or CPU it is often referred to as the brain of the computer where the computation is performed the second component is ram ram is a plug and play addition to a computer that stores information can you imagine if you had to relearn every task when you woke up every morning Ram ensures that the computer can recall and recollection is a core requirement for intelligence you then learned about input and output devices this is crucial to a computer because it takes in the input decodes and processes the data and displays an output the final component is the motherboard which en a the operation it does not actively take part in computation but it provides a hub through which all these components interact and generate the desired output you broadened your understanding of computers by unpacking the difference between hardware and software remember that Hardware makes the physical device operate and software gives instructions so that the hardware knows what to do and how to do it it's an interdependent relationship that allows you to interact with your computer finally you focused on operating systems which provide the directions that are sent to the hardware they configure applications so that they communicate efficiently with Hardware devices you examine several major operating systems including those specific to computers and to mobile devices then you explore the two main categories that the software generally falls into which are proprietary or open- Source you should now be better informed about how to choose a suitable operating system for a specific business need recall the three key responsibilities of an operating system it controls the access of Hardware that is connected to the device physically or digitally it provides the interface that enables you the user to communicate with the computer's hardware and software specifically the interface is a command line interface or a graphical user interface and it manages files and applications by allocating suitable system resources as determined by an API now that you've completed the introduction to computers and oper operating systems and security you have a good foundation to navigate cyber security further you are well-versed in both computer Basics such as Hardware software and operating systems you've also gained insight as to where the cyber security threats might come from and how to mitigate some of these threats you then further learned what a security breach entails and why it's potentially harmful for your business nice work do you remember a time when you were rushing to complete a task for a deadline and at the last minute something unforeseen happened which interrupted your progress perhaps you were uploading important information and your internet connection dropped do you recall working on your computer where you saved all your confidential or project information that you've been tackling for months suddenly your device gave in leaving you frustrated and panicked because you're held accountable and there's no recourse to restore your data imagine the impact on an Enterprise when a large volume of data is lost there are solutions to avoid the devastation experienced in situations such as these system fail safe protection forms part of Enterprise systems and Security in this video you'll establish the relationship between system fail safe protection and server storage and backups specifically you'll find answers to questions such as what computer environments will an application run on are their backups and what maintenance and patching policies are employable let's begin by discussing servers a server is considered to have several meanings and various roles in relation to computers predominantly a server is a piece of programming code that provides services this can also take the form of computers on a computer network additionally it can be defined as a computer dedicated to running programs there are various types of servers but let's unpack the two most common ones web servers and database servers a web server is a computer that is dedicated fulltime to hosting web pages the internet is made up of many computers acting as web servers connected with the appropriate ports and protocols it can be a single web page of a small business running on a personal computer or a large multinational company hosting thousands of pages nevertheless it is all interconnected and accessible to everyone an unfavorable expression that you may have encountered is the server is down this means that the computer hosting the web Pages for a company or an individual is no longer accessible and the service has ceased soon you learn some cyber security best practices that will make this expression less likely to come up another type of server is a database server a database server is a machine that is dedicated to storing information it is connected to a network and accessed when stored data is required before continuing let's observe a scenario that involves storing data for a business Sam is considering the storage needs for Sam Scoops here are some important considerations when assessing storage needs and requirements one is durability good questions to ask when assessing durability is will it last and what is an acceptable period of time to measure durability another is scalability does it fit the data needs of the business or does your storage solution adjust accordingly as the business need grows next availability concerns how readily available the data is and when it is needed lastly consider security how safe is your data ultimately Sam wants to ensure that the essential data needed to run Sam Scoops is kept safe this means potentially duplicating the data and storing it in a secondary location this process is known as creating a backup it is good practice to exercise when running a business with the scenario in mind let's explore storage when a server goes down the server hosting your web page is unreachable this may be due to a technical error like losing an internet connection or an issue with the computer hosting the server recall that memory is either volatile or non-volatile in the instance that a computer no longer runs any data stored in volatile memory is lost therefore it is vital to create a backup and save your memory to secondary storage regularly additionally your server may require large amounts of data to satisfy requested tasks Ram is a short-term solution and its storage and memory retention are quite limited when faced with this issue a business can address the problem in two ways the first option is to physically acquire more storage through what is known as direct area storage or Das Das involves additional secondary storage devices that physically connect to the machine accessing it some examples include solid state drives or hard disk drives along with flash drives and Legacy devices like floppy discs and DVDs Al alternatively another option is to make use of cloud storage some major cloud storage providers include Microsoft Azure Amazon web services and Google Cloud platform cloud computing works on the same Principle as a home database server except it is done on a larger scale with potentially unlimited data restrictions available the only limitation is that there is a cost attached to cloud services so Sam can back up important data regularly by either exploring the D route with a physical installation or investing in a cloud storage provider in this video you discovered that a server can take many forms you are familiar with the internet model that is made up of web servers a database server however can act as a database for your business you also learned that it is good practice to keep duplicates of your information by creating backups that run periodically this protects your information if anything happens to your primary data set and allows you to restore an earlier version when you work on any document are you aware of how often you press the save button perhaps you are quite diligent and make an effort to save your work on your local machine regularly Sam the owner of Sam Scoops is still experiencing a massive demand for ice cream in the community business is booming and she is so thrilled the team's hard work is paying off however this rapid progress in business sales also presents the challenge of more administrative tasks she diligently saves her inventory documents often despite her efforts an unexpected problem has caused the main computer to stop working resulting in it being sent off for repairs Sam Scoops didn't account for this hurdle and stress levels are high with the pressure of keeping up with the local demand the repair technician confirmed after assessing the main computer that recent data cannot be recovered but has proposed a backup solution at an additional cost to avoid this happening again this situ situation has caused time delays and additional expenses to fully restore operations for Sam Scoops previously you learned about some basic backup Solutions this time you'll go deeper and discover some approaches that would have helped Sam Scoops in this video you'll learn about a concrete four-step plan that ensures the safety of your data in the event of potential issues occurring in your day-to-day business you'll also start to identify suitable backup solutions for specific business needs when it comes to recovery you are only as good as your last backup Sam from Sam Scoops is working on a project using Microsoft Word Sam checks the autosave feature when working on word minimizing information loss due to unexpected shutdowns suddenly the battery unexpectedly quits how much data is safely stored only the information written before the last save is still there saving the information is a form of defense against an unexpected program shutting down however if the issue is that the laptop is lost or damaged saving the data may not be enough in this instance Sam ideally should have used an external hard drive USB stick or some form of online storage such as cloud storage only then with the information relating to the daily activities of Sam Scoops be safely backed up physically separating a backup from the original file makes the most security sense consider the scenario where a computer storing your information is physically damaged with a backup up the information is recoverable think back to a database server solution using a database server to keep your company's information ensures that the information isn't lost if something happens to your primary storage the best practice is storing backup data off site giving you excellent protection so that you have an alternative way of accessing it practicing the following four steps protects your data from unexpected shutdowns technological failure and malicious cyber activity let's begin begin with step one replication This concerns copying data from one location to another it's like the autosave function in Microsoft Word that keeps recoverable near realtime copies of your information step two is snapshots a data snapshot is a regular save point throughout the day it's good to implement a policy to schedule automatic saving of all your business information the third step involves daily backups in addition to regular snapshots it's beneficial to store your information in a second location that is not on your premises therefore saving to the cloud means that any incidents your business potentially suffers stops at cloud storage here additional safety checks are also carried out the final step is what is known as the 321 backup strategy the 321 backup strategy is regarded as the most effective backup route and relates to creating your backups if the information is particularly important why not create three snapshots of the dat data this is exactly what the 321 strategy is use two different formats such as locally on your computer where you create the information as well as on your data server ideally one of these copies is kept off site this way the essential information used to run your business is always protected it's important to note that different data have different levels of importance so implementing the 321 backup strategy may be considered excessive however many recent Cyber attack strategies include removing the legitimate owner's ability to access their data instead of deleting it allog together you may face technical obstacles when deciding on the appropriate backup approach this is often daunting the good news is that throughout this cybercity Learning Journey you'll witness several implementations and strategies that you can use in your business it's also worth noting that when you deal with other people's information there is an element of trust the customers of Sam Scoops Trust trust that the necessary due diligence is carried out to protect their data and provide a timely service think of it as an unspoken service level rule between customers and service providers in this video you learned that protecting data is a significant commitment that any business owner commits to Additionally you unpacked backup solutions that regularly save data ensuring it is safe with a quick recovery feature these backup Solutions allow you to assess your backup needs and implement the appropriate solution you also learned four practical steps that protect you against unexpected device shutdowns technological failure and malicious cyber activity if you've ever gone shopping for computers you've no doubt noticed the wide range in prices across machines that perform essentially the same tasks so why would anyone pay more well beneath the similar exteriors are components with vast differences in power and capacity and sometimes distinct specialized Parts entirely depending on the task choosing a computer with capable specifications is critical for achieving solid performance earlier you were introduced to the various components that comprise a computer recall that this includes Ram a CPU a motherboard and various input and output devices Additionally you learn about different operating systems and how they are used to interface between the user and the Machinery you then expanded this knowledge to includ the concepts of servers and storage now that you are familiar with each of these individual topics it's time to combine them and find out how they work together to make up Computing environments in this video you'll learn how to distinguish between personal commercial and cloud computing and you'll be able to describe the general usage scenarios that each one is best suited for currently Sam uses computers to answer questions and fulfill orders sent through email she's aware that changes will be NE necessary to handle the higher volume as they gain customers however Sam is unsure which direction to take and has asked you to help Define the differences between the computers that people use at home and those used by businesses let's begin by defining and comparing personal and Commercial computers as you may have guessed by the names personal computers are typically intended for individual use while commercial computers are more likely to be the choice of businesses and organizations put simply the primary difference between the two comes down to size and processing power but let's explore why this is and what it means in real world use for a typical person using a computer at home activities are confined to web surfing editing documents watching videos and running a few applications with a few exceptions these activities do not consume excessive Computer Resources so there is no need for top tier components in contrast commercial grade computers are expected to handle more significant tasks that usually require more memory and greater CPU power depending on the nature of the business there might also be a need for graphics cards or other specialized Hardware components to perform the business need thus while a single core processor may be sufficient for personal use commercial computers may require a quad core to handle processing and networking with other computers the larger workloads on Commercial computers might also demand more durable motherboards circuitry and casing leading to a higher cost than for the same Parts on a personal computer however note that commercial Computing isn't the only option for companies these days while commercial computers were the business Norm for many years the rise of high-speed internet and online data storage have enabled another type of computing environment cloud computing this has gained popularity as a solution due to certain advantages when it comes to scalability and reliability among other benefits that you'll learn more about later the main difference between commercial computers and cloud computing is the location but before you explore what that entails let's take a step back for a moment while personal and Commercial computers have their differences as you recently learned the fundamental processes they go through are ultimately the same both types take input access stored resources process the input and store or return the result however how these ends are achieved differs from a traditional in-house commercial setup and cloud computing let's find out how that is the input types are common to all three approaches a keyboard mouse touchscreen or another input device used to take input which is then loaded into the Ram with personal and Commercial computers Ram can be stored on the machine taking the input or the task may be sent to an in-house application server in cloud computing however this input is sent using an online Network to ram on the cloud consider what you previously learned about servers and how a computer can be dedicated to just running appli applications or storing information cloud computing is a server dedicated to processing storing or running data and applications the fundamental difference between cloud and traditional on premises or personal computers is that the hardware that performs these actions does not need to be purchased instead the business requests an online Network to perform a task the results of which are stored or returned from an external site there are different Cloud models that are used to make this happen which will be covered in detail later in this video you learned about the key differences between personal commercial and cloud computing environments you discovered that while each approach handles input storage processing and output differently the core components that perform these operations are the same you also learned how these approaches apply to different usages specifically you found out that personal computers rarely require massive computation and smaller less power intensive Parts can be used an on premises business can expand its size using servers and more heavy grade Hardware Distributing tasks on local application servers and finally a cloudbased company can utilize the industrial grade components found with cloud computing utilizing the internet you were recently introduced to the methods used by businesses for handling Digital Data specifically the on premises approach that utilizes local physical hardware and cloud computing which uses the internet to push those duties to external parties you also already know about the potential cyber threats faced by an individual computer user and how to safeguard against them but what happens when the data of an entire organization is at stake by the end of this video you'll come to understand the security issues that concern both on premises and cloud-based Computing environments you'll also leave with a stronger grasp of the measures that are taken to improve security within each approach previously you became familiar with the traditional methods for implementing Security on home computers every personal computer being used to access this video has a firewall filtering the incoming traffic to ensure no malicious code is allowed in which could cause the computer to perform in ways contrary to the user's expectations every computer also runs antivirus software designed to detect and remove any malicious code that does make it through these same principles of preventative and responsive measures extend to commercial computing both traditional and cloud-based however the implementation May differ due to the particular challenges of each approach fundamentally the steps are the same stop unauthorized access limit mobility within a system once accessed and employ a backup strategy that will help recover from any damage done through unauthorized access to a system although both approaches to running a business Target the same goal there are some differences in how these steps are carried out let's find out what those are starting with traditional Computing recall that traditional Computing keeps the Computing infrastructure of the company on premises this means the data does not have to move across different internet lines to be processed and stored this can be highly beneficial to companies that operate under strict regulatory requirements the software used to maintain this data is also behind the traditional on premises security measures so they offer greater protection so if an attacker manages to gain access to a company's internal operations they will have to overcome the internal measures implemented to reduce unauthorized access on premises housing also means that security is physical unlike virtual protection on premises security must ensure the physical well-being of the computers being able to access the hardware physically could allow an attacker the opportunity to upload some malicious code typically a business will guard against this through security guards worker ID cards segregated section access and good sturdy locks further measures may include security cameras and tracking software on the computers in contrast with cloud computing data protection Duties are outsourced to a third party and as such the company will have less control over how it is protected you'll later learn more about the specific breaches fallouts and other dangers that this can leave data more vulnerable to some might argue that the security measures implemented by these multinational providers would require more work to replicate on premises But ultimately the level of security is only as helpful as the measures implemented establishing good policies and procedures is vital regardless of how large the lock guard in your door is it is only useful if the building is secure this principle is true when applied to on-site security and cloud-based security alike access to cyber infrastructure is gained through gateways this means the first step in protecting data is monitoring traffic all incoming traffic is vet before it can access the system next an organization will consider managing the end points an endpoint is any destination from a communication Channel common organization endpoints could include mobile devices desktop computers virtual machines which can be thought of as Cloud desktops servers and embedded devices or any specialized devices needed for executing the business needs as noted a physical measure for protecting a business is providing authorization cards for employees cleared to be in a given area so how can such a policy be enforced in the absence of physical locations within cloud computing that can be done with the Cyber equivalent of this practice which is known as identity and access management or I am Microsoft's Azure a popular cloud computing platform can provide all the cloud-based requirements a business may need Azure has a dedicated IM am called active directory which ensures that access to specific documentation and services is only given to the appropriate people you'll explore how this is implemented later on such management methods are crucial to protecting a business's digital assets because it's not enough to only monitor who gains access there must also be a means to control what changes they are allowed to perform finally one of the strongest measures a company can employ whether on premises or cloud-based is to provide Technical Training for staff knowing what dangers a company faces is half the battle of avoiding them so a well-trained Workforce is key to organizational Security in this video you are made aware of some security concerns faced by on premises and cloud-based companies some of the highlevel concepts you were introduced to include how to access company resources what movement is allowed to a person once inside and the various end points that a hacker might attack why are updates necessary this is something that Sam from Sam Scoops always wondered about but didn't pay close attention to Sam Scoops is flourishing with the sudden growth it's experiencing in the community Sam knows that the envisioned expansion of the business is achievable if the company continues this path of success as it stands the workload has increased so much that more hands and additional devices would make life easier while working at such a fast pace Sam makes a common Mistake by postponing the computer updates to a less busy day however so many days have passed and they not not that the computer software is slowing down in addition and unexpectedly Sam receives a notification a day later asking for a ransom to release the business's confidential information if Sam doesn't comply and pay the ransom the Cyber criminals will delete everything on the computer and begin targeting customers hopefully you've never experienced a ransomware attack like this even if you haven't you should ask yourself a question is your device currently up to date or are you vulnerable to a cyber fiber attack in this video you'll unpack what maintenance and patching are and why they are essential in reducing vulnerabilities software updates take an existing piece of code and alter it motivations for this include adding and improving functionality addressing and enhancing a security related element and removing bugs that affect how a program operates let's begin by learning what patches are patches areer newly identified shortcomings or dangers in existing software they are small pieces of code that only modify the target area without impacting the general function of an application the code deployed is never perfect over time incompatibilities or issues are identified if the issue is determined to pose an immediate danger to a system then a patch will be issued to address the issue immediately later at a scheduled update a more permanent solution will be deployed there are two categories of patches first a bug f fix patch is when an issue is identified with the code and the patch temporarily covers it the second type is a security patch it is when a vulnerability that can be exploited for malicious intent is identified a security patch is then issued to make the software more secure patches can be very useful because they either enhance existing software or make it more robust against attack so where does maintenance fit in while patches are designed to prevent and mediate issues with code maintenance is defined as all the changes made to a code after deployment this includes all the patches and updates an update contains security and quality revisions and significant feature additions and changes maintenance is done during special maintenance windows and can include a scan for any malware and viruses a patch is further distinguished by how it is implemented a Hot Patch is an alteration to the code that does not require a system reboot a cold patch requires the system to be rebooted before the update becomes active understandably this can disrupt operations regular maintenance avoids or eliminates the need to repair an item patches and updates are the processes by which software is maintained and enhanced by companies some individuals however choose not to implement patches based on the conclusion that if there is no issues then why issue an update alternatively a user may be engaged in a task and the update requires restarting the machine so they are often tempted to put off implementing the patch generally updates relate only to functionality but it is important to implement them because some updates include patches that have security related Elements by updating regularly your device will be less vulnerable to cyber attacks let's examine the following use cases where users were vulnerable to cyber attacks because they put off their update installations in May 2017 a ransomware attack called wac cry affected millions of computers this attack exploited a shortcoming of Microsoft devices it resulted in encryption software being installed on these devices the information was held for ransom by the attackers one a cry is an instance of a zerod day exploit this is an attack done on a detected unknown flaw in a type of software there's no prior knowledge of the flaw and therefore no defense to fight against it so Microsoft urgently released a patch to close the loop that allowed unlawful access to prevent similar future cyber attacks it's important to note that the patch closed the Gateway that the Cyber criminals used to enter the system it did not lead to a decryption of the affected software initially affected users were forced to pay the ransom or to accept the data loss on their computers you may have heard of another virus called Peta that exploited the same vulnerability computers affected by Peta were systems that were vulnerable because they did not download and install the Microsoft Pat so think twice before putting off your update installations in this video you learn to differentiate between patches and maintenance and why it is essential in reducing vulnerabilities you now realize that an update might relate to adding features or performance related pieces of code you learned that a patch is designed to address a shortcoming or security risk remember that an update may include a vital patch so paying attention to updates is always advisable patching is a computer practice that is as old as computers themselves in fact the term patch dates back to a time when Computing was performed using Punch Cards a programmer would Mark the code on stiff paper through a series of holes or punches updating or changing this code entailed removing certain holes which was done by placing patches in their place and so this practice of identifying updates as patches remains in use today applying patches and updates is an essential routine for ensuring your application's longevity and safety users sometimes view update notifications as unnecessary and choose to ignore pending updates however doing so carries some risks in this video you'll become familiar with the primary benefits of patches as well as some of the negative aspects that may deter users from committing to them to begin let's consider some of the advantages to accepting patches and updates when a vulnerability is discovered in an application the developer responds with a patch to mitigate the risk of infection however announcing the vulnerability does mean that both good actors and bad ones become aware of its existence the fact that the patch exists is a reason to apply it because the issue is now also known to potential hackers patches can also prevent breaches that expose sensitive data a company's reputation becomes severely damaged when they cannot protect their customers information so a patch helps to mitigate potential breaches when vulnerabilities become known and keeps the company in high regard keeping devices up toate helps to prevent other devices on a network from becoming infected if a seemingly minor device on your network is attacked then patching it could potentially seal a Gateway through which more important systems are impacted even when vulnerabilities aren't an issue patches are often developed to fix bugs or other flaws in a system that might affect performance and to prevent system crashes and periods of offline activity that would halt productivity keep in mind that updates aren't limited to addressing vulnerabilities or fixing things that are wrong there are other reasons why you might want to add patches for example they ensure that your system stays compatible with contemporary software which itself is being updated constantly with all these benefits why wouldn't a user want to install all updates that become available well they are often viewed as a disruptive procedure and may also result in unwanted changes to an application or workflow let's observe some of the specific difficulties that are frequently brought up for one a business may need to take a critical system offline to perform an update this can hinder the operations of a business significantly so some companies are understandably hesitant often necessary updates are scheduled for appropriate times that produce the least impact there are also concerns of how an update can make a familiar working environment unfamiliar by changing the layout or removing previously used elements some patches also add functionality that is not required and may even degrade the performance of other features some users become reluctant to accept updates due to poor experiences that change the interface in a way that was undesirable finally there are worries about effects on productivity for example a system may experience lag or require a restart to implement the patch this in turn slows or halts any other activities in progress which deters many users from implementing a patch the very Act of installing an update can also break the flow of concentration if a notification appears at An Inconvenient time and deferring once or twice can quickly build into a habit in this video you were introduced to some of the pros and cons of accepting updates and patches some of the inconveniences include breaking the flow of your work temporarily having to take your system offline and potentially changing layout or otherwise altering the flow of a once familiar program however most users would likely agree that the advantages of implementing updates outweighs the inconveniences namely the lowered risk of attack increased safety for other devices on the network elimination of bugs and flaws and improved performance and productivity in the long term congratulations on finishing Enterprise systems and security during this time you've been introduced to many new Concepts relating to the use of commercial computing setups and how to keep them operating safely before you move on let's briefly recap the most important points that were covered you first explored the ideas of servers storage and backups and how these are utilized to minimize the risk of data loss you learned that these Concepts together form a system fail saake for Enterprise setups to be more specific the servers move and store data on the network while storage is used to hold duplicates of that data that come into play if the original data is lost or damaged or when internet connection issues prevent communication with the servers you discovered that as a general concept servers are a component in the client server model in which a client sends a request for a service and the server responds by providing that service common types of servers include web servers that host web pages database servers that store information and print servers that handle requests sent to a printer these various roles demonstrate why it is critical for a business to keep their servers running when it comes to storage you learned about several key considerations for choosing a suitable solution these include durability or the length of time that the storage is needed scalability which concerns the solution's ability to adjust as the business's data needs grow availability or how readily accessible the data is and security which relates to how safe your data is against unwanted access you found that backing of data is a practice ice that takes planning and maintenance depending on the nature of the business you'll need to decide on factors such as the storage format to use and the extent of data to backup fortunately you are made aware of a four-step plan that applies to many situations this plan involves replicating data taking regular snapshots performing daily backups to off- premises locations and following a 321 backup strategy next you learned how to distinguish between different types of computing environments you discovered that personal Computing relates to individual users at home who generally don't require powerful components while commercial Computing typically needs more memory and processing power to handle larger scale tasks commercial Computing was also further divided into a traditional on premises approach in which all Computing infrastructure is contained in the same location or a cloud-based approach that moves most of these components online you are made aware that the security strategies for both approaches adhere to the same principles of preventing unauthorized entry limiting mobility within the system and mitigating any negative impact resulting from a breach however you also found that the methods for implementing these strategies different due to the distinct ways in which access is handled within each approach for example you found that the concept of a firewall applies differently for cloud environments than it does for on premises environments whereas an on Prem firewall only needs to monitor external traffic that tries to enter the system the distinctions are less clear in a cloud setup in which many system resources may be outside of the system finally you were introduced to the practice of patching which applies updates to software for the purpose of adding or improving functionality enhancing security or getting rid of bugs you learned that because this maintenance is typically performed on software that is in use it needs to be done carefully to minimize impact on the operations of a business you discovered several approaches for accomplishing this including corrective maintenance that deals with bugs or vulnerabilities before they become a problem routine maintenance that manages applications on a regular schedule to keep them up to dat and predictive maintenance that takes action based on signs of impending issues going a bit deeper you also found that detection of vulnerabilities happens through several types of testing such as Network testing to identify if open port reports can be accessed by unwanted elements penetration testing to determine the strength of a system security and vulnerability verification to assign scores that correlate with the level of Risk by completing Enterprise systems and security you should now have a stronger awareness of the many points for consideration when it comes to protecting a business Computing environment and the data that it holds more importantly you understand the guiding principles of strong security and know several best practices can Implement to minimize risk well done with technology today and the fierce competitive market how efficient is a business that persists in using a paper based system Sam from Sam Scoops realizes that business growth includes revisiting processes and investigating ways to become operationally efficient with many tasks still carried out on paper the time spent doing this can be time spent Elsewhere on longer days under increased pressure s's noticed that sometimes mistakes are made when undertaking tasks manually she's ready to consider Which business software applications would benefit the business by Saving Time and minimizing human error in this video you'll begin differentiating between a business need and business software you'll explore different types of software applications with common business functions a company's business need relates to all the business requirements including achieving the money-making aspect of a company in other words it's all the software and services used to execute business functions specifically these needs include financial analysis and growth customer management and Analysis increasing Revenue payroll management product development and financial management the business function relates to a specific task it executes for example within Sam scoop's ice cream shop these are aspects related to running the business such as hiring and paying staff order ERS communicating with customers and providers maintaining inventory and marketing business software consists of applications that help businesses reach their goals this is either existing or generic software packages for certain aspects of the business need or a software package that is customized to a company's needs for example Sam Scoops may require software that will allow them to take orders online organize a timetable schedule deliveries and manage customer in voices some activities are General tasks like bookkeeping and invoice generating and others involve software designed specifically for a company such as customer relationship management or CRM so what is CRM software business applications originate from CRM systems it began with a process for managing a customer's interaction with a business this interaction comprised of providing software to enable communication between the company and the customer manag managing the software and providing detailed analysis of the information gathered about the interaction the techniques and tools benefit various departments including Human Resources Marketing sales and financial reporting these services are called line of Business Solutions and enterprise resource planning essentially line of business is a set of products that Services a specific business need enterprise resource planning is management software that integrates processes through a central system business software can refer to a single application such as a word processing program it can also consist of a combined service with many individual Solutions such as a collection with word processing spreadsheets and presentation software let's explore some of the ways in which a business software package might benefit a company especially a small one that needs to be mindful of its budget imagine for now that Sam has decided to purchase some software to help perform daily tasks at Sam's Scoops she only wants applications for creating invoices keeping track of financial records and creating marketing material however she notices that business software collections always seem to have programs that she doesn't currently need such as applications for payroll management fortunately many businesses from small ones to large multinationals are using cloud services for access to their modern solutions these Solutions offer different packages for different needs which are available at multiple price tiers this means that Sam isn't stuck paying extra for software she won't use the rise of cloud storage for businesses gives Sam even greater flexibility for example instead of paying a high upfront cost for a large local storage device she can pay less for lower capacity online storage this way Sam can pay only for the space she needs immediately and can expand the capacity later on if necessary many business software Solutions provide integrated cloud storage making this entire process even more seamless in this video You' have been introduced to various business software applications you now understand what business needs are and that it extends beyond the services a business provides it also includes all the services needed to enable a company to execute this such as sales marketing and payroll you can confidently identify the operations that some crms provide and you explored how bus business software packages come in multiple forms that cater to both large and small businesses Sam Scoops is constantly evolving the success of the business is steadily growing and the need to continuously evaluate internal processes is vital Sam acknowledges that some improvements to better daily tasks are necessary she also finds it difficult to manage the ice cream shop operationally and Implement changes however Sam has decided to give the recommended software applications a go to complete your daily tasks previously you engaged in an exercise where you began to apply your knowledge of software applications in response to business needs in this video you'll examine how business applications are beneficial and can be used in everyday business tasks you'll form the big picture of the role and importance of these system applications through the use case of Sam Scoops Sam wants to create a menu for Sam Scoops to do so Sam decides to use Microsoft PowerPoint this is a good choice because PowerPoint has built in templates to choose from this will cck down on the time it would take to design a menu from scratch so Sam opens PowerPoint and selects the new section she then navigates to the template section to search for a pre-existing design that can quickly be adapted Sam settles on a template with clean appealing design and proceeds to populate it with the names of the Shop's ice cream flavors Sam then personalizes the menu into something that suits the Sam Scoops brand this is easily done by replacing the fonts colors and images next Sam searches for a way to convert her static menu into something more exciting such as a video she intends to play the video on the screen in store after spending some time researching she discovers that PowerPoint has the option to animate the onscreen elements of her menu and Export it in video format with that Sam has completed two tasks in one sitting using one software application this has not only saved time but also avoided additional production costs to create the video next Sam needs an immediate solution to creating customer invoices Sam realizes that Microsoft Word has built-in templates so she opens Microsoft Word and selects the new tab in the template section Sam conducts a search for invoice there Sam selects a template she likes and that is simple to amend the the key elements of the invoice form are there so all Sam needs to do is fill in the company details within minutes the document has been personalized and is ready for use the invoice is already in pretty good shape but Sam decides that rather than just display the company name in text she would like to use the logo to do so she deletes the name in the upper left corner and then inserts an image of the logo from her computer however it takes up too much space on the page not a problem she can simply resize it until she finds the perfect fit now it's complete Sam doesn't want to add these details every time she prepares a new invoice and fortunately she won't have to she can save her work as a custom template and then open it next time and enter customer information right away now just one task remains Sam has been putting off doing the budget plan for the coming month up until now she has a book logging the budgets for Sam scoops it's a timec consuming process and currently not a document that can be easily shared a budget is required to make sure that the outgoing orders match the incoming Capital without wasting more time Sam has learned that Microsoft Excel is suited for this purpose Sam opens the app and selects the new tab there is a range of budget templates appropriate for every occasion by selecting an appropriate one Sam confidently plans the budget for the coming month as with the invoice Sam can personalize the template and quickly fill it in with financial details from Sam Scoops Sam now has the data in a table but she wants to take things a step further to gather insights more easily she would like to present the same data in a more visual format she's in luck Sam can simply select the desired data and then use excel's pie chart tool to instantly produce a chart that allows her to interpret the information from a different angle in this video you examine readily available business software applications that a small business can use specifically three Microsoft business applications were used to improve day-to-day tasks for Sam Scoops by using existing templates rather than starting from scratch the approach with each application followed the same steps you'll investiga more advanced tools as the business's needs grow how has email changed the way we do business let's look at this example Sam is sitting with some friends and having some coffee there is a beep as Sam's phone informs her that she has received an email the email relates to a significant order that needs Sam's immediate attention without leaving the restaurant Sam can dispatch this piece of business as Sam puts away the phone she Marvels at how incredible the power of email is in this video you will learn how communication has shaped the world you will also learn what happens behind the scenes as an email makes its way to the recipient before email the main form of written communication was the letter letters were transferred in what later became known as snail mail a name that conveys the slowness of the medium despite this it played a critical role in spreading world changing ideas post was the means that conquered the Wild West in America it traveled on Horseback stage coach and later trains the Constitutional post was founded in 1774 to oppose the British run post because letters were regularly intercepted and said many felt that revolutionary ideas needed to pass undetected mail was designed to spread information and was seen as an aid in developing an informed electorate in modern times written communication has evolved and moved from a physical delivery method to an electronic one the first email was created in 1965 at Massachusetts Institute of Technology six years later the electronic Mail system was introduced by Ray Tomlinson who also introduced the at symbol as a means of address in 1978 the defense Advanced research projects agency or DARPA introduced the standardization tcpip process used today Microsoft Mail which would grow into Office 365 was introduced in 1988 email fundamentally changed how people communicate while before you could write your thoughts on a piece of paper and have them delivered to a family or entire Village you could now type one message by email and have it copied multiple times this also had a significant impact on how business is done consider mailing lists interested parties subscribe to a certain service from which they receive regular updates in a timely fashion vendors also benefit as they can reach a wider audience of interested parties without email online shopping would become particularly challenging email allows for instant interaction between seller and buyer from any two parts of the world coupled with online payment systems and world worldwide delivery services this has created a global Marketplace so how does email work to find out let's follow the Journey of one email as it goes from sender to recipient first someone types an email and using a computer with an internet connection sends this to an email server in previous lessons you learned that different servers perform different tasks which they are named after the email server serves mail the sender uses a simple mail transfer protocol or SMTP Protocols are the backbone of the internet and will be covered extensively later on for now we can say that a protocol is a series of predefined steps for achieving a goal the task of this protocol is to take the mail from the sender and direct it to the recipient using an IP address an IP address is much like a postcode it's the location of the destination the email bounces between servers until it reaches the destination server the recipient is then notified and the message is retrieved using another protocol called POP 3 you will learn more about pop 3 and SMTP later on for now it's important to know that they are the protocols used to send and receive email earlier in this video you learned about how snail mail progress to email fundamentally it is about transferring information the change in communication Styles was heavily impacted in the 19th and 20th Centuries with globalization communication was affected by and added to this process after the stage coach messages were relayed using steam ships and railroads they became digitally transformed with the introduction of the telegraph system which enabled people to send information through dots and dashes transferred across land using wires what is significant about telegrams as with emails messages do not need to be physically transported they are no longer Tethered to the train or Stage Coach this leads to an almost instant transfer of information today this is a familiar concept mobile phones enable you to send text images and video at the touch of a button consider some of the Revolutionary photos from journalists that have captured a poignant moment in history now with phones every incident is being recorded from different angles and streamed to the world in real time A lot has changed since the humble origins of the written page many social media platforms now offer instant message ing as a service as well as the means to stream to a global community in this video you learned about how email has revolutionized the world and enabled instant communication while you might take email for granted these days it was not always widely accepted now it is part of everyday life and influences how people live and conduct business imagine that you have an inbox filled with hundreds or perhaps thousands of emails that you've received over time you don't want to delete them in case there are a few that will become useful later but it can also be a headache dealing with an unorganized mess so what can you do fortunately modern email clients offer features that make it easier to manage your email earlier you learned about the client server model where the client sends a request to the server which then responds with the service in this video you'll discover how this model applies to email allowing you to access your messages through either an email server or an email client after learning how they differ you'll then explore three popular email clients earlier you were introduced to email servers which are specialized servers devoted to sending and receiving emails it is hosted by your email provider and resides on the internet recall that emails are sent using the simple mail transfer protocol and retrieved with the pop three protocol alternatively you could use an email client which is typically an application that you install on your computer A major advantage of an email client is that it allows you to access your existing messages without being online there are many options available and some of the most popular include Outlook Gmail and Thunderbird let's observe each of these in action starting with Outlook Outlook allows you to create and send emails in addition it allows you to keep a contact list provides a calendar and supports add-ons such as instant messaging applications like Microsoft teams and Skype the calendar is linked with your contacts so it is possible to coordinate meetings in which you add participants through the contacts Outlook is linked with one drive and offers 5 gigabyt of cloud storage for free but this can be increased up to one terabyte with a subscription Outlook is both an email server and an email client so it is possible to configure it with other email addresses regardless of their domain with this Arrangement changes made to your connected account will be reflected in Outlook but changes to Outlook will not be reflected in the connected account Outlook has a three- window approach to presenting information by default your folder list appears on the left your most recent emails in the middle and the contents of a selected email on the right creating nested folders for storing emails that act like a directory is possible this can help organize your emails there is also functionality for searching protecting yourself from spam messages and filtering emails into specific folders note that the features available depend on the payment plan you choose however there is a free version that will include ads next let's move on to Google's email service Gmail Gmail provides all the standard email features such as sending and receiving messages and functionalities for searching filtering and categorization it does not provide a folder option instead it uses labels to organize your data being a Google product Gmail features an interface like what you would find on YouTube or Chrome the display has two panes one for the Inbox and labels and the other to display the contents of the inbox or selected label Gmail does not provide a computer application so you need to use a browser to interface with the server this means that an internet connection is required to access emails however there is a Gmail app from mobile devices so you can use it to access any emails that are already been retrieved Gmail is connected to Google Drive Google's cloud storage service it also offers 15 gigaby of storage space and displays ads while paid subscriptions would increase this amount this makes it possible to send large files of any format by first uploading it to Gmail finally there is Thunderbird an email client from Mozilla thunderbit is a crossplatform client that is compatible with all email servers it provides only a few of the features that are built into the other proprietary email clients you just learned about as with Outlook you can create new directories for sorting emails Thunderbird does not include cloud storage which means that the size of the emails is limited to the server configuration Thunderbird has been linked to however Thunderbird is open source which means that it is customizable and AD free other built-in features include contacts a calendar and a to-do list the interface consists of three panes the left is a list of tasks the top right is a list of emails and the bottom is the selected email while it lacks the training documentation and Support options available for Outlook or Gmail Thunderbird is supported by a vibrant and active community of users and developers in this video you learned how to distinguish between an email server and an email client you are also made aware of the features of three popular email clients which are Outlook Gmail and Thunderbird you found that as proprietary packageing Outlook and Gmail offer integration with other applications while the open- source Thunderbird allows for a more customizable experience as Sam Scoops expands the use of on premises computers and other online devices will increase Sam knows that you will need data management and storage solutions to run the store efficiently and avoid any data loss or vulnerabilities so she has been researching options that can meet her business needs she is looking for a solution that allows for more storage as the business grows it should also keep information secure and gather insights to help make more informed decisions is there something out there that will be the right fit for sound Scoops in this video you'll discover online storage and how it can be tailored to a specific business need specifically you'll focus on Microsoft Azure storage cloud-based Computing is an approach that functions as a pay as you use service you can use online services instead of purchasing any hardware cloud storage enables you to access suitable storage sizes as the business requires there are different formats in which the data can be retained Microsoft Azure an online storage solution is an important topic to grasp for exam sc900 let's explore this further the Azure storage platform includes the following data services Azure files which manages file sharing for cloud-based storage Azure blob storage which is a scalable object St for text and binary data and Azure manage diss which involves Block Level storage that's accessible using virtual machines Azure allows data access through several methods including HTTP https and rest API this is the same as accessing a web page by typing the URL in the search bar the difference is that you first need to be authorized to access these sites this can be useful for remote collaboration for example say there is a document saved in Azure files that is edited by several employees they can access the document from various locations but each employee first needs to log in securely to gain access data is categorized as structured or unstructured data let's begin by discussing structured data when you fill out a form each column has a name and a place to enter the appropriate data this is an example of structured data another example is a database table in every table there are rows and columns and each of the values in the columns relates to the row in databases information is ordered according to the schema the schema is the template a database uses to decide what type of data goes where next you have unstructured data which is less organized with no clear path for searching or filtering imagine taking your favorite book separating each page then placing the individual pages into a box and shaking it all the information is still there but there is no structure in how it is saved you may have have come across the term blobs blob is an acronym that stands for binary large objects and it simply stores unstructured data as the name suggests it stores large unstructured objects examples of unstructured data that a company may keep include streaming data from the security cameras or sensor output data from on- premises devices imagine that Sam Scoops has installed several devices on the premises devices might include live monitoring of electricity consumption freezer temperature and door activity like how often it is opened and how many people come in it could also include alarm system outputs blob storage would be ideal for this unstructured output later Sam May revisit this information apply some analytics and extract some business insights to help reduce cost or improve sales so how do blobs work blobs are stored in containers this is like a filing system where each container has a general name like pictures or movies inside this container you can store as many blobs as required of course the blobs themselves will be unstructured and further filtering or searching methods are needed to find a specific item inside the blob previously you learned about solid state drives and hard dis drives as options for local storage Azure managed diss offers users these options in a cloud-based form recall that this means you can keep a standard secondary source of information accessible through the web you can have the benefits of versatile storage by integrating Azure managed discs into your business setup you will not require Hardware that is often quite costly to acquire and run and users can specify the size of their dis according to their needs to access managed diss a virtual machine is required you will learn about these in Greater detail later for now you should know that they are software computers that work as if you were running a CPU Ram or connection this video covered cloud storage with a focus on Microsoft Azure you learned about the three Azure data services which are Azure files blob storage and manage diss Sam now knows that the questions to ask when choosing an approach include what is the company's business need what type of information is being stored and how is the information to be accessed knowing the answers can help determine which type of storage is the best fit for sound Scoops you might be aware that a common practice amongst many successful businesses is to analyze data in order to generate new insights that can help guide business decisions for Sam scoops this might mean observing deeper than the pure sales numbers for a particular flavor of ice cream for example is the flavor more popular with a certain age group or maybe it sells better on a specific day of the week it can be difficult to discern this information from raw data so in this video you'll become familiar with data processing techniques that make it easier to transform numbers into actionable ideas data processing can be a useful method for extracting valuable information from customer data to demonstrate how it might be used productively let's walk through the steps that Sam can follow to gain insights for Sam Scoops specifically you'll find out how she can gather data store it and perform data analysis visualization and integration Sam Scoops might want to collect various types of data such as sales data like the quantity of each flavor sold customer data including such details as name age gender and email address and marketing data which would tell which advertising campaigns were the most effective or Which social media accounts experience the most engagement some of this data such as sales numbers will be gathered naturally while running the business but other information would require a dedicated data collection method for example to learn more about customer opinions Sam might provide a form that asks customers about their age favorite ice cream flavor and how frequently they visit the shop after collecting this data Sam would need to store it somewhere previously you learned about data Lakes for holding unstructured data and data warehouses for storing more organized data depending on her goals Sam could use either of these or a combination of storage methods for example she might use a relational database to store the sales and customer data and a data warehouse to store the marketing data Sam would need to consider data architecture such as how the data is structured and organized to ensure that it is easily accessible and secure to make use of this data Sam would need to analyze it data analysis is a broad field with many methods and tools available but let's say that Sam's primary goal is to find a relationship between ice cream sales and different points of the year in this case she might use Predictive Analytics to forecast which flavors would be the most popular during different seasons another possibility is to use statistical analysis to identify Trends in sales and customer Behavior there are also machine learning processes that can be applied today data depending on the data type and the desired outcome machine learning is a particularly notable technique that you'll learn more about later even if data analysis provides enough information for Sam and her team to change their business strategy data visualization would be an important technique for Sam Scoops to use to communicate insights from their data to different stakeholders they might use charts and graphs to display sales Trends over time or map customer locations to identify areas where they should Target their marketing efforts in addition being able to display data in a clear fashion can help integrate the data for some insights finally Sam Scoops would need to integrate their data from different sources to gain a comprehensive view of their business they might need to process all of the data transform it to a common format and load it into a central repository for analysis to understand the value of this practice consider the ways in which Sam Scoops sells ice cream in addition to sales from the shop they also deliver to customers who place orders online or by phone the data from these channels is likely quite different and they would need to combine it in a way that expresses the bigger picture integrating data might mean taking observations from these different settings and using them to gain a greater understanding of customers General ice cream wants in this video you learned about some common data processing techniques and discovered how Sam could use them to learn things about her business that are not Apparent from the numbers alone data processing is an important part of any business and by collecting storing and analyzing data Sam Scoops can gain valuable insights and make informed decisions about their operations and marketing strategies so far you've become aware of some techniques for processing data that can generate meaningful insights to help Drive business decisions but did you know that this doesn't have to be a fully manual task it is possible to automate much of of the analysis by training a computer to do it instead through a process called machine learning machine learning is a part of artificial intelligence that helps machines learn from data and make predictions it's a way of teaching a computer to recognize patterns and make decisions based on what it has learned for example let's say that Sam's goal is to more accurately predict customer behaviors when it comes to purchases at Sam Scoops she could accomplish this by analyzing sales data from previous years and identifying Trends but doing this manually could become costly and timec consuming as the business grows fortunately there are many great machine learning tools that could help Sam do this it's like having a brilliant assistant who can help you analyze data and make predictions in this video you'll explore the basics of machine learning and how it can help businesses like Sam Scoops make better decisions you'll also find that it's not just useful for ice cream shops machine learning can also be used in cyber security to help detect and prevent cyber attacks now let's go through the steps that Sam can take to use machine learning for predicting customer demand in certain conditions to do this Sam would first need to gather historical sales data from Sam Scoops specifically she'll want the sales figures for different flavors of ice cream on working days weekends and public holidays also she needs to record the outdoor temperature from when certain ice cream was purchased after collecting this data s needs to check if it has any errors or missing values she can use special tools to look at the data and find any mistakes like missing or strange numbers that don't fit the rest of the data once the data is clean Sam can choose a good place to build a model this is called pre-processing which is a very important step in building a good machine learning model if the data has too many errors or mistakes the model will make poor predictions next Sam can teach the computer how to find patterns in the sales St using a set of rules called algorithms this helps the computer to better understand the data finally she can test the computer's prediction skills by giving it some data it has never seen before to see if it can make accurate predictions to summarize the key steps are gathering data pre-processing the data to ensure that it is clean training the computer on the data using algorithms and testing the computer's predictive abilities it might be simple to predict certain things without the help of machine learning for example Sam could figure out which ice cream flavors are the most popular in a given season just by observing past sales figures however machine learning can go further and identify patterns in the data that are not readily apparent for example a trained computer might discover that on really hot days customers buy ice cream in plastic boats because cones melt too quickly or perhaps it finds that customers buy fewer scoops on colder days establishing these patterns is important because when Sam feeds more data to the learning model later such as the weather forecast it can make suggestions about the quantities on the order form in the previous example you observed how machine learning can be trained on data to gain insights from making more Sound business decisions but as mentioned earlier it can be applied to cyber security as well so how would that work imagine you are a security specialist and you want to prevent unauthorized entry into a system you might set up a rule that too many failed login attempts will lock an account for a while or you might note the location and prevent access if it is different from what is expected machine learning can be used to determine which rules to apply much like how Sam can match ice cream flavors with the weather you can train machine learning models using data from previous hacks the model will then identify the patterns which can be used to make rules in this video you've discovered that machine learning is a powerful tool that can help businesses like Sam Scoops make better decisions and improve improve their operations by training a learning model with real data Sam can predict customer demand more accurately and place orders more efficiently furthermore machine learning can be used to create stronger cyber Security Solutions as machine learning continues to evolve and become more accessible it will play an increasingly important role in businesses across various Industries perhaps you're aware that cyber crime is a growing concern but do you know how it affects businesses let's become familiar with some of the statistics one prevalent method of attack is spear fishing which is the practice of sending fraudulent emails that appear to be from trusted sources the email typically contains a link or attachment that when opened installs malware or has some other harmful effect according to a 2022 report more than 21,000 incidents were reported in the United States resulting in billions in losses how do such attacks happen and and what is being done about it to get a better understanding let's first become familiar with Riley's experience Riley works as a uiux designer for a company that creates custom Payroll Solutions although digital design is his calling Riley is well-versed in it in general he is aware of the types of cyber threats that exist and follows practices to keep himself safe one day while using his company issued laptop Riley checks his inbox and comes across an email from his supervisor he opens it and finds a message explaining that a potential client has submitted a unique request and Riley is asked to go over the details in an attached document nothing seems out of the ordinary so Riley clicks on the link however rather than downloading the document he gets stuck on a loading animation moments later he hears chatter in the office several colleagues complain that they can't open any files in the company's shared cloud storage that's when it Dawns on Riley that he has been fooled and the security of that the company's network has been compromised many people can identify the telltale signs of a fraudulent email for example you might become suspicious when you receive a message from someone you know but you notice that the email address is different from the one they usually use however cyber criminals are getting smarter when it comes to crafting emails that make even the smallest details appear authentic making any signs almost undetectable so how can businesses protect themselves from these sophisticated threats one answer might lie with artificial intelligence machine learning Engineers have created smart solutions that can catch the small giveaway details that people often miss this leads to more capable cyber security systems that demand less human vigilance by analizing a sender's emails a machine can learn to distinguish the tiny differences that separate a fake email from the real thing it examines the source of the sender formatting and other details that differ from the norm and then assigns the email to to the appropriate category such Solutions can then detect and stop malicious emails before they ever reach the recipient the result businesses can rest easy knowing that they've lowered the risk of an email attack now let's rewind Riley's story and find out how a solution like this can change the outcome Riley opens his inbox and the first thing he sees is a notification about a suspicious email that is supposedly from his supervisor this message has been quarantined separately from his inbox and a awaits his action he asks his supervisor about it directly and she confirms that the message didn't come from her crisis averted Riley responds by reporting the email to the company it security team no harm has been done and he continues about his day thanks to advances in artificial intelligence and machine learning there are now new ways to combat the evolving methods of cyber criminals and to keep businesses and their employees safe well done on completing Business Systems applications you should now have a stronger Foundation of knowledge relating to various Technology Solutions that businesses use to facilitate tasks and enhance productivity before you continue let's recap the key Concepts that you learned about first you became familiar with business software applications and the roles they serve you should now know that there is software to address needs in various parts of a company's operations ranging from inventory management to financial analysis business applications can be lined of Business Solutions or enterprise resource planning software line of business applications serve a specific business need while enterprise resource planning relates to integrating several processes to ensure that they all work together in a coherent way recall that business software can consist of single applications or it can be comprised of several applications bundled together which typically address common needs you became aware of Microsoft's most widely used used products and services for Enterprises including word excel PowerPoint and the Microsoft Dynamics 365 collection of customer relationship management tools you then applied all this knowledge in an exercise that had you identify three business needs for Sam Scoops and then explain Which business software applications could be used to fulfill those needs afterward You observe some examples that illustrate how some of these tools can be put to use in the workplace specifically you witnessed Sam might use PowerPoint to style a menu for the shop word for generating invoice forms and Excel for recording the company's budget next you discovered the role that email plays in business communication you observed how mail advanced in parallel with technology shifting from physical delivery to electronic means and creating a more connected world in the process you should now know how email moves in the client server model in which a series of specialized Protocols are used to get a message from the sender to email server obers and finally to the recipient you then explored three popular email clients namely Microsoft Outlook Google Gmail and Mozilla Thunderbird you found that they share some common functionality such as the ability to store contacts and organize emails by category you then moved on to learning about spam a type of unwanted mail that can range from Annoying advertisements to attempted attacks using dangerous links or attachments fortunately as you discovered modern email providers include security features for reporting and filtering out spam messages to help keep you safe some of the more dangerous types of spam that you might recall include fishing emails which try to trick people into revealing sensitive information spoofing emails which are fraudulent messages that claim to be from a well-known source and prompt users to perform actions like sending payments and spear fishing emails which are targeted messages that appear to be from someone you know but may contain malware or other harmful elements finally you are introduced to the means that businesses use for storing and handling vast amounts of customer data and why they would want to do so you found that data can come in structured or unstructured forms and is typically stored in a large repository depending on the needs and intent of the business raw data can be stored in a data lake or processed data can be placed in a data warehouse you should now be aware that businesses value customer data because can be analyzed to generate new insights while this can be done manually on a small scale for larger volumes companies may turn to machine learning you learn that the core steps for training a machine learning model include Gathering data pre-processing it for accuracy using it to train the model and testing the model's ability to make predictions with adequate data machines can detect patterns and make informed guesses about the outcome of any additional inputs you also received a pre preview into how machine learning can be used to create more intelligent cyber Security Solutions specifically you explored how when given examples of fraudulent credit card transactions a learning model can eventually distinguish between real and fake payment based on factors such as the frequency of activity the location from where the payment is made and the amount spent by finishing Business Systems applications you now have a better concept of how businesses use software email and data storage and processing solutions to assist in daily operations and to enable smarter planning nicely done you're nearing the end of introduction to computers and operating systems and security by now you should have a stronger grasp of several foundational concepts for understanding cyber security these include major types of cyber attacks and how they happen the basics of computers and operating systems and how they work solutions for setting up Enterprise systems and maintaining security and the common software and tools that businesses use to enhance productivity now it's time to demonstrate your Knowledge and Skills in the final course assessment but before you jump in let's recap what you've learned up until now in the first week you were introduced to the threat landscape you learned that this concept consists of three areas namely the potential vulnerabilities of an application the attackers looking to exploit those weaknesses and the type of attack used after this primer on Cyber threats you would explored the parts that make up a Computing device and enable it to work recall that a computer consists of Hardware components such as a hard drive for long-term storage and a keyboard for input and software which provides instructions to the hardware you then discover that these are all bind together by an operating system which determines how all these components communicate with each other and give the user an interface to interact with them in the following week your focus shifted to understanding computer setups that can meet the demands of businesses you started by exploring how servers storage and backup Solutions are used together as a system failsafe this practice ensures that a duplicate of important data is available in case the original is lost or damaged in the next lesson you compared different types of computing environments you find that there is a distinction between simple personal Computing setups intended for individual users and more powerful commercial Computing setups for business use furthermore a business must choose between having its Computing infrastructure on premises which allows for greater control of data at the cost of less flexibility or operating out of the cloud which is typically more costeffective but subject to more attacks and data regulations you also received an introduction to security strategies for both on premises and cloud computing environments you learned that while implementation differs for each approach both are Guided by the same principles which are prevent unauthorized access limit mobility within the system and mitigate any damage resulting from a breach you concluded this week with an overview of Maintenance and patching which are practices for keeping software running smoothly and securely you should now know that because these tasks typically involve system downtime businesses will try to perform them in the least disruptive manner possible this may call for corrective maintenance to handle bugs or vulnerabilities before they become problematic routine maintenance that is done on a regular schedule or predictive maintenance that relies on early action in anticipation of an issue the third week was all about the software and solutions that companies use to meet various business needs which range from automating invoices to analyzing customer data to produce new insights you became aware of individual Microsoft applications that are common in the workplace such as word excel and PowerPoint you then discover that many business software providers also offer tailored packages like the Microsoft Dynamics 365 Suite of customer relationship management tools tools the following lesson gave you a broad overview of email which covered its history and impact on communication the protocols used to relay a message from sender to recipient and a few popular email clients you also learned about spam a term that refers to several types of unwanted emails these can be anything from Annoying advertisements sent in bulk to concentrated attacks that seek to do significant harm however as you found out most email providers offer security features such as filtering and Reporting which makes spam less of an issue finally you became familiar with the importance of customer data for businesses you should now know that data is typically stored in a data Lake in the form of raw unprocessed data or in a data warehouse if the data is already processed this decision depends on how the business intends to use the data and that's it for this review of the course by now you should have built a solid base of knowledge about cyber security threats how computers work and how businesses use computer computers now you're ready to tackle the final course assessment good luck congratulations you made it to the end of the introduction to computers and operating systems and security you're off to a great start with your cyber security Learning Journey and you should now have a better understanding of the Cyber threat landscape but to better understand the impact that these threats have on individuals and businesses you first expanded your knowledge of the systems they affect specifically you learned about the core components of computers and what they do the role of operating systems and what businesses should consider when choosing Computing environments and software by successfully completing all the courses in the program you will receive corsera certification you will also have a deeper understanding of cyber security which will open career opportunities for you all the courses in this program including the one you just completed will help you prepare for the exam sc900 Microsoft security compliance and identity fundamental this globally recognized certification is industry endorsed evidence of your technical skills and knowledge the exam sc900 measures your ability to describe the following concepts of security compliance and identity the capabilities of Microsoft Azure active directory as part of Microsoft entra the capabilities of Microsoft Security Solutions and the capabilities of Microsoft compliance solutions to complete the exam you should be famili amiliar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and identity strategies provide an endtoend solution across these platforms please remember to check out more information about the exam you can visit the Microsoft certifications page at www.learn.cashtracking.com future cyber security career this course has enhanced your Knowledge and Skills in computers operating systems and security but what comes next there's more to learn so it's a good move to register for the next course introduction to networking and cloud computing the next course will cover identifying the main concepts of networking explaining common Network infrastructure and monitoring describing network security components approaches and mitigation and defining and explaining key con concepts of the cloud computing environment virtual machines and cloud services whether you're just starting out as a technical professional a student or a business user completing the course demonstrates your knowledge of cyber security the experience you gained so far will show potential employers that you are motivated capable and not afraid to learn new things thank you it's been a pleasure to embark on this journey of Discovery with you best of luck in the future hello and welcome to this course on network and cloud computing this course focuses on the fundamental concepts of networks and the cloud and how it relates to cyber security if you're like most internet users you've probably got a ton of usernames and passwords that helps you use the internet securely but in the world of cyber security things get much more complicated especially on the Enterprise level security breaches can cost companies Millions which is why the demand for skilled cyber Security Professionals is rapidly growing earlier you gained a show knowledge about Hardware software and the cyber security threat landscape but if you are aspiring to embark on a career in cyber security it's also essential to understand the inner workings of networks servers and cloud computing this course will give you a solid foundation in these topics and also introduces cuttingedge Technologies like Ai and machine learning that is used to keep sensitive data secure now let's move on to the content the course will cover to make sure you're ready for the Endeavor in this course you'll be introduced to computer networking network devices and protocols network security and cloud computing and networking to start off you'll learn about the different types of networks and when they're used you will also learn about the different ways to arrange the physical and logical structure of a network following this you will learn about fundamental concepts such as data transmission and IP addresses and you'll also complete an exercise about Network Construction ction networks consist of many devices and a career in cyber security requires that you understand the underlying architecture that allows these devices to communicate course content that you will encounter later will offer insights into various Network protocols and ports to which devices connect you will also be introduced to the concept of hybrid networking the devices within a network and how the Internet connects different networks you will briefly learn about cloud computing in the different types as well as the difference between on premise and the public cloud and you'll have an opportunity to complete an exercise focused on the factors that you must take into account when expanding a network including the appropriate architecture and protocols a big part of a career in cyber security involves network monitoring you will gain a background in domain name servers or DNS and its vulnerabilities this will lay the foundation for learning more about health and metric analysis and network logs and additional diagnostic features available on the cloud in the next part of the course you will hone in on network security and the central role of servers in a network you will explore client server communication the different approaches to authorization and authentication as well as common network attack types following this you'll also learn about firewalls and discover common firewall protocols threats and security tools week four is all about Microsoft Azure and its various functionalities you will discover what virtualization is and explore the role of machine learning and AI in cloud computing you will also explore the different types of cloud services that form part of the cloud networking landscape such as software as a service and anything as a service after all of this you will be ready for the course project in week five which consists of developing a coherent expansion plan for a business Enterprise to take advantage of cloud infrastructure after this Hands-On learning you will complete a final graded assessment but be assured that everything you need to complete the assessment will be covered during your learning with each lesson made up of video content readings and quizzes throughout this course you will get the opportunity to apply your newly gained skills in exercises and self- reviews before going through an Exemplar as a possible solution to the challenge you're presented with the great thing is you do not need a background and it related fields to take this course this course is for anyone who has an affinity for technology and an interest in cyber security when you successfully complete this program you'll earn a certificate to share with your Professional Network completing this program not only sets you on your path to a career in cyber security but is also a great way to prepare for the Microsoft sc900 exam by passing the sc900 exam you'll earn the Microsoft security compliance and identity fundamental certification earning a Microsoft certification is globally recognized evidence of Real World skills it shows your commitment to keeping Pace with rapidly changing technology by expanding your skill set in your professional roles in summary this course provides you with a complete introduction to networking and the cloud and you'll have the opportunity to explore and plan a digital transformation using your knowledge of networks and cloud computing now that you've reached the end of this course introduction it's time to get started on your cyber security Journey today individuals organizations and companies and the World At Large rely on some type of network to stay connected imagine a busy office with employees typing away of their computers sending emails sharing files and talking on the phone that wouldn't be possible without a network but of course there are different types of area networks that serve different purposes remember Sam who is opening a physical store as part of her ice cream business a small office like hers would probably have a local area network or Lan to connect the devices while a large Network like the internet requires a completely different setup over the next few minutes you'll explore the different types of networks used in today's ultrac connected world and come to understand the different types in modern Computing to begin let's first review what a network is a network nwor is a group of connected devices that can communicate with one another and share resources an office Network might not be all that complex but unexpected issues can arise with both complex and simple networks because both depend on multiple connections these days as more and more people work remotely proper networking has become even more important because it enables people to work in different locations while still accessing the same resources networking is a fundamental component of modern Computing making it crucial to learn for anyone who wants to pursue a career in it or Implement basic networking at home and or at the office let's now explore the different types of networks first is the smallest Network a pan or personal area network which is used to connect devices located close to each other such as a smartphone and a smartwatch Bluetooth is the most common technology used in pans and you already know about Lan or local area networ Network a network that connects devices in a small area like a home or an office like Sam's people use this kind of network to share things like printers files and the internet between devices this example illustrates a typical household landan with two laptops a printer a desktop PC television and a phone all connected to a router the router is then connected to a modem which enables the land to connect to the internet some local area Networks use wires to connect the devices and others use Wi-Fi in modern homes appliances like phones Smart TVs and fridges can also be part of a lan which means they can talk to each other and share resources next is a w Lan or Wireless local area network a type of network that uses Wireless technology to connect devices Wi-Fi is the most common Wireless technology used this kind of network is convenient because it eliminates the need for cables and it can be accessed from anywhere within the range of the network and then there's a Wan or wide area network that is used to connect lands that are in separate locations WS cover vast areas like a city or even a whole country the internet is an example of a wide area network such a network can use different Technologies like least lines satellites and wireless connections to connect local area networks covering a small smaller area than a Wan but larger than a lan is a metropolitan area network or man a man is used to connect local area networks located in different buildings or neighborhoods within the city it is mostly used by organizations that have multiple locations within a city there is also a specialized type of network a storage area network or sand which is used to provide multiple servers access to storage devices such as hard drives this this kind of network is used by organizations that have a large amount of data that needs to be stored and accessed quickly when a sand is used the client machine is connected to a lan which connects to a server which in turn connects to the storage last is a virtual private Network or VPN which is a type of network used to provide a secure connection between two devices over an unsecured Network like the internet a VPN encrypts the data being transmitted making it difficult for anyone to intercept or read the data vpns are used by individuals and organizations to provide secure remote access to their networks as you have learned in this video there are many types of networks from pans that connect devices close to each other via Bluetooth to WS that connect devices spread over a whole country and there are also specialized networks used for storage or security like Sans and vpns in conclusion networks play an essential role in connecting people and devices enabling the transfer of information and resources between them you now know about different types of area networks but you also have to consider how best to arrange a Network's physical and logical structure this Arrangement is called the Network's topology and there are several options to choose from think about Sam's small office at the ice cream store you would have to pick a topology you think would work best but how do you decide what kind to use in this video you will learn about different types of topologies and their advantages and disadvantages to help you make an informed decision about which one would work best for your setup the term topology refers to the Network's shape and networks can take several different shapes these include bus ring star mesh and tree topologies a network topology determines how devices are connected and data travels through the network understanding Network topology is important to ensure efficient communication and sharing of resources between devices let's examine the different types of topologies used in modern networks first is bus topology which is when all devices are connected to a single cable or line the cable acts as a backbone and the devices are linked to it through connectors in this type of topology data is sent from one device to another by broadcasting it on the cable all devices on the network receive the data but only the device that the data is intended for processes it bus topology is best for small networks with few devices that are located close together for example devices in multiple rooms of a household that can be connected with a single line the advantage of a bust topology is that it is simple and easy to install however a disadvantage is that the entire network will fail if the cas cable is cut or damaged next is ring topology which connects devices in a loop or Circle data is sent from one device to another in a specific order and each device repeats the data before passing it on to the next device in a ring topology data travels in only one direction and the devices are linked to each other through connectors ring topology is usually used for high-speed data transfers between devices in a closed loop network with when the data needs to travel in a specific direction from one device to another the advantage of a ring topology is that it is efficient because data travels in only one direction however a disadvantage is that the entire network can fail if one device fails in a star topology devices are connected to a central switch the switch acts as a central control point for the network and all data is sent through it in a start topology each device is connected to the switch with its own cable this is the most common topology used in homes or small offices like Sam's because its setup is simple and it provides and maintains good performance it's also very simple to troubleshoot because it's easy to isolate and investigate one device without affecting others and if one device fails the rest of the network can continue to operate however a disadvantage is that the entire network can fail if the switch fails next is mesh topology in which devices are connected to each other in a network of interlocking nodes an interlocking node is when a device is connected to two or more devices in a mesh Network in such an arrangement data can be sent from one device to another through multiple paths and there's no central point of control mesh topology is a good choice when the reliability is important because if one path fails data can be sent through another path however a disadvantage is that setting up and installing can be complex and expensive last is the tree topology in this case devices are connected to a central bus or line and then subnetworks are created with their own bus or line each subn Network can then have its own tree topology tree topology is also known as hierarchical topology it is used from medium to large-sized networks where multiple star topologies need to be connected to each other the advantage of a tree topology is that it can be used to create very large networks however a disadvantage is that the entire network can fail if the central bus or line fails it is important to note that technology changes and are updated all the time so some of these topologies are not in use anymore for example ring networks have also been replaced by switches and routers and bus topology is now only used when you're using hubs hubs are are mainly used to connect computers to a network physically however they only allow one device to communicate at a time switches connects devices in the same way except they allow simultaneous communication like in a start apology and that's why hubs have been replaced by switches in nearly all networks in this video you learned about Network topologies their advantages disadvantages and how they are used the choice of topology depends on factors like cost scalability and the availability of resources and expertise but it also depends on the specific needs and requirements of the network for example start topologies are a great option for smaller networks as they are relatively easy to install and maintain while mesh topologies might be better suited for larger networks due to their higher fault tolerance and redundancy by understanding the different network topologies you can make informed decisions about organizing a network and ensure that it is reliable efficient and easy to maintain by now all the devices in Sam's office are connected to a switch but she is wondering if that means that all the devices can communicate with one another what would your answer to her be the real question here is how do the devices in a network find and contact each other well it's useful to think about how unique physical addresses make it possible to send Parcels across the world to specific destination similarly in a network devices also have unique addresses so that data packets can be sent to them in this video you will learn about the Internet Protocol IP addresses and how the different parts of an IP address are identified and used the Internet Protocol or IP defines a set of rules and how data is sent from one device to another on the internet these rules include how data is routed and addressed to travel across all the networks that make up the internet any device that connects to the internet or a computer network has to have an IP address to communicate although IP developments are still happening today the 1st of January 1983 marks the day when a standard for data communication was created this standard TCP IP really gave momentum to the expansion of the internet TCP stands for transmission control protocol and you will learn more about TCP IP later but for now it's important to know that the IP part of this standard concentrates on the addressing of devices and the routing of data across the network it's not concerned with how the data is ordered or verified it just focuses on where data is going and how it gets there and it uses a system known as IP addresses an IP address simply identifies a device on a network so data can be delivered to it just like the delivery of parcels the most common addressing used today is Internet Protocol version 4 or ipv4 for instance you can assign an ipv4 address to each device on Sam's Network so that they can identify one another and send and receive data let's examine the structure of an ipv4 address more closely an ipv4 has four decimal numbers each in the range of 0 to 255 and separated by a DOT it's also known as the dotted decimal format an example of an IP address is 1 192.168.0.1 but what do these numbers mean well think of how postal or Delivery Systems use post codes or zip codes to move a parcel to the correct area before processing more specific detail like the neighborhood hood and Street number the same can be said of an IP address you can break it down into two parts the network a device as part of and then the device itself which is called a host in IP addressing but the network and host Parts differ depending on the network class there are a number of different network classes and they are used for different sized networks for instance an a class network is used for large corporations the next class is a bclass and there are four medium-sized businesses and then there's the C-Class that is used for home networks and small businesses like Sam's let's use the address 1 192.168.0.1 for a device on Sam's Network for this C-Class Network the first three decimal numbers cover the network part of the IP address in this example that's 1 192.168 8.0 this part is unique to the network and specifies the class of the network the last decimal number is the host part of the IP address in the example that's one this number represents the device and has to be unique within the network to avoid address conflicts the device number could range from 1 to 255 more than enough for Sam to expand her network with more devices you now know that ipv4 addresses have a network part and a host part and that these parts might vary depending on the class of the network but how do you know which part is which the Internet Protocol uses something called a subnet mask to identify the network and host portions of the address a subnet mask uses the same format as an IP address starting from the left it identifies which of the four decimal numbers separated by a DOT belong to the the network side of the address each of these sections is called an octet there are three common subnet masks and they are used for different network classes for example an a class Network uses the subnet mask 255.0.0.0 here the first octet is the network part and the last three octets are the host part on the other hand a b-class network uses the subnet mask 255 . 255.0.0.0 55.25 5.0 here the first three octets are the network part and only the last octet is the host part let's revisit the earlier example of an IP address for Sam's Network which was 1 192.168.0.1 since it's a cclass network you would use the subnet mask of 255.255.255.0 to identify the network part in this video you learned that Internet Protocol or IP is an addressing system for devices on a network just like area ZIP codes and street addresses in the real world so you can tell Sam that the devices on her network most likely cannot find and communicate with one another because they haven't been assigned IP addresses yet you now know about different network class types and that Sam's Scoops only has a small Network and will therefore use the IP address format for class seat Network and that the network and host sections of their IP addresses can be identified using a subnet mask there there's a lot more to data transmission but you now have the foundational knowledge about how devices on networks across the world identify and locate one another Sam scoop's office now has ipv4 addresses assigned to the devices in the local network allowing them to communicate but what if Sam wants to expand this network to other areas of the shop maybe to the shop floor how would existing devices on the office Network locate a newly connect a device on the shop floor earlier you learned that ipv4 uses broadcast traffic to find devices on a network that they haven't communicated with yet just like shouting someone's name in a large Hall the downside is that broadcast traffic can slow Sam's Network down but fortunately there is a way to reduce broadcasting traffic which is what this video is about in this video you will learn how IP networks are split into smaller sections and how data or IP packets are routed between networks let's get started let's go back to the example of trying to find a specific person in a large Hall by shouting their name now imagine the whole world is in that Hall and that you're trying to find just one person an impossible task and it is the same for networks you can't place all devices on one giant Network and expect them to find one another well at least not very quickly this is why you need to split networks into smaller sections called subnets subnets are lots of small networks that are all connected to form larger networks in fact the entire internet is made up of networks with subnets that are all connected subnets provide a way for you to implement logical divisions within your network by segmenting networks into subnets you can improve security increase performance and make networks easier to manage but with so many subnets spread over the Internet devices need to know how how to send data or IP packets to all the different subnets even a small Network like Sam's can consist of two separate subnets the office and the shop floor and the devices on both subnets need a way to send data to each other this is where routers can help because they can route IP packets from one network to another routers have many functions within the network one of which is to provide an exit point from a network which is called IP default gateway but you will learn more about this later in this video first let's focus on how routers choose the best paths well routers are pretty smart they can learn routers learn about all the possible networks that normally exist in their vicinity and with this information they create a routing table that tells them what direction and cable they should use to send information to different networks this is very similar to satellite navigation systems your GPS gives you your position and your route is plotted to your destination but routers can also gossip they learn about the different paths to networks from other routers and talking to other routers about different routes to networks speeds up their learning clever don't you think by now you know that routers send IP packets between networks but how does a device on a network such as one of Sam's laptops in the office know if the intended destination for an IP package is on its own or another Network this is where subnet masks come in Sam's office network is a Class C Network and uses the IP network of 1 192.168.0.0 the subnet mask associated with this address is 255.255.255.0 remember this means the first three octets 1 192 .1 68.0 is the network portion of the address and the last octet is for the hosts in the office and can range from 0 to 255 but say the shop floor also has a class seat Network and consequently uses the same subnet mask this means the network IP address will have to be different let's say its address is 1 192.168.1.0 the Third octet now has a one instead of a zero making it a different network address so a laptop in Sam's office will use the subnet mask to compare its own IP address against the destination address of the IP packets it does this to determine if the network part of the address differs from its own IP address if it differs the laptop forwards the relevant IP packets to the router which will route it to the correct device in the other subnet so so essentially all devices on a network send IP packets intended for a device on another Network to the IP address of the router and the router handles it from there this address is called the IP default gateway and it's basically the address of the exit point of a network these IP addresses now act as the default gateways in each separate Network in this video you learned that networks are split into smaller networks known as subnets and that routers are used to Route packets across different networks devices send data intended for another Network to the IP default gateway which is the IP address of the router fortunately because of subnetting routers and IP default gateways the devices on Sam's Network do not need to shout endlessly to locate other devices on the internet this improves the security and performance of Sam's Network and make it easier to manage you've reached the end of this introductory week about computer networking at this point you should have a solid foundation in the following computer networks and how data gets transmitted across a network different network types and topologies what internet Protocols are used for as well as key aspects of Ip addressing it's time to take the module quiz but before doing so let's recap what you've learned so far in the very first lesson you prepare to get the most out of this course by going through the course introduction video and syllabus and then sharing what you hope to learn with your peers following this you started your networking journey by learning about types and topologies you now know the network types refer to the different ways devices can be connected to one another to communicate and share resources you covered all types of networks from the smallest Network a personal area network to the biggest Network type a wide area network like the internet on the other hand topology refers to the Network's shape and networks can take several different shapes like the bus star and tree topologies a network topology determines how devices are connected and data travels through the network for instance a star topology is the most common topology used in a home or small office Network because it is simple to set up and easy to troubleshoot this is because it allows you to isolate and investigate devices without affecting other network devices do you recall the difference between a physical and logical topology physical topology refers to how network devices are arranged and connected in a visible layout like a map depicting buildings and the streets that connect them whereas a logical topology is all about the path data takes as it is transmitted through the network for instance a physical diagram of a hub is a star topology it depicts how the devices are connected with cables but it doesn't tell you what happens inside the devices to understand how data flows in the network you must examine the logical diagram which in this case is a bust apology that means that hubs share the network resources with all devices but only one device can send data at a time next you gained insight into the steps involved when data travels along a network and the security concerns involved in data transmission can you recall the steps during data transmission they involve preparing the data the sender initiating the transmission breaking data into packets and addressing packets the next step is transmitting packets then receiving them next reassembling packets and finally delivering the reassemble data you learned that attackers use several techniques to steal user data including eavesdropping data tempering fishing and M Weare you will cover these attack types in a lot more detail later in this course next you participated in an exercise about configuring a physical Network topology for Sam Scoops this was just the start of your journey with the ice cream startup and its Network needs as you gain knowledge about networking and cloud computing throughout this course you will improve Sam's network but back to what you learned this week you learned all about IP addressing you learned that the internet protocol or IP is a set of rules for how data is sent from one computer to another on the internet and uses a code system known as IP addresses an IP address identifies a device on a network so data can be delivered to it just like zip codes and street addresses are used to deliver physical Parcels you built on this foundational knowledge about IP addressing by exploring the two different ways how IP addresses are assigned to devices on networks static IP address address assignment which involves manual configurations and can be time consuming and dynamic IP address assignment which is easier because it automatically configures IP addresses for network devices you also learned the difference between ipv4 and IPv6 ipv4 was introduced when the internet was initially launched in the 1980s but the world soon ran out of IP addresses for the billions of devices connected to the internet an expanded address space was needed and that's why IPv6 uses a 128bit address compared to the 32bit address of ipv4 IPv6 offers trillions and trillions of more IP addresses than ipv4 then you learned the valuable skill of checking the IP address of a Windows computer or a Mac as well as an Apple and Android mobile device now that was useful don't you think finally by the end of the lesson you learned that networks can be split into smaller Networks known as subnets which enables you to create logical divisions in a network and that routers route packets across different networks and act as default IP gateways by providing an exit point from a network for data destined for other subnets and that's it you should now have a good idea about which items you might like to revisit to refresh your memory before taking the module quiz on computer networking then over the next week you will expand your knowled of data transmission by diving deeper into network devices and protocols good luck as you now know a network is a group of interconnected devices that share resources and communicate with each other there are different types of networks and the topic of this video is hybrid networking previously you were tasked with building a physical Network topology for Sam Scoops with wi devices connected to a network switch the network works well but it's frustr rating to only be able to access the network from the office because it complicates tasks such as taking inventory what can Sam do to solve the problem perhaps you should consider using a hybrid Network let's examine what a hybrid Network offers Sam's business by exploring different network device types and how they can be connected a hybrid network is a network or combination of networks they use different connective Technologies to link devices an example of a hybrid network is a mobile phone because it can support Wi-Fi and Cellular Connections and manual laptops can support three different types of connection wired Wireless and sometimes cellular a hybrid Network brings together all of this technology a hybrid Network can also be as simple as having both a wired connection and wireless connectivity on one home network using a wireless router supporting boat this setup provides more flexibility for users because there's more than one way for them to connect to the network and they're not confined to a location close to a cable right now Sam Scoops Network relies only on wired connections so it's not a hybrid Network because of its flexibility you can already recognize that a hybrid network is a good choice for Sam's business but it's not just the connectivity and flexibility that are vital and it's also crucial to remember that a network should always be designed to easily upscale with a business when it requires new devices to be accommodated hybrid networks are well suited to upscaling and this is definitely another important consideration in Sam's choice of network a hybrid Network set up for Sam's business could be like this one where some devices have wired connections to a network switch and others are connected wirelessly to a router note that this network is connected to the internet so it'll need certain components like a modem and a firewall to make such a connection possible let's go through the components that make up a hybrid Network starting with a network switch like the one Sam has in her current Network a switch is designed to have many ports so that you can connect many different devices to it with cables they are often referred to as ethernet switches because they allow you to use ethernet cables to connect laptops computers printers and other devices to a network you've learned about routers earlier which are used to interconnect networks it only has a few ports to connect wired Networks remember a router uses IP addresses to forward data to the correct Network and Route it across the best paths routers can also interconnect different connection types such as wired and wireless Technologies they are the devices that truly interconnect to different network technology so if sem's Network were to be a hybrid one it would definitely need a router what's more is that wireless technology can be added to a router to create a wireless router which is what many homes have today one device can act as a switch a router and a wireless device allinone however such an all-in-one device is limited by the number of ports it has so there may be a need for more switches next is a modem a device that connects a network to the internet via an internet service provider and that converts older technology that doesn't understand digital signals digital signals are patterns of ones and zeros while older technology uses analog signals for example many older telephone circuits use an analog signal but the technology is slowly being phased out much like a switch and a router a modem can be built into a router to make an interconnected Powerhouse finally there is the firewall the security guard of the network you will learn more about firewalls later in this course but for now it's enough to know the following a firewall defends both the network and the devices attached to it by not allowing anything in from outside the network unless it has been granted permission and it's typically placed on the edges of your network or where the most significant threat from an attack could come from like the Internet by default a firewall allows traffic from the network it's protecting to go out to other networks typically the internet as well as the replies to that traffic but it will block anything originating from the outside unless it's allowed by the firewall rules but you will learn more about this later in this course firewalls can also be built into routers especially for homes and small businesses but larger businesses usually need Extra Protection so in that case they are separate devices many other network devices exist although some technology has been retired or merged into other devices like a router which can perform many tasks other devices perform but in a lot of cases scale becomes a problem having one device to do it all is is acceptable in your home when only a few people use the network but in an office you could have hundreds of employees that's when you use devices confined to what they're good at this is so that they can be optimized to perform at high speeds rather than perform hundreds of different jobs this means that Sam's network will probably not rely on only one device to do it all because it'll make it more difficult to upscale as the business grows nearly all networks today are hybrid even if you only have one device at home like a wireless router it could perform many tasks creating a hybrid Network or you could have several devices each performing their own role hybrid networks come in many different shapes and sizes but it's the mix of connectivity types that makes them hybrid adding Wireless connectivity would greatly benefit Sam because it'll allow her employees to move around without being tied to a desk but still be connected to the network so a hybrid Network seems the way to go go but it's not just about flexibility and convenience a hybrid network is also easier to upscale as a business grows making it an attractive choice for Sam Scoops an office Network without an internet connection is limited to only the hardware in that Network in Sam's office this means that their storage is limited to the storage on the laptops with all the inventory taking and sales data they need to keep that storage will eventually run low so what can a business like Sam scoops do if it has additional computational and storage needs that the devices in their internal Network can't meet in such a case connecting the network to the internet is a GameChanger because suddenly the business has access to near unlimited storage and Powerful processors offered by cloud computing but what exactly is cloud computing in this video you will be introduced to the topic of cloud computing in the different types of cloud environments and their uses let's start with what exactly cloud computing is you know your computer has specific necessary components to make it run like a CPU RAM and storage these are known as your Computing and storage resources the resources in your machine can only do so much since there are limits to their capacities and you can only add so many physical resources to a computer cloud computing is all about taking those limited resources and expanding them it does so by giving you access to many more components than your physical machine can handle and the location where these components are organized are called Data Centers in a data center all the components are spread across hundreds of servers sometimes thousands you can imagine a data center as one giant computer that provides Computing and storage resources for it to work each data center has to have a connection to a network which in most cases is the internet the internet connection makes the resources available to anyone who needs them and has allowed Cloud technology to expand very quickly with within cloud computing you have three main types public private and hybrid with a fourth lesser known type known as multicloud a public cloud is operated and owned by a third party providing all the Computing and storage resources and managing the hardware maintenance and power requirements these Computing and storage resources are spread worldwide across many different data centers ready for anyone to buy and use Microsoft Azure is one of the biggest providers of public cloud services to give you an idea Microsoft has data centers in many different regions their distribution includes Europe North and South America the southern part of Africa as well as the Middle East Asia Australia and New Zealand Public clouds aren't ideal for everyone for some a private cloud makes more sense a company might decide to have its own data center which could be a small room to service just that building or the business as a whole typically it's used just for employees of that business the company is responsible for buying and maintaining the equipment and powering it governments and militaries also use a private Cloud to provide an extra layer of security third is a hybrid Cloud which interconnects public and private clouds with hybrid Cloud a company might have some Services running on their own data centers but others on a public Cloud this provides a degree of flexibility between the two options as both have advantages and disadvantages and last is the multicloud multicloud is newer than the previous three types and has come about due to the popularity of the public Cloud this type is when we use more than one type of public cloud provider you will use a multicloud if you're using a mix of services and features but what does using cloud computing entail for a small business the cloud can run a website or provide additional services to customers but the most common use is for data storage organizations need data storage because they gather so much information from all the applications people use this information can then be used in data analysis tasks to identify Trends and help develop new technology it's not just organizations that need to store data think about your memories maybe you have many photos on your phone and need extra storage which the cloud provides but you probably use cloud computing in everyday life not just for photos just take your phone how many apps does it have most if not all of them rely on the cloud like for example a video streaming service requires the cloud to store and stream shows and movies to you and even sending a message by email or in a messaging platform require Services spread across the cloud all the services needed to run these apps have to be on a server somewhere or even spread across multiple servers in the cloud to summarize cloud computing can easily expand a business's capabilities by providing additional Computing and storage resources in a data center or series of data centers and there are four types of cloud computing public private hybrid and multicloud each type of cloud comes with its own characteristics and a business's choice of cloud is determined by its needs Sam Scoops can save money by using a cloud service before its storage Runs Out cloud computing is an exciting topic and probably want to know more especially because it's a major consideration in cyber security don't worry you'll learn more about this topic later in this course earlier you configured a physical Network for Sam Scoops so that all devices can communicate with one another but Sam simply cannot get the computer of one of her employees to send files to the printer she calls you for advice where do you start to troubleshoot the problem by now you are confident in how network works but designing troubleshooting or changing a network can be tricky considering all the different processes and network components involved it is useful to think of the flow of communication over a network in terms of a model and that is why the open systems interconnection model or OSI model is so handy in this video you will learn all about the features of the OSI model what it does and its benefits and drawbacks the OSI model is a theoretical model that explains how data travels from one device to another over a network it separates the communication process into smaller parts or layers which makes it easier to understand specific aspects of data transmission and it also makes sure that communication between computers is set up in a consistent and efficient way introduced in 1978 The OSI model describes networking as a series of protocol layers with specific functions allocated to each layer each layer offers specific services to higher layers while hiding the details of the implementation of those Services a well-defined interface between each pair of adjacent layers defines the services offered by the lower layer to the higher one and how those services are accessed The OSI model consists of seven unique layers each with a specific role let's explore what happens in each of them from the bottom the OSI model has a physical layer data link layer Network layer transport layer session layer presentation layer and an application layer the bottom layer or the physical layer converts the data into Wireless or electrical signals for transmission through the air or through cables the next layer the data link layer ensures that the data is ready for transmission by making sure it is reliable and error free the network layer selects the best path to route data packets over a network and addresses devices with the ipv4 and IPv6 protocols then the transport layer establishes connections between devices and can ensure reliable transport between the two the fifth layer the session layer is responsible for managing communication sessions or States between applications next up the presentation layer's role is quite interesting since it deals with data formatting encryption cryption and data presentation and the final layer or the application layer plays an essential role by enabling the users or devices to communicate with each other this layer provides an interface with which you can access the network to perform the necessary tasks now that you know how the OSI model structures data transmission in layers it is possible to troubleshoot the printer issue in Sam's office you can start by examining what layers within the model are being used for the computer to talk to the printer to identify where possible problems might exist using this approach to troubleshooting you can examine Sam's Network by starting at the physical layer that would involve checking that all the cables are connected to the switch say you find that one laptop's cable is disconnected by simply following The Logical layers of the OSI model you could identify the issue and resolve it by connecting the cable to the switch again that was useful don't you think next let's discuss some pros and cons of the OSI model the first advantage of the OSI model is that it provides an organized structure by dividing the functions of a network into seven transparent layers this makes it easier for Network administrators and Engineers to understand the flow of data and troubleshoot problems the OSI model is also widely accepted and standardized this simplifies communication and collaboration between different networks and vendors lastly its modular design offers flexibility each layer in the OSI model can be modified or improved independently without affecting the other layers this modular design makes it easier to adapt to Modern Technologies in the everchanging networking world but just like any other system The OSI model also has some drawbacks The OSI model can be hard for novice Network administrators to understand to apply it practically requires is a comprehensive understanding of its many layers and functions because of the theoretical nature of the OSI model it's mostly used for educational purposes and may not always match how networks are set up in real life another disadvantage is that by breaking down the functions of a network into seven layers it adds some extra steps which can slow down the speed of data transmission lastly implementing the OSI model involves a lot of planning and hard work and can therefore be timec consuming despite its disadvantages The OSI model can still be useful especially to troubleshoot network problems like Sam's unplugged cable and in this video you learned that it can help you understand data transmission across a network you also discovered the Seven distinct layers of this model and their functions the OSI model is an essential framework for understanding how communication occurs between different network devices because it offers a standardized approach to network communication now that you are familiar with the open systems interconnection or OSI model and the concept of layered architecture you should have a clear understanding of how communication happens over networks like the one used by Sam Scoops isn't it amazing to think of the massive scale at which data flows all around the world daily millions of devices talk to one another over all kinds of networks an important factor that makes this possible is the rule book that determines how the this constant data transfer happens earlier you learned that the Internet Protocol or IP gives unique IP addresses to each device on the network to make sure packets of data arrive at the correct destination you can probably guess that IP is part of the communication rule book in this video you will learn more about the other rules or protocols that make network communication work most importantly the transmission control protocol or TCP together the two Protocols are referred to as the TCP IP suite and it also has a layered architecture like the OSI model tcpip is the primary protocol used all over the world by millions of devices to send information online on different kinds of networks by now you know data transmission involves several steps and TCP IP plays a significant role in these steps you can think of it as a big post office where data is broken down into small packets and sent to their destination data is broken up into smaller packets so that multiple computers can send data each taking quick turns it also increases transmission rates by not clogging up the line the Internet Protocol or IP ensures the packets get to the right destination and the transmission control protocol or TCP makes sure the packets arrive safely and in the correct order this way even if some packages get lost along the way TCP will send them again to make sure the information gets to the destination intact data transmission in TCP IP involves several steps to make sure that the data gets to the right place in perfect form and these steps happen in different layers let's examine the steps in more detail First Data is divided into smaller parts called packets before being sent over the network these packets then travel over the network which may be physical wires or Wireless signals to reach their destination the next step is the reception of the packets the destination device collects all the packets and puts them back together to recreate the original data but sometimes data can get lost along its Journey so the fourth step is to make sure all the packets are correct and have arrived in the right order for this reason the TCP protocol adds extra information to each segment of data known as is a sequence number and an acknowledgement number to better understand this process imagine sending a parcel across the world you would want to know that it arrives safely right well you can track your parcel as its barcode gets scanned along the way this allows you to know where it is on its Journey if it has arrived at its destination or if it got lost now imagine sending 10 Parcels but they have to be opened in a specific order for them to make sense so you number each parcel so that the receiver knows in what order to open them well this is what TCP does the sequence number is the order of the packets and the acknowledgement number is used to check if they arrived if any of the parcels get lost an acknowledgement number is not sent back to the receiver after a timeout period the sender will know it has to send the packet again when delivered successfully an acknowledgement will be sent back to close the process but the TCP delivery check process can only happen once devices have found each other over the network and this happens next with the IP protocol which you've learned about earlier in essence the data with all the applied TCP IP protocols is signals sent across cables or wirelessly to their destination these signals are in the form of digital zeros and ones known as binary next let's unpack this process as it happens in the layers of the TCP IP stack the four layers are the application layer the transport layer the internet layer and the network interface or data link layer remember the OSI model the bottom layer is the network interface or data link layer and is the physical link between the computer and the network it is responsible for sending and receiving data over the network using Hardware such as network adapters the next layer the internet layer forwards packets from the source to the destination the transport layer works in the background and ensures that the data is sent reliably meaning all data packets are verified by the TCP protocol but this takes time so for data that needs to be transmitted quickly like video data this layer uses another protocol the user datagram protocol or UDP UDP does not include verification and thus speeds up the transmission and the top layer the application layer deals with the applications running on the devices and the data that they generate in other words it provides an interface for the user to access network resources while watching this video you've most likely realized that your devices constantly use TCP IP to send and receive data and if you are like most internet users you are doing several different things online at the same time TCP IP makes this possible because TCP IP allows multiple processes to happen simultaneously it's called multiplexing and means that different devices can send and receive data at the same time over the same connection it can also handle different data types such as emails websites and videos TCP IP work with small networks like Sam's network but also enables communication across many different sizes of networks including the internet in this video you learned about TCP IP the primary communication protocol framework of all modern networks and the internet you now know the different devices on Sam's Network need TCP IP to communicate successfully and you also learned about TCP IP's different layers and their functions well done when traveling you always have the end destination in mind and the same applies to data and networking think of airports in different countries where each airport represents an IP address the location where your data needs to travel as you may recall IP addresses are vital in identifying different devices on a network to Route traffic to the intended destination but it's not just IP addresses that play a vital role in getting data packets to where they need to be like airports IP addresses have different terminals or gates for specific purposes these gates are known as ports and they allow various types of data to be sent and received by specific applications much like a passport that determines whether someone is allowed to enter or leave a country understanding how ports work is important because it allows you to control which types of data can enter and leave your network as well as protect against unauthorized access over the next few minutes you'll explore port numbers and how they are used by devices on a network to identify data you will also learn how ports are positioned within the OSI and TCP IP Suite to begin let's apply the airport analogy to networking suppose you're going on a trip to a foreign country the airport you depart from represents your device's Source IP address and the airport you arrive at indicates the destination IP address Before you depart you need to provide your passport at the terminal to confirm your identity and to receive your boarding pass then you're authorized to board the plane in this case you can think of the plane as the router on the network that helps your data get to its destination when you arrive at the destination you must go through customs and provide your passport to identify yourself again similarly when data travels on a network it needs to go through certain ports to access specific protocols just like your passport verifies your identity and allows you to enter a country ports identify and allow certain types of data to access the network think of ports as a type of digital passport for data traveling between source and destination IP addresses for instance when you access a website your computer sends a request to the web server using a specific port number the web server receives the request and responds by sending the requested web page back to your computer but how does this work the process is similar to the concept of passport verification where a passport is scanned when leaving and entering a country someone who tries to enter a country without a valid passport would be denied entry similarly if data tries to enter a network without the proper port number the network security measures like firewalls May block its entry to protect against unauthorized access now that you understand how ports work let's examine the range of port numbers and how they are assigned port numbers are used to identify different types of data during transmission and are assigned within the transport layer of both the TCP IP suite and the OSI model this range of numbers goes from 0 to 65,535 both the transmission control protocol or TCP and user datagram protocol or UDP use port numbers to identify themselves the application layer of both models identifies the specific protocol required by the application and then the transport layer assigns a port number to that protocol using a specific number to identify it these port numbers are used to to identify protocols but also to keep track of data as it moves around devices on the network firewalls use port numbers all the time to permit and deny access to a network understanding how port numbers are used in network security is crucial firewalls rely on port numbers to permit or deny access to a network but managing the range of port numbers is equally important to prevent unauthorized access when managing the range of port numbers it's important to keep in mind that many ports are blocked by default to prevent unauthorized access but sometimes you may need to use a specific protocol and in those cases you can open the corresponding port number to allow traffic to flow through this is usually done on the Network's firewall and the local firewall on your computer it's worth noting that when you add a new application to your device it may automatically open the necessary ports for the protocols it requires in conclusion ports are like the gates at an airport controlling what data can pass through and where it's going by managing and securing the range of port numbers you can keep unwanted access out of your network with the knowledge you've gained from this video you can describe how port numbers work what range they fall under and how to keep them secure by doing so you're helping to control the flow of data in and out of your network protecting it against unauthorized access keep this in mind as you continue to explore the world of networking you now know that port numbers can be used to identify protocols and the protocol set rules for how network devices communicate but have you ever wondered how your computer distinguishes between the hundreds or even thousands of conversations happening simultaneously on a network or have you considered how different protocols work together to keep all these conversations organized and secure over the next few minutes you will will explore how protocols and port numbers work together to distinguish between the many conversations happening on one device by the end of this video you will have a better understanding of how protocols and port numbers work together to ensure that data is transmitted securely and efficiently across the network there are many conversations happening on your computer and network at any given time this amplifies into hundreds if not thousands of conversations happening simultaneously to ensure that these conversations are successful they must follow a set of rules or protocols that dictate how network devices communicate these Protocols are essential for organizing and securing the flow of data especially sensitive information let's now explore how protocols and port numbers work together to ensure that conversations can take place securely and efficiently starting with email protocols electronic mail or email has been used for exchanging messages messages between businesses and individuals worldwide for many years there are many different email applications available today from cloud-based options like Microsoft Exchange online to un premis Solutions like Microsoft Exchange Server various email protocols have been used over the years to deliver email globally including POP3 and iMap for receiving email and SMTP for sending it let's explore an example of how email moves between two us users using the simple mail transfer protocol or SMTP the diagram illustrates the communication between the sender recipient and email servers but it doesn't display the port numbers used in the process to gain a better understanding of the involvement of ports let's focus on the sender and examine how they communicate with a server the sender selects a source and destination IP address and identifies the protocol they want to use which is SMTP SMTP uses port number 25 for its communication the destination Port is always the service or protocol being accessed once the protocol is chosen the devices involved have a set of rules to follow to ensure the conversation is successful for SMTP this includes multiple message exchanges such as H to create the SMTP connection between the client and server mail from to provide information about who is sending the email receip to for reporting the email's recipient data to prepare and initiate the transfer of information between the client and the server reset to reset the connection and clear all earlier transfer data without closing the SMTP connection and quit to end the connection one problem with using port number 25 is that it can be intercepted by someone listening in on the conversation this is because Port 25 is known as the port for emails making it more susceptible to attacks as a workaround port number 587 can be used instead which allows data to be encrypted offering better protection and reducing the risk now let's move on to review the source port number from the example the sender utilizes port number 5000 as its source this number does not indicate a specific protocol rather it serves as a session ident identifier for the computer to receive responses from the email server by using a separate port number for each session multiple sessions can be opened simultaneously on the computer to further illustrate this point let's say you open three different web pages on your computer one for shopping one for social media and one for online banking it would not be feasible for all three websites to use port 80 to communicate with your computer as they are distinct sites therefore your computer assigns a different port number to each website allowing incoming traffic to be identified and displayed on the appropriate browser tab in this video you explored the important role that protocols and port numbers play in establishing effective communication processes and safeguarding the delivery of information throughout this discussion you have learned that Protocols are responsible for setting the rules and guidelines for how devices communicate and transmit data and that some protocols even provide added security by encrypting data during transmission you now also know that port numbers are the key to identifying and managing multiple conversations happening simultaneously allowing different protocols and services to function efficiently without interference armed with this knowledge aspiring Network professionals such as yourself can confidently ensure that data is transmitted securely and efficiently across the network today more than a billion websites exist and we use them daily to access information and services Sam's business is no different and with a newly installed internet connection employees have been asked to complete Food hygiene training on a website to access the site they type in the name of the website easy right but you've learned that websites are stored on servers and servers have IP addresses so how is it possible for employees to access the website without the IP address of the server that's where DNS or domain name system comes in and in this video you will be introduced to the concept what it is used for and how it makes finding websites on the internet easier you know that IP addresses are used to identify and locate devices on a network and that a website is a location somewhere out on the internet but IP addresses are long and complicated to remember imagine you had to navigate the internet using IP addresses think about all the websites you visit daily and how much harder it would be if you could only find them by using an ipv4 or IPv6 address it's great that you can use website names to find what you need on the internet but that's not how devices like servers that host these websites work they only understand how to communicate using IP as the standard something has got to sit between the easyto read name and the IP address and that's the job of the domain name system the domain name system is a service that translates a human readable domain name or URL into the IP address of the server that's hosting the site or service when you type a website address into your browser like www.sams.com an automatic search is instigated on a DNS server this is known as a DNS lookup the DNS server acts as a translator taking the name you typed and converting it to an IP address that can be located for the relevant website the IP address is stored in the DNS server as a record and there are a number of record types the DNS server will use an address record or a record when simply looking for a website name translation another type of record is a domain name system service record or SRV which can tell a device what services are available for a particular website for example a website that needs video conferencing capabilities requires the use of a video communication protocol like session initiation protocol or sip DNS uses port number 53 and can send requests reliably using TCP or unreliably using UDP DNS needs to be fast so UDP is the preferred protocol because it doesn't provide packet delivery check overheads many DNS servers worldwide provide this lookup service because there are so many incoming requests from everyone surfing the web if there were only one DNS server you would have to wait a really long time for the translation to take place before you can get to the website you want to access anyone can create DNS servers but there are so many in existence that you don't have to go through the setup yourself to access websites internet service providers or isps typically provide a DNS server for their customers and companies like Microsoft own many such servers worldwide in summary DNS or domain name system is an essential part of the modern internet that translates userfriendly domains into numerical IP addresses to Route internet traffic to the appropriate destination to do this it needs to be fast and responsive therefore it uses the UDP protocol so you don't even notice the translation from the website name to IP address unfortunately DNS is susceptible to attacks but you'll learn more about that soon previously you learned that Network traffic could be monitored to identify threats and make sure that no process or application takes up too many resources and bandwidth this is a great way to ensure that the network supports the business in the best way possible but it's not very proactive after all you're just monitoring the traffic as it's already moving across the network as data is being collected how can you use it although she hasn't implemented any network traffic monitoring yet Sam is wondering what the benefits of traffic monitoring could be and if it's something the business should pursue as it expands in this video you will learn how analyzing collected data can help you determine a Network's Health with metrics and Implement some proactive actions on the network using analysis health and Metric analysis are about spotting Trends and patterns in data collected from Network traffic monitoring the identified Trends and patterns can then be used to proactively introduce traffic management methods to keep the network healthy and traffic management methods can ensure that the capacities on network devices are maximized without overloading them thereby increasing the return on investment or Roi metric analysis involves measuring key performance statistics to understand how something is performing and predict its future Performance Based on the gathered data tools used for this prediction generally need at least 30 days worth of data to create a BAS Baseline performance for a network there are several different metrics that can help determine Network Health and performance let's examine some of them first is bandwidth usage this metric is about checking that you are not going over the amount of available bandwidth if the bandwidth usage is too high it can affect the Network's performance by slowing things down the second metric is packet loss when packets get lost on the network between the source and destination you know that TCP can resend those lost packets but that can actually create more congestion on the network if it occurs too often the third is latency this is how long a packet takes to move across the network and back again it's also known as the roundtrip time or rtt last is Network availability this is a key metric because it reflects uptime on the network in other words it tells you when the network is working and when it is not these metrics and others can tell you how healthy your network is and how well it's performing next let's discuss traffic management a network can be set up to manage its performance by utilizing something called quality of service or qos qos is a suite of different traffic management mechanisms that can be used at different times based on network performance although traffic monitoring is ongoing traffic management mechanisms should only be turned on when needed if everything works as it should you don't need to create extra work two of the mechanisms included in qos are traffic marking and prioritization traffic marking allows you to Mark packets with for example different colors to indicate priority for example real time information like video calls should be prioritized less critical traffic like email can be given a low priority in conclusion collecting data is an essential First Step but it needs to be followed by health and Metric analysis to make predictions the more data is collected the more reliable the predictions will be Sam Scoops should start collecting data to measure its Network Health as soon as possible before performance events like lagging distorted video calls or video buffering happen due to the lack of bandwidth some traffic management mechanisms will have to be configured to prioritize the most important traffic to get the best performance and usage out of the current network devices ultimately this will save the business money and get a better Roi on the equipment used you've made it to the end of the second week of this course aren't you proud of yourself you should be after all you've learned a lot about network devices and their infrastructure The OSI model protocols and ports and network monitoring that's quite a lot of new knowledge to take in and you still have to complete the module quiz so let's review what you have learned this week first you learned about hybrid networking when a network or combination of networks uses different connective Technologies to link devices for example a home network with both wired and wireless connections hybrid networks are great but when a business has multiple sites several networks have to be linked together via the Internet the network of networks which is what you learned about next it's not only individual businesses that connect to different sites via the Internet the whole world world is connected through the internet so there are many interconnected networks and the connections between these are facilitated by internet service providers or isps next you were introduced to cloud computing which can extend local storage and computing power through data centers that act like giant computers with vast storage and a lot of CPUs and RAM you learned that there are four types of clouds public private hybrid and multicloud expanding on your new knowledge of the cloud you also learned about the infrastructure that makes both private and public cloud services possible and don't forget you also learned about vpns and how they can securely connect different networks but what about connected devices that don't need direct input from humans yes you guessed it it's the internet of things or iot which you also learned about now let's move on to lesson two you started this lesson by learning about the OSI model its seven layers and its purpose the way the model separates the communication process into smaller parts or layers makes it easier to understand and troubleshoot specific aspects of data transmission after this you learned about layered architecture of which The OSI model is an example this concept is all about the separation of concerns it breaks down complex networking processes into more manageable layers that enable it professionals to change protocols and processes within each layer without affecting the others you also learned about the TCP IP Suite which has four layers it plays a vital role in data transmission since it is the primary protocol used all over the world by millions of devices to send information online on different kinds of networks in this lesson's exercise you applied what you learned by demonstrating how to expand a network to support new users and wireless devices and identify protocols that can be used within that Network in lesson three you learned about ports that control which types of data can enter and leave a network as well as protect against unauthorized access you learned that port numbers are almost like digital passports for data traveling between source and destination IP addresses if data attempts to enter a network without the proper port number the network security measures like a fire wall May block its entry to protect against unauthorized access next you explored more protocols involved with data transmission Network protocols provide a common language that enables different devices to talk to each other and share information you also learned that proper Network protocols have to be implemented to protect a network from cyber threats at this point you have learned about both ports and protocols but don't forget that they work together to securely and efficiently trans transmit data across a network some protocols set rules for how devices communicate and transmit data While others support data encryption and port numbers separate and identify multiple ongoing conversations between devices you also learned that port numbers can be divided into three ranges and that various Protocols are associated with each port number as part of this lesson you also completed an exercise in which you learned how to identify the sessions that are currently in use on a computer finally you completed a lesson about network monitoring this started off with learning about how DNS enables users to access websites using userfriendly domain names instead of numerical IP addresses unfortunately because it's so widely used DNS is very vulnerable to attacks DNS relies on a structure of four different DNS server types to deal with hundreds of thousands of requests every second from around the world so there are many opportunities for attackers after this you learned about how Network traffic monitoring is used to check what protocols and data are moving around a network and monitor performance and security threats Network traffic monitoring helps businesses quickly detect and respond to security incidents prevent data breaches and ensure that network resources are used efficiently but monitoring is only half of the equation the other half is analyzing the data you collect and proactively introducing traffic management methods examining metrics keeps the network healthy when problems are spotted in Trends or patterns some of the metrics used for analysis include checking bandwidth packet loss latency and network availability and you can use the quality of service or qos Suite to deploy traffic management mechanisms lastly you learned about Network logs and how they record information from data points on a network and you learned about filtering and searching logs efficiently to find relevant information now that you've reviewed this week's content you should be ready to take the module quiz about network devices if you aren't don't worry it's easy enough to go back and revisit items you feel unsure about work at your own pace but even if you are ready for the quiz first take a moment to appreciate your efforts before you move on well done Sam Scoops client base has grown significantly and keeping track of client information has become challenging with different employees adding client details on copies of a spreadsheet there are now different versions of the client's list on everyone's devices and they are experiencing the same problem with stock taking and supplier related Administration they urgently need a central space where employees can access the same files fortunately client server networking can provide them with a secure and efficient way to to centralize their data and applications in this video you will learn about the details of a client server networking model client server Network models are common in the world of computer networking today in this type of network a client is a device or an application that requests services or resources from a server the server on the other hand is a computer system or software that provides those services or resources to the client think of it this way a client din at a restaurant and needs something for instance a glass of water so they call their waiter and make their request the waiter then serves them a glass of water in the same way when you use your computer or mobile device to connect to a website or an application you are the client making a request for information and the server provides you with that information this type of networking model is called a client server because the client and the server communicate with each other to exchange data and services the server is the primary provider of those services and the client is the primary user this architecture is commonly used in offices businesses schools and other organizations to allow various clients to access the same files or applications on the server the client server model can be a great solution for the versioning issues that Sam Scoops is experiencing next let's discuss the components of a client server Network by exploring Network clients first in the traditional sense a network client is a lightweight computer or device that cannot run programs on its own as technology has advanced a client is more than a simple terminal today it can now represent any hardware or Software System that interacts with services offered by a server there are four types of clients in a client server networking model thick thin zero and hybrid let's explore them in more detail a thick client is the most common client type in today's Network environments in fact every desktop computer these days are a thick client a thick client is sometimes known as a workstation and can process and store data locally without using a server a thick client's interaction with a server is minimal and might only be to store data on a shared network drive there is also a thin client and historically this was a Terminal A Thin Client cannot process or store data locally and relies completely on the server to provide computational power and storage today thin clients are represented by web-based applications or browsers that request and display information from servers regardless of the device on which they are running zero clients are ultra thin clients basically running no software they are usually small Hardware boxes used to connect peripherals like a monitor keyboard mouse and network cables to a server this is done to provide virtual desktop environments or vdi since zero clients have no software running on them or local storage they have no security risks and lastly hybrid clients combine the best of both thick and thin clients a hybrid client can perform limited local data processing but has no local storage capabilities an example of such a client is a device that renders content and stores the results on the server like automated rating systems next let's explore servers a server is a variable term for a software system a hardware device or both that provides services or resources to other computers on a network in the past servers were large mainframe computers that were housed in big rooms and were used by many clients today servers can be much smaller but still powerful they are typically made up of a high-end computer with lots of memory and processing power normally they are connected to other devices like switches routers load balancers and firewalls servers usually run specialized software such as Windows server or Linux to help them provide the services needed by other computers on the network a server's main task is to provide services and resources to its clients the larger the number of applications and users the more servers are required to split the resources across them servers are used for running applications mailing file storage printer sharing gaming web hosting media streaming database hosting and many other purposes in this video you learned about client server networking its components and how it works to enable the efficient sharing of resources and data between multiple users and devices you also learned about different types of clients and servers used in modern client server networking do you work from home or know someone working from home today thousands of people work from the comfort of their own homes and it's all thanks to the technology that allows them to connect remotely to their company's networks files and IT services not only does this technology make remote work possible but it also simplifies how it teams fix problems in the modern workplace with remote access they can troubleshoot and fix employees devices without ever having to leave their desks but what are the other benefits of remote access and what technologies make it possible in this video you will learn about remote access and the Technologies that support it remote access refers to the ability to access a computer network or data from a location other than the device or network itself it allows individuals with an internet connection to connect to their work or home computers from anywhere in the world this is especially convenient for businesses and individuals who need access to their data from various locations because as much as you try to prevent them emergencies do happen imagine having an emergency during a holiday trip and needing medical documents saved on your home computer or say during your trip your manager urgently needs a file from your computer no problem with remote access you can say goodbye to the days of being physically Tethered to your desk or office whether you are working from home traveling for business or pleasure remote access enables you to work and access your data from anywhere in the world remote access has numerous benefits for both individuals and businesses as discussed earlier it is especially useful for troubleshooting IT issues but it also increases productivity and enhances collaboration among teams working from different locations remote access can also reduce travel costs associated with inperson meetings all these benefits are great but remote access also poses some cyber security risks first remote access software is a prime target when remote access software is unsecured outdated or unpatched it can allow unrestricted network access to anyone on the internet weak authentication like simple passwords can allow cyber criminals to take over user accounts this is a major risk to the network because compromised accounts connected via remote access provide a foundation to access network computers and resources like file servers email servers and database servers cyber security criminals can also exploit remote users by sending fake remote access links or malicious attachments in fish in emails if a remote user accesses these links or attachments it could put the account credentials of organizations and entire network systems at risk and once attackers gain access they can steal data install malware or change data knowing about these risks is important but so is knowing about the tools and technologies that make secure remote access possible the tools and Technologies used for remote access depend on the type of network and devices used let's explore some some of the most used remote access tools earlier you've learned that a virtual private Network or VPN is a secure method for creating a virtual network over a public network such as the internet it encrypts the connection between the Remote device and the host Network providing secure access to resources on the network vpns are widely used for remote access to corporate networks because they provide an improved level of security vpns use many different protocols for authentication data encryption and tunneling tunneling is a process by which VPN software connects to the destination and sends data some of the protocols vpns use include IPC SSL or TLS pptp l2tp and openvpn and others another important protocol is the remote desktop protocol or RDP this Microsoft protocol allows users to connect to a remote computer computer and access its desktop and applications RDP is built into the Windows operating systems and is commonly used for remote access to individual computers or servers but what if you need to connect over an unsecured Network like free public Wi-Fi well in unsecured networks it technicians use the secure shell or SSH which you've learned about earlier remember SSH provides encrypted communication between the client and server Protec in sensitive data from interception SSH is commonly used for remote administration of servers routers and other network devices there are also remote access services or RAS a Microsoft Technology that allows dialing into a network from a remote location it allows remote users to establish a secure connection to the network over a phone line or the internet Ras is a predecessor of routing and remote access service or Ras this built-in Windows operating system tool enables remote access and routing Services it can be used to create a VPN server as well as Diop and wireless networking connections our Ras also supports several authentication methods in this video you learned about remote access and the technologies that make it possible many cyber security roles involve remote access to Monitor and maintain computer networks for instance you might have to deploy security updates quickly to remote computers without being physically present you will most likely use this knowledge covered in this video in your career going forward in today's world authentication has become a huge part of Modern Life whether it's gaining access to Everyday devices like mobile phones or laptops or accessing services like banking it now plays an important role in maintaining your online security Sam's business is continuing to grow employees are logging in Daily using passwords to access important business information while they have implemented a fingerprint device for physical security some team members are concerned about the security of their computer passwords they have raised the valid concern of whether using plain text passwords is enough to protect the company sensitive data over the next few minutes you'll explore the world of authentication protocols and discover the various methods that are used in modern Computing for both personal and professional use let's begin with passwords when it comes to securing digital assets traditionally password-based authentication has been the standard approach but in recent years passwordless authentication has gained popularity but what exactly is passwordless authentication this method of authentication allows users to access their devices or applications without the need to enter a password instead it uses biometric devices to authenticate users such as fingerprint scanners facial recognition technology or even Iris scans biometric devices provide a convenient and secure way for users to access their Digital Services without the need for complex passwords which are sometimes difficult to remember and can potentially be compromised in fact passwordless authentication is integrated into most mobile devices and laptops today and even small businesses now incorporate biometric authentication systems this not only improves security but also provides a more seamless and efficient user experience however you should note that while passwordless authentication systems are more secure than traditional password-based systems your devices will not be completely safe from hacking attempts for maximum security it's essential to follow a zero trust policy which means you should trust no one when it comes to security and always Implement best practices to remain Vigilant and safe one way to improve the security of passwordless authentic iation is by incorporating a two- Factor authentication system firstly a single Factor authentication system means you only require one form of identification such as a username and password this method is widely used but it can be vulnerable to password theft fishing attacks and other social engineering techniques if a hacker gets hold of a user's password they can easily access their account and potentially steal sensitive information however with two Factor Authentication or 2fa you can add an extra layer of protection to online accounts 2fa requires you to provide two different types of information or credentials to verify your identity this makes it harder to gain unauthorized access to your accounts typically the first factor is something you know like your password then the second factor is something you have like your cell phone so when you enable TFA for an account you'll first enter your password when logging in then you'll be prompted to enter a code that's sent to your phone which is also called a one-time password OTP businesses can use specialized apps called authenticators to generate these codes on their personal phones or devices this ensures that even if someone knows your password they still can't access your account without the second Factor some of the popular authenticator apps used to generate codes for two-factor authentication are Google Authenticator Microsoft auth authenticator and aie another type of two-factor authentication makes use of security Keys which are physical devices used to authenticate users this security key is a small USB like device that you insert into a USB port or you can use it wirelessly with Bluetooth or near field communication otherwise known as NFC when you log in you are prompted to insert the security key and press a button to verify your identity the key will then generate a onetime code that that is sent to the system which verifies its authenticity this is also called Universal second factor or u2f authentication Standard Security keys are considered highly secure because they are not vulnerable to fishing attacks where attackers try to trick users into disclosing their usernames or passwords they are also more secure than other forms of two-factor authentication because they cannot be intercepted or stolen through malware or other online attacks Pho is one of the most popular vendors of u2f security Keys now let's review some of the authentication protocols that organizations use such as ldap which stands for lightweight directory access protocol ldap is a protocol used to access and manage centralized user authentication and authorization Azure active directory is a very popular service that uses ldap or radius which stands for remote authentication dial-in user service radius is a client server protocol that provides centralized authentication authorization and accounting management for users who connect and use a network service it is often used for remote access to networks another protocol is called certificate-based authentication which is an authentication method that uses digital certificates to verify the identity of a user device or application and lastly keros is a network Authentication Protocol that provides Mutual authentic ation between a client and a server in a network environment it protects businesses against password sniffing attacks by encrypting authentication credentials it is commonly used in Windows domains well done in this video you explored authentication and gained knowledge about the fundamental concepts of authentication you also discovered the various types of authentication mechanisms that are widely used in everyday life you even explored the concept of two- Factor authentication which adds an addition layer of security to the authentication process as you have learned authentication plays an essential role in keeping your data and your devices secure so it's important to stay vigilant and keep up toate on all the latest trends in the authentication world so far you've explored how organizations use authentication and modern Computing as a way to allow their employees to access business information but what if only certain employees should be able to access sensitive parts of the information how would you approach this right now Sam is happy with how employees are authenticated when accessing their Network however they recently purchased accounting software to track the daily Financial transactions of the company but the vendor that set up the accounting software only provided one set of credentials by which all employees could access the software Sam is concerned about the security threats this poses for instance the counter attendance should not be able to view the banking information of supply buyers and clients Sam wonders if there is a way to assign specific access rights to employees based on their responsibilities to limit access to sensitive information well the solution to this is a proper authorization authentication and access control setup in this video you'll explore how access control is tied to authentication and authorization Access Control basically determines what resources an authenticated and authorized user can make use of let's explore what it is and how it works in modern Computing discover the different tiers of access and how authorization is granted and monitored so what is it authentication is responsible for granting or denying access to the system while authorization determines what data or resources will be available it does this by analyzing a user's identity role or their permissions by doing this authentication ensures that only authentic ated individuals or entities can access an area where there's sensitive information then authorization decides what specific information can be viewed let's take this analogy think of a time you stayed in a hotel as part of the check-in process you were provided with a physical card your check-in was the authentication you are who you say you are which then allowed the hotel to issue your room card providing you with authorization to enter your room however if you think about the cleaners who are employed by the hotel they would have an ID that authenticates them to be on the premises just like your check-in process they also have physical cards but that card authorizes them to access all the rooms in the Hotel this is Access Control through the use of authentication and authorization this approach is taken by organizations all over the world while you may have valid authentication to access the organization's database that may not give you the authorization to view or modify certain sensitive data for example an employee who works in Human Resources may have access to employee records but may need to be authorized to view the salary details of all employees if authorization is not controlled the human resources employee may be able to access sensitive data that they should not be able to view great now you have a good understanding of authentication and authorization let's explore some of the different tiers tiers refer to the different levels of access that can be granted to individuals or entities depending on their role responsibilities and levels of trust some common tiers of authorization can include guest access which is the lowest tier of authorization and typically provides limited access to resources or Services user access is usually next and is granted to registered users who have authenticated themselves to the system user access typically provides more privileges than guest access allowing users to create edit and view their own data next is administrator access this tier is granted to individuals who have a higher level of responsibility and control over the system for example it departments they can typically create edit and delete users as well as configure system settings and manage resources with super user access individuals are given complete control over the system including access to all resources and the ability to modify any aspect of the system super users are typically responsible for maintaining and securing the system however role-based access is more at an individual level and is based on the roles and responsibilities of the individuals within an organization access is granted based on the user's role such as a manager employee or contractor role-based access ensures that individuals only have access to the resources and services they need to perform their job functions and finally you have conditional access this tier of authorization is based on the context of the access request such as the location device time or network conditional access provides an additional layer of security by ensuring that access is granted only under specific conditions but how is this authorization granted and how do organizations monitor it they do this through a combination of authentication Access Control and auditing mechanisms firstly authentication is provided when users have verified their identities once this step is complete Access Control determines what actions a user is allowed to perform this step involves various models like rbac ABAC DAC Mac and others to enforce Access Control finally user activities are audited this involves monitoring and recording all user activity and events in order to detect any unusual or unauthorized access attempts well done in this video you discovered what authentication and authorization is you also explored the various tiers of authorization and examined how authorization is granted in modern business organizations continuously need to Monitor and update their authorization policies this ensures that users can access the resources they need whilst also preventing unauthorized access by having proper auditing and logging mechanisms in place organizations can not only track access but also identify any potential security breaches these authorization policies not only protect your data but can also significantly increase the cyber security of an organization meet emry emry is a self-proclaimed tax-savvy individual he knows how to make a mean cup of coffee fix network issues and even program his smart appliances but what emry doesn't know is how to keep his personal information safe from cyber criminals in the wild wild web one day emry receives an email from his bank the email looks completely legitimate with the right colors logos and fonts the email asks him to click on the link and provide his banking username and password to view a suspicious transaction on his account being the trusting individual he is Emory clicks on the link answers his information and Bam Em's information is at risk his bank account information is now in the hands of a scammer who is free to empty his bank account by providing his login details Emory unwittingly provided authentication to the scammer giving them access to his bank account authentication is the process of verifying your identity just like security at a concert or conference checks your ID or pass to make sure it's legitimate before letting you in in the digital world you authenticate Yourself by providing your username and password and only then you are granted access however being authenticated doesn't automatically mean you have access to everything that's where authorization comes in authorization is like a backstage pass it grants you access to certain areas or information based on your level of permission without authorization even if you are authenticated you won't be able to access sensitive information just like security checked your identity they will check your backstage pass to ensure you are authorized to access the area luckily Emory's Bank uses a two-step process to authorize transactions before any money could be transferred out of the bank an authorization request was sent to his phone alerting him to a possible breach Emory immediately realized he has been hacked and contacted the bank to report the incident this scenario highlights the importance of both authentication and authorization in securing personal information while authentication verifies your identity authorization determines what actions or data you are allowed to access in emy's case his password leak bypassed the authentication process but the bank's authorization process prevented any money from being transferred out of the account without his approval when it comes to cyber security authentication and authorization are your best friends they're like the superheroes of the digital world protecting your valuable information from cyber criminals have you ever tried to book tickets or complete a purchase online and suddenly the website went down then perhaps the following event might sound familiar one morning as Sam was putting in a long list of orders on one supplier's website the entire site crashed she then tried to contact them via a conference call but could not get through and later she sent an email but it bounced back their entire system was down later Sam finds out that the supplier was hit hit by a massive dos attack Sam has no idea what dos or distributed denial of service attack means but realizes that cyber attacks can cause a major disruption in business operations dos is one of many kinds of cyber security attacks and it involves multiple sources simultaneously flooding a network with traffic making it impossible to operate Network attacks like these happen every day all over the world but the method and effects can differ drastically if a network is vulnerable due to lack of proper security measures attackers can be successful in this video you will learn about common types of network attacks let's first classify what a network attack is a network attack is mostly an attempt to gain unauthorized access to a computer network system or device with the intent of stealing damaging or manipulating data these attacks can come from external sources such as as hackers or viruses or from internal sources such as employees or contractors Network attacks can cause significant harm to businesses organizations and individuals and they can broadly be classified into two categories passive attacks and active attacks in passive attacks an attacker simply observes or EES drops on network traffic without modifying it passive attacks can be challenging to detect as they do not typically disrupt network activity in contrast active attacks involve an attacker taking an action that affects the network traffic active attacks are usually easier to detect than passive attacks because they typically involve some level of disruption to network operations such as modifying or stealing data let's explore some of the most common Network attacks hold on to your seat this is going to get interesting first is EES dropping which involves intercepting and reading data data transmitted over a network this can include sensitive information such as passwords credit card numbers and other personal data eavesdropping involves various tools and could be an automatic or manual process these tools are used for intercepting capturing and analyzing Network traffic this process is called packet sniffing the impact of VES dropping can be severe as it can lead to data exposure and information theft don't don't confuse packet sniffing with packet spoofing which is another type of attack packet spoofing is when an attacker sends packets of data with a forged Source address to make it appear that the packets are coming from a trusted Source the purpose of packet spoofing is often to trick the recipient into accepting the packets as legitimate and allowing the attacker to gain unauthorized access to the recipient's network or systems another type of network attack is IP spoofing and it involves forging The Source IP address of a network packet to make it appear as though it came from a trusted Source this can be used to gain unauthorized access to a network or to steal data to prevent spoofing it is essential to implement Network filters to prevent spoofed packets from entering the network on the other hand a man-in-the-middle attack involves intercepting communication between two parties and relaying messages between them this gives the appearance of normal communication while secretly if dropping and potentially modifying the messages this can lead to information theft data exposure and unauthorized access next let's revisit the distributed denial of service or dods attack mentioned at the start of this video like discussed a dods attack involves overwhelming or flooding a network with a lot of traffic or requests a denial of service or dos attack is similar but it originates from a single Source while a Dos attack is launched from multiple sources making it more challenging to mitigate these attacks can lead to network downtime and service disruption another malicious attack type is backdoors and just like the name suggests it involves creating a hidden entry point into a network or system that bypasses standard security measures back doors can be used to gain unauthorized access steal data or install malware a better known attack type is password cracking which involves attempting to guess or crack a user's password to gain access to their account this can affect not only users but also servers Wi-Fi routers or any network resource that is protected with a password lastly there is SQL injection SQL or structured query language is a language used to access and alter database tables and records and S SQL injection is one of the most common attacks against web applications it causes significant damage to organizations and businesses that use databases to store sensitive data with SQL injection attackers can exploit vulnerabilities in SQL statements to access sensitive information such as usernames and passwords and use this information for further attacks in this video you gained insight into various types of network attacks this knowledge adds a vital part to your foundational knowledge about networking later you will learn how to implement appropriate security measures to safeguard networks from unauthorized access and malicious activity at this point you should be well aware of the methods and tools that cyber attackers use but fortunately Network administrators and Security Experts have a few tools up their sleeps themselves remember the Dos attack on one of Sam's suppliers Network in response to the incident the supplier hired a specialist to implement robust security measures and monitor network activity to help prevent future cyber threats Sam should probably take these security measures for her business too right but what would that entail in this video you will learn about network security and the tools Network administrators can use to ensure the security of a system effective network security is built upon Three core principles confidentiality integrity and availability confidentiality ensures that only authorized individuals have access to sensitive information Integrity guarantees that your data remains accurate and unaltered and availability ensures that your digital resources are accessible to authorized users whenever needed without proper network security measures in place a network and its data are vulnerable to a variety of threats these threats can include hackers viruses malare W and other malicious software that can cause significant damage to the network and compromise sensitive information that's why network security is essential for protecting data and a business's reputation to do this network administrators and security Specialists need the correct tools and Technologies to keep a network safe and secure let's explore some of these network security tools starting with firewalls firewalls are the first line of defense for all Networks and a critical tool in the network security toolbox by now you know firewalls prevent suspicious traffic from coming in or going out of the network but they also stop Port scanning firewalls are very effective in securing a network because it prevents harmful content from entering the network in the first place another crucial tool is passwords which is not just for protecting user accounts but also to secure servers Wi-Fi networks and other network devices you might find it frustrating to create passwords that have symbols numbers capitals and so on but Having learned about password cracking you should Now understand why you're encouraged to do so weak passwords can be cracked easily so you need to follow the best practices when setting up passwords network administrators should also Implement passwordless authentication and multiactor authentication where possible for an extra layer of security on plane passwords an intrusion detection system or IDs is another preventative tool it continuously monitors networks for any signs of suspicious activity or potential threats an IDs analyzes Network traffic patterns and Compares them against known attack signatures in this way IDs quickly identifies potential intrusions and alerts Network administrators enabling Swift action to counter any threats network security security greatly depends on endpoint security that determines how safe secure and clean the devices in the network are so anti- malware tools also form a part of the network security toolbox remember malware is malicious software that infects and compromises a network or device cyber attackers spread it through various vulnerabilities in a network fortunately modern anti- malware tools are smart enough to detect attackers Footprints and unusual activities in network endpoints like computers and phones in general Network administrators should perform regular network maintenance tasks which can protect against various types of attacks Network administrators should regularly update software perform vulnerability assessments and monitor traffic and system logs finally it's crucial to educate the users in your network because human error is often been considered the main weak Link in a network informed and well-educated users can help to prevent many potential Network attacks teaching users about Network best practices is essential for network security in this video you've learned that when it comes to network security relying on a single protective measure is like keeping a toolbox with only one tool in it and hoping you can fix any problem with it to truly Safeguard networks you need a multi-layer defense strategy that uses a variety of tools and techniques and by watching this video you are now equipped to identify what network administrators can use to ensure the security of a system as businesses become more reliant on technology cyber threats have become more sophisticated and frequent as you've learned safeguarding a network from these threats is critical for any business connected to the internet but waiting for an attack to happen isn't the way to go that's where fire walls come in handy they provide proactive protection preventing Network outages and costly data theft in this video you will explore firewalls in detail and learn how they can Safeguard devices and networks from potential threats to begin let's start by understanding what firewalls are and how they work as you may remember a firewall is a network security device that sits between a trusted and untrusted network such as the internet for instance let's take Sam Scoops as an example now that the business is connected to the internet it is exposed to all sorts of threats a firewall can act as a protective barrier preventing these threats from entering the network you can compare it to a country's border control in the same way officials check people to ensure they aren't carrying anything that isn't allowed in and out of the country firewalls analyze all incoming and outgoing traffic based on this analysis it grants or denies access to the network according to predefined security rules ideally the firewall allows all legitimate traffic while denying malicious traffic such as malware and intrusion attempts but how does it accomplish this important role by default most firewalls deny all incoming traffic and filter outgoing traffic until an organization's security team configures what traffic should be allowed in and out the firewall checks each data packet to determine if certain conditions are met before it allows traffic to pass through these conditions could be a specified IP address a network port a network protocol or a combination of conditions now that you understand the basics of how firewalls work let's examine the different types of firewalls available some firewalls are Hardware based and are inside devices built to act as firewalls firewalls can also be virtualized to run on a server other firewalls are software programs that run on personal computers or even inside routers in all cases a firewall is a list of permit and deny statements of what can and can't pass through it thereby protecting a network firewalls have to check every packet of data that arrives against a list of rules to decide if the packet is permitted or denied this can be very time consuming and counterproductive slow the network down so when it comes to a network and its firewall some decisions need to be made one what traffic needs to be checked and two where does it need to be checked in other words where is the best place to put border controls in a network security teams make these decisions by assessing the risk that different network devices or zones carry a zone is made up of a single device or devices with the same trust level these devices can be physically remote from one another on the network or they can be close by but as long as they all share the same trust level they're in the same Zone the trust level is assigned on a scale of 0 to 100 the higher the number the higher the level of trust and the firewall acts according to what zone traffic is going to or coming from here's an example of a network with three zones private public and perimeter with which are very typical for many networks today a trusted or private Zone has resources and devices that should never be accessible to anyone outside of an organization so a firewall would block all incoming traffic examples include printers workstations used by internal users and internal servers these are typically assigned the highest trust value of 100 zones with a high number require more protection than others but it also also means that the firewall won't check outgoing traffic as rigorously as for other zones the perimeter Zone also known as DMZ or demilitarized zone is where resources and services accessible from outside the organization are available for example you can use a perimeter Network to provide access to an application a partnering organization or a supplier this zone is typically assigned to the value of 50 so not all incoming traffic will need to be checked but it's still treated with a lot of caution a public Zone contains everything outside the organization this zone is part of the internet or another Network and is not under the organization's control it carries the most risk so it has a trust level of zero in other words everything coming in needs to be checked dividing a network up into these three different zones help security teams to know which part of the network requires the most protection and where traffic should be checked most rigorously quite important information for configuring a firewall wouldn't you say if you don't have a firewall an attacker could use malware to take advantage of your bandwidth to use it for themselves or sensitive and private information about employees and clients could be stolen your entire network could even be held for ransom thus it's vital to place firewalls between your network and any outside connection Sam scoop's Network needs firewall protection because it's connected to the internet at the moment the router on the network provides enough protection but as the business expands so will the amount of traffic that needs to be checked and this can slow the router and network down before that happens a dedicated firewall will need to be added to the network as technology advances so do the technique cyber criminals rely on however with a well-configured firewall in your cyber security toolbox you can Safeguard your network from unauthorized access firewalls are great at protecting networks from incoming attacks from the internet but sometimes they have to be configured to allow certain kinds of traffic into a network to make a business function take a website for example the firewall for Sam scoop's website will have to allow website traffic and traffic for services like email through the network this means means that parts of the network will be vulnerable and that's where security tools enter the picture Sam Scoops could benefit from using tools like Microsoft Sentinel and Microsoft Defender for endpoint over the next few minutes you'll learn about these two services in particular network security is only as good as its weakest Point firewalls are great protection but attackers know this so they try to find other weak points this is where Microsoft get can help with a complete range of tools to cover all security aspects let's start with Microsoft Sentinel with a huge range of products from Microsoft 365 Defender to Microsoft for cloud apps your endpoints identity applications data infrastructure and network are all protected previously in the course you learned how important it is to collect data to help detect Network threats or problems Sentinel is Microsoft's tool for collecting all that data in one place giving a bird's eye view of a business having all this information at hand can help reduce the stress of increasingly sophisticated attacks by increasing the volume of alerts and preventing long resolution time frames having access to all the data and interpreting it is called knowing a network security posture which determines the security status of the environment Sentinel measures this by collecting data at Cloud scale across all users devices applications and infrastructure both on premises and in multiple clouds detecting previously undetected threats using Microsoft's analytics and unparalleled threat intelligence investigating threats with artificial intelligence and hunting for suspicious activities at scale by tapping into years of cyber security experience at Microsoft and responding to incidents rapidly with built-in orchestration and automation of common tasks Sentinel is great if you need comprehensive cover but if you only have a few vulnerable areas in your network Microsoft Defender might be a better choice as it focuses on critical areas Defender products can be used as data sources within Microsoft Sentinel to provide better security analytics and threat intelligence in this way Defender can help Sentinel determine the security posture of a network more accurately if your business is just starting out like Sam's you probably need some endpoint protection for things like PCS and printers so Microsoft Defender for endpoint is a good choice this product can help look after existing endpoints and scans for new endpoints as they are added to the network thus giving some level of protection straight away Defender for endpoint has the following capabilities threat and vulnerability management provides realtime visibility and helps identify ways to improve security posture attack surface reduction eliminates risky or unnecessary surface areas and restricts dangerous code from running Advanced protection uses machine learning and deep analysis to protect against fileb based malware endpoint detection and response monitor behaviors and attacker techniques to detect and respond to Advanced attacks artificial intelligence to automatically investigate alerts and remediate complex threats in minutes and Microsoft threat experts bring deep knowledge and proactive threat hunting to your security operations center that is quite the offering and Sam's Network would definitely be well protected if they were to use Microsoft Defender for endpoint with the website up and running Sam Scoops will need to add another level of protection Beyond just a fire wall to address vulnerabilities luckily tools like Microsoft Sentinel and Defender for endpoint can address those vulnerabilities and do even more for network security using these tools means that Sam Scoops can protect the network measure the overall cyber security Readiness of the network help reduce the security burden and understand its posture congratulations you've made it to the end of another lesson you have been working really hard haven't you and this week you learned about client server and server to server communication different approaches to authorization and authentication Network attacks and mitigation and firewalls and their common protocols you probably remember most of this week's content but it's always a good idea to revisit the most important points let's review the week to make sure you're prepared for this week's quiz in the first lesson you learned about client server net NW working which provides businesses with a secure and efficient way to centralize their data and applications a client is a device or application that requests services or resources from a server you learned about the four types of clients thick thin zero and hybrid clients on the other hand the server is a computer system or software that provides services or resources to the client and you learned even more about servers like their capability and how they're used in modern Computing recall that there are different types of servers file Web Mail database application print media and Game servers servers are vital to Modern businesses because they help businesses simplify their operations and improve their efficiency for example servers can facilitate collaboration by providing a centralized location to store and share files next you learned about remote access which refers to the ability to access a computer network or data from elsewhere it allows individuals with an internet connection to connect to their work or home computers from anywhere and it makes troubleshooting a lot easier because technicians can remotely connect to employees computers at home some remote access tools are virtual private networks or vpns and protocols such as remote desktop protocol or RDP and secure shell or SSH which is useful when connecting to a network remotely via an unsecured Network like free public Wi-Fi after this you learned how the DHCP or dynamic host configuration protocol automatically assigns IP addresses and other network configuration settings to network devices an advantage of DHCP is that it simplifies network configuration but there are also some disadvantages like a single point of failure because DHCP relies on a single server the second lesson of the week started with a breakdown of various authentication methods that can be used to ensure approved access the simplest authentication method is a password but these days you also get passwordless authentication that relies on fingerprint scanners and facial recognition technology and then there are more Advanced methods like two-step verification and security Keys Next you learned about authorization methods and protocols remember authentication and authorization may sound similar but they're different authentication verifies the identity of a user while authorization determines what resources and services they're allowed to access you learned about the different tiers of authorization these levels of access can be granted depending on the users role responsibilities and level of trust you also learned how authorization is done in modern business organizations based on different models like ABAC rbac Mac and DAC after this you learned about different types of networks and Wi-Fi security the networks you learned about include the internet intranet and Extranet and you explored the benefits of each you also learned the importance of wi-fi security and protecting your network from cyber attacks like for example changing the default username and password of your router delving further into security you discovered the protocols associated with vpns and access control systems and the protocols used to authorize users but no matter what security measures you take Network attacks still happen attacks can come from external sources like hackers or viruses or internal sources like employees or contractors because it's so important you learned about common passive and active attacks that attempt to gain unauthorized access to a network to steal damage or manipulate data one such example is spoofing where an attacker impersonates a legitimate user or device to combat attacks like these Network administrators need tools and methods to ensure the security of a system tools at administrators disposal include firewalls passwords endpoint security network maintenance intrusion detection systems and educating users to truly Safeguard networks you need a multi-layer defense strategy using various tools and techniques and such a strategy will depend on best practices to avoid Network attacks one such best practice is updating software regularly to fix known vulnerabilities then in the last part of this lesson you learned all about firewalls using a firewall is a proactive way of protecting Network by filtering or denying traffic a firewall checks each data packet to determine if certain conditions are met before it allows traffic to pass through these conditions could be a specified IP address a network port a protocol or a combination of conditions together these conditions make up a firewall policy firewalls are great at protecting networks from incoming attacks from the internet but sometimes they have to be configured to allow certain kinds of traffic into a network to make a business function this means that parts of the network will be vulnerable but luckily there are tools like Microsoft Sentinel and Microsoft Defender for endpoint that can help with that while firewalls are essential they aren't foolproof failing to address the gaps in a firewall's protection or not correctly maintaining it compromises its Effectiveness and can introduce unnecessary threats Network administrators need to be able to identify threats they can do so using penetration testing and continuous monitoring it's also essential to practice proper change control the process that precedes making changes to a firewall's protocol altogether firewall threats can be minimized by having good procedures and policies and end user security education and that was the end of week three there is a lot of information to digest from this week so don't hesitate if you need to take a break before taking the module quiz you only have to start the quiz when you feel ready good luck by now you know that networking and network security are important components of modern business operations but have you considered how organizations keep up with a changing landscape as the world's dependence on the internet and cloud computing grows in this video you'll discover how Microsoft Azure a cloud computing platform can help organizations build deploy and manage their applications and services in the cloud to begin let's first unpack what Azure is azure is a scalable and flexible cloud computing platform that provides a wide range of services like Computing resources storage networking and Security Services think of it like a state-of-the-art factory with all the latest tools and equipment a business needs to run efficiently just as a factory can adjust its production capacity based on Market demands a business can easily scale its Computing resources up or down as needed with Azure and just like a factory has Safety and Security practices in place to ensure its operations are secure businesses can rely on azure's Advanced security features and infrastructure to protect its data and run its operations effectively ultimately businesses like Sam Scoops for example can use Azure to run its applications databases and other services in the cloud providing the flexibility scalability and cost Effectiveness the business needs to grow Azure fulfills this important role by offering hybrid Cloud capabilities enabling organizations to integrate and connect their on premise infrastructure with the cloud this integration allows modern-day businesses to benefit from cloud computing while maintaining control over their data and applications and as mentioned earlier Azure also enables organizations to scale na their resources up or down as needed this flexibility means that organizations can easily add or remove resources to match their application's demands ensuring that their application always runs smoothly this is all made possible by azure's range of services that include everything from virtual machines to Security Services let's explore some of these Azure Services one of the first key components of the platform is azure virtual machines a cloud-based solution that enables businesses like Sam Scoops to host their applications databases and websites in a secure scalable and cost-effective manner these virtualized computer instances can run any operating system giving businesses the flexibility to choose the software the best fits their needs in addition virtual machines allow businesses to take advantage of the latest Hardware technology without the hassle and expense of purchasing and maintaining physical Hardware this makes it possible for businesses to scale their resources as they grow without having to worry about the complexity and costs of Hardware installations Azure Network Services on the other hand offer a secure and reliable Network infrastructure for businesses these Services include virtual networks load balancers and traffic managers with virtual networks organizations can create isolated Network environments to host their applications and services securely load balancers distribute application traffic evenly across virtual machines while traffic managers enable them to direct traffic to the most suitable service endpoint now that you've covered Azure Network Services let's talk about another key component of the platform Azure storage Services Azure storage services offer a range of storage options including blob storage file storage Q storage and table storage these Storage Solutions provide a secure pure and scalable option for businesses to store their data in the cloud blob storage is ideal for storing unstructured data such as images videos and documents file storage on the other hand is suitable for storing structured data such as databases Q storage is used for data passing between different components of an application while table storage is a costeffective service that reads and writes data from tables so far you've learned about azure's virtual machine Me Network and storage services but what does the platform have to offer in terms of protecting a business's applications and data Azure Security Services provide businesses with a range of Security Options to protect their data from external threats the Azure security Center is a central dashboard that gives businesses a comprehensive view of their security status it helps monitor all Azure resources and provides recommendations to improve the security posture additionally azure offers Advanced threat protection a feature that uses machine learning algorithms to detect and prevent threats before they harm the business in conclusion azures cloud services provide all the necessary tools businesses need to securely and successfully build deploy and manage their applications and services in the cloud in this video you've learned that with its range of services like virtual machines Network infrastructure storage and security as your can help businesses like Sam Scoops focus on what they do best while leaving the it infrastructure and security concerns to Azure earlier you explored how Azure Services can help Sam achieve scalability reliability security and cost Effectiveness for her plans to modernize business operations in the future but now let's discover how Sam can leverage one specific Azure service Azure bot service to streamline the customer ordering process provide excellent customer support increase sales through targeted marketing and gather valuable customer feedback Azure bought service is a cloud-based service that provides businesses with intelligent conversational agents or Bots that can interact with customers through various channels including websites mobile apps and social media platforms with that in mind let's talk about how Azure bot service can streamline Sam scoop's ordering process with the help of a chatbot customers can place their orders through different channels including the business's website and social media platforms the chatbot can then process and send the order directly to Sam's Point of Sale system eliminating the need for manual data entry this reduces errors and speeds up the ordering process leading to improved customer satisfaction but that's not all as your Bot service can also provide customer support a chat bot can answer frequently asked questions about Sam Scoops like its operating hours ice cream flavors and pricing plus it can provide personalized recommendations based on the customer's preferences making the customer feel valued increasing the likelihood that the customer will return as a result the customer support team can shift their attention to more complex customer inquiries while the chatbot handles routine questions effectively reducing their workload and there's even more Azure bot service can also help Sam increase sales through targeted marketing by analyzing customer data like their order history and preferences the chatbot can make personalized recommendations for menu items and promotions for example if a customer frequently orders chocolate ice cream the chatbot can send them a promotion for a new chocolate flavor this can increase the likelihood of the customer making a purchase and also provides valuable insights into customer preferences that can inform future marketing strategies last but not least Azure bot service can facilitate customer feedback for instance a chatbot can ask customers for feedback after their purchase allowing the business to gather valuable insights into their customers experiences this feedback can be used to improve the business's operations and also inform future marketing strategies and by providing a platform for customers to voice their opinions the business can increase customer satisfaction and loyalty y so there you have it by leveraging Azure bot Services Sam can streamline the ordering process provide excellent customer support increase sales through targeted marketing and gather valuable customer feedback all while reducing the workload of the team improving overall business efficiency and ultimately Azure can assist Sam Scoops in achieving their goals and expanding and growing the business in the future Sam Scoops is growing at at a blistering Pace there's such a demand for their ice cream that it makes sense to establish an online presence not only to connect with existing customers but to also offer them the option of ordering online as a result Sam will be able to provide better service to her existing customers and expand her customer base but as a small business Sam Scoops want to keep the cost low while still ensuring the website can handle continued growth in demand Sam contacts an IT consultant company and they suggest that the business should use virtualization tools and Technologies to host their website in the cloud but exactly how does virtualization work and how can it help business organizations manage their operations efficiently let's find out in this video you will learn about the role of virtualization in modern Computing picture an office with two desks and two chairs while the room can comfortably accommodate one or two people there's a lack of privacy when two individuals share the space to address this issue the manager installs a partition effectively dividing the office into two separate areas virtualization works on a similar principle usually a server is dedicated to one use but in modern Computing a single physical server can be partitioned into multiple virtual machines each with its own operating system and applications this allows for better utilization of computing resources as multiple virtual machines can share the same physical Hardware without interfering with one another because of this organizations can save money by reducing the need for additional Hardware while also improving efficiency and maximizing resource allocation virtualization provides greater flexibility and scalability enabling businesses to quickly adjust their Computing resources based on changing needs it also enhances security by isolating virtual machines from one another minimizing the risk of threats spreading across the system but how exactly is virtualization done in a virtualized environment a software program called a hypervisor is installed on a computer the hypervisor creates virtual versions of the physical resources such as virtual CPUs memory and storage hypervisors are the core of virtualization technology because they provide the foundation for creating and managing virtual machines or VMS the computer where the hypervisor is running is called a host machine virtual machines or VMS on the other hand are called guest machines each VM can have its own operating system installed and applications can be installed on each VM just like on a physical computer now that you understand the benefits of virtualization and the role of hypervisors let's examine the two main types type one and type two type one hypervisors also known as bare metal hypervisors are installed directly on the host machine's Hardware this enables the hypervisor to efficiently create and manage virtual machines without requiring a separate operating system type one hypervisors are often used in data centers and Enterprise level environments because they offer better security and isolation than type 2 hypervisors examples of type 1 hypervisors include VMware esxi micro roft hyperv and Citrix Zen server type two hypervisors or hosted hypervisors on the other hand run on top of a host operating system these hypervisors are typically used for desktop virtualization testing environments and personal use examples of type 2 hypervisors include Oracle virtual box VMware Workstation and Parallels Desktop using these tools you can EAS easily run Windows inside Linux or Mac OS and vice versa there is also a popular virtualization tool called windows subsystem for Linux or WSL it uses hyperv architecture and so users can quickly create a fully virtualized Linux terminal environment running inside windows and that's the two kinds of hypervisors hypervisor type one a bare metal one installed on a host machine's hardware and H supervisor type two running on top of a host operating system in conclusion virtualization is a logical choice for small businesses because it can use one server for multiple purposes optimizing the resource the business uses and it's cost effective flexible and scalable if Sam decides to go the virtualization route a type one hypervisor would probably be the best choice because it offers good security and isolation virtualization is definitely a good option for fast growing small businesses meet Alex Alex and her friend Logan are huge fans of the Halo video game series they have played all the modern versions of the game but they've always wanted to do a complete playthrough of all the games in the series so they decided to do a retro gaming night to experience the good old days of Halo 2 Alex and Logan want an authentic experience of playing the game exactly like it was when it was first released there's only one problem the game originally came out in 2004 and ran on Windows Vista but Alex doesn't have that operating system installed on her computer she's using the newest version of Windows 11 and she doesn't want to change that this means that they have to find a way to run Windows Vista to play the game but you can't have two operating systems on one computer right so what can they do Logan suggests that they they use a virtual machine running the game on a virtual machine means it'll run in an isolated sandbox environment this works well for Alex because she has very important files on her hard drive and she doesn't want to risk a system crash this way they can experience the classic gameplay of Halo 2 and Alex's files are safe Alex is immediately on board with the idea she gets a VM app and creates a virtual machine on her computer using a hyper visor now she has a virtual computer environment next she installs a licensed version of Windows Vista as the operating system and now she just needs to install the game she purchased they are both very excited when the game's title screen appears it works but how is it possible it's because the virtual machine uses the CPU RAM and memory of Alex's computer but it doesn't share its operating system it's complete completely separate it's like having another computer inside your computer it's great for experimenting with programming testing out new software or like Alex and Logan playing games that don't work on your regular system you can think of it as your own Digital Playground you can do incredible things with it in Alex and Logan's case they can experience the authentic gameplay of a game that came out over two decades ago all thanks to a virtual machine the night flies by and before they know it it's almost Sunrise what a great experience and now they can't wait to play other retro games using virtual machines gaming Marathon number two here we come Alex and Logan's experience shows that virtual machines don't have to only be used for work purposes they can also enhance your life in other ways like helping you play retro games what will you do with virtualization Sam Scoops are thinking of ways to improve sales so they want to hire a remote consultant to analyze their data and create detailed Financial reports however granting remote access comes with security risks and potential data breaches how can they allow a consultant to access the data without risking that it will be copied or downloaded Sam suggests that a new desktop computer should be bought so that it can be set aside for the consultant to work on remotely but this is quite costly there must be a better solution to this problem and there is azzure virtual desktop in this video you will learn about Azure virtual desktop a product that makes remote work possible while ensuring security and compliance with rules and policies so what is a virtual desktop a virtual desktop is like a regular computer just without a physical presence this kind of computer can have everything you have on a desktop machine in fact you use it just like your regular desktop computer but you can access it from anywhere on a computer or mobile device there are several benefits to using a virtual desktop you can use it for office work as mentioned in the scenario or for occasional heavy specialized work like 3D rendering by using it you don't have to spend a lot of money on buying a powerful physical computer only to leave it unused for extended periods but probably the biggest benefit of using a virtual desktop is that it can provide a secure way to access information with tailored security policies since data is stored centrally it can be protected with robust security measures this reduces the risk of data loss theft or unauthorized access helping to safeguard your sensitive information by minimizing dependence on physical Hardware businesses can also cut down on maintenance Azure virtual desktop formerly known as Windows Virtual desktop is a versatile desktop and application virtual ation service offered by Microsoft Azure it allows businesses to host and manage virtual desktops and applications on the Azure platform granting users safe remote access to resources from any device or location Azure virtual desktop offers a true bring your own device experience because you can use your virtual desktops from literally any device be it another Windows machine a Linux or Mac OS one or an Android or iOS phone you can even use it straight from a browser that's quite impressive Azure virtual desktop has several benefits compared to traditional virtual desktop infrastructure or vdi Solutions it's highly scalable making it possible for businesses to add or remove virtual desktops and applications as required it also supports multi- session Windows 10 and windows 11 allowing multiple users to log into the same virtual desktop at the same time while still enjoying their own personalized desktop this lowers costs and simplifies management another advantage of azure virtual desktop is its seamless integration with Microsoft 365 allowing users to collaborate on Microsoft 365 apps and data within their virtual desktop environment this ensures a smooth experience for users and enhances teamwork across groups Azure virtual Des desktop also supports multiactor authentication or MFA adding an extra layer of security to prevent unauthorized access another exciting feature available on Azure virtual desktop is remote app streaming this feature allows organizations to isolate individual applications from the user's local desktop environment what this means is that you can install a remote app on a virtual desktop then users can add a shortcut of those remote apps on their local machines and when they click on the shortcut it opens the app this seems to work just like regular software on their local PC but the app is actually working in the remote desktop users can access applications through Azure virtual desktop without installing them on their local devices with the remote app streaming feature you can use Azure virtual desktop to deliver apps straight to your customers over a secure network through virtual machines it also provides an experience for the end user similar to a locally installed application with the ability to access local storage printers USB devices and other resources on the client device as needed in this video you learned about virtual desktops how they work and what benefits they can have for a business like Sam's in addition you've also learned about Azure virtual desktop from Microsoft and some of its exciting features by giving the consultant access via a virtual desktop Sam Scoops can get the financial analysis they need without having to worry about security risks or data breaches isn't that great by now you know cloud computing allows you to share resources like servers and software rather than using local servers or personal devices it is a model for enabling on-demand access to a shared pool of configurable computing resources such as servers storage data spaces networking software analytics and artificial intelligence in this video you will learn about these core components of the cloud computing model but first let's revisit what cloud computing is just to refresh your memory you've already learned that cloud computing can be used to store data run applications provide additional services and access to resources through the internet anytime anywhere from different types of devices it's extremely flexible and scalable you can quickly and easily increase or decrease your Computing resources as needed and only pay for the resources you use this reduces cost and complexity compared to traditional it infrastructure another Advantage cloud computing has over more traditional infrastructure is that cloud providers are responsible for keeping their networks and services running all the time so you do not have to worry about managing the infrastructure yourself this ensures reliability and availability Cloud providers also offer industry-leading security measures to protect and secure your data now let's discuss the core components of the cloud computing model starting with servers and databases Cloud servers provide the user with OnDemand access to computing power storage and other services that can be scaled up or down as needed a database in cloud computing residing on a Cloud Server is a storage space space for a collection of data often stored in a structured format and managed by a software system that will automatically scale the storage on demand you can think of it as a library where books represent data and the librarian represents the software system that manages the collection just like a librarian organizes books into categories and keeps track of their location a database management system organizes data into tables and manages its storage and retrieval the benefit of the cloud is that the librarian can build new rooms as they are needed Cloud databases are hosted on a remote server providing you with convenient access to your data without having to maintain your own physical Hardware they can also be scaled up or down depending on the user's needs and they often provide better security and performance than traditional on premises databases Cloud databases are increasingly popular for businesses with growing data needs that require access to data quickly and securely when it comes to Cloud networking Cloud providers have their own networks that connect their customers to resources and allow data to be transferred between them these networks are typically highly redundant and fault tolerant meaning that they are designed to minimize downtime and Ensure High availability of services internet connectivity is essential to access cloud services which can be done through wired or wireless connections addition virtual private networks vpns provide a secure way to connect to Cloud resources over the Internet which is crucial for maintaining data security like databases software is also stored on servers and it's accessed through the internet rather than stored and run on your local device this allows you to access the software from anywhere as long as you have an internet connection for this reason cloud computing allows for easy collaboration and data sharing and as a bonus the software is also updated automatically in Computing the process of analyzing and interpreting data to make informed decisions is known as analytics this is another core component of the cloud computing model typically this process is performed on very large amounts of data which the cloud is well suited to store cloud-based analytics can provide businesses and organizations with valuable insights into their data which can be used to enhance operations identify growth opportunities and make informed decisions Additionally the insights gained from cloud-based analytics can be incorporated into data sets that can be used for machine learning but what exactly is machine learning and artificial intelligence artificial intelligence or AI is a branch of computer science that focuses on creating intelligent machines that can do tasks that typically require human intelligence AI algorithms are used to solve complex problems such as recognizing objects in an image understanding language and playing games machine learning on the other hand is a subset of artificial intelligence and computer science that focuses on the use of data and algorithms to imitate the way that humans learn gradually improving its accuracy machine learning algorithms learn from data by building mathematical models to recognize patterns and make predictions for example machine learning can identify patterns in large data sets such as customer Behavior or stock market trends isn't it amazing to think that machines can learn to make decisions independently and become smarter over time in summary cloud computing offers a range of benefits including more flexibility scalability and better security than traditional it infrastructure it's a coste effective way to access and use technology ology Services over the internet without buying physical Hardware it can be tailored to fit the needs of each individual user or business and can be used to develop solutions to complex problems cloud computing is here to stay and will continue to play a significant role in the future of technology machine learning or ml is a branch of AI that is all about training a machine by providing it with data and asking it to process and interpret that data using algorithms given enough data the machine will be able to identify patterns and then provide direction or insight into a problem as well as make decisions or predictions cloud-based ml services offer an accessible and cost-effective way to incorporate ml capabilities into businesses without requiring extensive expertise or resources this video explains the common uses of ml platforms and services that could improve Sam scoop's business operations for first is managed ml platforms which provide a comprehensive Suite of tools to build train and deploy machine learning models they often come with pre-built algorithms and an environment that simplifies the development process by using a managed ml platform Sam Scoops can create a sales prediction model to forecast ice cream flavors popularity based on historical sales data weather and customer preferences this could enable them to adjust their inventory and production to meet customer demand more effectively next is Automated machine learning or automl which are services that automatically select the best algorithms and parameters for a given problem thereby simplifying the machine learning process for beginners by using an autom ml service Sam Scoops can quickly build and deploy models without having to learn about various machine learning techniques or spend time fine-tuning the models for instance Sam Scoops can use an autom ml service to predict potential non-returning customers and take targeted actions to retain them there are also pre-trained ml models these are machine learning models that have already been trained on vast data sets and can be used off the shelf to solve specific tasks by using these pre-built models businesses can save the time and resources required for training models from scratch many Cloud platforms offer these pre-trained models which can be easily integrated into applications for Sam Scoops a pre-trained ml model can be used for natural language processing or NLP sentiment analysis on customer reviews this can help Sam understand customer feedback and identify areas for improvement in products or Services additionally a pre-trained image recognition model could be employed to identify the most popular ice cream toppings and combinations from images posted by customers on social media other Services Sam Scoops could use are data storage and processing Services these are essential components of any machine learning pipeline Cloud platforms provide scalable and Secure Storage Solutions as well as tools to clean pre-process and transform data for ML purposes for Sam Scoops data storage Services can be used to store sales Data customer information and other relevant data sets data processing tools can then help pre-process and clean this data make making it ready for use in ml models last is cloud-based deployment and monitoring Services which ensure that ml models are available for use in realtime applications and help maintain their performance these Services enable businesses to host their ml models for easy integration into applications monitoring Services track model performance and alert users to any anomalies or problems Sam Scoops can use deployment services to host their sales prediction and customer churn models they can then use monitoring services to ensure these models continue to perform well over time and they can adapt them as needed based on new customer data or customer feedback in summary cloud-based machine learning services offer a wide range of capabilities for businesses even those new to the field for Sam Scoops using managed ml platforms automl Services pre-trained ml models and data storage and processing Services can help improve invent management customer retention and overall business operations artificial intelligence or AI is a field of computer science that focuses on creating intelligent machines capable of Performing tasks without human intervention integrating AI into businesses can help automate processes make predictions and enable datadriven decision-making leading to improved efficiency and profitability in this video you will learn how Sam Scoops can benefit from integrating AI into into its operations one of the key aspects of running an ice cream store is inventory management keeping the right balance of stock to meet customer demands without overstocking is crucial for reducing waste and maximizing profits AI can help in this area by analyzing past sales data weather patterns and seasonal Trends to forecast future demand for different ice cream flavors using AI power demand forecasting Sam can make more informed decisions about which products to stock up on and when to order them this can lead to a more efficient supply chain and less waste caused by expired or unsold products AI can also help create a more personalized experience for customers leading to increased satisfaction and loyalty machine learning algorithms can analyze customer purchase history preferences and other data to provide personalized recommendations and promotions for example if a customer frequently buys a specific ice cream flavor or combination the AI system can recommend similar flavors or promotional offers tailored to their preferences this personalized approach can encourage customers to try new products and increase their overall spending at the store understanding customer feedback is essential for any business to improve its products and services AI powered sentiment analysis can help Sam analyze customer reviews and social media posts to gain valuable insights into customers likes and dislikes by employing natural language processing or NLP techniques AI can identify positive and negative sentiment in customer feedback allowing store owners to identify areas of improvement and capitalize on their strengths this can lead to better customer satisfaction increased sales and a stronger brand reputation in any business employee scheduling can be a complex and timec consuming task AI can help streamline this process by analyzing historical data on employee performance availability and customer traffic patterns to create optimized work schedules for Sam Scoops AI can identify peak times when more staff members are needed ensuring service quality by minimizing the time customers waight AI can also assign tasks to employees based on their strengths leading to a more efficient Workforce and a better work environment AI can also be integrated into marketing strategies to improve targeting and customer retention machine learning algorithms can identify patterns in customer behavior and segment customers based on their preferences demographics and purchase history for Sam Scoops this can translate into creating targeted marketing campaigns such as sending personalized emails or inapp notifications to customers with offers that are more likely to resonate with them additionally AI can help identify potentially non-returning customers and suggest Pro proactive steps to retain them such as offering special promotions or Loyalty Rewards one last way in which AI can help improve Sam scoop's business operations is with AI powered chatbots they can significantly enhance customer support by providing instant answers to frequently asked questions taking orders or assisting with product inquiries by integrating a chatbot into the ice cream store's website or mobile app customers can get immediate assistance leading to increased sales and satisfaction the chatbot can also gather valuable customer data and feedback which can be used to improve the store's products and services further in conclusion integrating AI into Sam scoop's business operations can lead to significant improvements in various aspects of the business including Inventory management customer experience employee scheduling marketing and customer support previously you learned about the different services that Microsoft Azure offers and that different payment options exist like pay as you go and spot instances but how does that actually work how can a business acquire and use these offerings well just like renting things like a home or a bike you can rent Microsoft Azure Services too but when is it beneficial for a business to rent cloud services in this video you will explore different business costing models and the business require reir Ms determining whether renting cloud services is ideal or not this information can help Sam decide on a strategy to keep up with demand she urgently needs to consider how to modernize her processes and systems without creating too many upfront costs let's get started renting is a common concept it especially makes sense when something is just too expensive to buy straight away you can rent a home a bike a party costume and many other things but the other benefit of renting is that it prevents you from spending a lot of money on something you're going to use only temporarily libraries are built on this concept why buy a book you'll only read once after which it'll just sit on your bookshelf sometimes renting simply makes sense this is true for businesses too especially because startup costs can be high and a business might not have the knowhow to maintain and service expensive equipment renting public cloud services takes care of The Upfront costs as well as the effort and costs of Maintenance to determine if renting or buying is better for a business you need to understand two business costing models Capital expenditures or capex and operating expenses or Opex capex involves big initial purchases for Sam Scoops this could include the initial purchase of the equipment used to make the ice cream and the networking technology these are their fixed assets and they require a upfront payments Opex on the other hand involves all day-to-day expenses like buying ice cream supplies each month and paying internet service provider fees Opex costs are spread throughout the year a business can decide to use the Opex costing model to rent cloud services on a month-to-month basis in this case a small business doesn't have to carry the burden of upfront costs and although renting costs increase month-to-month overheads software maintenance like free upgrades is a major advantage let's discuss Sam scoop's unique business needs to evaluate if renting cloud services is a good option for them Sam Scoops is struggling to meet the demand for their products and need to modernize some areas of the business to keep up for instance their accounting and sales processes are not efficient enough but the business does not have a lot of money in the bank so spending money on these issues upfront using capex is not an option option Sam is also concerned about the impact that the introduction of complex it systems to the business can have she doesn't have many staff members and wants to keep her focus on selling ice cream and not managing complex systems and at the moment Sam doesn't have an IT team to build and support any tools she needs a solution that is simple and ready to use straight away without causing support and maintenance issues for her staff Sam heard that renting anything as a service might address these immediate business needs for instance they want to sell their products online and need an ordering app or an e-commerce website one solution could be to rent a platform from the public Cloud on which a developer can develop an ordering app or they could rent infrastructure like a server to run an e-commerce website both of these Cloud Solutions have challenges though she needs this solution urgently and it will take time to develop an app or an e-commerce website site she will also have to pay a developer to develop it and if she rents Cloud infrastructure someone on the team will need to install and maintain it Sam doubts that the team has the time or skills to do this she needs readymade Cloud solutions that will not cost too much to start off and will be easy to maintain in the long run in the rest of this lesson you will explore different anything as a service offerings in more detail to find out which of these cloud Solutions might be the ideal option for Sam Scoops in this video you learned that renting equipment or Services can help a business scale faster because it lightens the burden of its initial capital expenditure or capex using the Opex approach to renting cloud services spreads the cost over time and enables a small startup business like Sam Scoops to still acquire the services and equipment they need by now you should be familiar with different different types of anything as a service offerings and how they differ in terms of the shared responsibility between provider and client recall that platform as a service or p and infrastructure as a service or iaz will require a lot of time effort finances and skills for a small startup such as Sam scoops on the other hand software as a service or SAS places the least responsibility on end users and might therefore be the ideal Cloud solution for them as a new business they don't have the in-house skills time or financial resources to develop their own applications they need out-of-the-box solutions that will require minimum input and responsibility on their end in this video you will explore SAS in more detail exploring its characteristics examples and certain disadvantages let's get started SZ is the most complete cloud service model from a product perspective with SAS you're essentially renting or using a fully developed application email Financial software messaging applications and video connectivity software are all common examples of SAS implementation SZ is by far the easiest anything as a service solution to get up and running and it requires the least amount of technical knowledge or expertise to fully employed so how do the provider and the client share responsibilities in the SAS model well let's start with a client who carries the least amount of responsibilities they are responsible for the data that they put into the system the devices that they allow to connect to the system and the users that have access nearly everything else falls to the cloud provider the cloud provider is responsible for the physical security of the data centers processing power network connectivity and application development and patching this fits precisely with what Sam Scoops needs to modernize its business processes besides SAS also eliminates the need to have it professionals develop and install applications on each computer and deal with any technical issues all of these responsibilities lie with the application providers so how do you know if a software offering is SAS or not to help you identify a SAS application or service you can ask yourself these four questions is the application managed from a central location is it hosted remotely is it accessible over the internet and is the provider responsible for the maintenance if the answers to these questions are yes it's most likely SAS SZ is widespread and you might already be using it every day let's think of a few examples video on demand is SAS you pay a video streaming provider and you can use its service via a web page or app app Microsoft 365 is another example of SAS that you might be using every day when you are subscribed to Microsoft 365 you can use the desktop applications access the applications via the Internet or even use it on a phone but this model also has some disadvantages SAS providers do all the development and maintenance of their services and this can be very expensive so in order to make profit they need as many users as possible to sub subscribe and use their service and because it needs to appeal to many different customers SAS Solutions often allow very little customization because customizing one aspect affects all customers using the service fortunately sad subscriptions are periodically structured this means that a customer can test it out for a period and then cancel the service if it doesn't serve them well in some cases customers can also recommend changes for a later version of a SAS applic a in conclusion SAS is a great model for businesses that are just starting out it allows users to consume applications and services over the internet without any infrastructure in place and users do not need to worry about maintenance or support issues since this is all taken care of by the SAS provider this means you can use it straight away but remember because SAS caters to a wide audience customization is limited Sam now knows which anything as a service solution will help her business meet the demand and keep on growing the answer is SAS the most difficult step would be to find the most suitable SAS applications for their specific business needs and the rest of this lesson will guide you in this consideration you've reached the end of this section of the course on cloud computing and networking you should now be able to describe Azure and its available Services explain how virtualization Works discuss common AI types and the resources that support them and describe common anything as a service models and throughout the videos readings and exercises you explored several ways in which Sam can modernize her business processes with cloud services let's take a few minutes to review what you've learned in the first lesson you were introduced to Azure Microsoft's cloud computing platform and how it can help organizations build deploy and manage their applications and services in the cloud Azure is a scalable and flexible cloud computing platform that provides a wide range of services like Computing resources storage networking and Security Services you explored the different components of azure these are Azure Network Services Azure analytics Azure app Services Azure bot services and Azure Security Services you also evaluated the benefits and drawbacks of cloud computing some benefits include cost effectiveness scalability and remote access but security risks dependence on internet connectivity and limited control are some of the drawbacks in the cloud transformation exercise you explored how Sam Scoops can use cloud Technologies to overcome its it infrastructure limitations remember Cloud transformation is the process of migrating an organization's it infrastructure applications and data to the cloud moving on to the next lesson you learned all about virtual environments recall that in a virtualized environment a software program called a hypervisor is installed on a computer the hypervisor creates virtual versions of the physical resources such as virtual CPUs memory and storage you also explore different types of virtual machines or VMS you should now be able to identify the different categories of VMS which include general purpose compute optimized memory optimized storage optim optimized GPU optimized and burstable additionally you should now be familiar with the different pricing models of the Microsoft Azure platform and you should Now understand the difference between VMS and containers in the next lesson you took a deep dive into cloud services this included learning about cloud computing and how it's used in the real world you should now have a solid understanding of the different Computing Services from Microsoft Azure and how they can be used used to create manage and deploy applications and resources in the cloud you learned about the features and benefits of Microsoft Azure virtual machines app service and container instances this is also where you learned how businesses can incorporate cloud-based machine learning and artificial intelligence in essence AI includes all processes that create intelligent machines while machine learning is the specific domain of AI that uses algorithms that can learn learn from data integrating AI into businesses can help automate processes make predictions and enable datadriven decisionmaking examples of AI include demand forecasting and automated marketing ml can help overall business operations such as inventory management and customer retention by teaching computers how to learn from data cloud-based ml Solutions include managed ml platforms autom ml services and pre-trained ml models which simplify the machine learning process for beginners then in the last lesson you learned about anything as a service anything as a service is the alternative to businesses providing services to themselves like having their own servers and data centers and you learned that businesses can rent anything as a service solutions enabling them to scale faster because it lightens the burden of initial capital expenditure or capex using the Opex approach to rent cloud services spreads the cost over time anything as a service includes different Cloud Solutions such as software as a service or SAS platform as a service or PAs and infrastructure as a service or iaz remember with SAS customers rent a fully developed application such as a video streaming platform or Microsoft 365 Pas on the other hand is a complete development environment in the cloud and developers use to create and publish new programs or apps quickly and easily and the IAS model is the most flexible category of cloud services providing clients with maximum control over everything apart from the actual Hardware you should now know that all anything as a service models differ in terms of the level of shared responsibility between the provider and the client which poses different advantages and disadvantages and that brings you to the end of this summary video you've gained a tremendous amount of new knowledge in the section about cloud computing and networking and what's more you are almost done with a course in the final week of the course you will gain a real life example of the role you could play in the digital transformation of a business this will give you the opportunity to apply the knowledge you've gained in the previous weeks by completing a scenario based project but for now the next step is to complete the weekly quiz good luck you've almost reached the end of the introduction to networking and cloud computing course you should feel proud for keeping up with all the videos readings quizzes and exercises through your continuous effort you've gained a solid foundation in the main concepts of networking Network infrastructure and monitoring network security components approaches and mitigation and the cloud computing environment virtual machines and cloud services what's left now is to demonstrate the the skills you've learned in the final course project you will be tasked with producing a digital transformation plan for Sam Scoops Network and then you will complete the final graded course quiz but before you get to that let's recap what you have learned up to this point the project and graded quiz will test everything you've learned in the course so use this recap to check which parts of the course you're unsure about and have to review again before you continue in the very first week you got an introduction to the basics of computer networking you learned about computer networks and how data is transmitted across a network different network types and topologies the purpose of the Internet Protocol as well as key aspects of Ip addressing this involved learning about types of area networks including local area networks and wide area networks or WS like the internet you learned about different topologies like the star bus and tree topology and you also covered physical and logical topologies then you discovered the steps involved in data transmission if you don't recall these make sure to review them before taking the quiz next you were introduced to the Internet Protocol or IP and its Code system known as IP addresses you learned about the two IP address versions ipv4 and IPv6 you also practiced how to check the IP address of a device after learning about the basics of computer networking you took a deep dive into network devices and protocols in the next week this section of the course gave you insight into devices used in networks and the underlying architecture that allows these devices to communicate here you learned about hybrid networking the internet the internet of things and discovered the key differences between on premise and public Cloud infrastructure in addition you learned about layered architecture and explored the flow of communication over a network using the OSI model this model separates the communication process into smaller parts or layers which makes it easier to understand specific aspects of data transmission and assist in troubleshooting you also discovered tcpip which is the suite of protocols that serves as the rule book for communication over the internet and it also consists of layers each responsible for specific tasks in the next lesson you explored protocols in more depth and also learned about ports and their purpose recall that when data travels on a network it needs to go through certain ports to access specific protocols there is a range of port numbers that allow various types of data to be sent and received by specific applications over a network you concluded this lesson by learning about network monitoring which involves checking what protocols and data are moving around a network and monitoring performance and security threats you then moved on to learn about the health and Metric analysis of networks and how they can be used to manage traffic to optimize a network in the third week you worked through several aspects of Network Security Essential Knowledge for anyone considering a career in cyber security you started off by learning about client server networks and that servers are the primary provider of services whereas clients are the primary user users of these Services you explored different client server models such as the request response model and the publish subscribe model you also gained a lot of knowledge about different types of servers and clients the next section covered remote access its benefits and the tools and technologies that make it possible you learned about the various authentication and authorization methods that give users access to networks this included exploring various types of Authentication mechanisms such as two- Factor authentication and various types of authorization policies you also examine the difference between the internet an Extranet and an intranet you learned how vpns form part of the access control system that allows users to be authorized within the organization's Network system and you covered common VPN protocols then you investigated several aspects of security such as the types of cyber attacks and the strategies Network administrators used to mitigate them can you recall the difference between packet sniffing packet spoofing and IP spoofing and can you recall other common attack types such as man- in the-middle attacks dos back doors password cracking and SQL injection you should now be familiar with network security strategies such as firewalls password policies intrusion detection systems and antimalware tools remember General Network maintenance such as software updates vulnerability assessment and system logs can also protect against various types of attacks and don't forget that educating Network users about Network best practices is essential because human error is often considered the main weak Link in a network in the final lesson you learned all about firewalls and how Network administrators optimize them by setting zones with different security levels and firewall policies made up of many rules week four was all about networks in the cloud you were introduced to Azure functionalities and supplementary services and how to leverage them within a network next you moved on to understand the digital transformation process for business enterprises from a networking perspective Additionally you explored virtualization machine learning Ai and various cloud services you should now be familiar with azure's virtual desktop which grants users safe remote access to resources from any device or location finally you concluded your Learning Journey by learning about anything as a service which is a collective term for any service that is provided over a network and in most cases across the Internet it's an alternative to a business providing services with its own servers and data centers the main types of anything as a service include SAS Pas and iaz and they differ in terms of which responsibilities reside with the cloud provider and the customer and that's it for this review of the course wow you covered a lot in this course this might only be the start of your journey toward a career in cyber security but you can be very proud of yourself for how much you've already learned and accomplished now you're ready to tackle the course project and graded assessment quiz good luck you've got this and remember to refer to any of the lessons you completed to refresh your memory when needed congratulations you made it to the end of the introduction to networking and cloud computing course your hard work and dedication have paid off and you've shown that you have what it takes to master key concepts of cyber security with this course under your belt you now have a solid foundation to build upon as you continue your Learning Journey you've gained a thorough understanding of networking Concepts common Network infrastructure and cloud computing environment ments by successfully completing all the courses in the series you will earn a Microsoft cyber security analyst professional certificate from corsera this program is truly a great way to expand your understanding of cyber security challenges and gaining a qualification will allow you to apply for entry-level jobs in the field the courses in this program also help you prepare for the sc900 exam by passing the sc900 exam you'll earn the Microsoft security compliance sence and identity fundamentals certification this globally recognized certification is industry endorsed evidence of your technical skills and knowledge the sc900 exam measures your knowledge about concepts of security compliance and identity capabilities of Microsoft Azure active directory as part of Microsoft entra capabilities of Microsoft Security Solutions and capabilities of Microsoft compliance Solutions to complete the exam you should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and identity strategies provide an endtoend solution across these platforms please remember to check out more information about the exam you can visit the Microsoft certifications page at www.learn.cashtracking.com compliance and identity fundamental certification and exam this course has enhanced your Knowledge and Skills in networking and cloud computing but what comes next there's definitely more to learn so it's a good move to register for the next course in the Microsoft cyber security analyst program about threat vectors and mitigation it covers various types of cyber threats and their impact historical cyber attacks and the methods the attack attackers used to exploit vulnerabilities the vectors attackers Ed to gain access to systems and sensitive information and what the different available mitigation services are to protect against cyber threats whether you're a novice or just starting out as a technical professional completing the whole program will show potential employers that you are motivated capable and not afraid to learn new things it's been a pleasure to embark on this journey of Discovery with you best of luck in the future imagine a world where your personal and sensitive information is vulnerable to cyber threats a world where anyone can access your bank account email and social media profiles with just the click of a button does this sound like a place you would want to live in the reality is that cyber threats are becoming increasingly common making it more important than ever to have a strong understanding of how to protect against them to ensure a world like that doesn't materialize this is why this course is designed to benefit anyone interested in cyber security whether you're looking to start a career in the field or simply want to brush up on your skills you'll gain a thorough understanding of the different types of cyber threats and learn effective mitigation strategies to safeguard against them with that in mind let's go over what your Learning Journey over the next 5 weeks entails to begin you'll explore the active threat landscape and learn more about different attack vectors you'll learn to differentiate between the various types of threats facing your systems and data evaluate the various attack Vector types and their potential impact and discover mitigation strategies to protect your systems and data from Potential Threat threats then you'll explore the fundamental concepts and techniques of cryptography to protect data and secure communication you'll learn about encryption public and private Keys hashing digital signing certificates and how authentication and authorization play a critical role in securing systems you'll compare symmetric and asymmetric encryption by analyzing different cryptographic methods and standards discover the public private key and hashing technique by evaluating secure data and communication protection plans and discuss centralized Authentication and authorization methods by evaluating their effectiveness thereafter you'll focus on the various types of network and device-based threats and review the importance of security controls in protecting against them you'll explore methods to keep applications and devices up to date reducing the risk of cyber threats then you'll evaluate the impact of data transmission threats on network security and assess the effectiveness of firewall optimization and safeguarding against cyber tax you will also review the significance of network segmentation in boosting security and discover potential risks related to device security and finally you'll discover strategies for mitigating these risks and ultimately learn how to strengthen cybercity defenses overall next you'll learn about security compliance and identity management in cyber security you'll explore the laws regulations and Industry standards that organizations follow to ensure their systems and data remain secure furthermore you'll learn about best practices for managing access to resources and identities within an organization and explore various security compliance and risk management strategies like the zero trust model and continuous traffic monitoring to detect any unusual network activity you'll also examine the role of identity management an active directory in Security Management and discover different defense models and finally you'll apply what you've learned by creating your own compliance strategy for the end of course project this will help you demonstrate your understanding of the key Concepts and best practices for protecting against cyber threats throughout the course you will encounter many videos that will gradually guide you towards your goal of pursuing a career in cyber security watch pause rewind and rewatch The videos until you are confident in your skills then consolidate your knowledge by Consulting the course readings and measuring your understanding of key Topics by completing the different knowledge checks and quizzes this will set you on your way toward a career in cyber security and form part of your preparation to take the sc900 exam Microsoft security compliance and identity Fundamentals by the end of the course you'll be equipped with the necessary skills to safeguard your systems and data against potential cyber threats creating a safe more secure world for yourself and those around you imagine you've just ordered a cup of your favorite ice cream from Sam's scoops and you can't wait to savor every bite but as you sit down to enjoy your first scoop a thief quickly swoops in and tries to steal your delicious treat just like that Thief cyber attackers are always looking for opportunities to steal valuable information in fact a new Cyber attack occurs every 39 seconds somewhere in the world that's like having 2,244 ice cream stolen in a single day while this this is a simple analogy cyber attacks are very real and they pose a threat to individuals and businesses of all sizes imagine waking up one day to find that your personal information has been stolen or arriving at work to find your computer locked with a message stating that a ransom is required to get your data back but what can you do to protect yourself in this video you'll gain a deeper understanding of cyber attacks their various types and the different methods hackers use to execute them let's begin by exploring what a Cyber attack is a Cyber attack is a malicious attempt made by cyber criminals to interrupt cause damage or gain unauthorized access to computer systems or networks these attacks can happen through different mediums like emails websites or social media and use methods such as malware fishing ransomware or social engineering but don't worry if you're not familiar with these methods just yet as this course will help you explore what they are and teach you how to protect against them so that you can keep your valuable data secure as you delve deeper into understanding the types of cyber attacks and the methods used by cyber criminals it's important to consider the purpose behind these attacks cyber criminals have various motives for carrying out cyber attacks depending on the attacker's intentions some might Target businesses While others Target individuals the motive for these attacks is mostly for financial gain by either stealing money or acquiring sensitive data While others may have political motives and Target government or corporate entities to disrupt operations or obtain confidential information cyber attacks may also be a form of SPN or sabotage where attackers aim to harm the reputation or operations of a Target organization there's even a small percentage of people who carry out cyber attacks as an act of vandalism for entertainment purposes but how are these attacks carried out cyber criminals use a variety of sophisticated methods often combining social engineering tactics and Technical exploits for instance malware is one of the most common cyber attacks as it includes viruses worms and troan horses and can be used to steal data take control of systems or cause damage to software and Hardware another type is fishing this Cyber attack tricks an individual into disclosing sensitive information like login credentials or credit card numbers you may have also heard of ransomware this is a particularly malicious type of attack that can lock users out of their systems and files demanding a ransom to regain access and finally cyber criminals can also use social engineering tactics which involve manipulating people into performing actions that may not be in their best interest unfortunately the consequence es of these cyber attacks can be severe and can have a significant impact on individuals and businesses if an attack is successful it could result in identity theft Financial loss and harm to your credit score while businesses could face reputational damage loss of customer confidence and financial penalties for non-compliance with data protection regulations the business may even have to shut down if they're unable to recover from a severe Cyber attack so with all these potential risks of cyber attacks it's vital that individuals and businesses stay vigilant and take steps to protect themselves fortunately you can Implement several security features that help prevent cyber attacks from occurring such as firewalls antivirus software data encryption and ensuring your systems are kept up to date with the latest patches and updates you should also ensure you stay informed about the latest threats and Trends in cyber security well done you've now learned that cyber attacks are a real and growing threat that can have severe consequences for individuals and businesses you discover that through awareness and proper security measures you can mitigate the risks and protect yourself from falling victim to these attacks in upcoming lessons you'll learn more about the latest cyber threats and build your understanding of the security features that you can Implement to stay one step ahead of the Cyber criminals remember the more you know about cyber attacks and their methods the better prepared you'll be to prevent them so keep learning and stay vigilant to keep your data secure imagine that you're working on your computer when suddenly you notice that it's running extremely slow you think that it's because you don't have enough space on your local drive so you decide to Simply delete some files but as you try to do this you're greeted with a pop-up message instead stating that a virus has infected your computer and corrupted all your files this will be pretty devastating wouldn't you agree unfortunately this scenario happens to thousands of people every day this is why it's so important to understand the different types of malware and their impact so that you can be better equipped to protect yourself against them you've already explored the dangers of worms and their ability to spread through networks and devices but worms are just one type of malware among many in this video you'll dive deeper into this topic by exploring two other common types of malware Trojans and viruses you'll discover what they are how they work and the significant impacts they can have let's start with Trojans which is a short term for Trojan Horse you might be wondering where this term came from well in Greek mythology the Trojan Horse was an enormous wooden structure disguised as a gift to the city of Troy but in reality Greek soldiers were riding inside the horse and they used it as a cover to sneak their troops into the city in cyber security Trojans work in a similar way gaining access to your computer by pretending to be something else aosion is a special type of malware that can disguise itself as a legitimate file or piece of software it does this to trick you into downloading and installing it once the troan is installed the attacker can remotely manipulate your system allowing them to steal important data and get access to the data or applications on your computer Trojans can even work as key loggers reading key strokes and stealing logging credentials or credit card information unlike viruses Trojans can't replicate on their own instead attackers use social engineering tactics to trick users into installing them troan are typically delivered through fishing emails malicious downloads or compromised websites since Trojans can't replicate like viruses they are easier to detect and remove however they can still cause considerable damage there there are several types of Trojans including the infamous Zeus troan which is a type of malware that can be used to steal banking information and emotet which is responsible for spreading ransomware and other types of malware but what exactly makes viruses so different from Trojans well a virus is a type of malware that infects files or programs computer systems it can even spread to other computers through network connections email or infected files unlike Trojans which need be physically installed by a user a computer virus can replicate and spread itself rapidly once it has infected your machine a virus can be delivered through email attachments infected software downloads or malicious websites once your system becomes infected virus can cause considerable damage such as deleting or corrupting files slowing down system performance or stealing personal information viruses are often more difficult to detect and remove as they can hide in system files and and continue to spread to other devices one virus that spread through email attachments and caused significant disruption in 1999 was the Melissa virus it used a macro to hijack users Microsoft Outlook and then sent emails to the first 50 addresses in their mailing lists numerous email servers at corporations and government agencies worldwide became overloaded some even had to be shut down entirely thankfully within a few days cyber Security Experts succeeded in containing the spread and restored the functionality of their networks so you have now covered troan and viruses but where do worms fit in unlike viruses and troan worms don't have to attach themselves to a program or file to infect your system instead they can take advantage of vulnerabilities in your operating system and spread from computer to computer causing considerable damage to your system and network however just like troan worms can create back doors to your system allowing attackers to gain unauthorized access or launch other types of attacks thankfully there are measures you can take to protect your systems and networks against worms including making sure your operating system and antivirus software is kept up to date and don't forget to run regular scans be cautious when opening email attachments or downloads don't open them unless you are certain they are safe you should also avoid suspicious websites especially those that offer free downloads Addle content or pirated software try enabling the pop-up Locker in your browser this blocks unwanted popups which can contain troan or viruses and finally keep yourself up to date with the latest information stay knowledgeable on the latest threats and educate yourself on how to protect your device from troan and viruses Well Done You Now understand that protecting your device against these threats is of vital importance in this video you completed an examination of the various types of malware including troan viruses and worms you learned how they spread through your system systems and networks and explored the differences between them you also discovered the impact malware can have before finally learning some valuable and important steps you can take to help protect your systems and network it's important to note that while there are clear differences between troan and viruses some malware can exhibit characteristics of both you'll dive deeper into cyber attacks and protecting your computer in upcoming lessons so keep learning and soon you'll be prepared for every eventuality imagine walking through Forest on a warm summer's day while enjoying the scenery and taking in the fresh air you decide to take a break at the base of a tree suddenly a mosquito takes a ly to your arm and you're left with an annoying itch that won't go away threat actors are the mosquitoes of cyber security just like a mosquito injects you with its saliva thread actors like hackers use malicious code to deliver viruses to their victims thread actors represent human beings who use different entry points to gain unauthorized access to computer systems these entry points known as threat vectors include malicious URLs USB storage with malware and fishing emails in this video you'll gain an understanding of threat vectors their various types and how hackers use them to gain access to systems and sensitive information this knowledge not only helps you spot insecurities in your organization but also helps you ensure that you stay alert to take the steps necessary to safeguard your valuable network data and systems let's begin by defining exact what is meant by the terms threat landscape threat actor and Threat Vector in an earlier lesson you discovered that a threat landscape is an organization's overall cyber security environment it includes all the potential risks and threats attackers use to manipulate an organization's Network or computer system a threat actor is the individual or group that engages a malicious activity that compromises the security of computer systems networks or other digital assets thread actors can range from amateur hackers to sophisticated criminal organizations nation states and even insiders with authorized access to sensitive information threat actors use a Threat Vector to gain unauthorized access to your system so a Threat Vector is the entry point for attackers to gain access to a system or organization now that you know the leading terms let's explore some of today's most common threat vectors were you aware that one of the leading causes of data breaches as poor user credentials that's right attackers view weak credentials in the same way mosquitoes View your blood which makes them a major Threat Vector in fact data breaches frequently occur after credentials have been leaked and made available to cyber criminals another common Threat Vector is email emails can be leveraged in various ways so attackers can gain access to your system for example emails with attachments that contain malicious code can lead to system infections or spear fishing which targets specific individuals or organizations using personalized emails to increase the likelihood of success another Threat Vector relates to social media platforms which have become increasingly popular as threat vectors attackers create fake profiles and then share malicious links or message users to exploit them have you heard of a watering hole attack this is another primary Threat Vector that involves malicious websites or downloads this attack involves purposefully injecting a website with malware that employees of a specific organization are known to visit frequently these tactics compromise user systems by exploiting vulnerabilities in the organization's web browsers this might surprise you but humans themselves have become a primary threat Factor through social engineering cyber criminals taking advantage of human error use tactics like deception to steal sensitive data another Threat Vector is weekly configured Wi-Fi routers this allows cyber criminals to gain unauthorized access to your network or removable media such as infected USB drives can be a hardware threat Factor spreading mware to computer when connected if attacker gain physical access to your computer system they can attach malicious USB devices like Hardware Key loggers to record your keystrokes supply chain attacks in which cyber criminals compromise a trusted vendor's software or Hardware can have far-reaching consequences they install malware in software supplied by a vendor and once that software is installed by an organization the malware enters the network and starts spreading zero day vulnerabilities refers to previously unknown flaws in software or Hardware which can be exploited by attackers before developers have a chance to release a patch making them particularly dangerous another Threat Vector relates to the Internet of Things devices such as your smart home appliances and wearables lack of adequate security measures default passwords or poorly configured systems can make them threat vectors and finally mobile devices including your cell phone or tablet could be targeted through malicious apps smishing known as SMS fishing or Vishing also referred to as voice fishing and exploitation of Bluetooth or Wi-Fi vulnerabilities Well Done You Now understand the growing threat that cyber security faces as technology improves the number of threat factors is increasing which gives cyber criminals an increasing number of opportunities to compromise systems and networks in upcoming lessons you will explore these terms in Greater detail discovering how cyber criminals use them throughout the world today so keep learning understanding these terms and threats has become vital for developing a comprehensive security strategy that addresses is the entire threat landscape of an organization have you ever received an email from a local restaurant advertising their latest deals it's pretty common right now let's imagine you decide to check out the Restaurant's menu by clicking on the attachment that came with the email but nothing happens frustrated you decide to go to the restaurant's website instead however unknown to you youve just put your device at risk this scenario may seem innocent enough but this is a common tactic that cyber criminals use to spread malware you might recall malware is a type of malicious program that infects your device and steals your your personal information cyber criminals can use malware to record your keyboard activity encrypt your files or steal your data holding it for ransom until you pay for its return this is why it's vital to stay up to date on malware so in this video Let's examine malware in further detail exploring the considerable damage that it can cause you'll also explore another method cyber criminals use ransomware let's begin with intentions you might wonder why people would create such malicious software like most crimes they all have a similar motivation Financial cyber criminals distribute malware through infected computers with the objective to obtain financial data or login credentials collect information that can be sold sell access to Computing resources or extort payment from victims to achieve this objective cyber criminals use a variety of malware you explored viruses troan and worms earlier however malware is becoming more sophisticated with its attacks and is developing intelligent new malware that uses new vulnerabilities and Pathways to spread and evade detection firstly coin miners which is also known as cryptojacking malware is a type of malicious software that uses your computer's processing power to perform coin mining coin mining is a complex mathematical calculation that validates transactions on a cryptocurrency network the malware performs its functions and then sends the cryptocurrency directly to the attacker's wallet it achieves this without the user ever knowing about it this malware uses a significant amount of processing power and causes severe performance issues on the user's computer next exploit kits are a collection of exploits that take advantage of vulnerabilities in your system or software these malware kits scan for vulnerabilities in your system once detected they deploy additional malware to further infect your device these exploit kits often include Shell Code which refers to code that starts a command shell this is a small malware payload that is used to download other malware from attacker controlled networks macros are a powerful method of automating common tasks and improving productivity within Microsoft Office maybe you've heard of them before however cyber criminals also use macro malware functionality to infect your device delivered via an email attachment or zip file the macro works by hiding in your Microsoft Office files the email attachment uses names intended to entice or scare you into opening them often they can look like invoices receipts or even legal documents next is rootkits which cyber criminals use to hide malware inside your device this allows the malware to possibly remain undetected for years allowing it to steal your information and resources rootkits can also intercept and change standard operating system processes and adjust system reports to evade detection finally there's fileless malware which is unique because it functions without installing malware or other programs on your computer's hard drive instead fileless malware makes use of existing programs or tools already installed on your computer this method makes it challenging for antivirus software to locate it so you have now explored malware in further detail however where does ransomware fit in you might recall that ransomware is a special type of malware W that focuses on destroying or encrypting your files in folders making it impossible to access them a ransomware attack occurs when a cyber criminal achieves unauthorized access to your network installing the ransomware in a location with sensitive data or business critical systems the attacker executes the ransomware Locking you out of all your files this leaves the files inaccessible until you pay a ransom The Ransom is usually demanded in cryptocurrency such as Bitcoin because the owner of a cryptocurrency wallet is untraceable sometimes attacker also steal sensitive Data before deploying the actual ransomware in what is known as a double extortion ransomware attack several high-profile ransomware incidents have involved organizations including Colonial pipeline JBS foods and CA these ransomware attacks Drew considerable public attention and Illustrated the extent of the threat and the significance as well as the multi-million dollar consequences of ransomware attacks Microsoft data shows that the energy sector is one of the most targeted sectors for ransomware as well as the financial Healthcare and entertainment Industries you now have a greater understanding of malware and ransomware and recognize the threat they pose in this video you examined the various types of malware including coin miners root kits exploit kits and ransomware discovering how they work and the considerable damage they cause you learned how threat actors use these tools to infect and steal your information you then dived into ransomware and learned that thread actors use ransomware to extort money from individuals and organizations remember it's vital to stay up to date on the dangers that malware cause so continue to educate yourself to help prevent them in the future imagine receiving a phone call from someone claiming to be your bank or a trusted company asking for sensitive information like your credit card details it may seem innocent enough to provide this information but unfortunately it could lead to devastating consequences like identity theft or financial loss which is a reality many individuals across the globe have had to face the truth is this scenario is all too common and it's not not just limited to phone calls cyber criminals are using social engineering tactics to manipulate and deceive people into giving away confidential information like their financial details this is why it's vital you understand what social engineering and fishing is and the impact they can have so that you are equipped to protect yourself against them therefore in this video you'll complete an examination of fishing and social engineering discovering what they are and the various techniques cyber criminals use before exploring several prevention methods let's get started with social engineering and fishing as previously explained cyber criminals use social engineering to manipulate people into performing actions that aren't in their best interest just like in the earlier scenario but social engineering can refer to a variety of tactics that involve psychological manipulation aimed at persuading individuals to perform actions with malicious intent cyber criminals commonly employ these tactics to obtain sensitive information from users either for personal financial gain or to cause harm to others fishing is an example of social engineering that uses digital media including email text messages or voice calls as its method of attack with the primary goal of manipulating users into downloading and installing malware divulging critical financial information like one-time passwords or otps or gaining control over the victim's online accounts for example you might receive a fishing email that looks like it's from a legitimate Source like a bank that tricks you into clicking on a link to verify your account information in reality the link directs you to a fake website designed to steal your login credentials You Now understand what fishing and social engineering are so let's explore some techniques cyber criminals use fishing and social engineering techniques come in several forms each designed to exploit human vulnerabilities you discovered earlier that Watering Hole attacks Target people's specific industries by installing malware on websites frequently visited by industry professionals and redirecting them to malicious websites without their knowledge however Watering Hole attacks are the tip of the iceberg regarding social engineering attacks there are several other techniques cyber criminals use to exploit vulnerable people and extract sensitive information one is pretexting where cyber criminals impersonate someone else to gain trust and extract information from their target or baiting where cyber criminals lure victims with a seemingly genuine offer that entices them to disclose personal details or download malware next is quid proquo which involves cyber criminals offering something in return for personal information and lastly tailgating refers to cyber criminals gaining unauthorized access to restricted areas by following an authorized individual social engineering is a powerful tool used by cyber criminals and fishing is one of its most common techniques fishing attacks come in various forms such as spear fishing which targets specific individuals using personalized information to appear more credible or clone fishing which duplicates a legitimate email and modifies its content to include malicious links or attachments next is Wailing which targets high ranking individuals within an organization such as Executives or board members by carefully crafting messages that will appear to come from a trusted source and finally smishing or Vishing where cyber criminals trick their victims using text messages and voice calls you'll explore these techniques in further detail later in the lesson these techniques demonstrate the dangers that fishing and social engineering pose to cyber security protecting yourself from them requires constant vigilance and a proactive approach but thankfully there are measures you can take to reduce the risk of falling victim to these attacks the first step is to educate yourself and your team about the various techniques and warning signs used by cyber criminals regular training and awareness sessions can foster a security conscious culture within an organization it's vital to verify the identity of anyone requesting sensitive information particularly if the request is unexpected or unsolicited whenever in doubt contact the person or organization directly using a known trusted method of communication you should also exercise caution when you encounter links and attachments ensuring you avoid any received from unknown or suspicious sources by hovering over links you can reveal the true destination before clicking ensure you scan attachments with an antivirus irus program before opening them and finally keep your software operating systems and Antivirus programs up to date this is essential for defending against known vulnerabilities and modern threats so that's it you now know how cyber criminals use fishing and social engineering to Access Financial and sensitive information you also discovered in this video that by remaining Vigilant and adopting best practices you can significantly reduce the risk of falling victim to these attacks remember cyber security is an ongoing process demanding continuous attention and adaptation to stay ahead of cyber criminals and the threats they pose you'll delve further into these topics in upcoming lessons so keep up the great work in 2022 the FBI's internet crime records registered over 800,000 reports of cyber crime statistics show over 422 million individuals were impacted plus an estimated nearly 33 billion accounts will be breached this year the cost of these breaches is predicted to be at 8 trillion so it may not be a surprise that hacking has become big business the stereotypical image of a loone owner who is living in a basement is just not true anymore they've shaken off their reputations and rebranded themselves around the world as Internet tribes and organizations some even have codes of conduct and goals this basement hacker stereotype is damaging it gives organizations a false sense of superiority over these threat actors whom they perceive as untrained individuals when they are in fact highly skilled and organized groups groups such as Anonymous have caused hav can continually make news worldwide to possess this hacking skill you need an understanding of society and people so they are no longer the typical hacker that one might imagine they are united by their skills and perform everything from pranks to financial crimes and even Espionage these groups are also known for sharing their exploits on various internet forums but not everything is always so clear-cut within all of these hacking groups meet Tony he's working with a team of hackers in Philadelphia and as a group they are attempting to hack into a multinational corporation cyber defenses the corporation has a new software application that customers use to make Financial payments the hacking group continually probes for weaknesses within the company's Advanced software after several weeks of probing the team has had success and locates some vulnerabilities using their highly trained skills they hack into the corporation's Network accessing private user data but Everything Is Not What It Seems this hacking team are the good guys they've been hired by the corporation and are working with their permission to find potential weaknesses in their software throughout their hacking Tony and the team have developed state-of-the-art cybercity software for the company Tony is what's known as a white hat or ethical hacker they collaborate with companies and governments to help organizations improve their cyber security groups and individuals like Tony and his team are on the rise worldwide and continue to be in hdes man through collaborations like Tony's Cyber Technology Group and numerous companies manufacturers and governments cyber Security Professionals are starting to fight back against cyber criminals changing the game on how cyber security is being dealt with imagine you were shopping at a local mall and decide to unwind at a cafe conveniently the cafe offers free public Wi-Fi allowing you to check your emails and browse social media unbeknown to you a cyber criminal is also using that public Wi-Fi when you connect to the Wi-Fi the hacker employs a technique called man-in-the-middle or mitm to intercept any data being sent between your device and the network you decide to check the balance of your bank account thus giving the hacker access to your login details later on that day someone gains access to your account and withdraws funds leaving you with a compromised account and a loss of funds from a public Wi-Fi network hackers can even introduce mware into your device which can lead to more harm this technique is commonly employed by cyber criminals all around the world which emphasizes how crucial it is to master the techniques that can stop these occurrences in this video you'll explore personal mitigation strategies discovering how to stay safe and keep your data and devices secured from any potential cyber crimes let's begin with virtual private networks or vpns a VPN is a method used for creating a secure connection between two Networks when using an unsecured Network like in the earlier scenario a VPN encrypts your internet connection and passes the data through a secure server protecting your data from interception and E dropping by using a VPN you can browse the web privately and securely even on public Wi-Fi networks while public Wi-Fi networks are convenient they are unsecured and can be easily exploited by cyber criminals where possible avoid using them for sensitive tasks like online banking or accessing personal accounts if you must use public Wi-Fi always use a VPN to keep your connection secure and protect your data you should also create strong and unique passwords for all your accounts and incorporate uppercase and lowercase letters numbers and symbols avoid using simple words phrases or patterns and enable multiactor authentication or MFA on all accounts that support it to add an extra layer of security MFA works by requiring a second form of verification such as a text message or an authenticator app in addition to your password avoiding softare Ware downloads from unauthorized or pirated sources is another mitigation strategy pirated software can install malware programs on your device creating additional security risks always make sure you download software from reputable sources such as the developer's website or official app stores and keep your software up to date with the latest security patches you should also avoid having any private information or passwords on websites or in plain site such as in a file on your computer or written down instead use a secure password manager to to store your sensitive information and always double check the website's URL and security certificate before entering your credit card details now you already know that cyber criminals use fishing attacks with malicious links to trick you into revealing sensitive information or downloading malicious malware by checking the destination URL and such links you can ensure it's from a legitimate Source if in doubt just navigate to the website directly by typing the URL into your browser remember even though they appear as legitimate sources fishing ATT tax use emails social media messages and text messages to trick you into revealing sensitive information be cautious when clicking on links or downloading attachments and verify the sender's identity before acting if in doubt contact the sender directly using a known contact method one of the best mitigation strategies you can Implement is to install a reliable antivirus and firewall maybe you already have one installed in your own device a good antivirus program can detect malware and remove it before causing any damage which helps to protect your device from cyber threat additionally a firewall helps protect your devices by monitoring incoming and outgoing Network traffic and blocking unauthorized access so it's vital to install a reputable antivirus program and enable your devices built-in firewall to take your security to the maximum and finally remember to keep yourself up to date on the latest cyber security threats and best practices to protect your Digital Life follow reputable sources on social media attend webinars or enroll in training courses to enhance your knowledge and stay vigilant against potential threats great you have now discovered some effective strategies for protecting your devices against cyber crime these strategies play a vital role in protecting your Digital Life from cyber threats in this video you explored personal mitigation strategies and several methods for protecting yourself by understanding and implementing these measures you not only enhance your cybercity knowledge but also create a safer digital environment for yourself and others remember staying proactive and informed is the key to staying secure in the ever evolving world of cyber security imagine working from home and receiving a confidential financial report via email while in your home office as this data is quite sensitive an ordinary email attachment just won't cut it it's vital that even if cyber criminals compromise the email account the document remains private and secure to achieve this you encrypt the file so that only the intended recipient can download and decrypt it thankfully there are several security software Solutions available that can help you encrypt your files for Safe digital transmission and just like encryption software there's a range of additional programs and tools that you should use on a regular basis to safeguard your online security and privacy therefore in this video you'll explore several types of security software learning how they Safeguard your personal information and keep your online activities protected from potential threats it's common in today's world to have dozens of passwords for numerous accounts or websites remembering them all has become an impossible task while it's easy to reuse a password across multiple websites or resort to writing them down both pose a security risk this is why password managers have become a very useful tool for generating and saving complex and unique passwords for all your logins password managers encrypt and store your passwords and login information in one place some of them can even automatically log you into websites and apps so you never have to manually enter your credentials again there are several password manager applications you can use including last pass one password and bit Warden most of these password managers even support a secondary authentication layer like onetime pin or OTP which adds additional protection while password managers are useful and create very secure passwords it's also beneficial that you understand how to create a secure password yourself but you might ask yourself what are the characteristics of a strong and secure password well a strong password is one that is unique and complex it's a password that uses 12 or more characters has a combination of upper and lowercase letters and a combination of numbers and symbols also it shouldn't be a word that can be found in a dictionary or the name of a person character product or organization if you want to use a word or phrase you'll remember misspell it or include numbers or letters for example a complicated password is stronger than a simple password like three birds make it different from your other passwords do not include your name a family member's name or a pet's name they are too easy to guess it should not include phone number numbers birthdays addresses or social security numbers also avoid using popular passwords like 1 123 or password and finally ensure you update your passwords regularly cyber Security Experts recommend creating a new password every 3 months you previously learned that anti- malware tools can detect and remove malware from your system and they always monitor your files for any new malware similarly firewall applications can filter incoming or outgoing traffic from your computer installing these programs on your computer has become vital in this modern digital age thankfully most operating systems already have built-in firewall tools so you don't even need to purchase anything extra recent versions of the Windows operating systems come with Windows security which is a free solution with an integrated antivirus called Microsoft Defender which includes antimalware a highly capable firewall and other browser and device protection features you also have the option to bump up your security with two-factor authentication you already know that two Factor authentication can protect your online accounts by adding an extra security layer there are several applications that offer two-factor authentication including Microsoft authenticator Google Authenticator and aie they generate time-based onetime passwords or OTP for multiactor authentication on top of all these options you also have personal encryption tools like gpg or gnu privacy guard and pretty good privacy or as it's known pgp these help protect sensitive information by encrypting files and messages ensuring only authorized recipients can access them these tools use public key cryptography to enable secure communication and file sharing applications like Microsoft bit locker and Macos file Vault provide full dis encryption scrambling your entire hard drive and all its contents even if lost stolen or confiscated an unauthorized individual cannot access your data without the proper password or key you will explore encryption and cryptography later in the course well done as you discovered by combining security software and implementing effective mitigation strategies you can significantly improve the security of your personal devices and online accounts understanding these applications and software has become vital not just for budding cyber Security Professionals like yourself but for individuals All Around the World in this video you explored the security software available for these topics learning how they protect your data and keep you safe and secure while navigating the worldwide web well done you've now reached the end of this introductory week about threat factors and mitigation at this point you have a solid understanding of cyber attacks and how they can occur the various methods that cyber criminals use to commit these attacks real world examples of various cyber crimes that have taken place and the software and strategies you can use to mitigate these attacks it's now time to take the module quiz but before doing so let's recap what you've learned so far at the beginning of the week you were brought through the course introdu in syllabus learning how you can gain the most from the course and then sharing what you hope to learn with your peers then you began your Learning Journey by exploring cyber attacks discovering that a Cyber attack is a malicious attempt made by cyber criminals to interrupt cause damage or gain unauthorized access to your computer system or network you discovered the purpose of these attacks their impact as well as several methods cyber criminals use do you remember what these methods were they include malware ransomware fishing and social engineering at this stage you have learned about some notable cyber attacks that occurred throughout history you took a deep dive into the W to cry ransomware discovering how it affected thousands of computers across 150 countries causing billions of dollars in damage you also learned how the stuck snet worm targeted Iran's nuclear program manipulating the centrifuges causing them to malfunction and eventually break down while ransomware and worms can be considerably impactful atran can also be dangerous if you recall atran is a special type of Mal malware that disguises itself as a legitimate file or piece of software following this you discovered that a threat landscape is an organization's overall cyber security environment while a threat actor is an individual or group that engages in malicious activity that compromises the security of computer systems meaning a Threat Vector is an entry point for attackers to gain access to a system or organization next you delved into some common threat vectors including poor credentials email routers or iot devices you might recall some of the various types of malware including coin miners which uses your computer's processing power to perform coin mining or how exploit kits are a collection of exploits that take advantage of vulnerabilities in your system or software you followed this by exploring malware discovering how malware Works including detection and removal you examined some Advanced methods that cyber criminals use to evade detection such as metamorphic malware which change its code while keeping its base functionality the same you also learned how a polymorphic malware is like a chameleon encrypting its malicious code once it infects a system polymorphic malware does this by generating a new encryption mechanism with each infection changing its code constantly to match its environment you also discovered that fishing is an example of social engineering which manipulates you into performing actions that aren't in your best interest and you should now be familiar with some common fishing and social engineering techniques that are used by cyber criminals you gained insight into measures you can take to reduce the risk of falling victim to these attacks which involves educating yourself and verifying the identity of anyone who contacts you for example an email from an unknown source you also completed an examination of threat vectors and should be able to explain amongst others Insider attacks Hardware based attacks and typo squatting in the final part of this week you delved into mitigation strategies exploring Biometrics and various biometric security systems available You Now understand that biometric systems enhance accountability by providing a clear and accurate audit trail of access to sensitive areas or data however there's concern that Biometrics is vulnerable to cyber attacks and data breaches because biometric data is stored in centralized databases or on individual devices Additionally you are now well versed in the security software options that are available to help you encrypt your files or an entire hard drive including password managers that generate unique and complex passwords for each login you also know that malware tools detect remove malware from your system and monitors your files for malware but firewall applications can also filter suspicious traffic the Windows operating system comes with Windows security which includes an antivirus called Microsoft Defender it also includes antimalware which is a highly capable firewall before completing your Learning Journey you explore data loss discovering several ways in which your data can be corrupted or destroyed including malware ransomware or Hardware failures and understand that one of the best soltion solutions to avoid data loss is through data backups which are completed in various ways including full backup which backs up all your data but it's timec consuming or incremental backup which only backs data that has been updated or changed through understanding data loss you learn strategies that help you retrieve lost or deleted data including checking the computer recycle bin or using backup copies making use of file history or time machine applications you can also use recovery software and lastly you could use a professional data recovery service to enhance your knowledge further this week you also completed several in video questions knowledge checks discussion prompts and examined several real world examples on the topics you covered you might now have a good idea about what items you'd like to revisit to refresh your memory before you take the module quiz on threats and attacks over the next week you will expand your knowledge of threat vectors and mitigation by diving into cryptography starting with encryption best of luck have you ever sent a private message to a friend using a secret code that only the two of you you knew maybe you created unique symbols for each letter of the alphabet making a key that can be used to write and decipher coded messages that only those with the key can read them or perhaps you had a secret handshake or a sign to Signal something that only you and your friend would understand encryption Works in a similar way it's the process of encoding a message or data so that only authorized parties with the right key can access it in this video you'll be introduced to encryption and learn about some of the fascinating techniques used to protect data and cure communication encryption is an essential tool in modern-day communication and helps protect sensitive information from being intercepted and read by unauthorized parties encryption has a long history and has evolved over time from simple techniques like the Caesar Cipher to the complex algorithms used today the Caesar Cipher is one of the oldest and simplest encryption techniques it was named after Julius Caesar who used this technique to communicate with his generals the Caesar Cipher involves shifting each letter in the message by a certain number of spaces down the alphabet which is also known as character substitution for example if the key was three then a would become D B would become e and so on the Caesar Cipher technique is simple to implement but is not secure as the key can be guessed and the message can be decrypted quite easily in the modern day encryption is much more complex and there are many different types of encryption techniques used to protect data and communication one such technique is symmetric encryption which uses a shared secret key to encrypt and decrypt data much like using a shared secret code to send a message to your friend but modern encryption keys are a lot more complex and much less predictable than traditional character substitution techniques symmetric encryption is often used in situations where two parties need to communicate securely and have agreed on a shared key beforehand the same key that encrypts the data is used to decrypt it making symmetric encryption ideal for bulk data encryption and secure communication within closed systems another type of encryption is asymmetric encryption unlike symmetric encryption which relies on a single shared key for encryption and decryption asymmetric encryption uses a pair of keys this pair consists of a public key and a private key the public key is responsible for encrypting the message and can be shared with anyone while the private key is responsible for decryption and must be kept secret asymmetric encryption uses end-to-end encryption to protect the confidentiality and privacy of the users Communications and to authenticate users many other types of encryption techniques are also used in modern-day cryptography such as hash functions digital signatures and key exchange protocols these techniques are used to protect data and Communications in a variety of different scenarios from securing online banking transactions to protecting military Communications you'll explore more about encryption techniques later but they essentially all boil down to a more complex series of numbers and calculations to encrypt data in the ends no encryption is unbreakable given enough time and resources however the aim of encryption is to make it so difficult and time consuming to break that the encrypted data is no longer relevant by the time it's decrypted encryption is an important tool for protecting data and communication and it has a long and fascinating history from the simple Caesar Cipher to the complex algorithms used today encryption has evolved over time to play an essential role in protecting data in Industries such as Finance healthc care and government where sensitive information must be kept confidential without encryption the online world would be less secure and the positive information shared by individuals would be more vulnerable to interception and theft by now you understand that encryption is an essential tool for safeguarding sensitive information when transacting and communicating online you've learned quite a bit about some of the most widely used encryption methods like AES and RSA but with so many different encryption options available how do you know which encryption technology to use to protect your data not all encryption techniques are equal and understanding the strengths and weaknesses of different modern encryption methods is crucial in choosing the right technology to provide the best security for your specific needs that's why in this video you'll delve deeper and explore the strengths and weaknesses of modern encryption Technologies and discover Key Management best practices to begin let's reflect on what you've learned about AES and RSA AES is a symmetric encryption algorithm that ensures high levels of security by encrypting data into fix size blocks in this method each block is encrypted with a secret key that is shared only between between the sender and the receiver RSA on the other hand uses two keys a public key and a private key and can be used to communicate securely between multiple parties without the need to share a secret key in addition to AES and RSA is another popular encryption technique called elliptical curve cryptography or ECC ECC is a type of public key encryption that is based on the mathematical theory of elliptical curves and uses smaller faster and more efficient Keys instead of multiplying large prime numbers like traditional methods ECC uses an elliptical curve equation to link two separate keys to encrypt and decrypt data one is a public key and the other is private this approach offers a higher level of security because the private key cannot be derived from the public key ECC is an alternative to the RSA cryptographic algorithm and is widely used in cryptocurrencies such as Bitcoin and ethereum and because it is so efficient it works well for wireless communication and The Internet of Things the methods used in encryption are designed to be highly secure making it difficult for anyone to break them Advanced encryption algorithms like AES are particularly strong and can withand Brute Force attacks that attempt to decode the encryption key however no encryption technique is 100% foolproof which is why it's also important to understand their limitations and weaknesses for example managing the shared key in AES can be challenging when multiple parties are involved rsa's complexity can slow down the encryption process and while ECC offers a higher level of security its complexity makes it vulnerable to implementation errors these issues can impact the overall security of your data and it's crucial to address them by implementing effective key management practices key management practices involve procedures for generating Distributing storing and revoking encryption keys and ensures that only authorized parties have access to them this is essential for maintaining the confidentiality and integrity of encrypted data one of the most popular key management practices is the use of key exchanges key exchanges allow for the secure distribution of encryption Keys between parties without the need to share the key itself a popular key exchange protocol is the Diffy Helman protocol which allows two parties to independently generate shared secret keys without actually sharing the key itself this protocol is commonly used in Secure Communications and e-commerce transactions when it comes to choosing the right encryption technology various factors such as the level of security required the size of the data and the number of parties involved need to be taken into account symmetric encryption methods like AES provide fast and efficient encryption while asymmetric encryption methods like Orsa and ECC offer more versatility and security for multiple parties from uncovering the captivating history of encryption and delving into the intricate tools that uphold modern data security you've come a long way to learn about the role of cryptography in data security in this video you'll Zone in on private keys and learn about how they are formed used and stored securely you will also touch on different private key encryption algorithms like AES and Blowfish uncovering their unique strengths and the key management challenges that come with them private key encryption also known as symmetric key encryption is a fundamental Concept in cryptography that involves using the same key to both encrypt and decrypt data but how are these Keys created private keys are created by generating a sequence of bits or ones and zeros that serve as the key itself once generated the private key is used to to encrypt the data and only the same private key can decrypt the encrypted data it is crucial to keep the private key secure to prevent unauthorized access to the protected information as you may recall the advanced encryption standard or AES is a widely used symmetric key encryption algorithm it operates as block Cipher dividing data into fix size blocks of 128 bits the encryption process involves applying a series of mathematical operations known as rounds to the input data the number of rounds depends on the key size for instance 10 rounds for 128 bit Keys 12 rounds for 192 bit keys and 14 rounds for 256 big Keys a larger key size generally provides greater security making it harder for cyber criminals to crack the code however it's essential to note that the larger key sizes may result in slower encryption and decryption times it's a trade-off between security and performance AES operates in various modes each with its unique characteristics and strengths let's explore a few examples electronic code book or ECB is the simplest and most straightforward mode in this mode data is divided into blocks and each block is encrypted independently however this Simplicity comes with the downfall ECB can be vulnerable to certain attacks making it the least secure option on the other hand Cipher blockchaining or CBC encrypts each block of data using the previous block Cipher text creating a chain of interconnected blocks this creates an extra layer of protection making it more secure and commonly used in situations where confidentiality is very important now that you've explored the different modes of as encryption let's shift your focus to another prominent symmetric key encryption algorithm Blowfish Blowfish is a symmetric key encryption algorithm designed by Bruce schneer in 1993 just like AES Blowfish is a block Cipher that operates in both ECB and CBC modes but it offers a few unique features that set it apart one standout feature of blowfish is its flexible key size with Blowfish you can use variable length Keys ranging between 32 and 448 bits making it a more efficient solution for scenarios that require Swift encryption and decryption while Blowfish is ideal for fast encryption it's important to note that alternative methods like AES may be more suitable in situations where a high level of security is required now let's delve into the crucial aspect of Key Management in private key encryption key management plays a vital role in maintaining the security of private key encryption since the same key is used to encrypt and decrypt data safeguarding the key is essential to prevent unauthorized access to encrypted data one solution to address the key management challenges is the use of Hardware security modules Hardware security modules are physical devices specifically designed to provide secure key storage and cryptographic operations their temper resistant properties make them resilient to physical attacks such as drilling cutting or heating Hardware security modules are commonly used in Industries such as Finance health care and government where the security of cryptographic keys is of utmost importance another option for storing private Keys is to use encrypted key storage Services these services use encryption to protect Keys stored on their servers while access to the keys is typically protected by multiactor authentication and other security measures it is also crucial to establish secure backup and storage mechanisms for private Keys regularly backing up Keys helps mitigate the risk of key loss in the event of Hardware failure other unforeseen disasters however it is equally important to store the backup securely to prevent unauthorized access that wraps up your exploration of private key encryption from the powerful algorithms like AES that provide robust security to Blowfish that excels in speed and flexibility understanding both and the best practices for Key Management is essential for ensuring robust data security you've become well-versed in the world of private key encryption understanding its inner workings and significance in safeguarding data however there's another vital piece of the puzzle public keys so let's dive deeper into their role imagine you have a top secret letter destined for your friends Eyes Only to keep it safe from prying eyes you put the letter inside a special lock boox that only you and your friend have the keys to what if someone tries to steal the lock box and the keys while it's being delivered to prevent this from happening you add an extra layer for protection you use a unique lock equipped with two keys a public key and a private key the public key is shared between you and your friend while the private key is exclusively held by your friend you lock the box with the public key only your friend possessing the private key can unlock and read the letter within even if someone manages to get their hands on the box and the public key they won't be able to unlock it without the private key in this video you'll explore the significance of public keys and explore how they synergize with asymmetric key encryption algorithms like RSA Diffy Helman and ECC to bolster cryptographic systems let's start by refreshing your your memory on what public key encryption is public key encryption also known as asymmetric key encryption is a technique that uses a pair of keys one public and one private to encrypt and decrypt data the public key can be freely shared while the private key is kept secret when a sender wants to send a message to a receiver the sender uses the receiver's public key to encrypt the message the receiver then uses their private key to decrypt the message public key encryption is used for secure communication over unsecured Networks such as the internet there are different types of asymmetric key encryption algorithms such as RSA Diffy halman and ECC as you may recall RSA is a public key encryption algorithm widely used for secure communication and data transmission over networks the RSA algorithm is based on the mathematical properties of prime numbers generating two large prime numbers p and Q and calculating their product the resulting number is used as the modulus for the encryption and decryption process the term mod modulus or modulo may be a new one it's a mathematical term used to describe the remainder after a division is carried out for example if you divide 10 by 3 there is one left over this is the modulo value so to decrypt the message using RSA the receiver uses the private modulo as part of an equation that allows the message to be divided by their private key to obtain the original message don't worry if this sounds complicated for now all you need to know is that the RSA uses prime numbers to generate encryption and decryption Keys you'll learn more about the key generation process later the RSA encryption process involves key generation message encryption and message transmission and RSA offers several advantages including security scalability and efficiency however it also comes with challenges related to Key Management and performance now let's shift your focus to the Diffy Helman algorithm the Diffy Helman algorithm is a key exchange algorithm used to establish a shared secret between two parties over an unsecure Communication channel it is used for sharing the keys for symmetric encryption the Diffy halman key exchange process involves key generation key exchange shared secret generation and encryption and decryption the algorithm offers benefits such as security scalability and efficiency however it is important to be aware of potential vulnerabilities such as man-in-the-middle attacks and challenges related to key distribution finally let's discuss ECC the itical curve cryptography algorithm you may recall that ECC is a public key encryption algorithm that uses elliptical curves over specific fields to perform cryptographic operations the ECC encryption process involves key generation and message encryption ECC brings advantages such as enhanced security smaller key sizes and faster computation however like any algorithm it also has its share of challenges including key management and patent issues exploring the different asymmetric algorithms in this video has provided provided you with valuable insights into the methods behind public key encryption you've learned that algorithms like Orsa Diffy Helman analytical curve cryptography have different capabilities providing security scalability and efficiency but they also face certain challenges like key management and distribution and performance and patent issues by understanding these asymmetric key encryption algorithms organizations can make informed decisions about the most suitable approach for their specific needs as you continue to explore encryption and data security remember the critical role public key encryption and its algorithms play in safeguarding digital Communications have you ever wondered what happens when you enter your password in something like your banking app social media or email how to service providers securely match the password you provide with the one you initially signed up with and if this information is saved somewhere like a database how do they ensure that your password remains out of the reach of malicious actors well this is where hashing comes into play a powerful technique that transforms your password into a string of characters that's almost impossible to decipher in this video you'll explore hashing and its vital role in data security you'll also be introduced to different types of hashing algorithms like md5 and sha 256 and discuss a technique called salting that enhances the security of hashes hashing is a process that takes input like your password or any other information and turns it into a fix size string of btes typically in the form of letters and numbers this output is called a hash or a digest and is unique for each input so even a slight change in the input will result in a completely different hash this makes it extremely difficult to reverse engineer the original input from the hash making it a crucial technique in data security so storing passwords as hashes rather than plain text ensures that even if the database is compromised attackers cannot easily extract the original passwords but hashing is not limited to password storage it also plays a crucial role in ensuring data integrity and enabling digital signatures for data integrity hashing helps verify the Integrity of files and messages by allowing recipients to confirm that the content has not been tampered with during transmission hashes are also used to create digital signatures which can be used to authenticate the sender and ensure the Integrity of the transmitted data there are different types of hashing algorithms md5 is a widely used algorithm that produces a 128bit hash value but is no longer considered secure for sensitive applications due to its vulnerability to Collision attacks where two different inputs produce the same hash however can still be used for non-critical tasks like generating unique IDs or verifying the Integrity of non-sensitive files during data transfer it is widely adopted for its strong security properties and performance efficiency for instance sha 256 is extensively used in applications such as digital signatures password hashing and blockchain Technology when it comes to password security hashing algorithms play a vital role in protecting your sensitive data but even these robust algorithms can be vulnerable to certain types of attacks such as brute force and dictionary attacks so to bolster the security of hash passwords a technique called salting comes into play ass salt is a randomly generated unique value that is combined with your password before hashing this technique guarantees that even if you and another user share the same password the respective hashes will be different due to the distinct salts this mitigates the risk of identifying users with the same password by simply comparing hashes making it harder for attackers to exploit common or weak passwords salts are stored in the database alongside the hashes which is crucial when you try to log into your account so when you enter your password the system retrieves the associated salt which is then combined with the entered password the resulting value is then hashed and compared to the store at hash if the newly generated hash matches the one in the database you're granted access this approach not only enhances the security of hashes but also prevents attackers from using pre-computed hash tables such as rainbow tables to crack passwords by by implementing unique salts for each user the attacker's task of matching hashes become significantly more difficult and timec consuming as they would have to recompute Hash tables for each salt value so now you know hashing is fundamental to ensure data security and integrity it forms the basis of many security systems with algorithms like md5 and sha 256 being widely used in various applications and remember adding salt to the mix makes data even more secure imagine if every message every piece of information you share online accessible to anyone who desires it it sounds like a nightmare doesn't it fortunately in an era where life intertwines with technology lies a powerful force that stops this from becoming a reality it's a force that holds the key to your privacy security and the protection of your most valuable information and by now you've become quite familiar with it it's the incredible power of encryption encryption is like a vault protecting your data from prying eyes it works by transforming your messages and files into a secret code rendering them unreadable to anyone but the intended recipient and it all starts with the dynamic duo of symmetric and asymmetric encryption symmetric encryption is like locking valuable information in a secure lock box using a secret key that is shared between you and the recipient while asymmetric encryption adds an additional layer of security by using two keys a public key to lock the box and a private key to unlock it it's a combination so potent that it ensures only the intended recipients can unlock and read the message meet Bailey she has an idea for an invention Bailey has spent a lot of time and effort on her invention and is now ready to apply for a patent but before that she wants to share the design with an old friend so she writes an email and includes her design for a friend to see unfortunately for Bailey she didn't use an encrypted Communication channel and her email was intercepted the hacker gets her design and sells it to a nasty character who then resells the design to a multinational company and in turn makes loads of money poor Bailey should have encrypted that email in an era filled with cyber threats and constant d data Brees encryption stands as a Fearless Guardian in the digital landscape in fact a recent study found that businesses that Implement strong encryption are less likely to suffer huge financial losses in the event of a data breach they can save up to$ 1.4 million us for each attack to be exact it's a staggering statistic highlighting encryption's power and safeguarding sensitive information encryption doesn't discriminate it's for everyone from individuals sharing personal messages to multinational corporations safeguarding Trade Secrets encryption is the unsung hero that keeps the digital world spinning securely so next time you send a private message make an online purchase or share sensitive information remember the vital role encryption plays it's the lock that keeps your Secret Safe The Shield that defends your privacy and the key that unlocks a world of secure communication when it comes to verifying the authenticity of paper-based documents like contracts essays or even heartfelt letters a simple ink signature serves as a trusted seal but what about the files and documents you share online how can you ensure the same level of trust and integrity digital signing and signatures provide a solution to ensure trust and authenticity and over the next few minutes you'll learn all about their vital role you'll explore their use cases and familiarize yourself with the best practices for implementing them but before you do let's start with what digital signing is digital signing is the process of using cryptographic techniques such as RSA and ecdsa to authenticate digital documents or messages here's how it works when you send a document a unique digital fingerprint or hash of the document is created which is then encrypted using your private key to generate the digital signature the recipient can then use your public key to decrypt the signature and verify the documents hash this process ensures the document's authenticity integrity and non-repudiation and verifies your identity now let's review the role digital signing plays in various Industries where secure communication and document verification is essential in online banking digital signing is crucial in authenticating and securing your transactions it protects sensitive information such as your account numbers and balances from fraud and identity theft by ensuring that the communication between you and the bank is secure and genuine then when it comes to online shopping digital signing is employed to ensure the Integrity of electronic invoices receipts and other transactional documents protecting you from counterfeit products or fraudulent transactions it enhances the overall experience and Trust in e-commerce platforms digital signing is also revolutionizing the way legal documents are signed streamlining the process and reducing the Reliance on paper based documentation this not only saves time and resources but also ensures the authenticity and integrity of the signed documents the healthcare industry is no exception it is also experiencing a transformative shift with the help of digital signing electronic health records and prescriptions can now be authenticated with digital signatures this ensures patient privacy and data security and improves efficiency when sharing information between healthcare providers finally government agencies widely adopt digital signing for secure communication and document verification this technology has been crucial in improving efficiency reducing the risk of Fraud and enhancing overall Security in the provision of Public Services now that you've explored the various applications of digital signing let's delve into digital signatures themselves digital signatures are the unique string of characters generated during the digital signing process they are cre created using the sender's private key and the signed data digital signatures serve two primary functions authenticity and integrity authenticity means that the recipient can verify the sender's Identity or in other words the document really came from whom it claims to be from and integrity means that the recipient can check if the document has been tampered with since it was signed if a company deals with digitally signed Services it likely involves handling and verifying these digital signatures and documents or messages this could include making sure the signatures are valid and that they match the corresponding public key of the signer thereby ensuring the document is authentic and unaltered now that you have a foundational understanding of digital signing and signatures what are some best practices for effectively utilizing this powerful technology well the first step is to stay informed of the latest developments and best practices in digital signing and digital signatures by staying up to date you can adapt to new security measures and advancements ensuring that you use these Technologies effectively and securely another important aspect is choosing the right digital signature software for your specific needs while considering ease of use cost and compatibility with your existing systems it's also crucial to implement strong security measures when using digital signatures this means that you should ensure that your private keys are securely stored and that you have robust security protocols to protect your sensitive data and if you're working within a team ensure that your peers are well versed in a use and benefits of digital signing and digital signatures so they can effectively incorporate these Technologies into their workflows finally as digital signing and signatures evolve it's essential to consider how these Technologies may impact your industry and business processes and be prepared to adapt accordingly digital signing and digital signatures are transformative technologies that have the potential to revolutionize various aspects of the modern world from secure online transactions to efficient document management these Technologies offer numerous benefits and opportunities for growth and Innovation by staying informed choosing the right tools implementing strong security measures educating your team and being future ready you can harness the full potential of digital signing and digital signatures in your industry embrace the future of technology and unlock the countless possibilities these advancements offer throughout your cyber security Journey you've explored various Technologies to safeguard sensitive information and ensure secure communication from everything like encryption algorithms keys and hashing to the fascinating concept of digital signing you've covered a lot of ground about cryptography now it's time to expand your knowledge further by learning how certificates fit into the picture in this video you'll explore what digital certificates are discover the role of certificate authorities and get to know different types of certificates including the widely used SSL and TLS certificates to begin let's consider the following as a startup business Sam Scoops has made great strides towards expanding the business as part of Sam's Endeavor she sets up a website now put yourself in her customer shoes they want to explore Sam scoop's online offerings but they may have concerns about the legitimacy and the security of the website they're about to visit this is where digital certificates fulfill an essential role they act as electronic credentials that validate the identity of entities and ensure secure Communications over the internet in Sam's case a digital certificate serves as a stamp of authenticity assuring her customers that they are indeed visiting the right website digital certificates are electronic documents that are issued by trusted organizations known as certificate authorities or cas certificate authorities play a crucial role in verifying an entity's identity by following strict protocols and adhering to Industry standards digital certificates guarantee that the certificate holder is who they claim to be they contain key information including the website's name like Sam Scoops the certificate holder's name a public key for secure communication the ca's digital signature and the certificates validity period digital certificates are an essential component of secure online transactions and Communications ensuring that sensitive data remains confidential and tamperproof the process to obtain a digital certificate involves several key steps first The Entity for example Sam Scoops requests a certificate from a CA then the ca verifies the entity's identity following stringent guidelines once the entity is verified the ca issues a signed digital certificate containing the entity's public key the certificate is then installed on the entity server and the server uses it to establish secure connections with clients when a user views the website the client in this case the web browser checks the server certificate for validity then the client verifies the ca's digital signature on the certificate ensuring the certificate's authenticity and finally if the certificate is valid the client establishes a secure encrypted connection with the server using the public key this process ensures secure communication between clients and servers protecting sensitive information from EAS droppers and tampering now let's review the different certificate types secure socket layer and transport layer security certificates or SSL and TLS for short are two common types of digital certificates used to secure Communications on the internet SSL is the predecessor to TLS and while SSL is still used in some contexts TLS is the newer and more secure protocol both SSL and TLS certificates use asymmetric encryption to secure data transmission between a client and a server by encrypting data and verifying the identi entities of the communicating parties SSL and TLS certificates provide confidentiality integrity and authentication SSL and TLS certificates have a wide range of applications including securing web transactions email Communications remote access and iot devices e-commerce websites rely on SSL and TLS certificates to protect customer data and ensure secure online transactions these certificates encrypt sensitive information such as credit card numbers and login details providing a secure shopping experience for customers certificates can also be used to encrypt emails protecting sensitive data from unauthorized access Email encryption certificates also known as smime certificates verify the sender's identity and ensure the email content remains confidential organizations can use SSL and TLS certificates to secure their internal communication channels such as intranets vpns and messaging applications this helps protect sensitive data and maintain confidentiality within the organ organization iot devices can use SSL or TLS certificates to ensure secure communication between devices and servers protecting sensitive data from eeve dropping and tampering digital certificates and certificate authorities are crucial elements in ensuring trust and security on the internet they serve as electronic credentials that validate the identity of entities and facilitate secure Communications for Sam Scoops digital certificates will be instrumental in building trust and ensuring secure online interaction ction with her customers if you've ever subscribed to something like a streaming service a Game Pass ebooks or even webinars or online courses then you've already experienced the convenience of accessing premium content with signed URLs perhaps without even realizing it in this video you'll come to know how signed URLs work to Grant you access to this exclusive content you will also discover their role and advantages across different applications like file sharing and access control and learn about the underlying technologies that power them so let's dive in signed URLs ensure that only authorized users can access certain resources such as files or apis requiring users to have a valid signature before accessing the resource but how does this work to answer the question let's explore the process of generating and validating signed URLs first the resource owner like a streaming service provider creates a key to sign the URLs then the resource owner creates a signed URL by combining a few Essential Elements including the resources URL the secret key and optional parameters like an expiration time or access level the signed URL is then shared with the authorized user then when the user makes a request using the signed URL the server receives the request and validates the signature using the same secret key if the signature is valid and the URL has not expired the server grants access to the requested resource if the signature is invalid or the URL is expired the server denies access but why go through all that trouble well there are several key benefits of using signed URLs including increased security the ability to Grant temporary access having fine grain control of access and reducing the complexity for the end user for instance by requiring a valid signature signed URLs help prevent unauthorized access to protected resources improving the overall security of sensitive data or confidential documents then when it comes to enabling access for a period of time signed URLs can be used to Grant users temporary access to a given resource this feature is especially useful for sharing time sensitive information or granting temporary access to premium content for example if you've only subscribed to an online service for a month sign URLs can ensure that your access expires automatically at the end of the subscription period signs URLs also provide resource owners with fine grained control this means they can control access to specific Resources by generating different signed urls with different access levels or permissions this allows for a highly customizable and flexible access management system finally signs URLs make the process of accessing resources Easier by reducing the need for users to log in or otherwise authenticate themselves to access secured resources you now know about the benefits of using signed URLs and that they can be used to control access to premium content but signed URLs go beyond pay walls and subscription based content in fact they offer a versatile solution for a wide range of applications signed URLs can be used to securely share files with specific users like confidential documents images and videos this is especially important in Industries like healthcare and finance where sensitive data must be securely shared apis can be protected using signed URLs to ensure that only authorized users or applications can access specific endpoints or resources this is crucial for maintaining the security of apis and preventing unauthorized access to sensitive of data signed URLs can also be used to Grant temporary access to resources for third party services such as file conversion or analysis tools this enables secure collaboration with external Partners while maintaining control over sensitive data now what about the technologies that make all of what you've covered so far possible let's begin with the hash based message authentication code or hmac hmac is a widely used algorithm for generating a unique signature based on a secret key and a message which is in this case the URL it provides a way to verify the data's integrity and the sender's authenticity then there's Json web token or JWT for short JWT is a secure and compact way to share information between two parties over the web this information is in a special format called Json and it's safely signed digitally in web development cookies are used to remember things about you like your preferences and whether you've already signed in so a JWT cookie is a special kind of cookie that that carries a JWT this is how it works when you log into a website the server creates a JWT with your information and puts it in a cookie this cookie is sent back and forth between your browser and server letting you stay logged in so you don't need to enter your password again finally public key cryptography or asymmetric cryptography as you've come to know it can be used to generate signed URLs by using a private key to sign the URL and a public key to verify the signature this approach provides an additional layer of security as the private key is not shared with the end user or the server validating the signature having gained insights into the workings benefits use cases and underlying Technologies of signed URLs you should now have a better understanding of this powerful security mechanism and its role in safeguarding sensitive resources whether you need to securely share files control API access manage pay wall or subscription based content or provide temporary access for thirdparty services signed URLs offer a versatile solution that empowers individuals and organizations alike authentication and authorization are two concepts you've come to know they form the Cornerstone of security across multiple online and Computer Services they allow organizations to control and Grant access to data based on an individual's rights and privileges but managing access across multiple platforms can become quite complex especially if many employees are involved so how can organizations efficiently manage authentication and authorization across their Workforce this video will introduce you to C ized authentication and authorization which offers a solution to this challenge Sam Scoops is a lively ice cream parlor filled with a diverse team of individuals each with their own roles and responsibilities among them are cashiers who handle transactions ice cream makers who create delicious treats suppliers Who deliver the ingredients and managers Who oversee all operations each role requires access to specific areas of the shop or specific sets of data to carry out their duties efficiently now let's examine the importance of implementing centralized authentication and authorization systems in more detail the challenge of efficiently managing network access for a variety of users is a struggle for organizations of all sizes centralized authentication and authorization systems are integral to this task across multiple machines servers mobile users and data centers they provide an efficient solution for managing network access such a system consolidates Access Control simplifies Management and enhances control by having a single point of Authentication organiz ations can enforce consistent access policies across various networks and services this reduces the administrative workload associated with managing numerous access protocols and bolsters security by minimizing the potential for Access violations and inconsistencies moreover centralized authentication and authorization systems facilitate single signon or SSO capabilities a feature that significantly improves the user experience with SSO users authenticate themselves just once to gain access to multiple services or applications eliminating the needs to remember multiple passwords or repeatedly prove their identity this is not just for convenience it also improves security by reducing the number of times users must enter their credentials the likelihood of fishing attacks password theft and other security breaches decreases in essence SSO simplifies and secures user access an increasingly critical requirement in today's digital landscape now let's imagine that Sam's business flourishes and she wants to open multiple new ice cream shops with each new shop there are more employees more roles more data and consequently more access controls are required managing all of this for each shop individually would take a Monumental task that's where centralization fulfills an important role Sam can manage all the access controls from a single place by having a centralized authentication and authorization system such a centralized system comes packed with numerous benefits let's examine these in more detail firstly a centralized authentication and authorization system increases efficiency instead of Sam having to travel to each shop and set up the access controls individually she can manage it all from one place it saves time reduces effort and streamlines the process significantly secondly a centralized system ensures consistency it ensures that the same rules and standards of Access Control are applied across all shops this provides uniformity and fair treatment in how access is granted and controlled thirdly a centralized system helps to enhance security it's easier to Monitor and manage the system from one place making it simpler to detect any suspicious activities and act on them quickly security measures can be implemented more efficiently and effectively with all the access controls in one place lastly a centralized system allows for better scalability as Sam's business grows adding new users creating new roles or even adding entirely new shops can be easily managed within the system it can grow and adapt according to the requirements of the business remember implementing robust authentication and authoriz I Iz ation systems isn't just a nice to have in today's digital age it's an absolute must to safeguard data and ensure seamless operations as digital and business environments become more interconnected the role of these systems becomes even more significant investing in a centralized system to manage these processes can revolutionize business operations by ensuring consistency and security it provides a backbone for seamless operations even as the business scales for Sam it means she can focus on perfecting her ice cream recipes and expanding her business knowing that her system will adapt and grow with her adopting a centralized authentication and authorization approach lays the groundwork for an efficient and secure network environment by offering precise control over who can access what resources and when this system ensures that critical data and services are only available to authorized users this minimizes the risk of data breaches a crucial advantage in an era where cyber threats are ever evolving and increasingly sophisticated furthermore by consolidating user data in one place the system allows for easy auditing and monitoring helping organizations spot suspicious activities and respond swiftly a centralized authentication and authorization system is not just about convenience or efficiency it is about protecting an organization's most valuable Assets in the digital age previously you learned that authentication is the process of verifying the identity of a user device or system while authorization is the process of granting access to a resource or system based on the authenticated users permissions in this video you will explore different authentication and authorization methods including passwords Biometrics and multiactor authentication and their use cases you will also gain insight into how passwords are stored using common encryption methods first let's look at multiactor authentication traditionally authentication has been done using passwords think of a website where you enter unique combination of characters to prove your identity however with the rise in cyber threats and hacking attempts pass passwords alone are no longer enough to ensure the security of systems and networks this is where multiactor authentication comes in multiactor authentication is a security process that requires you to provide two or more forms of authentication to verify your identity the most common types of factors are something you know something you have something you are somewhere you are and something you do let's discuss each of these factors in more detail firstly something you know is a factor that refers to information that only you should know such as a password or pin passwords should be complex long and include a combination of upper and lowercase letters numbers and special characters something you know is commonly used in authentication methods and it's essential to choose strong passwords and change them regularly to ensure the security of the system something you have is a physical object that you possess such as a smartphone or a security token for example you might log into a system using your password and then receive a verification code code on your smartphone which you must enter to complete the authentication process this is becoming increasingly popular particularly in the age of mobile devices and it is often used as a second factor of authentication with a password the third Factor something you are is a physical characteristic unique to you alone such as your fingerprint or facial recognition for example some laptops use fingerprint readers to log into the system and some smartphones use facial recognition to unlock the device this is known as biometric Authentication and it provides a high level of security because it is difficult to replicate or steal someone's physical characteristics this is becoming more common as technology advances the next Factor somewhere you are refers to your location which can be determined by GPS or other location tracking Technologies this requires you to provide something you have such as a smartphone and your current location for example you might log into a system using your password and then receive a notification on your smartphone asking you to confirm that you are in a specific location this is commonly used in two Factor authentication finally something you do refers to your behavior or actions this can include things like the speed and pattern of your typing your mouse movements or the way you interact with the system however due to its complexity and potential for false positives this is less commonly used in authentication now that you have covered the various multiactor authentication methods let's revisit passwords and how they are stored password hashing takes your password or any other piece of data and uses an encryption algorithm to turn it into a short string of letters and numbers if a website is hacked cyber criminals don't get access to your password instead they just get access to the encrypted hash created by your password when you create an account or change your password you provide a password as input the system processes the password using a hash function such as Sha 256 the function takes the password and converts it into a fixed length hash which consists of a series of seemingly random characters a random value called ass Sal is generated and combined with the password before hashing this ensures that even if two users have the same password their hashes will differ the salt is stored alongside the hash in the database so that it can be used during the password verification process the original password is not saved reducing the risk of unauthorized access to your account when you attempt to log in the system retrieves the stored hash and salt from the database combines the input password with the salt and applies the same hash function if the resulting hash matches the store hash the password is considered correct and you granted access in this video you learned how authentication and authorization play crucial roles in safeguarding sensitive data and resources traditional password-based authentication has its limitations and the increasing prevalence of cyber threats calls for more robust methods such as multiactor authentication and biometric authentication to enhance security you learned about the elements of multiactor authentication something you know something you have something you are somewhere you are and something you do to create a more secure authentication process finally you gained insight into how securely storing passwords using hashing and salting techniques further strengthens the security of your accounts by minimizing the risk of unauthorized access well done and congratulations on making it through another week you've been working hard and now understand encryption and the techniques used to protect data private key encryption and how they are formed used and stored the fundamentals of digital signing and signature and centralized authentication and authorization this week's content is probably fresh in your memory but it's always a good idea to revisit the most important points so let's look back on the week to make sure you are prepared for the quiz you started your learning on cryptography by working through the fundamentals of encryption learning about how it evolved from simple techniques like the Caesar Cipher to the advanced algorithms used today you learned how symmetric encryption uses a shared secret key to encrypt and decrypt data while asymmetric encryption uses is a pair of public and private Keys Next you explored some common encryption tools including pgp which offers intuitive interfaces that enable secure communication full dis encryption tools like bit locker and file vault vpns which create secure and private network connection over the internet and you learn that endtoend encrypted messaging secures messages between sender and recipient by making a challenging for cyber attackers to intercept and read the messages you follow this by taking a deeper dive into private and public Keys discovering that private keys are generated by creating a sequence of bits or ones and zeros which serve as the key itself you also zoned in on the advanced encryption standard or AES and learned how AES supports key sizes of 128 192 and 256 bits you are also introduced to Blowfish a symmetric key encryption that uses variable length Keys ranging between 32 and 448 bits offering more flexibility than AES you learn that public keying encryption also known as asymmetric key encryption uses a pair of keys one public and one private to encrypt and decrypt data RSA is an example of public key encryption it's based on a mathematical property of prime numbers generating two large prime numbers and calculating their product the resulting number is used as the modulus for the encryption and decryption process you also discovered that the Diffy halman key exchange process involves key generation key exchange shared secret generation and encryption and decryption you then gain technical knowledge of how hashing algorithms operate learning that hashing is a process that takes input and turns it into a fixed size string of bytes this output is called a hash and is unique for each input so even a slight change in the input results in a completely different hash this makes it challenging for malicious actors to reverse engineer the original input from the hash making it a crucial technique in data security you also got to know a few commonly used hashing techniques and algorithms including sha md5 and Blake 2 thereafter you learn that digital signing and digital signatures used cryptographic techniques like RSA and ecdsa to ensure the authenticity integrity and non-repudiation of electronic documents you followed this learning by gaining insight into digital certificates which are in electronic credentials that validate the identity of entities to ensure secure communication these certificates are issued by trusted organizations known as certificate authorities or Casa that guarantee that the certificate holder is who they claim to be you also learned that secure socket layer and transport lay security certificates or SSL and TLS for short are the two most common types of digital certificates used and now understand the differences between them you then moved on to learn that signed URLs ensure that only authorized users can access certain resources and that they offer a versatile solution for a wide range of applications including secure file sharing API Access Control pay walls and subscription based content and temporary access for third party Services through this examination you uncovered that signed URLs offer several benefits including increased security granular control over access and reduced complexity in the final part of the week you delved deeper into the vital aspects of centralized authentication and authorization you walked through the multifactor authentication process which is a security process that requires you to provide two or more forms of authentication to very ver ify your identity then you turned your attention to password hashing and learn that it takes your password or any other piece of data and uses an encryption algorithm to turn it into a short string of letters and numbers remember securely storing passwords using hashing and salting techniques strengthens the security of your accounts and minimizes the risk of unauthorized access to reinforce your learning you participated in in video questions knowledge checks and an exercise on initial protective measures you've learned a lot about cryptography and as you approach the module quiz is consider going through some of the key learning material again to reinforce your understanding looking ahead you will expand your knowledge of security controls and applications by diving into Network and device-based threats where you will learn all about safeguarding systems and data from potential vulnerabilities best of luck you're probably familiar with the sensation of worry that follows accidentally sending a confidential email to the incorrect person Sam Scoops recently had a similar experience a confidential email with brand new exciting ice cream recipes was provided to the production team by the team in charge of creating flavors but when it was revealed that the recipes had been leaked on an online form Panic said in worried about the situation Sam employs a cyber security company to investigate the matter unfortunately the cyber security company finds that Sam Scoops has suffered a Cyber attack with a method known as man- in the middle or mitm the hackers accessed their networks intercepted emails and stole information without anyone noticing unfortunately attacks like this are now commonplace enabling cyber criminals to maliciously steal confidential information quietly this video will delve further into data transmission threats and emphasize the importance of data protection data transmission has become a part of everyday life whether it's sending group chat messages on your cell phone to friends or sending work emails containing attachments both are equally private and can contain data that increases your risk of suffering a Cyber attack let's start by discovering exactly what is meant by the term transmission threat in a network data is always passing from one device to another while the data is traveling cyber criminals can use various techniques to listen and capture this data these techniques are called transmission threats you've already heard about some of these techniques including eavesdropping sniffing and mitm but how do these attacks occur let's find out an mitm attack as you may recall involves an attacker intercepting Communications between two parties such as a client and server in this technique in a attacker reads inserts and modifies your messages without either party knowing that the link between them has been compromised for an mitm attack to work the attacker must be able to intercept and relay messages between you and the other party but how is this accomplished one possible way is by the attacker firstly compromising the connection this includes connections like public Wi-Fi or ethernet networks or the attacker accessing something physical like a switch or router then the attacker pretends to be an access point for the Wi-Fi or router or an ethernet switch this establishes the connection making you believe that you are communicating with the other party directly however you are actually only communicating with the attacker the attacker is now in control of the entire conversation and can choose to only forward selective messages between both parties they can also maintain their anonymity modify messages or even inject new messages to perform mitm attacks on encrypted Communications the attacker needs to have a way to decrypt the traffic either through pre pre-shared keys or by tricking you into switching to weak encryption algorithms that the attacker can crack mitm attacks can be avoided by employing strong encryption techniques and digital certificates to sign conversations furthermore if you need to access critical Services you should avoid connecting to public untrusted networks another technique attackers use is something called SSL stripping this technique downgrades a secure https connection to the less secure HTTP connection this method effectively bypasses the encryption provided by SSL and TLS thus allowing the attacker to intercept and read your sensitive data that has been transmitted let's explore how cyber criminals accomplish this the victim attempts to connect to a secure website using https the attacker positioned between the victim and the server intercepts the request and establishes a https connection with the targeted website on the victim's behalf the attacker then sends the requested content to the victim over an unencrypted HTTP connection while maintaining the https connection with the targeted website the victim unaware of the downgrade to http send sensitive information to the attacker in plain text the attacker can now read modify or steal the data before forwarding it to the intended recipient over the original https connection a replay attack is another approach used by attackers a replay attack involves an attacker maliciously capturing and retransmitting data even when the data is encrypted retransmitting the encrypted packets can enable an attacker to carry out an mitm attack or authenticate themselves as a valid user when the attacker captures an encrypted message they can retransmit it and the receiver noticing valid Cipher text decrypts it for instance consider a scenario where you use a secure network to send a message to your bank authorizing a $100 transfer an attacker can capture and replay this transmission multiple times resulting in multiple unauthorized transactions the easiest way to prevent replay attacks is to use one-time passwords or otps in conclusion the advancement of technology in recent years has led you to perform more and more sensitive operations on your devices as a result data transmission threats have become increasingly popular for cyber criminals as a budding cyber security specialist you should constantly be aware and up to speed on the current trends and preventative measures available to you this video took you through an exploration of data transmission threats examined the various types and explor how cyber criminals perform them around the World Imagine a scenario where you're working freelance and traveling to various locations for work due to being a freelancer you often send emails and touch base with colleagues and Friends while connected to public Wi-Fi services in hotels or coffee shops is this scenario familiar to you as you previously learned these networks often pose security risks for man-in-the-middle or E dropping attacks whether you are checking your online banking or examining a spreadsheet for work your online activity should always have have a high level of privacy and security so what is the solution in this video you will take a deeper dive into the technical details of virtual private networks or vpns discovering how they work so far you've learned that a VPN helps protect your data from potential hackers ensuring that sensitive reports and emails remain confidential but how do vpns work well a VPN starts by creating a secure encrypted connection between your device and a remote server operated by the VPN service this secure connection is often referred to as a VPN tunnel all internet traffic that passes through this tunnel is encrypted and therefore secure from interception so when you activate your VPN using VPN software your device connects to the VPN server This Server could be located anywhere in the world secure protocols such as openvpn l2tp or ipse SSP and lastly ik V2 are used to create the connection your VPN provider chooses a protocol based on your specific needs including your device compatibility speed and level of security then once your connection is established the VPN encrypts your data as you know encryption is the process of converting data into a code to prevent unauthorized access vpns of strong encryption protocols like AES 256 to encrypt the data before it leaves your device making your data unreadable to anyone who might want to intercept it after encryption the data is transmitted through the VPN tunnel to the VPN server so even if a hacker intercepts your data since it's encrypted they won't be able to decrypt it due to the encryption hence the Brilliance of vpns The Next Step sees the data reach the VPN server where it's decrypted back into its original readable format the VPN server then transfers your data to its Target location for example a website if required the VPN server will receive data back from this website encrypt it again and send it back to you in addition to ensuring secure data transmission vpns also make it appear that the data is coming from the location of the VPN server and not from your device or location this not only keeps your data secure but also helps protect your online identity and allows you to bypass Geographic restrictions on content although it seems like a lengthy process each step is completed quickly so browsing safely requires no additional effort so now that you know how vpns work let's explore some common VPN types that are available the most common type of VPN is a Remote Access VPN this enables you to create secure connections with a remote computer network making it appear as if they're directly connected to that Network on the other hand a sight tosite VPN connects entire networks such as a branch office Network to a company headquarters Network however when several offices of the same company are interconnected using a sight to- sight VPN it forms an internet-based VPN providing a seamless internal Network for the company lastly an externet based VPN connects companies with external entities like suppliers customers or Partners offering them limited access to the company's internet You Now understand how VPN works and the different types available but what about methods what method does your device use to connect to the VPN server these methods are known as the VPN protocol let's explore them now first is openvpn protocol which is highly secure and versatile it's compatible with various encryption algorithms and is widely regarded as the industry standard next is the l2tp or IPC which is actually two protocols used together l2tp or layer to Tunnel protocol creates the tunnel and IP secc or Internet Protocol security handles the encryption l2tp is considered secure but slower than openvpn due to its double encapsulation you also have a point-to-point tunneling protocol or pptp which is one of the oldest protocols while it's fast and easy to set up it's not a secure option as hackers can manipulate it quite easily lastly internet key exchange version 2 or ikev2 is a fast and secure protocol that is excellent at reestablishing your connection if it gets interrupted as you might have noticed you have a lot of options here so how do you choose the right VPN for you try considering the following factors before making your own choice for a VPN firstly consider the security protocols that the VPN software supports next find out if they keep a log of your browsing data explore how many server locations they offer you should also make yourself aware of what bandwidth comes with the software is the VPN software compatible with your device's operating system and lastly before buying a VPN subscription find out how many devices you can connect to a single account well done as you now know vpns have a lot to offer in terms of protecting and securing your data but it's vital to remember that not all vpns are made equal making sure you select the one that best meets your needs is vital to protecting your data this video took you through an exploration of vpns and examined how they work behind the scenes to keep your data safe and secure you learned about the different types of vpns and protocols used today exploring their use cases and advantages what's more you've learned how to select a VPN that meets your own specific needs you've studied many aspects of the threat landscape and explored the various threats that businesses and individuals including yourself face daily however there's another threat lurking in today's threat landscape and that's advanced persistent threats or a imagine you've been running a successful business for several years and continually face cybercity threats from hacking groups taking your digital defenses to the next level you decide to enlist help from cyber Security Experts to fortify your cyber security but using a formidable and sustained Cyber attack a hacker group exploits a previously unknown vulnerability in your system leading to your business suffering a data breach an AP occurs when a hacker group targets a business over an extended period of time employing a variety of techniques to breach the defense system of an organization this video discusses APS and explores the various stages of these attacks let's start by refreshing your memory on what a threat landscape is a threat landscape is an organization's overall cyber security environment but where do AP attacks fit in AP attacks are not your typical Cyber attack which targets a large number of random devices instead APS are sophisticated threats specifically designed to exploit vulnerabilities in Target devices it's vital to have an understanding of the stages of AP attacks so that you can identify and mitigate against them typically AP attacks take place in the following way they start with an initial reconnaissance a technical term that describes the process of gathering as much information as possible about the target to identify any potential vulnerabilities next is weaponization in this phase an attacker creates malware designed to exploit the identified vulnerabilities often using encryption and other techniques to avoid detection then the attacker delivers the malware to the Target device often through spear fishing emails or exploiting network vulnerabilities once inside the network the malware exploits the vulnerabilities and installs itself within the system next is command and control or CNC this is where the malware establishes a CNC channel to communicate with the attackers allowing them to control the infected system remotely then it's lateral movement where the attackers explore the network identifying valuable data and spreading the malware to other systems within the network data exfiltration comes next this is where the attackers begin to extract the identified valuable data sending it back to their servers the attackers even establish methods to maintain their presence within the network even if the initial malware is detected and removed and last up is clean up and exit after achieving their objectives the attackers clean up their tracks and exit the system often leaving no trace of their presence as you now know APS are among the most sophisticated assaults now taking place in the digital world let's explore some of the characteristics that APS have in common first is objectivity apts are not random attacks they target a specific entity and are meticulously planned for maximum effect next is persistency APS are long-term attacks with hacker is working to remain within the network undetected for extended periods their goal is to stay hidden while extrating as much valuable information as possible they are sophisticated in fact APS are characterized by their Advanced Techniques and tactics they often exploit zero day vulnerabilities and use complex malware to infiltrate the target system lastly evasion apts are designed to evade detection they use Advanced evasion techniques that bypass traditional security measures and hide their presence you might now believe that preventing APS is an impossible task and yes given their sophisticated and prolonged nature prevention can be challenging however adopting certain strategies can significantly reinforce your defenses against them for example regular patching is essential as timely updating and patching of systems can deter attackers from exploiting known vulnerabilities it's also equally important to invest in education many AP attacks commence with a seemingly innocent fishing email educating yourself on how to spot to sep of emails is a proactive step toward prevention another effective strategy is Network segmentation which can obstruct attacker's ability to easily navigate through your network you can also Implement intrusion detection systems or IDs to identify any suspicious activity within the network potentially detecting an AP attack in its early stages and lastly regular auditing and monitoring of your network serve as a crucial line of defense helping to identify any unusual activity that may suggest an ongoing AP attack by exploring advanced persistent threats this video has provided you with Essential Knowledge into the modern mod and sophisticated ways that hackers are threatening the digital world today you now understand ap's distinctive characteristics and understand its various stages of attack Remember by taking the prevention steps covered you can greatly protect your organization against these sophisticated and enduring cyber threats as you continue to go through Network and device-based threats remember the crucial role that knowledge Improvement and due diligence play in safeguarding your devices imagine a large organization's network security team notices an unusual slowdown in their Network performance upon investigation they find the firewalls overload with redundant and outdated rules furthermore the lack of rule prioritization is creating latency the team realizes they must adopt a thorough firewall optimization strategy that includes rule management strategic rule prioritization regular Audits and continuous monitoring and logging for better and efficient traffic Management in this video you will learn about each of these steps and the role that they play in implementing an effective firewall optimization strategy firewalls require ongoing management and optimization to function effectively unoptimized firewalls can reduce security and network performance let's discuss some of the optimization strategies that you can follow in your organization the first one you'll explore is Rule management and why it's important to remove redundancies and outdated rules a firewall operates by executing a set of rules that Define the kind of traffic to be allowed or blocked over time these rules can accumulate leading to redundancies conflicts or even outdated rules that no longer serve a purpose for example if the firewall rule set contains multiple rules for the same traffic type it could lead to unnecessary processing and potential security vulnerabilities also if a rule corresponds to an obsolete service it can become a Gateway for threats therefore it's critical to regularly review and remove these redundant and outdated rules to improve the efficiency and security of the firewall now let's examine the importance of rule prioritization the sequence in which firewall rules are processed plays a significant role in network performance and Security in general firewalls process rules from top to bottom and execute the first matching rule they encounter this functionality makes the placement of rules crucial by strategically placing high priority and frequently used rules at the top you can significantly enhance security and reduce latency this prioritization ensures that critical security policies are always enforced first and that most traffic gets processed quickly leading to improved network speed next let's discover why conducting regular firewall audits is another important optimization strategy just as regular Health checkups are essential for our well-being regular audits are crucial for the health and efficiency of firewalls an audit involves a comprehensive examination of the firewalls configuration the validity of its rules the necessity of open ports and its alignment with the organization security policy and effective audit can identify configuration errors obsolete rules and potential security risks enhancing the performance and reliability of the firewall also audits ensure that the firewall remains compliant with evolving regulatory requirements and can help in avoiding potential legal issues but how can you anticipate potential threats monitoring and logging is an effective early warning system that provides you with the tools you need to accomplish this task keeping a watchful eye on firewall activities can provide provide valuable insights for threat detection and instant response by monitoring firewall logs you can spot suspicious patterns like multiple failed login attempts or traffic from known malicious IP addresses each of these suspicious patterns can indicate a potential Cyber attack finally let's see how automating firewall optimization can have a positive impact on your organization as networks become more complex managing and optimizing firewalls manually can become a daunting task for fortunately numerous tools and solutions can automate many aspects of firewall optimization from identifying redundant rules to monitoring Network traffic in real time these tools can simplify firewall management automating rule prioritization ensures that the rule order always reflects the current Network conditions and security requirements as a result the firewall remains optimally configured even as the network environment evolves in this video you learned that firewall optimization is not a one-time task but an ongoing process it involves maintaining a clean and updated rule set prioritizing rules strategically conducting regular Audits and actively monitoring and logging activities automation can make this process more efficient freeing up valuable time and resources by investing in firewall optimization organizations can ensure that their firewalls remain secure robust and reliable providing the best possible protection against the ever evolving landscape of cyber threats remember a well optimized firewall is the foundation of a resilient cyber secur strategy imagine you have friends over who need to connect to the internet you are cautious as you don't want to expose your home network and all your devices to potential risks what if one of their devices contains malware that might threaten your devices what's the solution fortunately you recall that your Wi-Fi router has a guest Network option that enables you to establish a distinct Network for your visitors you set up this guest Network and give them the access credentials despite using the same router their devices are kept separate from your primary Network this is an example of network segmentation and in this video you are going to go into more detail about what it is and how it can benefit you network segmentation is an architectural approach of dividing a computer network into smaller manageable units or segments the primary purpose of this process is to enhance security and improve Network performance it also enables Network administrators to manage devices and to monitor them more efficiently at an individual or household level Networks segmentation might seem like Overkill but in certain scenarios it can provide tangible benefits earlier you learned how to enhances the security of devices connected to the primary network of a household by separating them from visitors or guests by creating a guest Network now let's look at Network segmentation at an organizational level in an organizational setting Network segmentation is a critical part of network design and security strategy businesses often manage large networks with many interconnected devices by segmenting these networks they can protect sensitive data and systems from potential threats improve Network performance and comply with certain regulatory requirements an organization might create separate Network segments for different departments for example the finance department's Network segment might be isolated from the marketing Department's Network to prevent potential cross-contamination of data or security threats furthermore Network segmentation enables organizations to implement more granular access controls by controlling who can access each segment organizations can limit the potential impact of a security breach next let's examine how Network segmentation can be achieved either physically or logically physical segmentation involves using different physical devices to create distinct Network segments for example an organization might use different switches or routers for different network segments logical segmentation on the other hand involves creating separate Networks networ that share the same physical infrastructure this is often achieved using Technologies like VLS or virtual local area networks or subnetting despite sharing the same physical devices each logical Network operates as a separate entity with its own rules and policies an example of logical Network segmentation is the guest Wi-Fi network scenario earlier in this video Network segmentation has both advantages and challenges let's first explore the advantages firstly improve Network performance performance it reduces Network traffic by confining network broadcasts within their respective segments this reduction can lead to better Network performance and faster transmission speeds secondly enhanced security by dividing the network into separate segments the risk of unauthorized access to critical resources is minimized if a security breach occurs in one segment it can be isolated to prevent the spread to other areas another Advantage is Regulatory Compliance for businesses such as Financial or Healthcare institutions that deal with sensitive Data Network segmentation can be a key strategy to comply with privacy regulations you will learn more about privacy regulations such as gdpr HIPAA and PCI DSS and their roles later and finally resource optimization is another Advantage Network segmentation allows for more precise control of network traffic which can lead to better use of bandwidth and other network resources now let's examine some challenges faced in implementing Networks segmentation firstly complexity implementing Network segmentation can be complex especially for large networks it requires careful planning and a deep understanding of Network Technologies and principles another challenge is maintenance segmented networks can be more challenging to maintain and monitor each segment might require its own set of rules and policies adding to the administrative overhead and finally cost depending on how segmentation is implemented it may require additional Hardware or Advanced networking devices leading to increased costs in summary Network segmentation despite some challenges is a valuable strategy for improving network security and performance whether you're an individual looking to secure your home network or an organization aiming to protect your sensitive Data Network segmentation can provide significant benefits in this video you learned the fundamentals of network segmentation the differences between physical and logical segmentation and its advantages and challenges you've also been introduced to some real world examples of how it can be used by individuals and organizations imagine you're an employee of Sam scoops and hackers are trying to steal your important financial information one day a group of hackers attempt to break into your computer but luckily you were prepared you've already installed an intrusion detection and prevention system or idps to keep your system safe as soon as the hackers started their attack the idps detected their suspicious activities right away and alert you and your security team immediately letting you act and stop the hackers in this video you will learn about idps and how it can help your business stay safe and secure from cyber attacks first let's explore what exactly an idps is an idps is a software or Hardware based security solution that monitors Network traffic and system activities to identify potential security breaches its primary goal is to detect and respond to intrusions whether they are attempted attacks malware infections or authorized access or any other malicious activities that may compromise the Integrity confidentiality or availability of a network system when it detects something unusual or suspicious happening within the network it immediately raises an alarm and sends alerts to designated individuals or security Personnel these alerts provide crucial information about the nature of the intrusion enabling Swift response and mitigation measures to minimize potential damage and protect the organization's assets there are a few types of idps and their effectiveness lies in their detection techniques let's examine the different types of detection signature-based detection Compares incoming data against a database of known attack signatures anomaly based detection establishes a baseline of normal behavior and raises alerts when deviations occur finally behavioral analysis monitors users and system Behavior detecting suspicious activities that may indicate an intrusion attempt next let's explore the components of an ID GPS firstly sensors these are responsible for capturing and analyzing Network traffic system logs and other relevant data they can be placed strategically throughout the network infrastructure to gather information from various points next are analyzers which examine the data collected by sensors they search for patterns anomalies and known attack signatures analyzers utilize sophisticated algorithms and techniques to accurately identify potential threats the idps maintains a database of known tax signatures and patterns which is continuously updated to stay informed about emerging threats this enables the system to compare incoming data against a vast library of known attacks finally the user interface enables administrators to manage and configure the idps from a central control panel it enables them to view alerts generate reports and customize the system according to the organization specific security requirements you've gained insight into the components of an idps but what are the benefits firstly let's examine early threat detection idps Solutions are designed to detect potential intrusions in real time or near real time allowing organizations to respond swiftly and mitigate the impact of attacks secondly increased incident response efficiency an idps reduces the manual effort required for instant response by automating the detection and response processes it provides security teams with valuable insights and actionable information to investigate and remediate security incidents effectively next is enhanced Network visibility an idps provides organizations with a deeper understanding of their Network infrastructure it helps identify vulnerabilities monitor user activities and detect abnormal behavior patterns contributing to overall Network visibility and security and finally Regulatory Compliance specific regulations and compliance requirements regarding network security exist in many Industries and jurisdictions deploying an idps s can assist organizations in meeting these obligations and avoiding penalties or legal consequences even though there are many benefits to deploying an idps there are also some potential challenges that you should be aware of firstly false positives and negatives idps systems May generate false alerts flagging legitimate activities as threats known as false positives or fail to detect actual intrusions known as false negatives keeping the right balance between accuracy and minimizing false alerts is a challenge next is evolving threats cyber threats constantly evolve with attackers using new techniques to breach networks idps Solutions must continuously update their attack signature databases and stay current with emerging threats to provide effective protection and finally scalability the scalability of an idps becomes crucial as organizations grow and their networks expand in conclusion this video took you through the fundamentals of an idps you learned what an idps is and its role in network security you examin how an idps works and the different types of detection such as signature-based anomaly based and behavioral analysis you also analyze the benefits and challenges of idps detection techniques understanding an idps is vital as you begin your career in the cyber security field and knowledge of these components detection techniques and best practices will provide you with the skills necessary to help protect networks against evolving threats have you ever worked on your computer and received a pop-up message saying a software update is available but as you are busy you just click cancel instead of install or update thinking you'll do it later only to never get around to it sound familiar now imagine if this happened across your organization with everyone neglecting software updates this could lead to Serious consequences with cyber criminals exploiting the very vulnerabilities these updates were intended to fix putting your organization's data and systems at risk this video will demonstrate the importance of application updates and why it's crucial for all individuals within an organization to prioritize them let's start with understanding what application updates are and why they are important well to put it simply developers are constantly working on improvements for their software whether it be an app or something more intricate like an operating system they release these updates regularly to provide new features enhanced performance and more importantly security updates these new versions are known as application updates and play an essential role in maintaining the software's functionality and security the operating system is the backbone of your computer managing all program and Hardware Communications with numerous Hardware vendors releasing new devices regularly the operating system and other applications must update themselves to ensure compatibility what's more as it's a core component of your computer if any vulnerabilities are found in the operating system it can have severe consequences for you and your organization as a result major operating systems receive regular security updates to address newly discovered bugs and vulnerabilities besides security and Bug fixes application updates are also required to ensure Regulatory Compliance with industry standards and legal requirements helping you avoid penalties and legal issues but what types of application updates can take place these application updates can be categorized into three types firstly feature updates bring exciting enhancements additional functionalities and improved user experiences they introduce Innovative tools ref designs and expanded capabilities to make your applications more powerful and userfriendly next are security patches which are critical updates that address known vulnerabilities protecting your software from exploits malware attacks and unauthorized access ensuring a secure digital environment and lastly bug fixes aim to resolve software glitches performance issues and user reported errors ensuring a seamless user experience and Optimal Performance these updates can be delivered automatically manually or even over the air for instance many applications have automatic update functionality where the software automatically checks for updates and installs them in the background this approach ensures that you stay protected and up todate without having to manually initiate the process sometimes it comes as an optional feature that users can enable or disable anytime or you can update an app manually by downloading updates from the software provider's website or application store users need to manually download and install these upat dates to benefit from the latest features security patches and Bug fixes similarly overthe a or OTA updates allow you to download and install updates on your phone without requiring a computer this method simplifies the update process making it more convenient while application updates are crucial they come with their own set of challenges ranging from compatibility issues and resource constraints to user resistance and issues with patch management for example new updates may not always be compatible with existing Hardware or other software leading to operational issues after updating in such cases before updating applications or operating systems organizations must update their Hardware too which incurs additional cost and hassle you might also encounter resource constraints when updating multiple applications across your organization since they can be resource intensive in terms of Time Manpower and system resources organizations need to allocate sufficient resources to manage updates effectively and ensure minimal disruption operations you may also face some user resistance if certain users or organizations fail to prioritize updates considering them as low importance this can leave systems exposed to security vulnerabilities and performance limitations raising awareness about the significance of updates and their benefits is vital in addressing this Challenge and lastly patch management can ensure a timely deployment of updates across all systems and applications it can be challenging to coordinate and track updates across a large number of devices devices especially in complex it environments in conclusion software updates have become a vital part of maintaining the security and functionality of your devices by keeping your software up to date you can help to stay one step ahead of hackers and the threat they pose in this video you learn the importance of application updates and discover the numerous security enhancements bug fixes and performance improvements they offer you also explored several challenges organizations face in managing these updates bring your own device or BYOD culture has been growing in recent years due to its benefits for organizations and individuals such as increased productivity and flexibility BYOD policies however oppose additional risks to organizations at Sam Scoops many employees use their personal devices for work rated tasks like checking emails and accessing Company files imagine however that an employee lost their phone at a nearby store what would be the consequences how would company data be handled in the event of a lost or stolen device can Sams erase the sensitive company data remotely are there strong security measures in place for example strong passwords or biometric authentication this video will bring you through BYOD and explain why a BYOD policy is necessary within organizations the associated risks of BYOD and strategies for managing application updates and enforcing security policies to begin let's start with discovering what exactly BYOD is BYOD policies have become increasingly popular in organizations they allow employees to use their personal devices for work rated tasks this practice offers advantages such as flexibility convenience and a sense of familiarity as employees can work on devices they are already comfortable with by embracing BYOD organizations Empower their employees to work and be productive from any location and at any time leading to an improved work life balance it can lead to a reduction in Hardware cost C for an organization however despite these benefits the BYOD movement carries certain risks ranging from security data and compliance concerns to compatibility issues for instance the use of personal devices exposes organizations to security vulnerabilities data may also be compromised if a device is lost or stolen malware infections could spread to the organization's Network and unauthorized individuals could access sensitive data since personal devices may not have the same level of security as own devices they can be more susceptible to breaches or an increased risk of data leakage when employees use store or Transfer Company data on personal devices which could be caused by unauthorized access open Wi-Fi networks or inadequate data encryption concerns about compliance also exist since organizations must comply with data security and privacy regulations since BYOD involves managing data on personal devices compliance can be harder to achieve different application versions or configurations may also be necessary depending on the device and operating system being used leading to compatibility issues with company data incompatible applications May corrupt data too a lack of consistency in application updates across devices may also compromise performance and reduce security but how would a BYOD policy be implemented let's explore the key steps firstly determine how it can enhance productivity flexibility and cost efficiency set the scope of the BYOD policy specifying allowed devices and work rated activities next conduct a comprehensive risk assessment to identify potential vulnerabilities and risks associated with Bood now create a concise Bood policy with guidelines expectations and consequences next establish device management systems you should then provide comprehensive training to educate employees about the wiod policy security best practices and their responsibilities next Implement strong security measures like enforcing strong passwords and multiactor authentication then before launch take a small group of employees to test evaluate and adjust the BYOD policy as required BYOD activities should be monitored and audited regularly to ensure compliance with the policy lastly all employees should receive ongoing training and updates as you discovered earlier software updates have become a vital part of maintaining the security and functionality of devices but how do organ ganizations with the BYOD policy handle application updates there are a few methods available to them first a mobile device management or MDM solution enables organizations to remotely manage and secure employee devices they allow for centralized application updates security configurations and data wipe capabilities if a device is lost or stolen next is training organizations educate employees about the importance of keeping their devices and applications up to date regular updates include security p bches that address vulnerabilities and ensure a higher level of protection last is deploying app white listing and black listing these techniques help organizations control the applications that can be installed on employee devices whitelisting allows only approved applications to be installed reducing the risk of malicious software blacklisting prohibits certain applications known to pose security risks or compliance issues this video delved into the world of BYOD for organizations you gained an understanding of what BYOD is and why a BYOD policy is necessary you also explored the potential risks associated with BYOD policies and discovered the impact of these policies on application updates You Now understand the vital role of employee training and awareness in maintaining application security by arming yourself with this knowledge you are now equipped to navigate the risks associated with BYOD and ensure a secure and productive environment for your organization well done and congratulations on making it through another week you you've been working really hard and now have an understanding of threats related to data transmission and the techniques used to prevent them two new types of threats called AP and iot threats security controls including firewall configuration and intrusion detection securing endpoints the devices and computers used by the individual persons and why it is very important and the advantages of using application software updates to keep your apps and operating systems up to date this week's content is probably fresh in your mind but it never hurts to go over the most important points again so let's step back through the week to make sure you are prepared for the module quiz you started your Learning Journey by completing an overview of data transmission threats exploring how a man-in-the middle attack takes place before taking a deep dive into SSL stripping and replay attacks you then read through the tools that are used for intercepting data transmissions for legitimate and malicious purposes these included amongst others wire shark cane and able e cap and TCP dump next you examined virtual private networks or vpns and discovered how they are used to protect data transmitted over public networks you also explored the different types of VPN protocols and the benefits and limitations of each you followed this by learning about advanced persistent threats or APS and the various stages that occur during an AP attack you then examine some notable AP attacks that have occurred in the recent past you also gained insight into the concept of iot threats and how they are used to gain unauthorized access access to your devices to perform malicious activities like DDOS attacks or be a part of a butn net Network and also explore the various tools and Technologies for protecting yourself against them building upon your introduction to data transmission threats you then gained a deeper understanding of firewalls learning how a correctly optimized firewall can enhance security and network performance by filtering malicious traffic you also discover the importance of rule prioritization and the ongoing auditing and monitoring of your firewall you then read through a step-by-step guide on configuring your firewall within Windows and Mac OS it's important to remember that firewall configuration is an ongoing process and is a must for ensuring strong network security following that you studi network segmentation and observed that Network segmentation is an important aspect of network architecture for organizations with large networks to maintain through Network segmentation organizations can protect systems and sensitive data from potential threats you then moved on to learn that in cusion detection and prevention system or idps is a software or Hardware based security that monitors Network traffic and system activities to identify potential security breaches and use this to create an emergency response system you explored the various components of idps including sensors analyzers database and user interface and discovered that idps offers benefits including early threat detection and network visibility you then had an opportunity to complete your very own exercise where you examined a network infrastructure and identified areas where Network segmentation could improve security you also created a plan detailing how to implement Network segmentation to address the identified use cases you followed this by observing an Exemplar of how this exercise should be completed learning how a network segmentation plan offers substantial benefits in terms of improved security and potential performance enhancements the final part of the week demonstrated the importance of completing software and application updates you explored the VAR types of updates including feature updates security patches and Bug fixes and discovered the methods for delivery like automatic or manual updating at this stage you understood that software updates had become a vital part of maintaining the security and functionality of your devices lastly you walked through bring your own device or BYOD risks you gained a solid understanding of what BYOD is and why it's necessary within organizations you learned about the risks associated with BYOD policies and the impacts they they can have on application updates you also explored several strategies for managing application updates in BYOD environments including mobile device management employee education and app whitelisting to reinforce your learning this week you also participated in several inv video questions and knowledge checks you've learned a huge amount about Network and device-based threats and as you approach the module quiz consider going through some of the key learning material again to reinforce your understanding looking ahead you will begin to expand your knowledge of network security by diving into security compliance and identity where you will learn all about managing identities and ensuring compliance with regulations you will also explore several defense models to support your network security best of luck for most people wearing a seat belt is a proactive approach to road safety and while seat belts can't stop an accident from happening they can significantly reduce the risk of harm similarly security compliance measures are put in place to protect data it doesn't eliminate all cyber security risks but dramatically mitigates the chances of data breaches and their consequences in this video you'll explore the importance of security compliance and gain insight into the different laws and regulations that drive it to set the foundation let's first understand what security compliance is security compliance refers to the process of adhering to a set of specific laws regulations and guidelines designed to protect data and information systems it's a comprehensive approach that encompasses safeguarding data controlling who has access to it and managing how it's shared and stored it's a way of ensuring that data isn't just stored but stored responsibly and securely but why is security compliance so important data is like Precious Cargo it holds sensitive information and is a valuable asset that organizations must protect failing to comply with established security standards can lead to Hefty fines potential legal action and a significant loss of reputation and customer trust security compliance is not just about following rules and implementing them it's about safeguarding the future of a business there are numerous laws and regulations that govern data security and privacy worldwide in Europe the general data protection regulation or gdpr sets rules for how businesses handle European citizens data similarly in the US laws such as the health insurance portability and accountability act or Hippa are in place to protect the privacy of your medical information violations of these regulations often carry significant fines for instance under gdpr companies can be fined up to 4% of their annual Global revenue or 20 million EUR whichever is higher for serious violations violations of HIPPA can also result in substantial penalties with a maximum fine of 1.5 million usar per year for violations of an identical provision the specific amount of the fine usually depends on the nature of the violation the severity of the data breach whether the company has a history of previous violations and whether the company took adequate steps to prevent and address the breach there are many other regulations around the world gdpr and Hippa serve as examples of the importance of understanding and following data security and privacy laws that apply to you and your organization along with laws and regulations industry standards and best practices are designed to ensure data security for example the payment card industry data security standard or PCI DSS mandates that businesses maintain a secure environment for handling credit card data similarly the iso 20 701 standard outlines specific requirements for establishing implementing maintaining and continually improving an information security management system these standards provide a benchmark for businesses to strive towards in their security efforts security compliance takes on additional complexities in the realm of international e-commerce different countries have unique regulations and businesses operating globally must comply with them for instance an online retailer operating in multiple countries would need to comply with local data protection regul regulations in each of these countries it's a challenging task but absolutely necessary to ensure secure and lawful Operations Security compliance laws and regulations have a significant impact on business practices they dictate how businesses should collect store process and secure customer data non-compliance doesn't just lead to legal issues it can also cause operational disruptions Financial penalties and reputational damage this is why thorough understanding and adherence to these laws and reg ulations are crucial for smooth business operations with that being said compliance is not a destination it's a journey it involves understanding the applicable laws and standards assessing your current security posture implementing necessary controls and conducting regular audits to ensure ongoing compliance it's a continuous process of learning implementing checking and improving the importance of security compliance in modern business operations cannot be stressed enough it's a commitment to data protection customer trust and business Integrity while it's understandable that the complexities especially in international e-commerce might seem overwhelming it becomes a navigable Journey with a dedicated strategy consistent efforts and expert guidance so embrace the compliance Journey not just as a legal obligation but as a Cornerstone of your business's reputation and customer trust remember every step you take towards compliance is a step towards a more secure and trusted company risk management and compliance these two crucial pillars of business operations are vital to the success of organizations across all sectors regardless of their size take Sam Scoops for example as the business continues to expand it means that the volume of customer data Financial records and employee information will increase if Sam doesn't take appropriate action to protect this data she not only exposes the business to security threats but also carries the risk of legal consequences over the next few minutes you'll discover how risk management strategies and compliance contribute to the success and sustainability of organizations regardless of their scale or industry so let's start with understanding what risk management and compliance actually entail risk management is a systematic process of identifying evaluating and taking appropriate actions to mitigate or control organizational risks it revolves around making well-considered decisions to reduce the negative impacts of threats and uncertainties on business operations to the lowest possible level compliance on the other hand is about ading strictly to a specific set of rules these could be laws and regulations standards or guidelines pertinent to your business for example in Sam's case risk management involves identifying and reducing risks associated with customer data Financial records and employee information while compliance means following laws standards and regulations on data privacy and financial reporting non-compliance could result in operational disruptions Financial penalties and damage to Sam scoop's reputation now that you understand what risk management and compliance are let's explore how risk management takes form risk management generally involves four phases identification assessment response and monitoring and Reporting the process begins with identifying potential risks in all key areas using information from various sources such as interviews vulnerability scans and incident reports then in the assessment phase each risk is evaluated based on impact likelihood and controlled efficiency impact refers to potential damage to the company likelihood measures the probability of the risk occurring and controlled efficiency assesses the effectiveness of implemented mitigation strategies the combination of these metrics provides a risk score which is presented to key stakeholders for verification for example a risk heat map can be used to facilitate risk assessment it visually represents risks categorized by impact and likelihood this graphical tool simplifies complex data allowing stakeholders to prioritize risks and make make well-informed decisions next the response phase involves developing and implementing strategies to mitigate identified risks depending on the nature and potential impact of the risk strategies may include risk avoidance reduction sharing or acceptance this is also where compliance plays a vital role compliance management ensures that an organization operates within legal and ethical boundaries minimizing the potential negative impact of risks it covers three major areas regulatory compliance corporate governance and ethical conduct but what does their role entail in this critical phase of responding to risks Regulatory Compliance comes down to following industry specific laws and regulations that apply to your organization by complying with these rules you can address risks linked to non-compliance such as Financial penalties or legal consequences corporate governance focuses on the rules practices and processes that guide a company's operations it promotes fairness transparency and accountability ility within the organization effective corporate governance ensures that risk management strategies align with your organization's overall objectives and values now let's talk about ethical conduct it goes beyond what's legally required and focuses on doing what's morally right ethical Behavior involves maintaining Integrity fairness and transparency in all aspects of your business by integrating ethical conduct into your risk response strategies you can build trust with stakeholders and minimize reputational risks additionally an effective compliance program includes employee training regular monitoring and auditing of compliance practices this brings us to the final phase of the risk management cycle monitoring and Reporting involve continuously tracking and communicating the identified risks to relevant stakeholders various strategies such as security monitoring and periodic risk reviews are employed to gather data for performance indicators and reports this information informs future risk decisions the combination of risk management and compliance help organizations can Safeguard their operations and protect sensitive data for Sam Scoops this means using risk management strategies to spot and treat risks before they cause major damage and maintain compliance to reduce the chance of operational disruptions Financial penalties and damage to the business's reputation all in all risk and compliance management boil down to implementing and maintaining proactive measures to manage risk and ensure compliance with laws and regulations Paving the way for long-term success have you ever encountered pop-ups asking for your permission to use cookies when you visit a website perhaps you find yourself mindlessly clicking accept just to make them disappear but did you know they are a direct result of the gdpr a regulation that's all about protecting your online privacy but what are these browser cookies you've been agreeing to why are they such a big deal and how does the gdpr come into play in this video you'll learn the answers to these questions and discover how gdpr keeps your privacy intact while still letting you enjoy the wonders of the internet but before you dive into the details let's clear the dough off the table browser cookies or HTTP cookies are small bite-sized pieces of data that websites store on your computer their main function is to remember you and your preferences for a specific website they're the reason you don't have to log in every time you visit your favorite site and why you don't lose items in your online shopping cart even if you accidentally close the browser plus these cookies can even help show you ads that match your browsing habits but hey every Hero has its quirks and privacy concerns are one of the challenges cookies face that's where the gdpr steps in to save the day the gdpr has completely transformed privacy laws and put the power back into the hands of the individuals like you but how does it relate to those seemingly innocent browser cookies you encounter on a daily basis simply put the gdpr recognizes cookies as personal data if they have the potential to identify you either directly or indirectly this means that companies have a responsibility to obtain explicit and informed consent before they store access these cookies the gdpr requires companies to be upfront about why they're collecting your data how it will be used and whether it will be shared with third parties it's all about transparency and the law that mandates it this is why you're often greeted with a cookie Banner when you visit a website this popup informs you that the site uses cookies and provides options for you to accept reject or customize the level of cookies you're comfortable with it's no longer about informing you that cookies are being used instead it's about obtaining explicit consent and providing an option to reject the gdpr has made it mandatory for companies to respect your preferences giving you the right to control which cookies you allow while this may seem like a minor change it represents a significant shift in the power dynamics between businesses and users prioritizing your privacy and data protection as a user over the business's needs cookies with gdpr in hand empowers you to access your personal data while while allowing you to withdraw your consent at any time the implementation of gdpr hasn't been without challenges though especially for businesses adapting to these regulations has required significant changes in practices and infrastructure businesses have had to invest time resources and funds to ensure gdpr compliance they have had to re-evaluate their data collection strategies Implement new procedures and often redesign their websites to accommodate cookie consent banners however despite these challenges the gdpr also presents opportunities by fostering transparency and Trust businesses can build stronger relationships with their customers it encourages a more ethical approach to data collection and usage which in the long term can lead to more sustainable business practices while browser cookies are integral to providing a seamless user experience on the internet their potential misuse for invasive tracking and profiling necessitates protective measures thanks to the gdpr companies are now required to obtain explicit consent before storing or accessing these cookies transparency is key as they must inform you about the reasons for data collection its intended use and any sharing with third parties this empowers you with greater control over your personal data so the next time you're eager to get that cookie Banner out of the way take a moment to appreciate how it works hand inhand with a gdpr to safeguard your privacy when you think about identity what's the first thing that comes to mind do you visualize yourself or do you perhaps reflect on the qualities that make you who you are are whether it's your physical attributes or personal characteristics your identity is what sets you apart but when it comes to information security identity encompasses much more than that it's a fundamental concept vital in ensuring authorized access to organizational resources understanding identity and adopting best practices for identity management can significantly reduce the risk of unauthorized access and breaches that's why this video will introduce you to the importance of identity management and how it safeguards organizational resources so let's start by addressing a fundamental question what exactly does identity mean in cyber security identity refers to the distinctive representation or digital Persona of a user or a system within a given Network this Persona isn't just a name it could be a username an email address a role or a combination of several unique attributes that collectively represent an individual entity within the system it's much like your fingerprint in the digital world unique and specific to you allowing you to differentiate yourself from others in the system but identity does not necessarily refer only to people it can also refer to a software application a server a device or a network infrastructure component each of these entities possesses a unique identity that enables secure and controlled interactions with other components in the system for example let's say Ashley needs to access data from Sam scoop server in this case Ashley's identity is represented by a username and password while the server's identity is represented by an IP address this is where identity management comes in to accurately Define verify and govern these identities to ensure secure interactions between them identity management isn't merely about knowing who or what the entities are it's also about ensuring the appropriate entities have the right level of access to the right resources at the right time but it doesn't stop there identity management encompasses the entire life cycle of digital identities within a system it starts with creating an identity when a new user or ass system component is added to the network then it involves maintaining and updating the identity adjusting access rights as required or revoking them when they're no longer needed now what about the tools that facilitate this process active directory is a Microsoft service that is a pivotal component in identity management it serves as a virtual directory for your network organizing and controlling data access and managing user interactions throughout the system think of it like a digital phone book for your network storing directory data in a structured way and offering services to manage resources effectively from users and services to systems and other network resources active directory manages secure and controlled interactions between them but that's not all active directory is integral to user authentication and authorization it verifies users credentials against its database and upon successful validation it checks their permissions to determine their access levels this approach supports the principle of least privilege granting users only the access necessary to perform their tasks now let's explore why this concept of Access Control is considered a core element of identity management Access Control empowers you to manage and control entity permissions in a digital environment by affirming and enforcing user or system identities before granting access it ensures that only authorized entities can access network resources simply put Access Control allows you to determine and verify who is requesting access and ensures that only authorized entities can reach what they are permitted to this critical Safeguard regulates access to resources strengthening the authorization process and enhancing overall digital security another significant aspect of identity management is identity Federation your digital identity consists of characteristics that identify you as a unique individual navigating the virtual world a Federated identity involves a mutual understanding between entities regarding interpreting and utilizing these characteristics think of a time you used an existing account to register a new account for a different website like using your Google account to sign up for an online streaming service this is Federated identity at work it enables you to log in at one location and seamlessly switch to another without the need to log in again identity Federation signifies a set of agreements protocols and Technologies enabling you to use a single digital identity to access resources across multiple security domains from different Enterprises this process forms an essential component of creating a cohesive userfriendly and secure digital environment by using a single set of credentials to access different systems or applications instead of having to manage multiple usernames and passwords identity Federation allows for enhanced security by reducing the need for repeated logins identity management is an indispensible element in maintaining the integrity and security of an organization's Resources by implementing best practices such as active directory for authentication rigorous access control for authorization and identity Federation for cross-domain access you and your organization can build a resilient defense against potential cyber threats managing multiple usernames and passwords for various online services compose a daunting challenge for users this necessity has led to a growing concern for both personal and organizational data security giving rise to the solution known as single sign on or SSO for short this increasingly popular technology facilitates a more streamlined and secure method of managing digital identities in this video you will expl explore the concept of SSO its inherent benefits and the potential drawbacks associated with its use SSO is an Innovative authentication scheme that allows you to log into multiple yet distinct software systems using a single set of credentials the process simplifies the authentication experience significantly reducing the number of instances you must provide login information to access various applications and services for example let's say you use different online services and applications to complete work-related tasks every day each of these systems requires you to remember a unique username and password combination keeping track of all the different login credentials can be challenging and you might agree that this can be a challenging and frustrating experience with SSO you can access all the required systems and applications using a single set of credentials eliminating the need to remember multiple usernames and passwords there are several other compelling benefits of SSO SSO drastically improves user experience by removing the necessity to remember multiple sets of login credentials by enhancing convenience SSO boosts productivity and minimizes the occurrence of account lockouts triggered by incorrect password entries on an organizational level the adoption of SSO can lead to substantial cost savings it eliminates a significant proportion of password related issues thereby reducing the workload on it help desk teams as a result they can redirect their focus towards Mission critical tasks then SSO can also boost security measures it discourages poor security practices such as using weak or repeated passwords across various platforms what's more SSO enables organizations to centrally enforce Advanced security measures such as multiactor authentication and biometric verification for it administrators SSO allows for enhanced visibility and control over user access this makes it easier to manage and monitor user permissions ensuring adherence to internal policies and compliance with external regulatory requirements while SSO offers many benefits it's just as important to consider its potential drawbacks a significant concern is that SSO could create a single point of failure if a malicious entity were to compromise the SSO credentials it could potentially gain access to all linked applications and services another concern is SSO dependency if the SSO system experiences downtime or an outage it could prevent users from accessing all dependent systems thereby causing significant disruption to workflows given that SSO allows for user activity tracking across multiple platforms there could be potential privacy concerns despite the various potential downsides associated with the use of single signon they are by no means expected with careful planning strategic measures and the application of rigorous security protocols these drawbacks can be considerably mitigated implementing robust security protocols can go a long way towards preventing unauthorized access this includes the use of encryption techniques to secure data making it far less likely that sensitive information can be intercepted and exploited by malicious entities additionally implementing two-factor authentication or even multiactor authentication further bolsters security by requiring users to provide two or more pieces of evidence to verify their identity before gaining access regular system maintenance and backup systems are also crucial factors in mitigating the disadvantages of SSO regular audits updates and patches ensure that the system remains current with the latest security advancements and protects against newly discovered V vulnerabilities finally addressing the privacy concerns related to SSO requires strict adherence to local and international data privacy regulations SSO providers must prioritize transparency about their data collection processing and storage practices informing users of the extent and purpose of their data usage with these strategies in hand single signon emerges as a powerful and practical solution for managing multiple digital identities by offering enhanced user convenience reducing administrative burdens improving security and providing comprehensive control and compliance IT addresses many of the challenges presented by the traditional username password system while the potential for a single point of failure system dependency and privacy concerns underscores the importance of careful implementation these risks can be significantly mitigated through the adoption of stringent security protocols regular system maintenance and a strong commitment to privacy regulations therefore despite its potential downsides the overarching benefits of SSO position as an instrumental tool in the progression towards a more secure and streamlined digital environment so far you have explored the fundamental concepts of active directory in group policy understanding how they function to manage user identities and control access to organizational resources now let's delve deeper into these essential tools and explore how they can be effectively used to streamline user management and enhance security to understand how active directory works it's essential to First familiarize yourself with its key components including domains domain controllers organizational units and Trust relationships domains are logical containers within active directory that group and organize resources each domain has its own unique domain name and maintains a separate security boundary domain controllers are servers that run the active directory domain Services role they authenticate users enforce security policies and replicate directory across the network organizational units are containers Within domains that help organize and manage resources based on administrative needs they provide a way to delegate administrative Authority and apply Group Policy settings trust relationships establish connections between domains to enable secure resource sharing and authentication across different parts of the network now that you have explored the key components of active directory let's focus on understanding Group Policy this integral aspect of Microsoft's active directory service empowers administrators with a versatile tool set for managing user and computer environments across an Enterprise Network as you may recall Group Policy allows for the centralized management and control of operating systems applications and user settings in an active directory environment by setting up policies administrators can ensure consistent security and configuration settings across all users and computers within the network eliminating the need for manual configuration on each individual machine now let's explore the key elements that enables this functionality Group Policy object s or GPO for short gpos are fundamental elements of the Microsoft active directory framework and serve as the primary means for administrators to manage and configure various settings across a network they enforce specific settings on systems or users associated with active directory object these settings are bundled together within gpos and are created using the group policy Management console the policies within gpos can dictate a wide range of parameters and settings this includes system configuration where administrators can Define settings for options such as registry values security settings scripts and software installation all within a single GPO in terms of Security gpos provide a way for administrators to enforce robust network-wide security standards these can range from setting password policies specifying user rights and auditing settings among others with Azure Active Directory Group Policy settings are applied in a hierarchical manner to determine which settings take precedence starting with the local group policy on individual computers followed by site domain and OU level policies the settings defined in higher level policies can be overridden by lower level policies allowing for granular control over configuration in addition to configuration management active directory plays a crucial role in managing user identities within an organization providing features for creating modifying and disabling user accounts as well as managing authentication and authorization administrators can also enforce password policies to enhance security defining requirements such as minimum password length complexity and expiration periods by implementing strong password policies organizations can mitigate the risk of unauthorized access due to compromised or weak passwords controlling access to network resources is another key function of active directory in group policy through group policy administrators can manage file and folder permissions regulate printer access and streamline software deployment by defining granular permissions for files and folders on network shares administrators can ensure data confidentiality and prevent unauthorized access overall the combination of Group Policy settings in active directory empowers administrators to efficiently manage user identities enforce security policies and control access to network resources within an organization by understanding the key components of active directory such as domain controllers domains organizational units and Trust relationships administrators can establish establish a secure and organized Network environment Group Policy as a centralized management feature empowers administrators to enforce consistent security measures and configuration settings throughout the network with the ability to manage user identities Implement password policies and control access to resources active directory and kup policy provide organizations with the necessary tools to enhance security streamline user management and maintain data confidentiality there is no one-size fits-all solution to the Myriad security threats organizations and individuals face instead a multifaceted layered approach is needed to boost the defense against various attack vectors in this video you will explore the concept of Defense in depth a strategic and layered approach to cyber security defense in depth is a strategy that employs a series of protective mechanisms to slow the advance of an attack aimed at acquiring unauthorized access to information each layer adds a protective barrier ensuring that subsequent layers are ready to mitigate the impact and prevent further intrusion even if one is preached Microsoft employs this layered security approach in its physical data centers and Azure Services the primary objective is to protect information and prevent unauthorized access the confidentiality integrity and availability principles often called the CIA Triad guide this approach to defense in depth confidentiality is about ensuring the access to information is restricted to authorized individuals this principle is upheld by protecting user passwords encrypting sensitive data and securing email content Integrity involves preventing unauthorized information changes whether at rest or in transit techniques like one-way hashing algorithms Safeguard data Integrity which generates a unique fingerprint of the data ensuring it hasn't been tampered with during transmission availability the third pillar of the CIA Triad ensures that services and resources are accessible to authorized users whenever needed mechanisms such as redundancy failover protocol and geographical dispersal of resources are employed to maintain continuous service availability and minimize single points of failure now that you know the principles guiding the defense in- depth approach let's explore its different layers the first layer focuses on protecting data which is often the primary target for attackers whether in databases disk storage cloud storage or SAS applications organizations must ensure that data is properly secured according to regulatory requirements the second layer focuses on securing applications as they serve as crucial gateways to data so it's vital that they are developed securely free from vulnerabilities and that they handle sensitive data appropriately integrating security considerations throughout the application development life cycle is just as essential the third layer is compute this layer focuses on the security of virtual machines and endpoint devices it is crucial to secure access Implement endpoint protection and keep systems up to date then you have the network layer that focuses on controlling and limiting communication to prevent unauthorized access and lateral movement within the network network segmentation and access controls can restrict communication to what's strictly necessary next is the perimeter this layer is about shielding your network from large scale attacks from the outside implementing distributed denial of service protection and perimeter firewalls can help identify mitigate and raise alerts for potential attacks the perimeter layer is followed by identity and access this layer controls access to infrastructure and Records events and changes robust access controls such as single sign on and multiactor authentication ensure that only authorized individuals can access resources finally physical security brings the defense model full circle this stage involves preventing unauthorized physical access to assets which can bypass other security layers if not appropriately safeguarded measures such as biometric access controls for data centers fall under this layer defense in depth offers a robust layered security strategy crucial for navigating the complex cyber threat landscape it incorporates data protection secure application development secure Computing resources controlled network access fortified Network perimeter managed identity and access and physical security measures by employing defense in depth organizations can significantly enhance their resilience against cyber threats ensuring their digital assets confidentiality integrity and availability in an era where security breaches happen all too frequently who can you truly trust with your data the traditional models that once assured protection are proving to be inefficient it's time for a paradigm shift a model that challenges the very notion of trust in this video you'll discover the zero trust model a new approach to data security that goes beyond products and services built on the principles of verify explicitly use leas privilege access and assume breach this model signifies a fundamental transformation in security practices so let's learn about this model that redefines the concept of trust the first principle verify explicitly emphasizes the importance of continuous authentication and authorization based on all available data points it is not good enough to know who is trying to access your network you also need to know their device their location and more the second principle least privilege access means limiting user access with just in time and just enough access policies these policies restrict access to what's needed for a specific task reducing the potential impact of a breach the final principle assume breach involves taking a defensive stance by minimizing the area of impact segmenting access verifying end encryption and using analytics to drive threat detection and improv defenses now let's explore the six critical elements that must be secured to ensure a robust zero trust model identities devices applications data infrastructure and networks identities define the zero trust model strong authentication is essential to validate the identity of individuals attempting to access resources all devices including iot devices and npoints need to be monitored and protected to minimize potential attack surfaces applications and apis need security controls to discover Shadow it activities like unauthorized apps on corporate devices monitor for abnormal behavior and validates secure configuration options classify label encrypt data and restrict access based on these attributes to ensure data remains secure even outside the organization's control from on-premises servers to cloud-based virtual machines infrastructure is a critical threat Factor Harden defense with assessment and Telemetry to detect attacks and anomalies and take automatic protective actions Network segmentation real-time threat protection and endtoend encryption are necessary to provide critical controls to prevent attackers lateral movements in in a network finally a component that applies to all pillars is the principle of visibility Automation and orchestration this principle AIDS in managing the influx of data and alerts from the different areas allowing you to better defend against threats and validate trust now that you understand the zero trust models key principles and pillars let's explore how it can make a difference in a company like Sam Scoops traditionally Sam would trust employees inside the store assuming they will only access the resources and Equipment they need but what happens if an employee breaches that trust damaging resources or causing a data breach by tampering with resources they weren't supposed to this is a real world parallel to the traditional network security models where trust is assumed once inside the network the zero trust model on the other hand adopts a strict approach of continual validation and exemplifies the saying never trust always verify for Sam Scoops adopting the zero trust model would bring a new level of data security and protection for instance Sam can Implement multifactor authentication to ensure only authorized employees with approved devices can access the network and sensitive data this is especially important for employees who use their own devices or work outside the confines of traditional firewalls in the zero trust approach every attempt to access resources is carefully checked regardless of whether it's from inside or outside the network then following the principle of lease privilege Sam can grant employees access only to the specific systems and data necessary for their roles for example the cashier can access the point of salees system but not the inventory management system finally Sam can take a proactive approach to minimize the impact of a potential breach by dividing systems and data into separate segments or zones she can also use physical Hardware like security cameras is to ensure complete visibility and monitoring of the store premises the zero trust model offers a layered security strategy it verifies the user's identity the devic's security status and the network security posture every transaction component and access request are authenticated authorized and encrypted before access is granted the zero trust model revolutionizes the approach to network security in the face of escalating cyber threats by incorporating principles such as verify explicity use leas privilege access and assume breach organizations like Sam Scoops can ensure data security and protection this model represents a fundamental shift in network security practices providing a comprehensive framework for protecting sensitive information this week you delved into the essential concepts of security compliance and identity management topics crucial in protecting data and organizations from cyber security risks let's take a moment to reflect on the key learning takeaways compliance is all by following laws regulations and guidelines to safeguard data and information systems by complying with these standards organizations can significantly reduce the risk of data breaches and their consequences non-compliance on the other hand can lead to to penalties legal action and damage to reputation and customer trust laws like gdpr and Hippa have Global implications for data security and privacy and violating them can result in substantial fines then when it comes to risk management you learn that it plays a vital role in ensuring the success and sustainability of organizations it involves identifying evaluating and mitigating risks through a cycle of identification assessment response and monitoring and Reporting by effectively managing risks and maintaining compliance organizations can protect their operations and data and build trust with stakeholders you then learned more about the general data protection regulation also known as gdpr a transformative regulation that empowers individuals by giving them control over their data one significant aspect you learned about is how gdpr recognizes browser cookies as personal data companies must obtain explicit consent and provide transparency regarding data collection use and sharing what's more the gdpr has made it mandatory for companies to respect your preferences giving you the right to control which cookies you allow next you covered industry standards and compliance Frameworks such as ISO 2701 s SO2 pcidss and Hippa ISO 2701 establishes an information security management system to ensure comprehensive security practices s SO2 assures clients about adequate data privacy and security PCL idss combats credit card fraud while Hippa ensures privacy standards for health information you then moved on to identity management a practice essential for protecting resources maintaining integrity and enhancing overall digital security within organizations identity refers to the unique digital Persona of entities within a network including users applications servers devices and network components identity management involves accurately defining verifying and governing identities throughout their life cycle this encompasses creating maintaining updating and revoking digital identities you also learned about single sign on or SSO as a solution to the challenge of managing multiple usernames and passwords for various online services it simplifies the authentication process by allowing users to log into multiple software systems using a single set of credentials enhancing convenience and reducing the burden on users in the context of managing user identities and controlling access to resources you explored active directory and Group Policy active directory comprises domains domain controllers organizational units and Trust relationships which help organize and secure network Resources Group Policy Ena centralized management and control of operating systems applications and user settings by understanding and leveraging these tools organizations can efficiently manage user identities and control access to network resources next you learned about defense in depth a strategic and layered approach to cyber security focusing on various areas such as data protection secure application development secure Computing resources controlled network access fortified Network perimeter managed identity and access and physical security measures by adopting this approach and continuously improving security measures organizations can enhance their resilience against cyber threats you explored the zero trust model next a paradigm shift in data security that challenges traditional Notions of trust the first principle of the zero trust model is always verify this means that authentication and authorization should happen continuously based on all the available data points another essential concept is least privilege it's about giving users sufficient access only to what they need for their specific tasks assuming a breach is also a vital aspect of the zero trust model it means taking a defensive approach by minimizing the area of impact segmenting access verifying anend encryption and using analytics to drive threat detection and improve defenses you also discovered that when implementing the zero trust model there are six critical elements to secure identities end points applications data infrastructure and networks each component plays a crucial role in maintaining a secure environment and protecting sensitive information finally you learned that security operations and monitoring are crucial for maintaining the integrity and confidentiality of an organization's data and it ecosystem continuous monitoring enables proactive threat anticipation and neutral ization facilitated by various Solutions and systems such as intrusion detection systems security information and event management systems and log Management Solutions by prioritizing security compliance and identity management organizations can protect data mitigate risks and Foster trust with stakeholders it's an ongoing effort staying updated with evolving standards for Effective cyber security practices is crucial overall understanding and implementing these Concepts and best practices are vital to securing organizations from cyber threats and ensuring data and resources confidentiality integrity and availability you're almost at the finish line for this course you put a lot of work into completing the videos readings quizzes and exercises and now you better understand the topics presented including cyber threats and attacks cryptography Network and device-based threats and security compliance and identity Concepts you now have the opportunity to demonstrate this learning in the final course project where you'll integrate the concepts you've learned to create a security strategy for Sam Scoops this exercise will assess your ability to describe cybercity threat factors and develop effective mitigation strategies thereafter you will complete the final graded assessment which measures your Mastery of the course objectives including your ability to describe the active threat landscape describe common types of cyber attacks classify different types of encryption algorithms and explain security and compliance Concepts but before you move on to complete the final assignment an assessment let's take a moment to reflect on what you've learned this will help you assess your understanding of key topics and enable you to identify any areas that may require further exploration before you continue during the first week you explored cyber threats and attacks discovering how these malicious activities can disrupt operations cause damage and provide unauthorized access to computers and networks you then took a deep dive into threat Landscapes explored various malware types and discovered how malware works you also learned meth cyber criminals use to evade detection you examined measures to reduce your personal risk including educating yourself and verifying the identity of anyone who contacts you furthermore you explored threat vectors and can now explain topics like Insider attacks Hardware based attacks and typo squatting you followed this learning by delving into mitigation strategies you explored Biometrics and discovered the range of security software options available for encrypting files you also learn that the windows operating system comes with Microsoft Defender which offers robust features to prevent malware and fishing attacks and a highly capable firewall as you wrapped up this first week you explored the critical topic of data loss and Recovery you explored the several ways data can be corrupted or destroyed and now know how to manage and avoid data loss through the implementation of data backups in the following week you worked through the fundamentals of cryptography you learned how symmetric encryption uses a shared secret key to encrypt and decrypt data while asymmetric encryption uses a pair of public and private Keys you also learned how hashing takes input and turns it into a fixed size string of bytes after that you discovered how digital signing and signatures use cryptographic techniques to ensure the authenticity of electronic documents you gained insight into digital certificates which are electronic credentials that validate the identity of entities to ensure security you also explored signed URLs learning how they ensure only authorized users can access certain resources to conclude your learning on cryptography you deepened your understanding of centralized authentication and authorization Concepts this exploration highlighted the importance of multiactor authentication a security process that demands two or more forms of authentication to verify your identity you then moved on to learning about Network and device-based threats you discovered how critical it is to guard against these threats and learned the significance of keeping applications and software up to date you are introduced to data transmission threats explor ing various attack methods and examining tools used for intercepting data Transmissions both for legitimate and malicious purposes next you examined virtual private networks and discovered how they are used to protect data transmitted over public networks you followed this by learning about advanced persistent threats you gained insight into the concept of iot threats where actors gain unauthorized access to your iot devices to perform malicious activities the next lesson dived into firewalls where you studied a guide on on configuring your own firewall on Windows and Mac OS you learned about intrusion detection and prevention systems which monitor Network traffic and system activities to identify security breaches and prevent it then by completing a network segmentation exercise you learned how organizations can protect systems and sensitive data from potential threats by segmenting resources into multiple networks you also explore the importance of completing software and application updates and now you understand how vital they are for maintaining the security of your devices you then moved on to learn about security compliance and identity Concepts you study the compliance laws regulations and guidelines safeguarding data and information systems you learn that gdpr is a regular that gives individuals more control over their data you also covered several industry standards like ISO 270001 s SO2 PCI DSS and Hippa you then moved on to learn that identity management involves accurately defining verifying and governing identities throughout their life cycle you also learned how single sign on or SSO allows you to use a single set of credentials to log in into various online services next you explored active directory and Group Policy you learned how ad helps organize and secure a network resources while Group Policy enables the centralized management and control of operating systems applications and user settings finally you explore different defense models you examined how defense in depth focuses on data protection application security network controls and physical security to enhance resilience against cyber threats you discover the zero trust model which challenges traditional Notions of trust and incorporates principles such as always verify use least privilege and assume breach your learning throughout this course has prepared you to develop effective mitigation strategies to protect against evolving cyber threats now you're finally ready to demonstrate this learning by completing the course project and assessment best of luck congrat congratulations on making it to the end of this course your hard work and determination has paid off and you've shown that you have what it takes to understand key concepts of cyber security with this course under your belt you now have a solid foundation to build upon as you continue your Learning Journey you gained an understanding of the numerous threats the world of cyber security faces today the common strategies used to mitigate against them and the various compliance and regulations used to enforce them by successfully completing all the courses in the Microsoft cyber security anal program you will receive corsera certification this program is a great way to expand your understanding of cyber security challenges plus gaining a qualification will allow you to apply for entry-level jobs in the field all the courses in this program including the one you just completed also help you prepare for the sc900 exam offered by Pearson view by passing the exam you will earn Microsoft certification in security identity and compliance this globally recognized certification is industry endorsed evidence of your technical skills and knowledge the sc900 exam measures your knowledge about concepts of security compliance and identity capabilities of Microsoft Azure active directory or Azure ad as part of Microsoft entra capabilities of Microsoft Security Solutions and the capabilities of Microsoft compliance solutions to complete the exam you should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and identity strategies provides an end-to-end solution across the platforms please remember to check out more information about the exam you can visit the Microsoft certifications page at www.learn.cashtracking.com program offers a diverse selection of courses each tailored to develop specific skills and knowledge with topics like information security access management identity governance Enterprise security and authentication methods the program offers a comprehensive learning experience designed to provide you with key competencies across various Industries enrolling in another course is a great opportunity to expand your skill set and gain expertise in new and exciting areas of cyber security whether you're a novice or just starting out as a technical professional completing the whole program will show potential employers that you are motivated capable and not afraid to learn new things it's been a joy to travel this path of Exploration with you wishing you all the best in the future you may be aware that a common vulnerability exploited by cyber criminals is a weak password if the password is compromised an attacker can access a user's account and the sensitive data it contains this can be damaging when experienced by an individual but imagine the harm done when a breach happens to an organization with multiple resources and services linked together on a common Network because of the sheer number of people typically accessing the network every day it can be a Monumental task to verify that all of them are taking the correct precautions fortunately as you'll soon find out there are solutions that make it simpler to manage large teams the identity and access Solutions in Azure ad course is for those who would like to learn how to use identity as a means of managing access to and within an internal Network this course will specifically cover how to do this in Azure active directory a cloud-based identity and access management service for Microsoft this solution allows administrators to set rules that apply differently depending on such factors as a user's role and whether resources are internal or external it also gives control at both Broad and micro levels as needed if you have a general understanding of cyber threats and approaches for securing networks and cloud computing environments then you are ready for this course as your next step towards becoming a cyber security analyst or engineer let's go over some key topics that you need to familiarize yourself with as you progress you'll start with an overview of what an on premises active directory or ad is and how it is used to manage access to resour ources in a network you'll find that despite the security benefits there is a substantial amount of planning work and maintenance that goes into setting up and operating in on premises ad fortunately there is another solution for access management that is more hands-off that solution is azure ad you'll find that even for an organization with an on premises ad in place Azure ad features several tools that make it easy to transfer critical information to the cloud such as user account data and applications you'll outline the steps for performing this migration with minimal disruptions to company operations and you'll compare the features of different additions so that you know how to choose the version that best fits your needs you'll also explore the concept of identity as it applies to Azure ad specifically you will be able to list different identity types and what abilities and privileges each one has next you'll become aware of the authentication methods available in azuread which include passwords the Microsoft authenticator app and more you'll discover that it is particularly important to enforce a secure authentication policy when these methods are combined with a single signon that enables users to access multiple connected Services after being authenticated at one point for further customization Azure ad also features multiactor authentication for greater security and selfservice password reset for improved efficiency the next step of your Learning Journey concerns access to and within a network as determined by rules and user roles you'll find out how administrators can set who has access to a resource who doesn't and who requires further authentication this can be B based on conditions such as location or risk level or roles such as user administrators or billing administrators additional related Concepts you'll learn about include identity governance for updating the access rights of users who change roles or leave the organization and privileged identity management for dynamically giving users only the minimum access required finally you'll wrap things up with a project that will task you with configuring identity and access policies for a business to complete this successfully you'll need to apply the knowledge you've gained about Azure ad along the way you'll have several opportunities to test what you've learned throughout this course this includes exercises based on real world examples along with knowledge checks to assess your understanding of key Concepts all of this will help get you ready for the Microsoft exam sc900 which you can take after completing this program a passing score on this exam will demonstrate that you are ready for the next stage of your cyber security Journey good luck by now you're familiar that software as a service or SAS is a complete cloud service model that is centrally hosted and subscription based an active directory helps a company manage its employees and Company resources it grants access to SAS services in this video you'll learn about the requirements of an on premises active directory you'll investigate what is required when setting up an on premises active directory or ad Sam Scoops continues to thrive Sam realizes that she must evaluate the current it infrastructure because the business's need for more staff and devices has increased she has been made aware of an active directory as a possible tool for keeping track of employee access more easily and decides to explore this solution further an active directory is a service task with managing all of the resources on a network resources can include various thirdparty software that companies use such as SAS as well as customer specific software applications think about a phone book directory which has a list of names addresses and phone numbers it is very easy to query this directory because it is in alphabetical order similarly an active directory is an organized store that includes refer references to all users computers printers and any other resources that are part of a network when a new user joins a firm they are added to the active directory all the user information such as their name email address Department androll within the company is uploaded to the system the administrator then allocates the necessary user permissions to the system keeping an active directory allows administrators to create groups for users which simplify management tasks for example an administrator May create a group called finances which oversees managing the company's money Affairs another group may be called floor staff which is in charge of serving customers and other frontof house tasks the Privileges of a member of finances differs from a member assigned to floor staff so how do you create an on premises active directory let's unpack what is needed to do this first recall that ad is developed by Microsoft and a Windows Server like Windows Server 2016 2018 or 2019 is required there are some open source variations such as open ldap free IPA and Samba 4 however these require different configurations with potentially some additional steps to integrate with windows-based applications second active directory domain services or ADD s is the core element of active directory that governs authentication and authorization Services an essential part of the directory that links the names to the IP addresses which are the digital locations of the services is domain name system referred to as DNS remember all you learned about servers earlier in the program for ad to be effective there needs to be smooth communication between all servers and users involved this is the network infrastructure now think about Hardware an on premises implementation requires Hardware to facilitate the various interactions another required element is the IP address schema recall that the schema is the blueprint or structure and here it relates to the type of objects that can be created and how they relate to one another so active directory design is configuring the structure of your directory in other words what are the various domains and groups What policies and permissions will be associated with each domain who needs access to it and to what degree of access is required for each group finally you'll need to configure the appropriate Administration tools some examples of required tools include the active directory sites and services to help manage the physical location of the company resources and the active directory users and computers console which is a tool to create and manage users accounts groups and computers associated with your ad so essentially setting up an on premises ad requires a server operating system active directory domain Services DNS Network infrastructure Hardware IP address plan active directory design and the various administrative tools to maintain and operate the ad sounds like a lot of work doesn't it fortunately that doesn't always have to be the case instead of an on premises active directory another option is to use a cloud-based ad these can Implement many of the previously mentioned steps automatically providing online access with ease one such solution is Microsoft's Azure active directory which you'll become familiar with soon in this video you learn that active directory is is a tool that Network administrators use to manage users and resources on a network it simplifies the management of staff and administrative user permissions by having one centralized source to configure authorization and access implementing an on premises version can be technically challenging and requires a dedicated Department to manage and configure it however you'll soon discover that a cloud-based ad can take care of much of this work after doing some research on the benefits of a cloud-based active directory Sam has decided that it is in the best interest of a rapidly growing company to transition from an on premises active directory to Azure ad however she's still unclear about what exactly she needs to do to make this happen she is also worried about the time needed to transfer user account data which could mean lost productivity luckily as Sam will soon discover with thoughtful planning and the right tools this process is actually easier than she thinks in this video you'll go over how users and devices are imported an outline of some of the tools used and some Advanced features when using aad now let's unpack the four-step migration process beginning with the premigration assessment so evaluate the existing ad infrastructure identify the objects that need to be migrated and determine any dependencies on other active services with the on premises ad it is an opportunity to perform a detailed inventory of the objects currently being managed by the ad these objects include users groups and devices an organization will have a range of SAS that are employed with supporting steps and documentation that's available specifically consider the the custom applications or services that rely on ad for authentication and authorization these applications have their own configuration so if an issue arises the solution requires extensive troubleshooting efforts because tailored applications limit the exposure to the online community to troubleshoot it freely the second step is establishing a connection between the on premises ad and aure active directory this can be done using Azure ad connect which synchronizes user accounts and passwords from an on premises ad to Azure ad Azure ad connect also ensures that any changes made to the on premises ad are reflected in Azure ad Azure ad connect works by installing software on the on premises ad server then it gathers information on the various users groups and devices the ad manages and sends this data to the aad additionally it also receives changes made to the aad and syncs them with the on premises settings aad connect continues doing this even after the aad has been created essentially it acts as a bridge that keeps both settings in line now that the aad is created and aligned with the ad the third step is to migrate the user accounts and groups from ad to a a Microsoft provides many tools that can achieve this such as the Azure ad connect tool this tool allows administrators to select the users and groups that need to be migrated and transfer them to the aad and ensures that all the necessary attributes and properties are transferred correctly creating user groups is an advanced feature of aad note that widen scope and use depends on the license available to you another tool that can be used for migrating users and groups is the active directory migration tool admt admt allows you to extract passwords group memberships and other attributes associated with users and groups and duplicate them in the cloud it can also migrate computers and contacts registered with the ad the final step in this process is migrating any applications and services that are dependent on ad to a a this involves reconfiguring the applications and services to use aad for authentication and authorization instead of AD devices and services often have special configurations relating to how to join the network Network and what information they can access here admt can Implement these aad security features in this video you unpack the process for transitioning from an on premises ad to Azure ad you should now know the key steps involved which are conducting a premigration assessment syncing the on premises ad with Azure ad migrating users and groups and integrating applications and services you are also introduced to several tools from Microsoft that can help you along the way this includes Azure ad connect which synchronizes accounts and passwords between AD and aad and the active directory migration tool which allows for easy duplication and migration of user and group attributes now that Sam knows what to expect from the migration process she can plan confidently without worrying about lost time or productivity previously you learned what an active directory or ad is and what is required to create an on premises active directory implementing an on premises version can be technically challenging and requires a dedicated Department to manage and configure it however it was mentioned that Azure active directory or aad is a cloud-based solution that manages these technicalities in this video you'll begin outlining the benefits and advantages of migrating from an on premises ad to a cloud-based one such as Azure ad you'll also explore the role of virtual networks when performing an ad migration now that Sam has discovered what an ad is she continues to research Azure active directory or aad as an option and what it means to migrate from ad to aad she realizes that there's limited computer knowledge within Sam Scoops to set up an ad and she may need help from a development team Sam weighs up the following benefits of aad so that she can make an informed decision recall that ad provides a secure and centralized management system for the resources within the company's Network it supports segregating users and applications into groups with the option of granting various access privileges depending on the information they need to know in order to fulfill their job remember the comparison made between a worker managing the books for the company and frontof housee staff taking orders and working the cash register they each have unique privileges Azure active directory or aad is a modern way of managing network resources and users let's explore the advantages of aad aad is firstly a cloud-based service which means that it can be accessed from anywhere this makes it easier to manage and access with an on premises ad additionally it also means that there is no need to obtain and maintain physical servers being an online service it is possible to expand in response to ongoing change in the number of users and devices therefore aad is scalable thirdly consider application integration having access to the cloud means the active directory integrates with various Cloud applications so it is much easier to incorporate a thirdparty SAS into business operations before any AD can be migrated there are some key considerations to note let's unpack these further once the decision is made that it is beneficial to convert an ad to a more sophisticated aad it is worth pausing to consider some factors to ensure success uccessful transition from an on premises setup to a cloud-based one companies that decide to keep both the ad while using the aad as the primary source maintain a secure backup which acts as a fail safe in the event of an unforeseen incident causing data loss let's prepare by examining some of these considerations before transitioning to aad it is important to practice user account management by cleaning up exist ing accounts an account cleanup includes removing inactive users removing duplicates and validating contact information and reviewing account information you should also consider the security configuration review all existing configurations to ensure that they are appropriate for aad this may involve updating authentication methods to make them more applicable to a cloud-based solution what about applications that need to be integrated ensure that you review and assess the applications that are currently fulfilling business obligations are these applications appropriate to a web-based approach or are there newer alternative solutions that can be implemented recall that a cloud-based solution means a firm can easily incorporate SAS into the daily running of the business next directory synchronization is the process of copying all the relevant information from the on premises setup to the cloud-based solution here's where Microsoft's azuread connect or aad connect comes in to facilitate such a task it is important to ensure that all the information is copied over properly a a connect provides the additional functionality of password and device right back this means that any changes made to the aad will be mirrored in the ad ensuring efficacy in cases is where it must act as a failsafe solution the last consideration is user training any system is only as good as the user maintaining it it is critical that you inform and upskill all the staff operating the system so moving to aad can provide a company with greater security by utilizing Microsoft's expertise in online security it also gives a company access to easily Implement SAS into an organization setup additionally it is beneficial that the old ad is maintained so it acts as a fail safe if any issues arise with aad another question that might come up for an organization is how to implement a virtual Network or VN to communicate between the ad and the aad here the VN connects the aad and the ad using a VPN Gateway this allows the organization to communicate between the two networks without compromising security the VN can be configured with security groups and network specifications to appropriately control the flow of traffic between these resources in this video you'll learn that migrating from ad to aad offers significant benefits for an organization wanting to modernize its infrastructure these benefits include cohesion scalability and better access in addition the considerations for migration include managing user account information ensuring that relevant data copies correctly and eliminating users are data that's no longer needed the advantages of directory synchronization were also proposed finally this video highlighted the importance of using virtual networks to maintain safe communication between the two directories going online has greatly enhanced what businesses are capable of from greater reach and faster communication to Gathering data that helps them understand more about their customers to make all of this possible it takes a robust Computing environment and a hardworking it team to maintain it however a challenge for many businesses is finding a way to run their online operations efficiently without sacrificing security to illustrate the difficulties that a businessman encounter let's observe a day in the life of Gabby Gabby is an IT administrator for Paws and perks an online shop for pet suppli the company's databases servers and other Computing infrastructure are located on premises pause and perks relies on Gabby to keep these systems running smoothly as well as making sure the network is protected from any external threats a critical part of Gabby's job is controlling who has access to specific resources within the network this is important because it only takes one unauthorized element gaining entry to PO potentially cause harm to every person and device that is connected to the network Gabby enjoys her work but she often finds herself stretched thin much of her time is spent managing access for individual employees including every new hire or person who has shifted to a different role or department and that doesn't even cover the external clients who need to view certain company data Gabby's experience isn't uncommon and her time management troubles can lead to other problem problems these include a higher chance of errors that can compromise system security less time available for other important tasks like applying updates and reduced overall productivity which means higher costs for the company so what can Paws and perks do to make Gabby's workload more manageable they may find a solution in aure active directory this service allows it administrators like Gabby to take a rule-based approach to access management rather than handling every case individually this means granting permissions based on factors such as identity location group membership and more Gabby can even customize the security requirements for different areas in pause and perks Network for example she might enable users to access General Resources by logging in with a password but require additional authorization for higher risk areas as a cloud-based service Azure ad can also benefit Paws and perks in other ways this includes cutting the high costs for hardware and software licenses and increasing scalability with a pay as you go payment model by switching to Azure ad pause and perks can Implement a smarter approach to Identity and access management that maintains a high standard of security and allows Gabby to focus her time and talents on creating a a smooth and safe online experience for colleagues clients and customers by now you're probably aware of asure active directory a cloud-based solution for managing access to services and resources but perhaps Sam from Sam Scoops has a few questions on her mind such as does it meet the needs of my business and can I justify the cost if she's had these thoughts she'll be glad to know that Azure ad is offered in multiple versions to suit companies of every size and budget in this video you'll explore the four editions of azure ad which are the free edition Office 365 Edition and two separate premium editions which are labeled as P1 and P2 you'll become aware of the key features of each version that separates it from the others and you'll better understand how an organization can make a more informed choice note that you'll encounter some unfamiliar terms and Concepts along the way but these will be explored in Greater detail later now let's find out what you can expect from each Edition the Azure ad plans and pricing web page features a table that outlines the features that each Edition has and does not have note that in this table The Faded check marks indicate partial feature availability while the full check marks mean full availability for example in the free edition of azure MFA is partially available this means that it is part of the default security settings but cannot be configured in other additions it is fully available this would allow you to configure the specific people and instances that trigger it let's start with Azure ad free edition which is the basic version of azure ad that is free to all Azure customers this Edition provides basic basic user management and authentication services for cloud applications it allows you to create and manage user accounts synchronize them with on premises directories and enable simple logging on for cloud applications however it has limited functionality compared to the other additions for example group management functionality is minimal and only basic security reporting is provided next you have Office 365 apps which is a paid version of azure ad with more features than the free edition the addition comes with any subscription to a Microsoft 365 product it includes all the features of the free edition plus additional features this includes a customizable user signin page which allows the page to be personalized with branding and icons there is also self-service signin activity search and Reporting which provides visibility on who's logging in the Office 365 apps Edition also supports cloud-based user authentication for on premises applications if you're looking for greater management capabilities Azure ad premium P1 Edition is a paid version of azure ad that provides more advanced features than the Office 365 apps Edition this addition includes all those features plus additional features such as Dynamic groups this feature is similar to group access with the distinction that group access requires manually assigned users to a group dynamic groups can be generated automatically by analyzing various roles and permissions assigned to a user and finding commonalities with other users the commonality might arise from job type title department or other defining features such as location it also supports Advanced security features such as Microsoft identity manager a centralized platform for managing user identities and credentials and conditional access which allows administrators to set network access limitations based on if then rules finally you have Azure ad premium P2 Edition which is the highest tier of azure ad it includes all the features of the premium P1 Edition plus even more extras one of these is privileged identity management which differentiates the access given to a user based on status another risk is investigation management which helps with triage are assessing severity level and assigning priority to known and newly identified risks one more is azure ad identity protection for detecting and responding to identity-based attacks very briefly this can be expressed in two ways it ensures that the digital identity which is assigned to a user is updated dynamically in all places when A Change Is Made and it provides hardened security against the theft of this identity this addition is designed for large Enterprises that require ADV aned identity and access management capabilities you should now have a stronger grasp of the different additions of azure ad and their features to summarize the free edition provides basic user management and authentication services for cloud applications The Office 365 Edition adds features such as group-based access management and self-service password reset Azure ad premium P1 Edition includes Advanced security features such as Dynamic groups conditional access and Microsoft identity management and finally Azure ad premium P2 Edition includes all the features of the premium P1 Edition plus additional features for managing identities across multiple directories and detecting and responding to identity-based attacks Sam doesn't need to worry if she doesn't feel fully confident making a choice just yet soon you'll explore some business scenarios and discover how to align specific business needs with the version that best meets them when it comes to cloud-based Services people in businesses are often spoiled for choice on top of selecting a suitable provider they often must also navigate several distinct packages that offer different features and pricing you won't have all the answers when you reach the end of this video but you will be able to make more informed decisions when it comes to Azure active directory today you'll learn about key considerations for choosing the right Azure active directory addition for your organization you previously found out that each addition is tailored to meet different needs making the best choice can have a significant impact on your organization's productivity and overall success you'll revisit the major differences between each Edition before exploring several business son arios and determining the most suitable Azure ad package in each case let's start with a recap of the different Azure ad editions that are available Azure ad free is the basic Edition that is available to all Azure customers it includes the core Azure ad features such as user management application access management and device management it also includes basic security and Reporting features note that many features are limited in this addition for example multiactor authentication can only be performed using the phone app The Office 365 Edition is designed for organizations that use Office 365 applications it includes all the features of the free edition plus Advanced security and Reporting features such as multiactor authentication conditional access and risk-based identity protection recall that the premium tier of azure ad editions is actually split into two versions the premium P1 Edition is designed for organizations that require more advanced identity and access management capabilities it includes all the features of the Office 365 Edition plus Advanced identity protection features such as privileged identity management identity governance and identity protection you also have the premium P2 Edition which is aimed at organizations that require the most advanced identity and access management capabilities it includes all the features of the premium P1 Edition plus Advanced identity protection features such as identity and access management for external users identity protection for non aure applications and Azure ad identity protection remember that each addition is also subject to different pricing the free edition as the name suggests is free of charge the Office 365 Edition is included in the Office 365 subscription plan which starts at $6 per user per month the premium P1 Edition costs $6 per user per month while the premium P2 Edition is available for $9 per user per month now that you've outlined the features of each Azure ad Edition let's examine the needs of a few different businesses and determine which addition best suits each one first imagine a small startup with less than 50 employees a central administrator manages user accounts and they have access to a few applications the company has minimal experience using cloud-based services so they are not sure if Azure ad is a good fit which version would be the best choice here they would probably want the free edition as it provides all the basic features they need at no cost the business does not have a huge staff or large number of devices so the limitations would not present a problem this also gives the company a risk-free way to familiarize themselves with the service and decide if Azure ad is a suitable long-term solution that the company can grow with next you have a medium-sized company with 500 employees most of them use Office 365 applications such as Microsoft Word and Excel and the company wants to ensure Advanced security for their users when sharing documents online which addition should this company choose the name is probably a giveaway but the Office 365 Edition would be the best choice this version of azure ad provides Advanced security features that extend to office apps and is included in the Office 365 subscription plan finally there is a large Enterprise with thousands of employees because of the complexity of their access requirements they want to ensure that they have the most advanced identity and access management capabilities including privileged identity management and identity governance what's the most suitable option in this case for the highest degree of control the company should go with either the premium P1 or P2 Edition the version to pick would depend on the company's specific needs in budget in either case they would find it easier to set Rule and role based permissions that make it easier to handle many users without the additional time commitment as you've just observed there is no single perfect version of azure ad and choosing the right addition is crucial for any organization that wants to manage user identities and access to Applications effectively it's important to evaluate your organization's needs and budget to determine which addition is the best fit have you ever felt frustration when wanting to log into an application at work but you forgot your username and password there is also a heightened awareness of cyber crime and you're encouraged to change your passwords regularly but by logging into various apps and services every day you run the risk of forgetting your credentials or exposing them because you keep a record of them in a Word document or on a piece of paper at your desk here Azure identity is a solution that manages this process and saves time for businesses previously you examine the process of transitioning from active directory or ad to Azure active directory or aad you also explored aad additions with some use cases when transitioning now it is time to discuss Azure identity specifically you'll learn about the different available identities and various ways to create an identity let's Define identity identity refers to the unique digital representation of a person organization or service it plays a critical role in cloud computing in authenticating and authorizing resource access Azure has many types of identities such as user identities service identities and and device identities let's begin with the user identity user identities are associated with a specific user account and are typically used to authenticate access to Azure resources for example Sam Scoops has a website that allows customers to order ice cream online to access the website customers must authenticate themselves using their user identity essentially this means that a user must present a form of identification linking them to further correspondence various types of identification include a personal phone number a personal email address an authentication app linked to a phone and a social media account once a reference to an individual is established the user can then log into their aad portal using this identifying element and a password using this approach has the Dual benefit of esta a lishing a unique reference for the user it is also a form of validation if the user is accidentally locked out of their account the second identity type is a service identity applications and services use service identities to authenticate and authorize access to Azure resources refer to the example of Sam Scoops the ice cream shop may use a chatbot service to handle customer inquiries here the chatbot service uses its identity to access Sam Scoops Azure resources such as the customer orders database alternatively Sam can Implement an application that requires real-time information such as weather updates so Sam configures a bot with the authorization to make requests from an external Source a service identity might also be an application that is authorized to make requests on behalf of of a user these are referred to as service principles you'll encounter specific examples of service principles in action later on the last identity type to focus on is device identity a device is a piece of Hardware like a mobile device laptop server or printer a device identity gives administrators the information to use when making access or configuration decisions there are three ways to set up the device identities in a ad the first setup option is azure ad registered devices these are devices that are registered to work on a system workers often bring their own devices to interact with the company's system and these two should be registered an example of this is using your mobile phone for multiactor authentication or MFA an alternative option is to set up device identities through Azure ad joined device this is a device that requires organizational credentials for Access typically this would be a company-owned device such as a work laptop that an employee will use during their employment finally hybrid Azure ad join devices are registered devices with an on premises ad that are configured to interact with the aad and gain the associated benefits but how do you manage these identities managed identities is an aad feature allowing the creat ation and management of resources without needing to maintain the secrets credentials certificates and keys often used to enable communication between Services once Azure ad authentication is granted to a resource it can be configured as a managed identity so resources can access the application without using credentials note that the credentials are not known to the developer managed identities come in two forms forms with aad system assigned and user assigned with system assigned an identity is automatically created with aad when the resource is created the resource uses its credentials to communicate directly with the aad on creation it is authorized to interact with one service a good way to think about this is to consider an application created to interact with a virtual machine performing a particular function the system automatically links the application with the virtual machine which exists for as long as the virtual machine exists if the virtual machine is destroyed then the application is as well the user assigned feature is a standalone aszure resource that can be authorized to interact with one or more services or multiple Azure resources as a result its resources are not tied to one application so it must be manually deleted if it is no longer used in this video you learn that identity management is crucial to cloud computing Azure provides several options for managing identities such as user identities device identities and service identities where authorized applications make requests on behalf of a user known as service principles additionally managing an identity can be done by either system assigned or user assigned functions this will cause them to behave differently by now you should know that as your ad designates different types of identities for system entities that interact with resources but what happens when someone outside of the organization needs access to these resources as well for example imagine that Sam Scoops has decided to use a payroll automation service this service needs certain data to function such as records of the shifts worked by employees but Sam wants to feel confident that other data remains inaccessible fortunately as you'll soon find out Azure ad offers a solution that makes this possible in this video you'll find out how to distinguish between internal and external identities in Azure ad you'll then be introduced to B2B and b2c two additional Concepts to help you understand how a company interacts with external identities these terms are the shortened forms of business to business and businesses to customer respectively but first let's revisit the idea of identity previously you discovered that different types of identities exist for different tasks you explored three specific identities which are user identity for the authorization of users device identity for the authorization of devices and service principle for the authorization of applications and services when created from within an organization these all represent examples of internal identities however identities can also be classified as external entities which represent entities from outside the organization so let's find out more about these external entities ities they can be either customers such as individuals who purchase your product or service or they can be with businesses business relationships can go both ways as an external company might use your services or your organization may use theirs the terms used to represent these external entities as you were introduced to earlier are b2c and B2B recall that entities refer to everything that could relate to your system including users devices applications and services external identities are representations of actors that interact with your system from the outside this can include collaborators suppliers vendors or SAS applications further this would include any customers that use your forward-facing application in Azure ad external identities consist of the following capabilities B2B collaboration B2B Direct Connect Azure ad b2c and Azure ad multi-tenant organization now let's explore each of these in more detail B2B collaboration refers to working with external entities by letting them use their preferred identity to sign into your application or other Enterprise applications this includes SAS apps custom developed apps and more B2B collaboration users are represented in your directory typically as guest users the guest user will be prompted to create or use an existing Microsoft login B2B Direct Connect is for establishing a mutual two-way trust with another Azure ad Organization for seamless collaboration B2B Direct Connect supports direct connection between businesses this enables external users to access your resources within their home instances and the organization to access theirs B2B Direct Connect users aren't represented in your directory but are visible from within and can be monitored this connection needs to be established with great care as you provide external access to resources and will not have the same level of vetting as when dealing with inside parties Azure ad b2c is a means for businesses to to provide secure authentication methods in establishing the identity of customers accessing applications and services of the business the focus of b2c is less collaboration focused instead the goal is to get customers to consume a product that uses Azure Based Services this approach allows for the identity provider to be any email or acceptable social media account BTC allows the creation of an identity on the site separate from any existing social media account however access gained this way only enables interaction with a given application or service created and finally Azure ad multi-tenant organization allows for collaboration with multiple tenants in a single Azure ad organization via cross tenant synchronization this is a means of bypassing the division of resources within various Azure tencies by providing a regulated method for interacting with services and resources recall that a single tency is a self-contained division of an organization's resources multiple tency allows a company to better distribute the spending of resources and asure AD multi-tenant organization facilitates this division with the ability to share some resources when required there are several ways that you can invite a user to join the organization you can use direct messaging to create an invite guest Link in the Azure portal and email it directly to a guest alternatively you can bulk invite guests using Powershell this is a command line interface that you can use to write scripts that can perform batch operations like sending messages to multiple emails at once finally you can pre-approve several self-service sign-ins and provide the Link at a Central site like GitHub in this video you were introduced to external identities as they apply to B2B and b2c relationships you've discovered that identity management in Azure can impact the security and efficiency of an organization's operations Sam Scoops can ensure that the resources and data are secure and well managed by understanding identity types the role of devices and the management options for external entities and service identities begin in the riew section of the Azure portal from here scroll to the bottom of the page and you'll arrive at a section labeled quick actions select the add user icon in this section to open a form where you can add the details of a new user at the top of this form you'll find options for create user and invite user Make sure to choose create user in this case if it is not already selected moving down to the identity section there are boxes for entering personal information specifically a username account name and the person's first and last names note that the username and the name fields are compulsory you'll need to assign a password to the account and you can choose between letting Azure autogenerate one for you or manually entering your own let's keep the autogenerate password option but make sure to take the show password checkbox so that this password is visible scroll down the page to the groups and roles section select the link that reads zero groups selected a panel will pop up on the right side of the screen this contains a list of predefined groups here you can TI the box for the user administrator you also have the option to select a role for the user if it's required the last part of the form asks you to fill in the user's job information let's set user administrator as the job title it Department in the department field and Sam Scoops for the company name and that's it you can select create to confirm the new user account to verify that this was done correctly let's select users from the sidebar of the Azure portal homepage and find the new user in the list select it to reveal the user's details good work completing identity services by reaching this point you should have a good grasp of what Azure active directory is and understand the value it brings in helping an organization manage access to their resources before you move on to exploring the features of azure ad let's summarize the topics you've learned about this week you began by familiarizing yourself with the goals of this course and setting your expectations a key step you took was setting up a free Microsoft Azure account which gives you 30 days to access all Azure services at no cost including those that will come into play during this course you were then introduced to Azure active directory or Azure ad a cloud-based identity and access management service you found that a major motivation for using it is that in comparison to an on premises active directory Azure ad automates many tasks saving time while enabling safe interaction with SAS you learned about the process for migrating an organization from an on premises ad to Azure ad which includes assessing the objects to be migrated and their dependencies syncing the two directories migrating users and groups and migrating applications and services you also got an overview of some major tools for managing users groups and devices in Azure ad this includes Microsoft in tune for configuring devices and setting compliance policies ad connect for synchronizing Azure ad with an on premises active directory and Azure ad Connect Health for monitoring the synchronization status between Azure ad and AD connect you then found out why it is important to manage users and groups and previewed how you can do so in azure your ad you should know that user access needs frequently changed because of the organizational life cycle this relates to the idea that a user will need different permissions when they are on boarding at a company during change or expansion of their role and when they leave the company fortunately there is azure portal a web-based interface from which you can perform administrative tasks such as creating and managing users and groups this makes it easier to change a user's access as instead of updating all permissions individually you can simply modify their group membership and the user will inherit all permissions and restrictions of the new group Next you became aware of the different additions of azure ad that are aimed at different business needs this consists of the free edition that provides basic management and authentication functionalities The Office 365 version that adds group management and self-service password reset the premium P1 Edition that includes Advanced security features like Dynamic groups and conditional access and the top-of-the-line premium P2 Edition that allows for identity management across directories and detection of identity-based attacks you then examine several different business scenarios to highlight how each addition aligns with different needs and to help you determine when it may be beneficial to upgrade from one addition to a more advanced one finally you learned about the concept of identity as it applies to Azure ad you found that this plays a critical role in how Azure ad determines access to resources for different entities and can be split in several ways for one identities can be users devices or applications and services further more you have internal identities that refer to entities created from within an organization and external identities that relate to entities outside of the organization you should also be aware that identity can be established with a centralized Source such as azuread or OCTA however you can also use decentralized identity providers perhaps you've used an email provider or a social media account to gain access to another account these would be examples of decentralized identity providers once identity is established the scope of access can be determined recall that scope relates to how much of the system is available this is significant when it comes to interactions with customers and other businesses who may need access to your resources or applications with this information in mind you discovered how exactly you can create an identity in aure ad which you then practiced in an exercise by finishing identity Services you now know what Azure ad is the advantages it has over an on premises active directory and what to consider when choosing the most suitable version for a given business or organization you're now ready to learn about how authentication Works in aure ad nice work you've recently bought bought a new laptop you have completed the device setup and now require Office 365 so you download and install the package from experience you dread signing into the individual applications you intend to use but you go ahead and successfully enter your account details in your email app and move on to the other applications this time to your surprise Outlook automatically signs you in as well as for word excel and PowerPoint what you used to be a long process is now a seamless one that saves time in a similar way Azure ad has a feature that enables extensive access after signing in once in this video you'll focus on authentication rooted in the example of Sam Scoops Additionally the concept of single signon or SSO will be discussed as a convenient solution that is secure and saves time this is due to a single login process to gain access to multiple applications and services so let's begin with Azure active directory or aad and how it can be used to secure access to resources in an organization to make this concept more tangible let's review Sam's progress in securing safe access to the resources of Sam's Scoops first why might Sam need aad and specifically authentication as Sam Scoops has grown more employees have been acquired so the new employees are now provisioned with access to specific resources like the point of sales system Inventory management system and employee schedules Sam acting as the it administrator wants to ensure that only authorized employees have access to resources that are needed to complete their function she wants to control who gains access and when this is where aad and Authentication come in it's a cloud-based identity and access management service that allows organizations like Sam Scoops to manage access to their resources authentication is verifying a user's identity before granting appropriate access to a resource it's important to be mindful when limiting how a resource is accessed that the limitations are not restrictive to employees workflow this is always a security consideration when designing Safe Systems consider a scenario where an employee uses a device at a restaurant table to load an order but must first sign in the employee then goes to another device that sends this order to the kitchen and signs in again finally once the check is created the employee must sign in for a third time to verify retrieve and process the customer's payment this multiple sign on process slows down the efficacy of the employee there is a secure solution in as assure that minimizes logging in multiple times Azure ad has a helpful feature known as single sign on or SSO that is beneficial to Sam Scoops this aad feature allows users to sign in once and access multiple applications without having to sign into each one individually this can be especially useful for organizations like Sam Scoops where employees require access to multiple daily resources so when employees use applications to take orders manage inventory or access company computers they can be provisioned so that only one sign on is needed to understand the benefits of SSO consider the experience of Sarah an employee at Sam's Scoops as she begins her shift she logs in once to aad and gains instant access to various resources immediately Sarah can process customer orders using the POS system check in on the inventory management system and access company computers effortlessly with SSO Sarah no longer needs to remember multiple sets of credentials or waste time logging in individually to each application this streamlined access improves Sarah's productivity and enhances the overall efficiency at Sam scoops in addition to simplifying the process for employees to access resources SSO can also improve security when employees must sign into each resource individually they may be more likely to use and reuse weak passwords because they must remember many different ones with SSO employees only need to remember one password encouraging them to use stronger passwords and reducing the risk of password related security breaches SS so can be configured so that a single login gives a user access to all Affiliated services or unlocks all Affiliated devices depending on how the system is set up Sam would need to configure her applications to use aad as the authentication provider to implement SSO then users can sign into aad ones and access all the applications configure to use aad as the authentication provider later you'll discover how passwords can be managed from the cloud regardless of where they are stored on premises or on the cloud having a centralized location is useful because you can set policies that determine the type of password and additional conditions such as elements like time-based restrictions furthermore you will learn about conditions that can be placed on passwords to limit the user or Force the user to perform extra verification steps these restrictions can apply to the individual or a group of individuals depending on the assignment in this video you learned that authentication in aad can be an important tool for securing access to resources in an organization by using authentication and SSO you can ensure that only authorized employees have access to business resources through a single login process so they can access them easily and securely allowing time for more productivity a business might start with a simple active directory which is an on premises setup storing a record of the devices and users that are present as the business grows with an increase in staff and devices it is equally important that the business's security perimeter develops from simple steps to a progressively more complex solution at some point the business might take the plunge and opt for a cloud-based presence this does not mean that the on premises directory needs to be abandoned instead it can be incorporated with the cloud-based one and live in tandem this is known as a hybrid directory which is a combination of both cloud-based and on premises active directories in this video you'll explore hybrid identities which is an important concept to understand as organizations increasingly adopt cloud-based Solutions while still maintaining on premises systems remember when Sam Scoops made the transition from using an on premises active directory or ad to the cloud-based Azure active directory referred to as aad a hybrid identity is a type of identity and access management or IM am that combines the on premises ad with the cloud-based one what this means is that users can authenticate against both their on premises identity infrastructure and have the option to do so against the cloud-based ad a hybrid system is favorable for an organization wanting to keep its existing ad while benefiting from a cloud-based one for example an organization uses an on premises directory like active directory to manage their user accounts and permissions but wants to additionally incorporate some cloud-based services like Microsoft 365 or Azure this gives an organization extra stability for Serv Services by maintaining an active and up-to-date backup in case there is an issue compromising the cloud-based ad and vice versa so how does authentication work with a hybrid identity when a user attempts to access a resource their request is sent to an authentication Service that determines whether to authenticate the user against the on premises infrastructure or aad this service is responsible for routing Authentication request to the appropriate identity provider the extent of what can be accepted as an identity provider is determined by the administrator during configuration to maintain a hybrid identity there are several tools that organizations can use including Azure ad connect and Azure ad Connect Health as previously discussed Azure ad connect is a tool that allows organizations to synchronize on premise identities with aad Azure ad Connect Health provides monitoring and Reporting capabilities for the synchronization process and can help diagnose issues with the synchronization another tool that can be used in conjunction with ad connect is azure ad pass through authentication it allows users to sign into both on premises and cloud-based resources using a single password so how does AD pass through authentic authentication work a user attempts to sign into an application or resource that is protected by aad the devices are specific to the company but in relation to Sam Scoops it could be a company phone or a tablet capturing orders aad then forwards the authentication request to the Azure ad connect agent which is installed on the on premises ad and responsible for authenticating the user the azure ad connect agent forwards the authentication request to the on premises active directory domain controller or ad DC this is an on premises server that's tasked with managing user accounts next a token is generated once the domain controller has authenticated the user against its own records it contains information about the user's identity and authentication requirements the encrypted token is then sent back to the Azure ad connect agent which forwards it to aad in an effort to promote user credential security and reduce the risk of credential theft as your ad pass through authentication does not store user passwords in the cloud instead the on premises active directory domain controller authenticates users and verifies their passwords as you're a application proxy is another tool which can be employed it offers organizations a secure and convenient way to publish on premises web applications to external users users can access applications from any location through the use of azure ad application proxy these are on premises services like payroll and storage using the Azure ad signin format there are also some draw backs to maintaining a hybrid identity maintaining a hybrid identity requires additional infrastructure and tools and this presents an increase in complexity and cost additionally it offers more surface space or potential points accessible to hackers in the security setup for a security breach that targets either the on premises or cloud-based system an organization's needs and goals inform the decision to maintain a hybrid identity while there are additional costs and complexities this is balanced with increased flexibility and the ability to take advantage of cloud-based services with the existing on premises infrastructure in this video you discovered some benefits of hybrid identities that make it an appealing solution for companies stuck between on premises and cloud-based systems it is useful having an on premises ad as a backup to the cloud-based aad for any unfortunate incidents causing issues or data loss the advantages must be balanced with an informed understanding of the risks and proper configuration settings in maximizing the benefits as mobile phones evolve so do their security features how many times do you unlock your phone in one day now think back to when entering your PIN was the only option to unlock your phone then this progressed to selecting and drawing a pattern nowadays these security features are still present but are not the most secure if used alone and are often used as backup measures the fastest most convenient and unique identity verifications are fingerprint scanning and facial recognition today this is used to unlock your phone or approve mobile transactions and changes previously you focused on how active directory or ad can help Sam Scoops by facilitating the access for device registration and user authorization through single signon or SSO Azure ad allows organizations to authenticate and authorize users to access company resources and enforce security policies to protect these actors recall that actors relate to people devices or Services wanting to interact with the network authentic indication establishes that a user is a legitimate entity on a system by determining an identity password protection is time honored so essentially it has been a historical way of doing things since the beginning of computers and has still done this way today in this video you'll explore these alternative methods to increase security for not only digital assets traditionally but more recently through biometric data on phones this this reduces the obstacles for legitimate users gaining easy access once a device is registered on the ad authorized users can access it using their ad credentials this eliminates the need for users to remember multiple usernames and passwords and ensures that only authorized users can access the device in addition to the ease of access register devices onto the ad provides greater security by only engaging with authorized users you control access and prevent negative fallouts from a breach such as damage to a company's reputation as discussed earlier active directory Federation services or adfs enables the communication between AD and Azure active directory or aad and other identity providers users can access SAS and other cloud-based benefits by using Microsoft Azure aad offers several Advanced authentication Technologies including biometric features such as facial fingerprint and Iris recognition one useful service available to aad users is Windows hello for business it's a biometric authentication technology on Windows devices Windows hello biometric uses sensors to capture the user biometric data which is stored on the device for future verification use when the user needs to authenticate the biometric data is compared against the stored data to verify the user's identity biometric data has its pros and cons first let's go over the benefits using biometric data for authentication can positively impact Sam Scoops by offering an additional layer of security passwords can be compromised if they are weak or by exploiting an employee through deception to retrieve their password the devices used in the day-to-day activities of Sam Scoops can be used to gain access to the network however using biometric data eliminates this issue because access depends on a physical aspect of the actual user using biometric data is convenient because you don't have to remember and input your password it could be as simple as touching a keypad or scanning your iris handsfree it adds a different layer of protection remember that risk-based authentication or RBA uses contextual information and calculates a score determining whether a user's activity is unusual or different the presence of biometric access can Aid in this process if the RBA identifies that some user activity has deviated from the the standard pattern it can raise a flag requiring additional authentication such as biometric signals while a password may be lost a hacker might have more obstacles if prompted to provide some biometric aspect of a person despite the many advantages there are drawbacks to using biometric signals the system could generate false negatives this might be due to poor signal Hardware recording or the user changing their appearance the hardware to record such signals can be costly and involves configuring a system this sign on approach may be considered restrictive to workers who may have a disability affecting fingerprint Iris or facial recognition finally using biometric signals requires recording personal information from a worker this might be considered as invasive in this video you realized that authentication is ident identifying a person to determine if they are a legitimate system user knowing the appropriate password conveys legitimacy this video outlined other forms of authentication such as biometric data this uses a physical trait such as the structure of the face Iris or fingerprint that is unique to a legitimate user you then explore the advantages of biometric data with some of the drawbacks of implementing this method however users benefit from the ease of access without worrying about compromising security you may be familiar with banks that have vaults often underground or hidden where safety deposit box are stored with client documents money or other valuables these vaults are fireproof as added protection and have sophisticated systems in place authorizing access to certain personnel with clearance think of password vaults in a similar way they are centralized virtual locations that store sensitive information for organizations they not only offer protection in the event of unexpected damage but also convenience and peace of mind in this video you'll learn about what password vaults are and their role in securing access to critical resources in an organization you'll explore how password vaults can be used to protect sensitive password information and how they can be leveraged successfully the discussion uses the experience of Sam from Sam Scoops to help you gain better understanding specifically you'll focus on who in the organization uses password vaults the type of information that is stored the areas that are protected how this approach Compares with other authentication methods and the pros and cons of password vaults so what are password vaults pass password vaults are digital locations that can store Secrets keys and certificates secrets are sensitive information such as passwords or API Keys typically they consist of a combination of letters and digits keys are either public or private and are a major element of cryptography they are means of encrypting data that is sent or decrypting information that is received this is important in keeping sensitive of information private because if a key is revealed it can be applied to encrypted data which allows non-authorized users access to information they should not have certificates are digital documents with sensitive information that can be used to verify an entity's identity it is commonly used in communication settings so Secrets keys and certificates are sensitive bits of information and if they are compromised it can cause a lot of damage to an organization therefore you should Place High restrictions on who can access the password Vault this means that generally access is restricted to it administrators and other Personnel of high standing who are responsible for managing access to critical resources Secrets keys and certificates provide access to databases other sensitive information and cloud services in the context of Sam Scoops Sam might assign access to employees who are responsible for managing access to the Shop's inventory and financial systems here Secrets keys and certificates are all means of accessing important business resources such as the Shop's Point of Sales system Inventory management system and financial systems by securely storing and managing these in a central location password vaults help to prevent unauthorized access to these critical resources so how do password vaults compare to other authentication methods the use of vaults is neither a better nor worse solution than the authentication methods you've learned about while other methods such as biometric authentication Hardware tokens and sms-based authentication can be effective for securing access to resources password vaults provides ease of access in a simple and costeffective way the advantage is that no other Hardware or specialized software is needed when using password vaults password vaults are easy to implement and they run at a low cost even though password vaults have low maintenance costs the level of security isn't compromised because vaults are proven to be very secure in preventing unauthorized access and other issues like data breaches it is however a single single point of failure this means that in the event of a breach such as the master password being compromised then the extent of vulnerability or damage to the organization will be large there's a solution with Azure ad called Azure key Vault it's the Microsoft cloud-based password Vault service Azure key Vault can be integrated with Azure ad to allow users to authenticate and authorize access to secret stored in the vault as a Microsoft service it can incorporate password protection which is an example of cloud-based security this allows administrators to define a custom list of banned passwords and prevent users from using those passwords having the ability to enforce strong passwords is beneficial to an administration because it reduces the possibility for cyber attacks in this video you learned that password vaults are important for securing access to critical resources in organizations of all sizes such as Sam Scoops by securely storing and managing passwords in a central location password vaults can help to prevent data breaches and unauthorized access to resources this is achieved while providing a simple costeffective solution for managing access to data which can potentially be sensitive additionally with the use of a A's password protection the IT staff can ensure that users of the system maintain certain password standards when choosing and using a password to access the company's system you are now familiar with the concept of single signon or SSO which is a feature within Azure active directory one of the virtues of having an active directory is that it can be used as an identity provider this means that you establish your identity once and then it is used for further login requirements SSO is conveniently secure and saves Time by facilitating a single login process for a user to gain access to multiple applications and services you may think that one set of user credentials granting access to multiple applications isn't very safe in fact the strength of user passwords is often improved because SSO eliminates the temptation to create easily remembered or reused passwords this enhances the overall user experience saves time and boosts productivity it also lowers the risk of security breaches but how do you create a single sign on in this video you'll navigate the process of configuring SSO in Azure active directory so the credentials you use to access aad will be used to access a company application without the need for further verification the first step is to navigate to Enterprise applications now select a new application then in the search bar type in Azure ad saml toolkit this is the application that you need to configure select this application followed by the create button in the popup window samel toolkit is created by Microsoft and allows users to create an application for demonstrating single sign on ordinarily a user has created an application that they want to incorporate into their Network in this instance I'll utilize this existing application and configure it to my Azure active directory to demonstrate SSO once the application is created select setup single sign on next select the s to enter the required configuration then select the edit button to enter basic saml configuration inside of which there are three fields that need to be configured if it is not defined in identifier ID then add https colam toolkit. azurewebsites.net in the reply URL enter https enaml toolkit azurewebsites.net slam for/ consume finally in the sign on URL Place https colon forward saml toolkit. azurewebsites.net now that those are configured continue by selecting the save button at the top once the configuration is complete close the top window on the right and scroll down to samel certificates select the download button alongside certificate raw to extract the certificate note that this is a downloadable file that you will need later in the configuration process additionally scroll to the setup Azure ad samle toolkit section to copy three pieces of information login URL Azure ad identifier and log out URL it helps have a Microsoft Word document or notepad open to store these details use either of these applications to copy and store this information for later use the next step is to provision a user that the SSO is applicable to so navigate to users and groups and Select Plus add user group note that if you struggle to find the users and groups tab on the left menu panel then select Enterprise applications followed by selecting your application after selecting add user group search for the user you would like to gain access to in this demonstration I'm adding a user called Conor along with his boss Kim now select the select button it's time to configure the application itself so navigate to the login page here you can register by entering your email address creating a password and confirming the password note that the password has been configured to require one uppercase letter one lowercase letter and a symbol alternatively if you have already created an account then enter your previously saved details once you are logged in you are presented with a screen of instructions use the information from your aad to configure the application next select saml configur configuration from the menu bar once you are redirected into the SLE configuration page go ahead and select create to enter your details you already have the information for this next section recall the raw samle certificate and the three extracted pieces of information that was stored earlier insert this information with your application configured to your Azure ad you are provided with two further pieces of information that need to be added to your Azure ad configur ations these are the SP initiated login URL and the Azure ad identifier next to the SP initiated login URL select details to access the Azure ad identifier ensure that you save this information onto your Microsoft Word document or notepad then head back to your Azure ad configuration page so return to the Azure ad overview and once again select Enterprise and applications now select the Azure ad SLE toolkit inside the application itself select set up single sign on followed by the edit button in the basic SLE configuration section this is where I'll update the configurations add an additional entry for identifier entity ID and place the saved URL and the Azure ad identifier now add the other URL retrieved earlier from SP initiated login URL to the reply URL and sign on URL Fields now select save and then the system is configured all that's left to do is test the application there's a prompt that asks if I would like to test now I select yes in the window that opens I then select the test sign-in button I'm redirected to the login page but notice without being prompted for verification the connection identifier has been added selecting login opens a page that displays your information you should Now understand the steps involved in creating SSO with Azure ad you discovered that if your application is configured correctly then a successful test means you are not issued with a verification request when revisiting the login screen think about what goes into securing a location to prevent people from getting in when a city park is closed at night it's usually enough to put a padlock on the gate which can only be opened by Park staff but for something of higher consequence such as a bank vault expect additional and more sophisticated measures like a policy that limits which employees can enter this concept isn't limited to physical locations and you'll find that it applies to digital assets as well by the end of this video you will be familiar with the basics of multiactor authentication or M MFA in short MFA is the practice of requiring more than one check before access to a resource is granted today you'll explore how MFA works and why it is important in modern it security you'll also discover the steps involved for implementing MFA in Azure active directory and learn about some of the relevant features that are available so what is the security benefit of MFA to illustrate how it can provide Insurance in case something goes wrong let's first check in on Sam's Scoops in addition to the seaside shop Sam has an online presence where customers can order ice cream for delivery or pickup now Sam is concerned about the security of her business and the customer's personal information having seen the Fallout from some high-profile data breaches she knows it can damage a company's reputation when data leaks the progress of hacking and counter hacking measures means that passwords are not enough to secure her business anymore as you've learned earlier there are several things that can go wrong with passwords that compromise security for one passwords that are too simple can be guessed using a Brute Force approach recall that this is a trial and error approach to matching passwords with emails or usernames and it often finds success with passwords that are simple or that follow common patterns another issue is the ReUse of passwords if an email and password combination used for several accounts gets leaked those accounts may be compromised in other words if a hacker gets your social media password they may gain access to your email as well one more danger arises from fishing which can lead people to unknowingly reveal their passwords are the personal information used to create a memory able password this is where MFA comes in MFA is a security technique that requires users to provide two or more authentication factors to verify their identity these factors include something you know such as a password or pin something you have such as a phone or ID card or something you are such as fingerprint recognition or facial recognition one example of MFA in action is when a user tries to log into a banking app with a fingerprint and is prompted to supply a pin as well another example is logging into an email account with a password and then being asked to verify the attempt through the Microsoft authenticator app while MFA is a common security practice let's focus on how Sam might implement it in Azure ad as an administrator Sam can enable MFA for users choose MFA setting enroll users and use MFA for authentication aad provides a userfriendly interface that makes it easy to manage MFA and enforce security policies across her business in the Azure portal adding MFA is as simple as ticking the appropriate boxes and registering any devices that may be used devices address the something you have element of the MFA Trio when it comes to creating a suitable m fa policy for your organization there are a few important points to consider first it is essential to choose the right authentication methods for your organization this involves striking the correct balance between security and accessibility in this situation it is important to consider what is being protected for example a financial institution would apply stringent measures to protect customers accounts One Step may be the requirement of a complicated password with a timeout feature that automatically ejects the user after brief inactivity contrast this with Sam's need to take orders from a customer the point of sales device needs to be secure as it could be used as a gateway to Sam's Network however the constant use often in busy environments means that speed of access takes priority over security this might manifest as entering a pattern on the screen or something you know to authenticate the point is that it is fast to do but potentially not as secure as the other methods another important consideration is the users of the system these would range from administrators who have special privileges to the Hands-On employees who interact with the system in their everyday tasks staff will only respect and value a system when they understand why the need for the inconvenience exists this will avoid unforeseen issues arising like the staff of an it terminal with a high turnover leaving passwords written on sticky notes an administrator needs to have it expertise and an understanding of the policies that are required furthermore the daily use of such MFA practices should be routinely revised in this video you discovered that MFA is a crucial security technique that every business big or small should consider implementing it provides an additional layer of sec to protect sensitive data and systems from cyber attacks you found out how MFA can be implemented in Azure ad you should also be aware that when implementing MFA it is essential to consider what is being kept secure more security can often mean reduced usability so consider what is being protected and what the situation is when deciding whether to implement MFA recently you discovered that multiactor Factor authentication or MFA is a means of improving security but what determines when it happens and who is subjected to it what if MFA appears at the worst possible time like when an employee needs to log into a cash register during a rush with Azure ad you'll find that there are methods for controlling exactly that in this video you'll expand your MFA knowledge with two important Concepts condition access and risk-based access you'll find out how these approaches determine the need for MFA based on certain factors and how you can Implement these policies in Azure ad MFA was previously introduced as added security for protecting your identity by requiring two forms of identification recall that MFA could be found in one of three forms which are something you know something you have and something you are to protect their data access to the Sam Scoops Network might require a password as something you know a registered device as something you have and a fingerprint as something you are these approaches to security require additional devices or applications to Monitor and maintain them Azure ad offers an easy to use platform that allows easy integration of these checks so that Sam can focus on getting back to business as budding cyber Security Experts you should learn how to implement them carefully note that the MFA features of azure ad may be different depending on which addition you use Azure ad free includes basic MFA which can be configured with the Microsoft authenticator app SMS or voice call verification and email verification Azure ad premium adds Advanced MFA capabilities most notably access to Identity protection this provides conditional access policies which are an approach for limiting the degree of access to the network based on preconfigured requirements it also includes risk-based MFA a method for enforcing conditional access policies let's explore these Advanced features in more detail conditional access policies are essentially if then St statements in other words if a user wants to access a resource then they must complete an action for example a payroll manager wants to access the payroll application and must perform multiactor authentication to access it other common access requests that might require MFA include if a specific Cloud application is accessed if a user is accessing a specific network if a user is accessing a specific client application and if a user is registering a new device thus conditional access grants access only under certain conditions however it can be applied to individual users or to groups risk-based access is more directly associated with the login attempt if a login to the company network is from within the company location then it is considered a safer attempt if the attempt comes from an unusual ual location that employees don't typically log in from this might trigger an MFA request note that while Azure ad free includes MFA it limits the number of users and features available Azure ad premium offers more advanced MFA capabilities and is recommended for organizations with more complex security requirements now let's find out how you can create and configure a conditional access policy in Azure ad and how to apply it to specific users or groups in the left panel scroll down and select properties at the bottom of this page select the manage security defaults link and make sure that the security defaults are disabled next select Security in the left panel select conditional access on the left and finally select create new policy at the top to open the page for configuring a new conditional access policy in this case let's apply the policy to an individual user under users select the line that reads zero users and groups selected with the include tab selected Mark select users and groups and tick the box for users and groups this opens a panel where you can choose specific people or groups to add so let's select select a user note that for this tutorial this should be a self-created user account for which you know the password select the link under Cloud apps or actions and make sure to mark all Cloud apps so that the new policy will apply universally next select the link beneath Grant and take the box beside require multiactor authentication on the right you'll need to give the policy a name so let's keep it simple and call it multifactor to make everything wonderful make sure to also change the enable policy option to on instead of report only when you're ready select the create button you'll return to the conditional access page and a box appears in the upper right to notify you that the policy was created successfully now it's time to test out the new policy sign out of your Microsoft oft account and then sign back in using the email address associated with the user that you selected earlier enter the password and you should be prompted to provide MFA for additional verification in this case The Prompt requires a number to be entered in the Microsoft authenticator app of a registered device once you complete this step you should be able to enter the account next let's find out what happens when this user is removed removed from the policy back in the admin account select view all policies from the policy snapshot block of the conditional access page select your newly created policy and Mark none in the users section save the changes and sign out from the admin account sign in once again as the same user as before you'll need to enter a password but notice that MFA is not triggered this time in the this video you added to your knowledge of MFA practices with an understanding of what risk-based and conditional access are and how you can create and configure a conditional access policy in Azure ad imagine how you'd respond if you lost a key to the safe that contains all your valuables you might be relieved that the safe itself remains uncompromised but not knowing its whereabouts or whether it will be used without your knowledge can be a stressful experience in a similar way losing a device that can access your accounts doesn't cause direct harm but it can increase the likelihood of unwanted outcomes in this video you'll find out what happens when a device that is used for MFA is lost or stolen specifically you'll become aware of the security risks that this causes protective measures that an organization can Implement and steps to take after a loss to minimize the possibility of unauthorized access so what are the the risks of a lost or stolen device think of it like the loss of a wallet when this happens it means the loss of control of your credit cards IDs and other personal information if someone else finds it they can use that information for their own gain such as using the cards or even committing identity theft in the same way when a device configured with MFA credentials is lost there is a risk that it can be used for malicious purposes this can potentially compromise your organization's security as it is a means of accessing a company's Network this may sound like a lot of bad news however a loss device doesn't equate to a breach as other fail safes exist an organization can follow practices and Implement features in Azure ad that act as additional safeguards these include strong protection to ensure that unauthorized individuals do not easily use the device conditional access to ensure the device will only work under the right circumstances and Azure identity protection which initializes aad with the cloud-based application that monitors and protects your device through machine learning let's explore each of these Concepts and their benefits in more detail strong protection relates to requiring robust unique passwords and monitoring user activity depending on what access the device might Grant you might establish some obstacles like a password if this gives much access to the network you can initialize additional MFA Security checks like biometric checks or a second device before access is granted conditional access can help track and limit user access reducing the risk of stolen credentials if an unauthorized user is using the device then there is a chance that it will deviate from normal usage patterns or violate some access conditions imagine an employee makes a request with an unregistered device for access to resources not commonly used even though this is a legitimate request the unfamiliar context is enough to trigger an MFA prompt finally Azure identity protection is a Microsoft cloud-based service that uses machine learning an advanced analytics to identify a device's user and raise a flag when the use of the device deviates from what is expected this is done by analyzing an established user pattern and comparing it to the current usage if an anomaly is detected Azure May respond by requiring additional verification the metrics used to train the model include features like login location and frequency device type and in the times when the system is typically accessed in addition to monitoring activity for suspicious events it monitors repeated failed login attempts attempted access from unfamiliar locations and patterns deviating from normal usage now let's say your device has gone missing and your organization didn't Implement any of the previous protective measures what's next fortunately you're not in danger just yet there are still things you can do to mitigate risk in the event of a lost or stolen device Azure ad features self-service password reset which allows users to reset their passwords manually this can be done without the device needing to be present it's like having a spare key to your safe in case you lost the original however once you regain access to the safe it is best to change the locks once you have regained a means of accessing a system you can then disable the devic's access to your system in fact it is good practice to monitor how devices are interacting with your system note that every usage will come with a timestamp and Microsoft recommends that stale devices are removed a stale device is one whose timestamp shows that it has been inactive for an extended period device activity can be monitored under conditional access which can be configured to trigger an MFA request for devices that have not been used recently in this video you discovered how MFA procedures can help when your devices lost or stolen you can mitigate loss or stolen devices by establishing strong identity procedures configuring your devices with authentication steps and monitoring activity this way the organization's safety can be ensured even when the devices protecting them are lost if these measures are not taken before a device is lost you can fall back on self-service password reset which enables an authorized user to access their account without a registered device however as with any security situation it's better to apply safeguards before an incident rather than after have you considered how much time is spent online working digitally and remotely with so many tasks happening across numerous applications and services it can be troublesome trying to remember several different passwords so it's easier to use the same password every time even though it compromises your password security but what if you have to reset your password so much time is wasted between contacting your administrator and awaiting the password reset to be actioned especially if it's after it working hours this not only tests your patience but hinders your productivity as your active directory has a solution called self-service password reset or sspr it gives users the ability to change or reset their password with no administrator or help desk involvement if a user's account is locked or they forget their password they can follow prompts to unblock themselves and get back to work this ability reduces help desk calls and loss of productivity when a user can't sign into their device or an application in this video you'll learn how sspr works and how it applies to both an on premises ad and Azure ad keep in mind that a password changed on the cloud will also be altered in an on premis setting this is called password writeback or simply write back this feature further supports it Administration by automatically syncing passwords that are changed with an on premises setup there are various systems and applications in which sspr can be implemented so it's quite a versatile solution for many organizations specifically you'll unpack the scope of sspr and Azure ad connect Cloud sync which is a lightweight tool that enables an easily configured password write back from Azure active directory or aad to the on Prem active directory or ad let's start with the scope of sspr which is Broad and can vary depending on the organization's specific needs sspr is most commonly used in Enterprise environments where many users and multiple applications or systems require authentication this makes sense if the organization is small because then it doesn't require the configuration of a self-service password reset set it is possible to configure sspr to accommodate a range of devices and applications such as desktops laptops servers and mobile devices once sspr is configured you can link it with a range of validation checks including a security question which is only known to the user and is used as a prompt for triggering sspr email or SMS verification which the user possesses via access to an email or a mobile phone number this is linked during the setup process and biometric authentication which concerns the actual user biometric authentication requires the company to have a means of checking the biometric match recall that Biometrics uses a physical aspect of the user like the iris facial recognition or a fingerprint it's important to ensure that the degree of authentication suits the part of the network being accessed a company dealing with sensitive data like a bank ensures that the access steps required for sspr are more stringent this means there may be two validations for access to sensitive customer data or financial information previously different aad additions were unpacked your selection of an aad Edition impacts the degree of sspr functionality available while all additions of azure ad support sspr the number of sspr authentication methods available may vary depending on the addition so the free version of azure ad only offers cloudon user password change Microsoft 365 app Edition provides password change and reset however this is not synced with an active directory the top tier editions Microsoft 365 business premium and Azure ad premium P1 or P2 achieve this by additionally offering the hybrid password change or reset with on premises right back many companies wish to maintain an active online directory such as aure active directory and an on premises active directory to despite the many advantages that you explored previously there are some configuration challenges when creating an sspr for your organization on the free Azure ad it is impossible to sync the rest of an ad password as mentioned earlier password writeback is the practice of syncing password changes made online this is implemented by using two Microsoft Services a connect and AD connect Cloud sync so users are able to maintain compatibility between aad and on premises ad through ad connect ad connect Cloud sync is a lightweight variant of this tool that syncs aad and AD sspr ad connect Cloud sync has the advantage of a lightweight easily implemented and configured infr structure it can be configured to write back any sspr changes made on the cloud with your on premises ad ad connect however has extra available features such as merging attributes from multiple domains or support for device objects in this video you learned what self-service password reset or sspr is it is a crucial feature in modern organizations that improves user experience and reduces the workload for it support sspr can be implemented in various systems and applications when configured with ad connect Cloud sync facilitates password changes back to the on premises directory making it a versatile solution organizations need to consider the available sspr features and Licensing restrictions When selecting an Azure ad addition azure ad self-service password reset or sspr gives users the ability to change or reset their password with no administrator or help desk involvement if a user's account is locked or they forget their password they can follow prompts to unblock themselves and get back to work this user control reduces help desk calls and loss of productivity when a user can't sign into their device or an application this video expands on sspr you'll observe a demonstration of how to configure sspr on the cloud to allow a user to reset their password this will be done with Office 365 to carry out the steps you must be logged in as an administrator and have an Azure ad premium P1 license at a minimum let's explore self-service password reset in more detail sspr works in the following scenarios password change is when a user updates the password to something new password reset is when a user can't sign in perhaps they forgot the password and want to reset it account unlock is when a user can't sign in because their account is locked out there's a diverse range of acceptable methods when configuring sspr these include mobile app notification mobile app code email mobile phone that's an SMS only service office phone and security question what is important to remember here is that when a new user is registering and they want to be able to perform sspr then the authentication method registered during setup is what is used for sspr for example this could be a phone number used for mobile configuration however the security question method is available as a means of sspr but it is not a valid method for authenticating oneself during configuration you can choose how many forms of authentication are required when registry administrators are automatically sspr enabled but they must provide two forms of validation the reason is that an administrator would have more authorization to make changes to the network so a role with this level of influence must be closely guarded now it's time to learn how to configure sspr with your Azure ad go to Azure active directory from the overview menu on the left scroll down and select password reset the self-service password reset enabled function offers three options continue by selecting all then select the save button above it now select the authentication methods tab configure how many methods are required this is is done before the password can be reset one method is selected for this demonstration further down are the methods that are available to users take a moment to evaluate the various authentication methods that are available to the administrator go ahead and select the appropriate methods that the user can use by ticking the associated check boxes then select save note that the number and type of methods required for a reset are also configured here next select registration from the menu on the left a prompt displays to specify whether users are required to register when signing in here select yes the information the user enters is compared with the sspr you can also specify the amount of time in days before a person has to reconfirm their authentication information the default setting is 180 days the next step is to select the notifications tab this is where the user notification settings are the default setting dictates that users will be notified via email that their password reset has been triggered the default setting to notify admin users about any password reset change is set to no finally select the close button in the top right corner of this section so let's test that the sspr has been properly configured to do this visit the Office 365 login page and enter your email address now select forgot my password enter the characters in the picture or the words in the audio to complete the capture and select next on the following screen enter the recovery phone number that's listed and select text note that the type of prompt may vary and depends on which one is specified during the initial configur duration a one-time passcode or OTP is sent enter the OTP in the field that's provided and select next if the code is correct the password can be reset by creating a new one and verifying it this step includes a strength indicator underneath the first field that indicates how secure a password is it is recommended that any password contains a minimum of eight characters and a maximum of 2 56 characters Additionally the password combination must be made up of lowercase letters uppercase letters numbers and symbols avoid referencing your surname when creating passwords finally select finish in this video you learned how to configure Azure ad so that self-service password reset is enabled you are also introduced to acceptable validation methods and how to configure this for authentication later finally You observe the steps to test that sspr is correctly configured today signing into online accounts requires authentication ultimately you're proving to the service that you are who you say you are traditionally that's been done with a username and a password but with the evolution of cyber crime that's not sufficient anymore usernames and weaker passwords are easier to guess strong longer passwords are difficult to remember so the chances of forgetting your password or being prompted to update it are quite high it's important to understand the requirements and the options available to you when trying to reset your password in this video you'll discover various ways to reset a password these methods include resetting your password after sspr has been created for you the output of attempting to perform sspr and it is not configured having an administrator reset your password with anticipated error messages and remediating the problem and issues experienced with writeback additionally you'll also cover password policies that you're likely to encounter consider the following scenario where you the user must reset your password you have attempted to reset your password you first select login to the Azure portal here multiactor authentication or MFA is used so upon entering your phone number you receive further information depending on how the alternative authorization steps have been set up you are expected to either action entering a one-time password or OTP from an SMS on your mobile phone or entering the code displayed in your Microsoft authenticator app so what is Microsoft's password policy during this process Microsoft provides feedback on the quality of your password strength a password is only accepted if it conforms to specific features recall that deciphering or breaking a password is a lot tougher when the password is made more complex by using letters numbers and symbols a password with only a few lowercase characters is easy including numbers and symbols strengthens a password against brute for Force attempts so a conformed password is more secure other password policy features that might be enforced include history which prohibits passwords used in the past age which forces a change after a specified amount of time length which requires a minimum number of characters and complexity which involves a combination of letters numbers and symbols it is important to remember that password reset has to be configured the administrator is responsible for enabling the system to perform sspr and the user is responsible for providing Alternative forms of authentication if a password reset is required after successfully using the MFA validation method you can change your password and enter the system however if you're unsuccessful you may receive an error stating that your password cannot be reset it means means that password reset has been disabled for the directory and that you are not a global administrator Global administrators are permanently configured to have access to password reset you could alternatively contact your administrator at this point a screen for validation is prompted with felds for your email or username and a capture code capture is a random short phrase that distinguishes you from computer bot having confirmed that you're a legitimate user by filling in the capture your request is forwarded to an administrator the administrator is notified and resets the user's password a new password is then assigned to the user the password starts with a capital letter has a variety of numbers and then some lowercase and uppercase letters it contains eight elements now when the user attempts to log on a screen appears confirming that a temporary password is assigned there's a button labeled reset password and a field with a temporary password after initially using the temporary password the user is presented with an opportunity to reset the password but what if you're using a hybrid environment consisting of an on premises active directory and a jur a you may need to reset your password because it isn't correctly synced in the hybrid envir environment this is a known writeback issue and can be caused by connectivity issues where an error in resetting a password is issued because Azure ad connect sync stopped working authorization issues Azure ad connect sync may not have the correct permissions to alter a password configuration issues where Azure ad connect sync was incorrectly configured between the two environments configuration issues may be due to incorrect ports are not adhering to a password policy in place in the on premises active directory in this case the password updates cannot take effect in this video you unpacked various ways to reset your password these methods include resetting your password after sspr has been created for you the output of when you attempt to perform sspr and if it's not configured having an administrator reset your password with the error messages you likely receive you are also introduced to issues relating to write back and covered frequent password policies nice job finishing active directory authentication during this week you were introduced to several important security Concepts in Azure ad namely the different approaches to authentication configuring multiactor authentication to add extra sec security and setting up a password policy that is both strong and convenient before you continue to the next topic let's revisit the key points that were covered within each of these Concepts you first became aware of the ways in which a user can be authenticated in Azure ad to gain entry into a system one particularly useful method you learned about was single sign on or SSO this feature saves time and effort by allowing a US user to sign in once and then access multiple applications and devices rather than signing into each one individually you found out how SSO can be set up through the Azure portal and you completed an exercise that you had to do just that other authentication methods you were introduced to include a one-time passcode sent to a user's mobile device and open authentication time-based onetime password or oath to P which generates tokens with a code that is valid for 30 to 60 seconds there is also fast identity online or phto which relies on Biometrics and device based Solutions such as Windows hello for business and Microsoft authenticator next you explored the concept of hybrid identities this is a type of identity that spans across both on premises and cloud-based directories you found that this is ideal for organizations wanting to use both types and Azure ad features synchronization tools that allows users to authenticate against one ad and gain access to resources associated with the other these synchronization tools include Azure ad connect Azure ad Connect Health Azure ad pass through and Azure ad application proxy however there are also some downsides to hybrid identi that you learned about these include the need for additional infrastructure and tools increased complexity and costs and more potential points of entry for hackers later you learned about password vaults and how they secure access to an organization's critical resources this is done with Secrets which are pieces of sensitive data such as passwords or API keys keys which can encrypt or decrypt data and certificates which are used to verify an entity's identity you were introduced to Azure key vault as one cloud-based password Vault service that can be integrated with Azure ad it can be combined with security features like password protection which enforces the use of strong passwords by Banning those which can be easily guessed on that note you learned just how easy it can be for hackers to access an account using a brute Force attack this is when the hacker uses a trial and error approach that is often successful with weak common or reused passwords in the second week you learned about multiactor authentication or MFA which is the practice of requiring more than one check before access to a resource is granted you found that MFA comes in three forms which are something you know such as a password or pin some something you have such as a phone or ID card or something you are such as fingerprint recognition or facial recognition recall that MFA can be triggered using conditional access or risk based access policies conditional access triggers an MFA prompt if an access request doesn't meet specific criteria while risk based access activates MFA if a risky interaction is detected as identified ifed by Machine learning you learned that when an MFA configured device is lost or stolen it can present a security risk however there are also steps that can be taken to minimize this risk this includes a preemptive measure like strong protection which is the practice of enforcing strong passwords and monitoring user activity organizations can also employ conditional access and Azure identity protection to help detect unusual signin attempts access can also be cancelled for lost or stolen devices or for stale devices which are those that have not been used to access the system for an extended period in the third week you became familiar with self-service password reset or sspr this allows users to reset their account password without involving the administrators for large organizations this reduces weight times and lost productivity sspr can be configured to require additional validation checks such as answering a security question verifying an email or SMS message or providing biometric data like a fingerprint you found that depending on the addition of azure ad used different sspr capabilities are available as your ad premium P1 and P2 offer the greatest convenience by featuring password write back which syncs on premises password resets to Azure ad finally you applied this knowledge to an exercise that tasked you with implementing sspr for a user group within Sam Scoops by completing active directory authentication you have expanded your knowledge of authentication specifically you should know how administrators can set policies that determine which authentication methods are used who is subject to them and what events or conditions will trigger them well done employees today often work remotely and have many ways to gain access to their applications services and data modern it departments within organizations often use both on premises and cloud-based solutions to provide users with convenient safe access giving them more control however as this ecosystem expands more users and devices request access to resources to stay safe against the increased risk an organization should take steps to increase its security posture it administrators are presented with the challenge of maintaining control to avoid data breaches conditional access policies are a more robust security defense line so if a user wants access then an action must first be taken this video focuses on conditional access policies in azour ad you'll examine the different signals or information that conditional access considers when making policy decisions the modern security perimeter now extends Beyond an organization's Network to include user and device identity organizations can use identity driven signals as part of their Access Control decisions the information obtained from these identity-driven signals may be the IP location or a list of users logged in conditional access brings signals together to make decisions and enforce organizational policies Azure ad conditional access is at the heart of the new identity-driven control plane the control plane refers to the part of the architecture responsible for managing and controlling operations conditional access policies at their simplest are if then statements if a user wants to access a resource then they must complete an action for example a payroll manager wants to access the payroll application and is required to do multiactor authentication to access it so essentially administrators are faced with two primary goals they Empower users to be productive wherever and whenever and protect the organization's assets creating a conditional access policy may sound daunting and where do you start conditional access templates make this process a bit safer and easier these templates offer a convenient method to deploy new policies that align with Microsoft's recommendations they are designed to provide maximum protection while following commonly used policies across different customer types and locations by utilizing conditional access templates you can apply preconfigured policies that align with industry best practices this saves you time and effort in defining policies from scratch these templates cover a wide range of scenarios and ensure you can Implement access controls tailored to your organization's needs there are four conditional access policy templates filtered by five different scenarios these scenarios include secure Foundation implements security measures to protect organizational resources and data zero trust verifies user and device access regardless of location or Network remote work provides secure access to resources for users outside the organization's Network protect administ administrators enhances security for administrators to prevent unauthorized access and emerging threats adapts access controls to mitigate security risks and vulnerabilities you can locate these templates in the Azure portal by navigating from your Azure active directory to security under conditional access you can select new policy from template preview here select show more to explore all policy templates in each scenario additionally conditional access templates are updated regularly by Microsoft to address emerging threats and enhance security this ensures that your access controls remain up to-date and effective in safeguarding your organization's assets by leveraging conditional access policies and the convenience of templates you can enhance the security posture which is the overall cyber security strength of your organization it also reduces the risk of unauthorized access and maintains compliance with industry regulations you'll explore the process of creating a conditional access policy using Azure ad a bit later in preparation let's understand the signals that conditional access can consider some of the common signals that conditional access considers include user or group membership named Loc information device information application specific triggers realtime signin risk detection Cloud apps are user actions and user risk evaluation first user or group membership allows you to Target policies to specific users groups directory roles or even external guest users this provides administrators with fine grained control over access next named location information enables you to create policies based on IP address ranges you can also block or allow traffic from entire country or region IP ranges device information can be used to enforce policies based on specific platforms are device States conditional access policies can also be triggered based on specific applications that users attempt to access realtime signin risk detection integrated with azuread identity protection allows policies to identify risky signin behavior and take actions such as requiring password changes or multiactor authentication Cloud apps or user actions can be targeted with conditional access policies for example you can enforce a policy when users register or join devices to Azure ad user risk evaluation is available with identity protection and helps determine the probability of a compromised Identity or account in this video you learned that conditional access policies give you the power to control access to your resources based on various signals it provides an extra layer of security you learned that there are conditional access access policy templates that you can use when you create a conditional access policy a bit later then you investigated some of the common signals that conditional access considers remember conditional access is a feature available in paid Azure ad additions the increase of employees accessing company resources remotely has introduced new challenges for protecting data however conditional access in Azure ad provides a way to handle these demands in this video you'll examine best practices for implementing conditional access to secure resources and cover various scenarios where it can be applied the first best practice for conditional access is implementing multiactor authentication or MFA by requiring users to provide additional verification methods such as a code sent to their mobile device biometric Authentication or a security key you add an extra layer of security to the login process with Azure ad you can easily configure MFA policies based on user roles locations or device types this ensures that only authorized individuals can access your resources even if their passwords are compromised another important best practice is to utilize risk based policies Azure ad can continuously monitor user activities and access the risk level associated with each login attempt by leveraging signals from Microsoft's intelligent security graph you can Define policies that automatically adapt to changing threat Landscapes risk based policies enforce additional security measures such as requiring MFA or blocking access altogether if a highrisk activity is detected this way you can proactively protect your resources from from potential threats thirdly monitoring access attempts is crucial best practice for maintaining a secure environment Azure ad provides comprehensive logs and Reporting capabilities that allow you to track user sign-ins identify suspicious activities and investigate security incidents by regularly reviewing these logs you can gain insights into patterns of access detect irregularities and take appropriate actions to mitigate potential risks let's explore identity protection to better identify threats identity protection uses data that Microsoft has acquired by analyzing trillions of signals per day the signals generated by and fed to Identity protection can be further fed into tools like conditional access to make access decisions alternatively it can be fed back to a security information and event management tool to or SIM for further investigation Azure ad identity protection is an advanced feature that helps you detect and respond to potential security threats it uses machine learning algorithms to analyze user Behavior signin patterns and other factors to identify suspicious activities or compromised accounts when a Potential Threat is detected Azure ad automatically acts this may require users to reset their passwords block access or alert administrators for further investigation this proactive approach can help you stay ahead of attackers and Safeguard your resources identity protection detects risk investigates it and categorizes it according to a hierarchal Threat Level let's unpack this in more detail identity protection detects risks of many types including Anonymous IP address use atypical travel malware linked IP address unfamiliar signin properties leaked credentials and password spray which is a type of password guessing attack in other words identity protection detects behaviors that are associated with attackers like attempting to log in with credentials known to have been compromised in a leak then the risk signals can trigger remediation efforts such as requiring to perform multiactor authentication reset their password using self-service password reset or to block access until an administrator takes action once the risks are detected administrators can investigate it and take the necessary manual action if needed there are three key reports that administrators use for investigations in identity protection these include risky users risky sign-ins and risk detections each report contains data to help administrators determine what action to take this includes each user's risk level in the risky users report the types of MFA prompted in the risky sign-ins report and access attempt locations in the risk detection report identity protection has various levels of risk it categorizes risk into three tiers low medium and high note that Microsoft doesn't provide specific details about how risk is calculated each level of risk brings higher confidence that the user or signin is compromised for example an instance of unfamiliar signin properties for a user that's potentially labeled as low might not be as threatening as leaked credentials for another user which is categorized as high- risk furthermore data from Identity protection can be exported to other tools to archive or further invest tigate and correlate the Microsoft graph-based apis allow organizations to collect this data for further processing in a tools such as their Sim now let's explore best practices for implementing conditional access in different scenarios for remote workers it is essential to secure access to your resources from outside your organization's Network by configuring conditional access policies based on location or device device compliance you ensure that remote users can securely access the necessary applications and data in some cases you might want to apply conditional access only to specific applications by targeting these applications with granular policies you balance the security requirements without causing unnecessary friction for users accessing other resources for example instead of requiring all users to use multiactor authentication to access access a company's invoicing software you might configure a policy that exempts employees in the payroll department and improves their workflow take a moment to consider the conditional access flow the purpose of this flow is to emphasize the importance of considering various conditions and controls when implementing a conditional access policy let's examine some of the highlighted conditions and controls starting with conditions each one considers what's already included as well as those excluded conditions that are used for filtering include users and groups that determine if the policy is assigned to the user Cloud apps determine if the policy is assigned to the Cloud app sign in Risk note that this condition is not covered in this flow diagram because it requires Azure ad identity protection then there are device platforms that are optional condition checks to assess if the policy includes the device platform location is an optional condition that examines if the policy includes the location client apps are optional as well and it assesses if the policy includes the client app the device state is also an optional condition that checks if the policy includes the device state next are the two controls that are used for setting actions Grant is an optional control that's used to either block access or Grant access in the conditional access flow it is represented as does the policy Grant access when access is granted specific requirements must be met by the device this can include the app it's indicated by does the device or with the app meet the requirements the conditional flow highlights the need to be aware of users and devices that are excluded from the conditional access policy poliy to ensure security they should be assigned to separate policies in this video you learned about the best practices for implementing conditional access to secure resources as an IT administrator for Sam Scoops you would need to ensure that the cashiers at the shop are able to log into the point of sales system but not other parts of the network like payroll records it would be a hassle to individually configure the access of each new employee who joins the company but fortunately Azure ad offers a solution that makes it much easier to manage access for different employees and departments in this video you'll discover the importance of role-based access control or rbac in Azure ad you'll first become familiar with what a role is and the different types that are available you'll then learn about how configurations can be assigned to a role and how this impacts a user's access arbac allows you to Grant granular permissions to your administrators while adhering to the principle of least privilege in other words you can Define and manage roles with specific sets of permissions granting access only to those who truly need it by implementing arbac you can ensure that users have the necessary access to perform their roles while minimizing the risk of unauthorized access but before getting too far ahead let's go over the concept of roles and how they enable arbac to work in Azure ad there are two types of role definitions these are built-in roles and custom roles built-in roles are predefined roles with fixed sets of permissions these roles cover a wide range of permissions for managing as your ad resources such as users groups and applications on the other hand custom roles give you the flexibility to create role definitions that align with your organization's unique requirements they allow you to tailor the permissions to the specific needs of your administrators ensuring that they have the appropriate level of access for an example of how these role types might come into play consider the billing department of Sam Scoops a relevant built-in role is a billing administrator whose permissions include making purchases managing subscriptions and handling support tickets now perhaps there is another employee who deals with tickets and subscriptions but can't purchase anything in this case you might create a custom role called billing support and Define the permissions accordingly creating a custom role in aure ad follows a two-step process first you define the role by selecting the desired permissions from a preset list Azure ad provides a comprehensive list to help you create definitions that match your organization's needs next you can assign the custom role to users or groups assigning a role to a user involves creating a role assignment a role assignment links a security principle to a role definition at a specific scope a security principle is any entity that can be authenticated such as a user group or service principle the scope determines the set of azure ad resources that the role member has access to this granular approach to assigning roles ensures that permissions are tailored to the needs of each individual Scopes can be organization-wide or specific to individual resources such as applications this flexibility allows you to Grant the same role to different users with different access levels ensuring that permissions are precisely defined for each user when assigning a role to a user or group consider the scope at which the role applies by assigning roles at different Scopes you can effectively manage access to various resources within your Azure ad environment this allows you to maintain control over who has access to specific resources while adhering to the principle of least privilege next let's find out how Azure ad handles access attempts by a user with a given role when a user makes an API call to Azure ad via the Microsoft graph API as your ad evaluates the roles membership based on the token they acquired the token contains information about the users assigned roles Azure ad retrieves all the role assignments that apply to the user either directly or via group membership Azure ad checks the requested action if the user has a role with the required action at the requested scope access is granted otherwise access is denied so a roll is assignment in aure ID consists of three essential components the security principle the role definition which is the collection of permissions and the scope are the resources where the permissions apply these components work together to control access to azuread resources effectively Azure ad offers various options for assigning roles the default method is directly assigning roles to users however when dealing with many users using Ro assignable groups can provide easier management Azure ad also offers a feature called Azure ad privileged identity management or Pim available with Azure ad premium P2 Pim enables just in time access granting Tim limited access to roles for users who require elevated privileges for a specific period this adds an additional layer of security by reducing the time a user has privileged access thus minimizing the risk of misuse in this video you were introduced to role-based access control in Azure ad which allows you to refine permissions for administrators and limit user access to needed resources only you learned how buil-in and custom roles differ and how these roles can be created and assigned you were also made aware of how security principles role definitions and scope all factor into determining a user's access now that you have a basic understanding of role-based access you're ready to find out how to configure roles for your organization in Azure ad the ice cream company Sam Scoops has expanded rapidly and what started as a small small Seaside shop is now a flourishing Enterprise with several highly successful branches throughout the country things are looking brighter than ever but while lost in the glory of its achievements the company has overlooked one thing controlling which employees can and can't access its internal resources this may seem minor but all it takes is one person going somewhere it don't belong to wreak havoc and cause massive damage to the organization and sure enough one day the worst happens meet Blake an ice cream wizard at Sam Scoops when he's not crafting an ambitious new frozen dessert Masterpiece he can be found ringing up customers at the register in fact the point of sales software is the only program in the company's Network that he should have access to unfortunately somebody missed the memo one day while his manager is out Blake decides to use the office computer he finds a purchase ordering Page open on the screen curious he enters his login credentials and is surprised to discover that they work moments later Blake has a limitless world of merchandise available at his fingertips he suddenly remembers that his manager mentioned running low on an ingredient used in one of the Shop's ice cream varieties that are made inhouse even though it's not his duty Blake takes it upon himself to place an order believing that it will help the shop he punches in some numbers and Taps submit and the order is confirmed all is well until later that week one day the manager steps outside and encounters a massive 18wheeler pulling up to the shop she is dumbfounded by the mystery shipment that leaves her with a tower of boxes she opens one of the boxes to find that it is filled with bags of pistachios the other boxes all contain the same it turns out that well-meaning Blake ordered them for the company's famous pistachio Wasabi ice cream but little did he know that this flavor was a seasonal special which was already discontinued for the Year this hasn't been a great situation but at least it only affected one shop right well Blake's Goodwill gesture actually had a much bigger imp than initially thought in the following days several other Sam Scoops locations also reported receiving unexpected shipments of unexpected pistachios even the tiny truck that serves Sam's ice cream at the beach finds itself inundated with a Cascade of nuts the head office is slammed with frantic phone calls from shop managers asking what to do and chaos Reigns Supreme it seems that Blake's order wound up going to every single branch of Sam's Scoops so even with his good intentions he got the company into quite the predicament simply by using a resource that he shouldn't have been able to access in the first place could this situation have been prevented the answer is yes this crisis would have ended before it started if Sam Scoops had taken advantage of roles in Azure ad let's rewind the story and discover the difference they can make Blake enters the shop office to find an unattended computer on the purchase ordering page he enters his login details and hits sign in but this time his attempt is denied thanks to role-based access control which protects the organization by limiting system access for employees in his position later a manager returns to the office and uses the special permissions tied to her role to access the purchase ordering system where she proceeds to buy necessities and fortunately those permissions only apply to her own shop so there is no possibility of impacting the other branches of Sam's Scoops so the shop gets what it needs Blake avoids hot water and everybody wins because of his EUR ad RS a huge catastrophe was prevented and network security at s Scoops remains uncompromised so what can roles do for you you've recently been promoted to the it manager role and are now tasked with carrying out an audit of your organization's security posture cloud services are becoming more prevalent within operations and as your active directory is being used for identity management your biggest concern for from your audit relates to user access up until now there's been a lack of knoow to leverage the tools in place or procure more to improve overall security you've proposed and received the go-ahead to implement Azure ad's identity governance features to address the concern and enhance your organization's security posture identity governance is a crucial aspect of maintaining a secure and productive environment for organizations it involves striking the right balance between identity security and user productivity while ensuring accountability and compliance Azure ad offers a range of robust identity protection and governance capabilities such as privileged identity management or Pim identity protection and terms of use statements you'll unpack these a bit later but but for now let's check in on Sam's Scoops as with any company it is expected that employees will come and go and Sam Scoops is no different however an audit reveals that some former employees still have active accounts with access to company resources this unintended access presents vulnerabilities in the security posture and exposes the organization to cyber crime you may think that only hackers want to gain access for exploitation but what if there is a disgruntled former employee who wants to do harm to the company solving this has just moved up in the priority list for Sam Scoops in this video you'll discover how Sam Scoops is able to leverage Azure ads identity governance features to enhance security and productivity within their organization first let's Define identity governance in Azure ad a jured identity governance is a set of features and capabilities that help organizations manage and secure their identities access and privileges these features include identity life cycle management for creating managing and deactivating user accounts access life cycle management for assigning and revoking access to resources privileged access management for managing access to sensitive Resources by privileged users and Azure identity protection for detecting and responding to identity-based threats Azure ad's identity governance capabilities can be used to perform three key tasks governing the identity life cycle governing the access life cycle and securing privileged access for administration let's explore this in more detail beginning with the identity life cycle recall that the identity life cycle is the process of creating user accounts managing user accounts such as assigning access to resources and deactivating user accounts when they leave the company Azure ad automates many of these tasks next the access life cycle involves assigning and revoking access to resources based on user roles and permissions Azure ad automates many of these tasks too such as assigning role access to resources revoking access to resources when users no longer need it and monitoring access to resources for potential security threats thirdly the privileged access life cycle manages access to sensitive resources such as administrators were privileged users aure ad helps organizations secure privileged access by offering privileged identity management which enables organizations to manage privileged access by creating and managing groups of privileged users tracking privileged access and auditing privileged access Azure ad also offers just in time access or jit for organiz ations granting users temporary access to resources these are users who won't normally have access to begin with you'll dig deeper into this concept and its benefits later next Azure identity protection is another feature of identity governance in Azure ad it encompasses a set of tools that organizations use to detect and respond to identity-based threats these include risk based authentication for organizations to insist that users provide additional verification if their signin attempts appear to be risky signin risk analysis assesses the risk of signin attempts based on user location the device used and the time of day and Azure identity protection which offers threat intelligence to help identify and respond to known threats in this video you learned that Azure ad's identity governance assists organizations such as Sam Scoops to achieve a balance between identity security and user productivity as your ad automates many of the tasks involved in the identity life cycle access life cycle and privileged access life cycle this contributes to improving operational efficiency and mitigating security risks additionally Azure identity protection also helps to detect and respond to identity-based threats by making use of azure ad's identity governance capabilities Sam Scoops can confidently navigate the identity security environment and digitally Empower its employees while maintaining productivity now you have a good foundation of what identity governance entails and using it gives you more control and an improved security posture for Sam Scoops you previously learned that identity governance helps organizations strike a balance between security and productivity specifically you discovered how it can manage phases of the identity access and privileged access life cycles in an organization in this video you'll explore identity governance capabilities such as user provisioning streamlining of access management and access reviews with identity governance in a your ad you are equipped to manage the following tasks for both on premises and cloud-based services and applications you can govern the identity life cycle to automate user life cycle events like adding users moving users and removing users to meet security and productivity requirements then there's governing the access life cycle to easily manage changes to access rights by utilizing self-service requests and monitoring life cycle events lastly securing privileged access for administration allows you to govern access to privileged resources and mitigate the risk of excessive unnecessary or misused rights an organization with multiple Azure ad tenants includes both internal and and external identities for example let's reference educational organizations where internal identities refer to Educators and students within the tenant external identities consist of Staff members from other schools who are granted access through Azure ad B2B collaboration the effective implementation of identity governance requires you to manage the life cycle of these identities and the relationships with Azure resources individuals within an educational organization often have specific resource requirements for their role and projects so managing access becomes challenging without a defined list of necessary resources for each role however Azure ad solves this by automatically provisioning users it facilitates the creation maintenance and removal of user identities across applications promoting better collaboration in the past traditional provisioning methods such as uploading Microsoft Excel CSV files or using custom scripts to synchronized user data have proven to be error-prone insecure and difficult to manage but utilizing the automated Azure ad user provisioning service enhances efficiency and security for large organizations such as educational ones this service integrates with cloud-based HR applications like workday and success factors now let's summarize the numerous benefits of the automated Azure ad user provisioning service first provisioning processes are more accurate and it reduces costs associated with hosting and maintaining custom-developed provisioning Solutions and scripts organizational security is enhanced by instantly removing users identities from software as a service or SAS apps when they leave the organization another benefit incl includes provisioning large user groups to easily link to specific SAS applications or systems finally this service establishes consistent policies for user provisioning and application access for more detailed information on how automatic user provisioning Works check out the additional resources found at the end of this lesson for now let's compare inbound and outbound user provisioning inbound user visioning involves the flow of user data from applications such as human Capital management or HCM to Azure ad or an on premises active directory in this case the integration is possible when the HCM application supports the system for cross domain identity management skim for short protocol or provides provisioning API connectors it facilitates seamless synchronization and management of user data between ident identity providers and service providers organizations across various sectors including Sam Scoops can leverage aures identity governance to effectively manage user identities access rights and resource relationships this ensures a secure and productive environment for employees and partners outbound user provisioning also known as app provisioning automatically creates user identities and assigns roles in the cloudbased SAS applications so taking advantage of available pre-integrated applications in the Azure ad SAS apps gallery or applications that support skim 2.0 allows you to seamlessly provision user accounts and manage access across different applications next let's talk about self-service group management this is used to streamline the access life cycle this approach empowers users to manage their own group memberships enhancing security and reducing the workload on it support teams for example it is useful when onboarding new employees where they can easily request access to the necessary resources without relying heavily on the it support team users can create and manage groups assign access to specific applications and ensure that the right individuals have the necessary access privileges next next you have entitlement management which helps manage access needs as new users and resources are continually added to the organization entitlement management enables users including external guests to request access to predefined access packages these access packages Encompass groups and applications like SharePoint sites allowing access across multiple resources to be granted with ease by automating access request work flows access assignments reviews and expiration you can effectively manage the identity and access life cycle on a larger scale another essential part of identity governance is access reviews this is a means of assessing access rights regularly to ensure that users and groups have the correct and most suitable level of access this helps maintain control over access permissions minimize excessive access rights and mitigate secur risks finally let's discuss privileged access management to maintain a secure environment it's good to utilize Azure ad privileged identity management or Pim to carefully control and monitor privileged access this includes time-based and approval-based role activation reducing the exposure time of Privileges and increasing visibility through comprehensive reports and alerts with Pim you begin effectively managing and monitoring access to sensitive resources and mitigating the risk of excessive or misused access rights in this video you explored features of identity governance in detail and how they help manage user identities access rights and the overall identity life cycle within an organization this ensures your environment is secure and your applications and resources are well-managed as the it manager for your organization you are happy with the implementation of azure ad's identity governance to better user access management however there's still some work to do to better the authentication process managing credentials takes up a lot of your time so while researching you discover that the core purpose of managed identities is to simplify and automate identity management within Azure ad this is is the solution you need and you are eager to learn more about it in this video you'll explore what managed identities are in Azure ad and how it authenticates while automatically managing credentials on your behalf you'll also investigate the two types of managed identities and the supported Azure services available to you a common challenge in cyber security is the management of Secrets credentials certificates and keys used to secure communication between Services managed identities eliminate the need for someone to keep track of and to manage these credentials while Secrets can be securely stored in Azure key Vault Services need a way to access the Vault managed identities provide a managed identity in Azure active directory or Azure ad automatically and applications use it when connecting to resources that that support Azure ad authentication applications can use managed identities to obtain Azure ad tokens without having to manage any credentials here are some of the benefits of using managed identities firstly you now know there's no need to manage credentials and they are not accessible to you you can also use managed identities for authentication to access any resource that supports Azure ad authentication including your own applications thirdly there is no extra cost when using managed identities managed identities for Azure resources is the new name for the service forly known as managed service Identity or MSI let's examine the types of managed identities there are two types of managed identities system assigned and user assigned when you enable a system assigned managed identity some Azure resources such as virtual machines allow you to enable a managed identity directly on the resource then a service principle of a special type is created in a jured for the identity note that the service principle is tied to the life cycle of that Azure resource so when the Azure resource is deleted Azure automatically deletes the service principle for you by Design only that Azure resource can use this identity to request tokens from Azure ad with system assigned managed identities you can authorize the managed identity to have access to one or more services the name of the system assigned service principle is always the same as the name of the Azure resource it is created for now with user assigned managed identity type you may also create a managed identity as a standalone as your resource you can create a user assigned managed identity and assign it to one or more Azure resources when you enable a user assigned managed identity a service principle is created in Azure ad for the identity and it is managed separately from the resources that use it user assigned identities can be used by multiple resources and have access to one or more services here are some of the services that support report managed identities for Azure resources API management application Gateway Azure app configuration Azure app Services Azure Arc enabled kubernetes and Azure Arc enabled servers there are many more Azure services that support managed identities for Azure resources you can access the full list in the additional resources a bit later but which operations can be performed when using us managed identities let's divide this using the two types of managed identities resources that support system assigned managed identities allow you to enable or disable managed identities at the resource level use role-based access control or arbac to Grant permissions view the create read update and delete operations also known as crud in the azour activity logs and view activity in the Azure ad sign-in logs if you choose a user assigned managed identity instead you can create read update and delete the identities Grant permissions with role-based Access Control use user assigned managed identities on more than one resource utilize the crud operations that are available for review in Azure activity logs and finally view signin activity in the azure ad signin logs operations on managed identities can be performed using an Azure resource manager template the Azure portal Azure CLI Powershell and rest apis in this video you learned that managed identities for Azure resources provide a seamless and secure way to authenticate applications without the need to manage credentials by leveraging System assigned or user assigned managed identity types you can simplify your authentication process and improve the security of your Azure resources you can also authenticate to various Azure services that support Azure ad authentication and all of this comes at no extra cost imagine that while a room in your home is being repainted you need to leave for a few hours to attend to other business to make things easier for the painters going in and out of the house you leave the door unlocked you are out for longer than expected and return to find the painters gone and the door still unsecured even though nothing has happened your home was left vulnerable for a brief time you'll find that this general idea applies to cyber security as well but fortunately Azure ad offers a solution that greatly reduces the associated Risk by the end of this video you'll have a basic familiarity with just in time or jit access you'll understand how this method for limiting access to applications and systems can add more security to your access management approach just in time access is a security practice that minimizes the risk of attackers or malicious insiders exploiting standing privileges instead of providing unlimited access to privileged accounts just in time access grants access on an as needed basis this way you significantly reduce the chances of unauthorized access to critical data and resources withstanding access or ongoing access that is not necessarily being used you're essentially giving users an open window to your organization's sensitive information if a user's password is compromised or shared with others it can provide attackers with undetected control over privileged accounts this is where just in time access steps in to protect your organization so what are the benefits of implementing just in time access by applying the principle of least privilege it sets limits based on three major elements of privileged access these elements are location actions and timing Advanced privileged access management or Pam Solutions provide precise control over where users can access privileged accounts and the actions they can perform once access is granted by making time a factor in when access is granted just in time access adds an essential Dimension to your organization's security this approach removes the risks associated with standing Privileges and helps maintain security without sacrificing operational productivity ideally just in time access is used with other Security Solutions to ensure that robust security measures are in place while maintaining operational efficiency however managing this access manually can be challenging for it teams one way to make it easier would be to leverage automated Solutions within a privileged access management service rather than creating accounts with just in time access to manage privileges a Pam solution offers features like request access enabling users to request access to privileged information for a specified time additional features such as checkout automatically rotate credentials when the designated time period ends in basic justtin time access implementations Pam Solutions limit the time frame a user has access to an account and rotate the credentials once the user checks out or the specified time expires one area in which this method can be of particular benefit is for the protection of virtual machines or VMS let's find out why that is and how just in time VM access works with Azure ad thread actors actively hunt for machines with open management ports these ports are access points for virtual machines that enable management from remote locations all of your virtual machines are potential targets for an attack when a VM is successfully compromised it's used as the entry point to attack further resources within your environment as with all cyber security prevention techniques your goal should be to reduce the attack surface in this case that means having fewer open ports especially management ports your legitimate users also use these ports so it's not practical to keep them closed to solve this dilemma Microsoft Defender for cloud offers just in time access with this you can lock down the inbound traffic to your VMS reducing exposure to attacks while while providing easy access to connect to vmms when needed Defender for cloud insures deny all inbound traffic rules exist for your selected ports in the network security group or NSG and Azure firewall rules these restrict access to your Azure vm's management ports and defend them from Attack if other rules already exist for the selected ports then those existing rules take priority over the new deny all inbound track traffic rules if there are no existing rules on the selected ports then the new rules take top priority in the NSG and Azure firewall when a user requests access to a VM Defender for cloud checks that the user has Azure ro-based Access Control permissions for that VM if the request is approved Defender for cloud configures the nsgs and Azure firewall to allow inbound traffic to the selected ports from the relevant IP address or range for the amount of time that was specified when deciding how to categorize supported VMS Defender for cloud follows a path of logic that includes determining things like is just in time VM access already enabled and is the VM protected by a firewall when Defender for cloud finds a machine that can benefit from just in time access it adds that machine to the recommendations unhealthy resources tab in this video you discovered how just in time access minimizes the risks associated with standing privileges by granting access to applications and systems on an as-needed basis organizations can significantly reduce the chances of unauthorized access to critical data and resources an employee asks you for temporary assignment of the user administrator role to gain permissions that make it easier to manage a team you fulfill this request and make a note to unassign the role later however the note is lost your plan is forgotten and the permissions are left active for longer than intended this oversight created a vulnerability that went undetected for a period of time but aure ad features a solution that makes such occurrences far less likely to happen privileged identity management or Pim is a service in Azure active directory that enables you to manage control and monitor access to important resources in your organization this includes resources in Azure ad Azure and other Microsoft online services such as Microsoft 365 or Microsoft in tune in this video you'll become familiar with important pin Concepts and features and you'll find out how to configure pin in aure ad so why might an organization want to adopt Pim more people with access to secure information or resources means higher chances of a malicious actor getting access or an unauthorized user inadvertently impacting a sensitive resource so it would be best for an organization to minimize this number however users still need to carry out privileged operations in Azure ad Azure Microsoft 365 or SZ apps organizations want to give users just in time privileged access to azuread resources and can oversee what those users are doing with their privileged access privileged identity management meets these needs by providing time-based access and approval-based role activation to mitigate the risk of excessive unnecessary or misused access permissions on resources that you care about Pim can provide just in time privileged access to Azure ad and Azure resources assign time bound access to resources using start and end dates require approval to activate privileged roles and enforce multiactor authentication to activate any role next let's find out how to set up and configure Pim note that you will need an Azure ad premium P2 license to be able to use this service first search search for PIM in the search bar at the top of azure portal in privileged identity management you'll find tasks manage and activity options in the left navigation menu for Azure ad roles in Pim only users who are the privileged role administrators or Global administrators can manage assignments for other administrators Global administrators security administrators Global readers and security readers can also view assignments to Azure ad roles in privileged identity management for Azure resource roles in Pim only subscription administrators resource owners or resource user access administrators can manage assignments for other administrators users who are privileged role administrators security administrators or security readers don't by default have access to view assignments to aure Resource role roles in privileged identity management the entities that you can manage in Pim include Azure ad roles which are for managing Azure ad and other Microsoft 365 online services Azure roles which Grant access to management groups subscriptions resource groups and resources and pin for groups which let you set up just in time access to members of an Azure ad Security Group pin for groups not only gives you an alternative way to set up Pim for Azure ad roles and Azure roles but also allows you to set up Pim for other permissions across Microsoft online services like in tune Azure key vaults and Azure information protection pin for groups allows you to assign users to get just in time access to azuread roles Azure roles and pin for groups and groups to get just in time access to Azure ad roles and Azure roles for Azure ad roles the group must be a newly created Cloud group that's marked as assignable to a role for Azure roles the group can be any Azure ad Security Group it is not recommended to assign or Nest a group to a Pim for groups with Pim you assign users the role with the least privileges necessary to perform their tasks this practice minimizes the number of global administrators and instead uses specific ad administrator roles for certain scenarios recall that there are two types of assignments eligible and active if a user has been made eligible for a role that means they can activate the role when they need to perform privileged tasks for each role assignment you can also set a start time and an end time this addition gives you four possible types of assignments permanent eligible permanent active time bound eligible with specified start and end dates for assignment and time bound active with specified start and end dates for assignment in case the role expires you can extend or renew these assignments in this video you discovered that Azure ad privileged identity management is a powerful service that enables organizations to securely manage and control privileged access to their resources reducing the risk of unauthorized access and ensuring the principle of least privilege is followed great job on completing active directory access protection and governance management during this time you became familiar with several distinct but equally valuable solutions for strengthening Security in Azure ad these Solutions are conditional access roles and role-based access control control identity governance and privileged identity management before you move forward let's review the key Concepts you learned about that are associated with each of them you first dug into conditional access which is an approach for using signals to determine the degree of authentication that a user needs to access a resource or service common signals include user or group memberships the location from which a request is made the device used and the presence of risky Behavior such as uncharacteristic login times you found that conditional access is implemented through the use of policies which are essentially if then statements if a user wants to access a resource then they must complete an action for example a policy might state that in order to open payroll software a payroll manager needs to go through multiactor Authentication policies can be configured manually but Azure ad also offers preconfigured templates that are aligned with common security scenarios these can be tailored as needed and quickly implemented saving time and effort you were guided through the steps for creating a conditional access policy through the Azure portal this included specifying the users and groups it applies to defining the conditions and signals and configuring the access controls you were then made aware of the best practices for conditional access namely using multiactor authentication for added security using policies that assess risk level and monitoring access attempts you then applied all of this knowledge to complete an exercise that addressed a security concern at Sam's Scoops this called for the creation of a conditional access policy to deny access to users who try to gain entry to the system from certain locations next you became acquainted with roles and role-based access control or arbac arback is an approach for providing the least privilege needed for a user to do their work this helps minimize the risk of unauthorized access this concept revolves around roles which are essentially sets of permissions that can be assigned to users and groups Azure ad features a collection of built-in roles that cover a wide range of permissions and can be readily assigned if these do not meet an organization's needs another option is defining custom roles you found that a role assignment has three components the role definition a security principle which is the identity receiving the permissions and the scope or the area in which the permissions apply you were then guided on how to assign and configure roles in Azure ad as well as how to create custom roles you also became familiar with some common built-in roles and whether they are specific to Azure ad another Microsoft service or if they have a cross-service purpose you then moved on to Identity governance in Azure ad this is used to govern the identity life cycle the access life cycle and secure privileged access for administration let's recap what each of these are the identity life cycle relates to to creating an account for a new user managing access to resources as their needs change and deactivating the account when the user exits the organization the access life cycle involves assigning and revoking access to resources based on user roles and permissions this is tied to the changes during a user's organizational life the privileged access life cycle refers to accounts with special permissions like users with administrative rights these accounts need to be secured carefully as unauthorized access to them could cause great harm identity governance enables you to manage access associated with these life cycles monitor for potential threats and automate certain tasks such as revoking permissions that are no longer needed you also explored the idea of zero trust this is a security strategy based on three principles always verify provide least privilege and assume breach this guides organizations to secure every element in a system namely identity endpoints data applications infrastructure and networks you then went into the specifics of Designing and implementing identity governance for an organization and learned some best practices these include treating identity as a primary security perimeter centralized izing identity management and making use of azure ad Security Solutions like conditional access and multiactor authentication finally you became familiar with privileged identity management or Pim another service in aure ad for managing controlling and monitoring access to important resources in your organization before diving in you learned about the concept of just in time access this is a security practice that hinges on giving a user permissions on an as-needed basis rather than having those permissions available at all times Pim allows you to implement just in time access time bound access privileged role approval and enforce multiactor authentication for approval you are LED through the process for securing privileged access in Pim by configuring many of these features this week you learned a lot about how to to implement Advanced features in Azure ad that not only greatly enhance the security for organizations but also significantly reduce the manual work that would normally be required well done you've made significant progress it took great effort on your part to complete the videos readings quizzes and exercises you have a better understanding of the topics covered thus far these include features of aure AD across different additions Azure ad's authentication methods like passwords registered devices or Biometrics authentication approaches in Azure ad such as single sign on multiactor authentication and self-surface password reset minimizing risk with conditional access granular control with role-based access and management of identity and access life cycles with identity governance that means you're preparing well to apply your knowledge in the final course assessment remember that the graded quiz consists of 30 questions relating to topics covered throughout the course but before attempting this let's recap what you've learned up until now in the first week you were introduced to Azure ad's identity Services specifically you explored as your ad an identity and access management service that enables access to resources such as SAS applications you learned about migrating from an on premises active directory to Azure ad and the considerations to be mindful of when implementing it within an organization some considerations included restricting users and devices or importing them asure active directory and additions focused on subscription packages and how to choose the appropriate addition for your organization's needs you then discovered the Azure ad identity types such as user identities device identities and service principles the final identity type available is external identities through Azure ad B2B or b2c models you unpack the various roles and privileges that are involved in identity scope before creating an Azure ad identity in the following week your focus shifted to understanding the different authentication methods and features available in Azure active directory to help improve and secure in events you were introduced to hybrid identities this is a means for organizations to keep their existing active directories to perform tasks like managing user accounts and permissions while incorporating cloud-based services within Azure active directory this provides stability for services by maintaining an active and up-to-date backup solution you then expanded on authentication methods with hybrid identities you explored the following following three different authentication approaches Azure ad password hash synchronization Azure ad pass through authentication and active directory Federation Services you investigated realworld scenarios that use various authentication methods such as a one-time passcode open authentication time-based one-time password or oath top fast identity online or Pho which relies on biometric authentication are device-based solutions furthermore you now know that password vaults such as Azure key Vault store sensitive password information you also examined single signon or SSO and exercised how to set up this using the free Azure portal next you learned about multiactor authentication or MFA features and scenarios and how to implement it for users groups and with conditional access then you covered tracking triggers these are factors that trigger MFA it can be tracked by registering new devices self-service password reset or sspr and with requests by an application you learned about password protection and resetting which focused on self-service password reset and its scope you are able to distinguish between configuring cloud and on premises password settings and examined the steps of how to implement SS PR before putting it into practice the final week was all about how to configure access to minimize risk without impacting productivity you began with conditional access policies which are essentially if then statements in aure ad allowing you to secure access to resources you engaged in a stepbystep walkthrough of how to create conditional access policy you were guided with the best practices to efficiently Implement conditional access ACC in scenarios such as for specific applications and remote workers this included implementing multiactor authentication using risk based policies and monitoring access attempts then you learned about roles and role-based access what roles are and configuring roles and role-based access control in Azure ad to also manage access to Cloud resources roles are divided into standard or built-in roles and Custom roles and you witness roles in action through realworld scenarios Azure ad has different functionalities linked to specific licenses purchased you were given a greater grasp on which licenses can enable which roles and the overall impact this has next you moved on to Identity governance which maintains secure and productive environments for organizations Azure ad's identity governance secures identities access and privileges with features such as identity life cycle management access life cycle management privileged access management and asure identity protection here you also explored service principles that authenticate entities on a system managing identities at a deeper level and best practices for identity governance to manage identities effectively finally you concluded with privileged identity management or Pim and protection this introduced you to just in time access you learned about configuring privileged identity management and protection policies before investigating some best practices for securing privileged access with aure ad this highlighted implementing least privilege using time bound access and monitoring for suspicious activity Azure ad Pim secures access to resources such as Azure resources on premises resources and SAS applications and that wraps up this revieww of what you learned in cyber security identity and access Solutions using Azure ad with a solid understanding of how to leverage Azure ad's identity Services the authentication methods available to you and managing access protection and governance you're ready to assess Yourself by taking on the final course assessment good luck congratulations on reaching the end of the cyber security identity and access Solutions using Azure ad course when you first started you probably had limited knowledge of what an organization needs to do to provide users with access to their resources in a way that maintains security without disrupting workflows but now you should be aware of the tools and methods that can keep organizations both safe and productive this includes a particular focus on the solutions offered by Azure active directory which is Microsoft's cloud based identity and access management service by getting to this point you should have a solid highlevel understanding of how Azure ad is used and what it is capable of specifically you should now know about the key features of azure ad and which ones are available across different additions the types of identities available in Azure ad and how this forms the basis for access management approaches and tools for authenticating users who request resource access and solutions for determining the degree of access to Grant a user based on factors such as roles and risk level completing this course contributes towards gaining the cyber security analyst professional certificate from corsera this certificate not only helps you to enhance your skills but also gain a qualification that can lay the groundwork for a career as a cyber security analyst this program is also designed to help you prepare for the exam sc900 Microsoft security compliance and identity fundamentals this globally recognized certification is industry endorsed evidence of your technical skills and knowledge the sc900 exam measures your ability to describe the following concepts of security compliance and identity capabilities of Microsoft as your active directory which is part of Microsoft entra capabilities of Microsoft Security Solutions and capabilities of Microsoft compliance solutions to complete the exam you should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and identity strategies provide an endtoend solution across these platforms visit the Microsoft certifications page at www.learn.cashtracking.com compliance and identity fundamental certification and exam now that you have established a foundation for making more effective use of azure ad to protect an organization's data and resources what's next there's a lot left to learn about keeping online resources safe so a good move would be to dig deeper into cloud-based security you can do so by registering for the next course in the program doing so will enhance your cyber security analyst portfolio and help you gain the appropriate skills that you need to demonstrate your abilities in the workplace completing all the courses in the Microsoft cyber security analyst program will signal to potential employers that you are motivated capable and not afraid to learn new things it's taken a lot of perseverance to get this far so you should be proud of your progress well done and it's been a pleasure to embark on this journey of Discovery with you are you concerned about the rising number of cyber attacks targeting businesses and individuals alike you can stay one step ahead of the game with Microsoft Security Solutions the cuttingedge suite of products and services designed to keep the digital world safe and secure let's explore the world of Microsoft Security Solutions in this course and discover how to defend against threats protect your data and Achieve Peace of Mind in today's digital landscape you'll do this by learning about cloud-based security Concepts security information and event management and Microsoft 365 Defender capabilities this video will give you a quick overview of what you will cover in this Security Solutions course let's go through the content to make sure you're ready first you'll be introduced to Azure basic security capabilities this entails learning about the built-in security measures of azure and also about best practices for protecting Azure resources and you'll have the opportunity to learn about what measures can be taken to protect against distrib uted denial of service or dos attacks firewall breaches and unauthorized access there are three practical exercises in this week which will give you the opportunity to apply what you've learned you will also learn about Key Management processes and best practices for encryption in Azure next you will learn about Security Management in Azure completing this part of the course will give you a good grasp of the security features available in Azure best practices for protecting azure resources as well as Azure security standards policies and compliance to achieve this understanding you'll learn about the importance of cloud security the security features of the Azure platform the components of Microsoft Azure identity and access management and how to use them to secure applications the security event management or seam and security orchestration Automation and response or sore capabilities of Microsoft Sentinel will also be covered and you'll also learn about the security mechanisms used to protect data in Azure next you will learn about Microsoft 365 Defender threat protection you'll explore threat Protection Services like Microsoft Azure Defender Azure Advanced threat protection and Azure information protection and how to implement them as well as best practices for the deployment and management of protection services you will learn how to protect an organizations assets from various types of threats including malware identity-based attacks and fishing and key Concepts such as Microsoft Defender Services endpoint and Cloud app protection and identity defense will be covered finally you will complete a course Project based on a real life scenario which consists of demonstrating protection strategies by securely configuring a virtual machine using Azure firewall Azure Bastion Microsoft Defender Microsoft Sentinel and risk policies after this Hands-On learning you will complete a final graded assessment but be assured that everything you need to complete the assessment will be covered during your learning with each lesson made up of video content readings and quizzes throughout this course you will get the opportunity to apply your newly gained skills in exercises and self-reviews before going through an Exemplar as a possible solution to the cyber security challenge you're presented with the great thing is you don't need a background in it related fields to take this course this course is for anyone who has an affinity for Tech technology and an interest in cyber security the course will help you move towards a career in cyber security and it forms part of your preparation to take the sc900 exam on Microsoft security compliance and identity fundamentals when you complete all of the courses in the Microsoft cyber security analyst professional certificate you'll earn a corsera certificate to share with your Professional Network and help you become job ready earning a Microsoft certification is globally recognized evid evidence of Real World skills it shows your commitment to keeping Pace with rapidly changing technology by expanding your skill set in your professional roles in summary this course not only provides you with a complete introduction to Microsoft Security Solutions it also gives you several opportunities to practically apply the skills you learn now that you've reached the end of this course introduction it's time to continue your cyber security journey in today's digital landscape the frequency and complexity of distributed denial of service or dos attacks have been on the rise these attacks can cause serious damage to organizations disrupting their operations and even causing Financial losses to combat this threat Microsoft Azure offers a comprehensive dos Protection Service this video explores this service and what it has to offer it'll cover the fundamentals of how it works the advantages it provides how to begin implementing it and what different types there are you may know this already but let's start with what exactly a Dos attack is it's when a server hosting a website or app is flooded with so much traffic that it becomes overloaded and crashes this happens when many computers called Bots are deployed by cyber attackers to send traffic to a server all at the same time the traffic overload makes it impossible for real users to access the website causing frustration for users and loss of business revenue and disruption of business operations for the website owner dos attacks can be targeted at any website or app that is publicly reachable through the internet so how can businesses protect themselves from a Dos attack one solution is to use Azure dos protection which helps defend against dos attacks by automatically detecting and blocking malicious traffic although Services running on Azure are inherently protected by default infrastructure level dos protection it may not be sufficient for certain applications by onboarding to the Azure dos Protection Service applications get dedicated monitoring to detect attacks and application specific thresholds providing a tighter defense against dos attacks overall Azure dos protection is an important tool for businesses that rely on online services to protect against dos attacks and ensure that their services are always available to their customers let's examine some of the key benefits of azure dos protection Azure dos protection helps protect against dos attacks by constantly monitoring the traffic patterns of your applications additionally Azure dos protection uses Intelligent Traffic profiling to learn your application's traffic patterns over time this means that it can adapt to new types of attacks and become more effective at protecting your business over time if it detects a Dos attack it will automatically and instantly take action to mitigate the attack ensuring that your website or online services stay up and running furthermore Azure dos protection uses multiple layers of protection to prevent and mitigate the effects of Dos attacks these layers include firewalls Azure dos protection uses firewalls to Monitor and control incoming and outgoing Network traffic firewalls can block traffic that does not meet specific criteria such as traffic that is coming from a suspicious Source or that has an unusually high volume there's also Network segmentation Azure dos protection uses Network segmentation to devide divide the network into smaller more secure sub networks this helps to limit the impact of a dods attack by containing it to a smaller area then there's traffic analysis Azure dos protection uses traffic analysis to monitor Network traffic and identify patterns that indicate a Dos attack this analysis can help to detect and mitigate attacks before they cause significant damage and last there's machine learning algorithms Azure dos protection uses machine learning algorithms Ms to detect and block dos attacks these algorithms can learn from past attacks and adapt to new attack patterns making them more effective at preventing future attacks by using multiple layers of protection Azure Doos protection can provide a more comprehensive and effective defense against dos attacks this helps to ensure that Azure customers can continue to provide reliable and secure services to their users even in the face of cyber threats Azure dos protection comes into two types the first type is called dos IP protection and it can protect any public IP resource without needing a separate protection plan resources include things like websites virtual machines and cloud services that can be accessed over the internet to access an online resource from the internet it needs to have a public IP address assigned to it not needing a separate protection plan is helpful if you have multiple services or applications that you want to protect but don't want to to set up a separate protection plan for each one the second type is called dos Network protection and it can protect multiple subscriptions with just one protection plan this is useful if you have several services or applications that you want to protect and you want to simplify the management of your protection plans Azure dos protection has a fixed monthly charge that covers up to 100 public IP addresses this means that you can use Azure dos protection to protect up to 100 online resources with a single subscription if you need to protect more than 100 resources additional protection is available for an additional charge if there is an attack you can get help from the Azure dos rapid response team who can investigate and help you deal with the attack if a customer experiences a documented dos attack which means there is proof of the attack They will receive credit for data transfer and application scale out service costs this is a way of compensating the customer for any cost incurred due to the attack in summary Azure dos protection is a very helpful tool that businesses and organizations can use to protect themselves from harmful dos attacks it has many features that help keep your services safe such as always monitoring your network traffic adapting to changing patterns and providing protection at multiple levels it works well with other tools in Azure so you don't need to worry about setting it up yourself if an attack does occur the dos rapid response team is available to help with Azure dos protection you can focus on your business and not worry about the effects of Dos attacks now that you know what Azure dos protection is you might be wondering how to configure it in this video you will go through the steps to create a Dos protection plan and enable dos protection for a new virtual network using the Azure portal you will also learn how to view your protected resources and monitor your dos protection settings the first step is to create a Dos protection plan this plan defines a group of virtual networks that are protected by dos Network protection across subscriptions you only need one plan for your organization and you can link virtual networks from different subscriptions to the same plan before you move on to the rest of the video please note that it's not necessary for you to follow along in Azure during the demonstration configuring dos protection and linking the plan to a virtual network will be costly let's get started first open the Azure portal and select create a resource in the upper left corner now search for dos in the search bar and once the Dos protection plan appears in the search results select it once selected click on create to create a new dos protection plan now enter or select the following values for the subscription select your subscription for the resource Group select RG web server for the name enter plan one and for the region enter East us after entering the values select review and create to review the details and then click on create to create your dos protection plan note that although dos protection plan resources need to be associated with a region users can enable dos protection on Virtual networks in different regions and across multiple subscriptions under a single Azure active directory tenant a tenant is a dedicated and trusted instance of azure ad it's automatically created when your organization signs up for a Microsoft cloud service subscription now click create wait for the deployment process to finish and that's it you've successfully created a Dos protection plan on the Azure portal once you have created a Dos protection plan the next step is to link it to a virtual Network this will enable dos Network protection for the virtual Network so now you are going going to apply the earlier created dos protection plan to a new virtual Network the first step is to create a new virtual Network to do this follow these steps log into your Azure portal and select create a resource in the upper left corner let's search for virtual Network and once the virtual Network appears in the search results select it and click create now enter the following values for subscription select your subscription for the resource Group select use existing and then select RG web server for the virtual network name enter my vet one word with a capital letter V for the region enter East us and then select next now it's time to enable dos protection for your virtual Network by selecting enable Azure dos Network protection select the plan one you created earlier click next to move to IP addresses leave this as the default select review and create and then select create that's it you have now enabled dos protection for your virtual Network in Azure please note that once you have enabled Doos protection for a virtual Network you cannot move it to another Resource Group or subscription if you need to move a virtual network with Doos protection enabled you must first disable dos protection after that move the virtual Network and then enable dos protection again also note that after the move the autotuned policy thresholds for all the protected public IP addresses in the virtual network will be reset now it's time to learn how to view protected resources under protected resources you can view your protected public IP addresses and virtual networks or add more virtual networks to your dos protection plan congratulations you have successfully learned how to set up Azure DS Network protection using the Azure portal by following the steps outlined in this video you should now now be able to create a Dos protection plan and enable dos protection for your virtual Network in just a few clicks later in this lesson you'll be creating a virtual network with a virtual machine do not try to create dos protection for the sake of testing it out because the cost is very high you now know what Azure DS protection is and how to configure it through the Azure portal to protect a virtual network but you haven't really explored its key features and best practices which is what this video is about in this video you will learn about always on traffic monitoring adaptive realtime tuning dos protection Telemetry monitoring and alerting Azure dos protection mitigation policies web application firewall for resource attacks and protection planning let's start with always on traffic monitoring Azure dos protection constantly monitors traffic usage and when the traffic threshold is exceeded Doos mitigation is automatically initiated during mitigation traffic is redirected to the Dos Protection Service where several checks are performed to ensure packets conform to internet specifications and are not malformed attack traffic is dropped and the remaining traffic is forwarded to its intended destination within a few minutes of attack detection you'll be notified via Azure monitor metrics and you can save logs on DDOS protection Telemetry which will allow you to save them to security information and event management systems or seen metric data in Azure monitor for dos protection is retained for 30 days next is adaptive real-time tuning tailored protection policies are necessary per subscriber because of the complexity of attx and the application specific needs of subscribers Azure DS protection accomplishes this by using automatic learning of the traffic patterns of each subscriber for layer three the network layer and layer four the transport layer of the OSI model other items in this lesson also refer to OSI model layers and you can refer to the additional resources reading for a source that will refresh your memory with adaptive real-time tuning it doesn't matter what amount of traffic you receive as long as there are legitimate connections Azure can automatically scale there's also dos protection Telemetry monitoring and alerting Telemetry refers to information gathered from a network system that can be examined to keep track of the network and the condition efficiency ET abbility and security of its parts Azure dos protection gives a lot of information about attack and how well the protection is working this information can be accessed using Azure monitor you can configure alerts for any of the Azure monitor metrics that DS protection uses you can also integrate Telemetry logging with other monitoring services like Splunk or Azure monitor logs or with Azure storage for advanced analysis via the Azure monitor Diagnostics interface next there are mitigation policies dos protection for a public IP applies automatic mitigation policies for TCP TCP sin and UDP you can view the policy thresholds by selecting the inbound packets to trigger dos mitigation metric as Illustrated in this screenshot the increases and decreases can clearly be seen as well as the expected Baseline for incoming traffic the policy thresholds are automatically configured via machine learning based Network traffic profiling doof's mitigation occurs for an IP address under attack only when the network traffic exceeds the limit specified in the policy if the public IP address is under attack you'll be notified through the under dos attack or not metric configuring an alert on this metric is recommended so you'll be notified when an active dos mitigation is performed on your public IP address the spikes on the graph indicate incidents where potential attacks happened next there is web application firewalls for resource attacks at the application layer you should configure a web application firewall or Waf to help secure web applications a Waf inspects inbound web traffic to block attacks Azure provides WAP as a feature of azure application Gateway for centralized protection of your web applications from common exploits and vulnerabilities there are also other Waf offerings available from Azure partners that might be helpful last is protection planning which is not a feature of azure dos protection but a best practice for subscribers to make the most of the features it's essential for a subscriber to prepare for a Dos attack and understand how a system will perform under such circumstances it is important to design an incident management response plan as part of this effort for example dos protection isn't automatically deployed so if you have DOS protection it is recommended to make sure that is enabled on the virtual network of Internet facing endpoints and configuring dos alerts can help constantly monitor potential attacks on the infrastructure independent monitoring of applications is also advised knowing the normal behavior of an application can help you prepare for any deviations during a Dos attack and take prompt action in this video you learned about the key features of Dos protection and the best practice of protection planning aure dos protection constantly monitor traffic utilization and initiates mitigation when the traffic threshold is exceeded it also uses automatic learning of per customer traffic patterns and minimizes false positives the rich Telemetry provided by Azure DS protection can be used to configure alerts and integrate logging with other monitoring services and Azure storage you also learned how dust protection applies autotuned mitigation policies and notifies you when a public IP address is under attack for resource attacks at the application layer it is recommended to configure a web application firewall for centralized protection finally you learned about the importance of protection planning which includes designing an incident management response plan ensuring dos protection is enabled on Virtual Network endpoints and independently monitoring applications to understand their normal behavior overall Azure DS protection provides a comprehensive solution for protecting against dos attacks as one of azure's on demands scalable Computing resources virtual machines offer users greater control over their Computing environment this video provides an overview of virtual machine considerations and uses before creating a virtual machine several factors should be considered such as resource names locations sizes and pricing it is crucial to choose the appropriate size as it will affect processing power memory storage capacity and network bandwidth remember that the region you select for your virtual machine affects the latency and performance for your end users and determines the physical location where your virtual machine runs availability options such as availability sets and availability zones provide redundancy and high availability for your virtual machine to ensure that it remains available even if there is a failure on a physical host or in a data center the VM size you select for your virtual machine determines the amount of CPU memory and storage resources available for your work cloud and can affect the performance and cost of your virtual machine an Azure virtual machine gives you the flexibility of virtualization without having to buy and maintain the physical Hardware that runs it however you still need to maintain the virtual machine by performing tasks such as configuring installing and patching the software that runs on it Azure virtual machines are a coste effective and flexible solution that can be used in various ways some examples are to to develop and test Azure virtual machines offer a quick and easy way to create a computer with specific configurations required to code and test an application you can run applications in the cloud because demand for your application can fluctuate it might make economic sense to run it on a virtual machine in Azure you pay for extra virtual machines when you need them and shut them down when you don't you can also create an extended data center virtual machines in an Azure virtual Network can easily be connected to your organization's Network in conclusion Azure virtual machines are a powerful costeffective and flexible solution for a variety of computing needs with greater control over the Computing environment users can choose the appropriate size and pricing to match their specific requirements while maintaining the virtual machine is necessary it is far less cumbersome than managing physical Hardware from development and testing to cloud-based applications and extended data centers virtual machines offer a multitude of use cases that can be easily scaled up or out to meet growing demands in this video you will learn how to create a virtual machine in Azure and explore the concepts of region availability and VM size step one is to log into the Azure portal step two is to create a new virtual machine once you are signed into the Azure portal select the create a resource button located on the left hand side of the screen search for virtual machine and select create step three is to fill out the basics tab in the basics tab of the create a virtual machine wizard fill out the following information that is subscription select the subscription you want to use Resource Group select an existing Resource Group or create a new one virtual machine name enter a name for your virtual machine select a region that is closest to you or your end users now step four is to choose your availability options in the basics tab you can choose between four availability options the first option is no infrastructure redundancy required this option is suitable for non-critical workloads or when you do not require any redundancy or high availability availability Zone this option is suitable for critical workloads or when you require High availability and redundancy virtual machine scale set this option in azure allows you to easily deploy and manage a group of identical load balanced VMS that are automatically scale-based on demand availability set this option is suitable for workloads that require some level of redundancy and availability but do not require the high availability provided by the availability Zone step five is to choose the image and size in the basics tab select Windows Server 2022 data center Azure Edition x64 or Gen 2 as the image and select an appropriate size for your virtual machine based on your workload requirements and budget step six is to enter a username and password enter a username and strong password that meets the Azure password requirements now step seven is to configure Diss and networking head over to the diss Tab and configure your virtual machine storage settings in Microsoft Azure this is accomplished using managed disk which provide a simplified storage solution for your virtual machines by using managed disk you can offload storage management task to Azure eliminating the need to configure and manage storage accounts yourself in the next tab networking you will need to create a new virtual Network or select an existing one create a new subnet or select an existing one and create a new public IP address or select an existing one now you can select the create button to create your virtual machine you have to wait for for Azure to deploy and provision your virtual machine which may take a few minutes once the deployment is complete you can go to Resource and you'll note that the virtual machine is ready and running by following these steps you have created a virtual machine in Microsoft Azure and explore the concepts of region availability options and VM core size congratulations you have successfully spun up a virtual machine in Azure Microsoft Azure provides many resources and services that can replace or complement on premise services like on- premise services are provided over a network to allow communication between services and network components Microsoft Azure also uses networks for services however these networks are virtual networks or v-net over the next few minutes you'll learn about the components of an Azure virtual Network and how they are interconnected to allow different services within Microsoft Azure to communicate Azure virtual networks or v-ets are the fundamental building block of a private Network in Azure similar to an on premises Network that uses a switch to interconnect devices v-ets enable you to build complex virtual networks but the additional benefits of using v-ets compared to on premise networks are their scalability availability and isolation as part of azure infrastructure virtual networks can connect to Virtual machines or VMS and other Azure resources such as the app service environment Azure kubernetes service and firewall Services v-ets can also connect to other Azure resource types such as Azure SQL databases and storage accounts ultimately Azure v-ets enable resources in Azure to securely communicate with each other the internet and on premises networks all resources in a v-net can communicate outbound to the Internet by default and you can communicate inbound to Resource by assigning a public IP address or a public load balancer to it when adding resources on Azure it is good practice to add resources used for related tasks to a resource Group to keep them separate from others resource groups act as logical containers into which Azure resources like web apps virtual networks and storage accounts are deployed and managed like an on-premise Network a v-net can consist of multiple subnets but will also have a network security group or NSG for each subnet you create a network security group allows you to filter the inbound and outbound traffic through your virtual Network or subnet you can also use nsgs to filter traffic by source and destination IP address port or protocol just like physical networks different subnets in v-ets need to be able to talk to each other can you recall what network device allows two subnets to communicate in a physical Network that's right a router so how does it work with v-ets the simplest and quickest way to connect your virtual networks is by using Azure virtual Network peering it enables you to connect to Azure virtual networks and provide routing capabilities just like a writer does in an on- premise Network peer virtual networks operate as a single connected Network there are two types of peering Regional and Global virtual Network peering Regional virtual Network peering connects Azure virtual networks that exist in the same physical region like West us or East US whereas Global virtual Network appearing connects the regional virtual networks now that you understand what v-ets are let's discuss the Azure Network topology the hubs spoke Network hubs spoke networks are commonly used for hybrid cloud architectures in a hubs spoke Network a central virtual Network called the Hub is connected to several other virtual networks called the spokes this type of network can be simpler to implement and maintain in the long term compared to interconnecting lots of spokes together the The Hub acts as a central location for managing external connectivity into and out of azure and coordinates all Communications to and from the spokes it also hosts services that can be used by multiple spoke networks across Azure in this way the Hub and spoke topology gives companies it departments an effective way to centrally enforce security policies the spokes host different Services known as workloads and connect to the central Hub through virtual Network peering let's exam examine an example of a hubs spoke network with two v-ets each with a different workload one for a website and one for a quote app both v-ets or spokes are connected to a central Hub and the Hub provides a firewall and dos protection that is connected to the internet and on premise offices so far you've learned that v-ets are essential in building out a comprehensive Network in the cloud and utilizing Azure Services across your network but how can businesses with on premise networks start using vets well Azure makes it possible to connect on premise computers and networks to a virtual network using any of the following options point to site virtual private Network sight tosite VPN or Azure Express rout when working towards integrating your on premises network with Azure you need a bridge between the two networks and Azure VPN Gateway provides this functionality a VPN Gateway sends encrypted traffic between the two networks over the internet gateways support multiple connections that root the VPN tunnels through the available bandwidth although a virtual Network can only have one Gateway assigned you can also use a VPN Gateway for Network to network connections in Azure Azure Express right is another option to consider for bridging Express right allows you to extend your on premises networks over a private connection to Azure this connection is facilitated by a connectivity or Cloud exchange provider Express right extends wider than just Azure resources and allows you to establish connections to other Microsoft cloud services like Office 365 in this video you learn that network connectivity is key to delivering services on premises but it's just as important in the cloud Microsoft Azure uses virtual networks or v-ets to provide this connectivity to Services Azure virtual networks enables you to create subnets and add additional Network filtering via network security groups NSG these different virtual networks can be connected together using virtual Network peering within Azure regions and globally and each of these v-ets creates spokes that can all connect to a hub Hub spoke networks forms the foundations of an Azure Network you should now have a deeper understanding of azure infrastructure and how different components interact this knowledge will help you with the planning and implementation of security measures for cloud infrastructure with ever more more cyber security threats around the world protecting data and users should always be a priority on any network firewalls have always been a key part of a network defense strategy and it's no different when using Cloud Technologies and Microsoft Azure over the next few minutes you will learn about the features of the Azure firewall and how it integrates with other Azure services to provide protection Azure firewall is a cloud-based Security Service managed by Microsoft it protects Azure virtual networks and their resources by letting you manage and enforce connectivity policies centrally like all firewalls Azure firewall acts as a shield for your Azure virtual Network allowing only legitimate incoming and outgoing traffic while denying unauthorized or unknown traffic you can configure Azure firewall with filtering rules according to different parameters these include source and destination IP address port and protocol Azure firewall is a fully stateful networ Network firewall that tracks the operating State and the characteristics of network connections traversing it for Azure firewall to do its job effectively you must set it up as a barrier between a trusted Network you want to protect and an untrusted Network that offers potential threats most commonly you deploy Azure firewall as a barrier between your Azure virtual Network and the internet you can deploy Azure firewall within a subnet of a single Azure virtual Network however in most configurations Azure firewall is provisioned inside a hub of a virtual Network this provides the optimal position to build a security policy because all traffic to and from the spoke v-ets on premises networks and the internet can be filtered at this point let's move on to discuss the deployment of azure firewalls interestingly an Azure firewall is deployed with two IP addresses a public IP address to which all INB traffic is sent and a private IP address to which or outbound traffic is sent all traffic inbound and outbound goes through the firewall by default the firewall denies access to everything it's up to the network administrators to configure the firewall with the conditions under which the traffic is allowed through the firewall each condition is called a rule and each rule applies one or more checks on the data only traffic that passes every check in all the rules is allowed to pass through by placing the Azure firewall at the Hub of the Network the firewall can filter traffic whether it is coming directly from the internet from an on premise Network or from different spokes or v-ets for example a business could run a web server within spoke one and only allow Network traffic on ports 80 and 443 for the web service thereby reducing the risk from threats Azure caters for a wide range of security needs the Azure firewall has three different skews to choose from based on specific business needs basic standard and premium first Azure firewall basic is ideal for small to medium-sized businesses that only have a few virtual machines and need protection for low data throughput demands typically less than 250 megabits per second Azure firewall standard is recommended for customers that have multiple virtual machines and therefore require autoscaling to handle Peak traffic periods of up to 30 gbits per second this option provides protection for OSI layer 3 to7 processes which is the network to application layer the standard option also supports Enterprise features like threat intelligence domain name system or DNS proxy custom DNS and web categories Azure firewall premium provides the most comprehensive cover and it's for customers who need to secure highly sensitive applications such as payment processing in addition to all features of the Azure firewall standard it also supports Advanced threat protection capabilities in this video you've learned that that Azure firewall protects virtual networks within Microsoft Azure and is typically set up within the Hub of a network this position enables it to filter traffic to and from the internet and on premise networks additionally from this position it can also protect services that are hosted within Network spokes by setting up denying access rules Azure firewall can filter traffic according to source and destination IP address port and protocol using a firewall to guard the entrance to your virtual network is a significant part of your Cloud security strategy and Azure firewall offers many useful features and levels of skus for keeping your virtual Network guarded from malicious traffic previously you learned that Microsoft Azure firewall has different SKS offering different levels of protection but there are certain factors that determine what skew will be optimal for a network imagine a website where fans can book tickets for soccer matches soccer is a very popular sport so websites like these have a large amount of user data and handle thousands of online transactions and that makes it a lucrative Target for cyber attacks ticket sales are significantly higher for the soccer finals than during the rest of the season so they need a firewall that can scale according to the fluctuation in data traffic it sounds like Microsoft Azure firewall is the perfect option for this kind of website in this video you will learn about key features of the different firewall levels and specifically focus on how Azure firewall standard protects networks earlier you learned that all Azure firewalls can filter traffic based on one or more of the following three Network parameters IP address port and protocol for example you might use a Network rule to allow outbound traffic to access a particular DNS server at a specified IP address like 16863 12916 using Port 53 and the UDP protocol all full Azure firewalls can also filter traffic based on a fully qualified domain name or fqdn for example you might use an application rule to allow outbound traffic to access a server within the Sam Scoops network using the fqdn ice cream. Sam scs.com but there are some significant differences between the basic and standard Azure firewall SKS for starters one of the big differences is how they scale the basic version can only scale to allow a maximum data throughput of 250 megabits per second for example handling traffic for a text-based website whereas the standard firewall can scale to 30 gigabits per second to accommodate changing Network traffic flows this is ideal for video on demand websites this means that with the standard option businesses like the soccer ticket vendor don't need to worry if traffic levels to their Cloud networks increase or decrease the second big difference is that the basic firewall only only supports threat intelligence alerts whereas the standard supports threat intelligence based filtering this means that the standard firewall will alert you to traffic going to or coming from flagged malicious IP addresses and domains but also automatically deny its passing but how does Azure standard firewall know about these flagged IP addresses and domains it uses continuous data streams that provide information on threats that can affect an organization's security this is known as the Microsoft threat int IG feed this feed is generated from multiple sources including the Microsoft cyber security team it comprises a list of indicators of compromise or ioc's that includes malicious URLs malware hashes and malicious email and IP addresses related to attacks worldwide as Microsoft gathers this data it's fed into its security devices such as firewalls by automatically creating rules to block threats that have been detected anywhere in the world getting alerts about threats will B benefit the soccer ticket vendor but they can benefit even more from automatic protection against these threats the standard firewall also has additional features that simplify administrative tasks for example the web categories feature lets administrators allow or deny user access to entire categories of websites such as gambling websites social media websites and others in this video you learned that the basic Azure firewall provides useful filtering tools just like an on premise firewall whereas the standard firewall uses cloud enabled scalability to deal with traffic demand fluctuations the standard firewall also differs from the basic with additional automation features and threat intelligence-based filtering additionally features like web categories make the standard firewall easier to manage it is important to understand the features of different Azure firewall skews to determine what option will work best for different businesses you now know about the major differences between the basic and standard firewall But be sure to explore the complete list of differences between the different SKS in the additional resources reading at the end of this lesson can you imagine managing your social or work life without using apps there are millions of web applications that people use every day and because of their popularity they are a major Target for cyber attacks did you know that Bots or cyber attackers probe new web apps for weaknesses within minutes of deployment in fact as soon as an app launches threat actors start testing it for vulnerabilities and such probes will most likely continue for the lifetime of the app this has major implications for Sam scoop's new web app which is going to launch soon Sam can request the app developers to build custom protection but that will be difficult and timeconsuming additionally attackers come up with new methods all the time this means developing protection for the app will be a continuous process to keep up with the latest threats fortunately Azure has a tool tools specifically developed for app security that can overcome these challenges Azure web application firewall in this video you will learn how the Azure web application firewall protects web applications from common exploits and vulnerabilities let's start by discussing how the Azure web application firewall forms part of the Azure Services you can use to develop and deploy a web app by now you should know that Azure app Services can be used to quickly build and deploy a web app that's available on the internet and services such as Azure SQL database and Azure active directory provide data and authentication for web apps to complete the service offering Microsoft also offers protection for web apps with the Azure web application firewall it provides centralized protection for web applications from common attacks such as SQL injection and cross-site scripting let's consider an example most users of Sam scoop's web app will only be able to access data such as the menu prices and delivery information some of Sam's employees on the other hand will be authorized to sign in and also access account information and other vulnerable data in each case users can only access the data that the web app allows them to access and a proper access control system will protect data from unauthorized access right but web app security is not that simple there are many common exploits that malicious hackers and Bots might use to Target these vulnerable abilities to gain unauthorized access to the app by gaining access to your network attackers can steal corrupt or destroy your data developers could spend countless hours protecting Sam Scoops web app against these exploits however it's easier faster and more efficient to deploy the Azure web application firewall the Azure web application firewall has been configured by Microsoft's team of Security Experts to defend against common exploits and it's constantly updated to defend against new threats but how exactly does it work the firewall sits between the internet and the web app to provide centralized protection of azure hosted web apps Azure web application firewall protects web apps from common threats and only allows authorized users through to the application a great advantage of the Azure web application firewall is that you can deploy it in minutes this means that the Sam Scoops web app can get powerful protection from known threats immediately all without writing a single line of security code it's that great in this video you learned that because web applications are so popular they are a major Target for cyber security attacks with so many different and new attack methods that constantly arise it is a continuous difficult expensive and timeconsuming process to develop protection for web apps in contrast the Azure web application firewall can be deployed in minutes to instant provide powerful protection for Azure hosted web apps against hundreds of common exploits and what's more Microsoft updates the web application firewall continuously to provide protection from the latest exploits that's why it's a better security option for Sam scoop's new web app by now you know that the Azure firewall protects Azure services and v-ets with different kinds of rules it's time to learn how this works in practice in this video you will learn how to deploy an azure firewall in the Azure portal on the Azure portal homepage click firewalls in the Azure Services bar next click create firewall once loaded the create firewall screen will display and it has a number of settings that you need to fill in for the initial firewall creation first select your Azure subscription and the resource Group you intend to use in this case the firewall Resource Group the firewall will need a name typically something you will recognize in the future for this example give it the name of firewall test next you need to specify the Azure region in which the firewall should be deployed in this example use West Europe notice that the Azure firewall can be placed in a number of availability zones for redundancy but leave it as none you now have the choice between the different firewall SKS from basic through to premium for this example select the standard firewall wall previously you learned that firewalls can be managed by a firewall policy this is good when managing many firewalls but since you're only configuring one firewall choose firewall rules instead next you need to specify the virtual Network on which the firewall needs to be select the v-net that we created previously the firewall Hub v-net to get access to the internet the firewall needs a public IP address so you need to create a new address for it click on add new and give it a name in this case firewall Pub and click okay for this firewall deployment you do not need Force tunneling to manage traffic so leave it at the default disabled setting then click review plus create on the next page you can review the settings that you just configured and if everything is in order click create Azure will now deploy the firewall which will take a few minutes at first you will notice the public IP addresses that are being created and then the firewall itself will be created once it's been deployed a go to Resource button appears which you can click to go straight to the firewall deploying the Azure standard firewall is one of the first steps in protecting your Azure v-ets and virtual machines careful planning will then be needed to move on to the next stage of firewall configuration taking into account what the firewall should be protecting and following an organization's security policy once an Azure firewall has been deployed you need to configure its natat Network and application rules these rules will determine how the firewall secures your Azure deployment and what traffic it allows through to your v-ets and virtual machines in this video you will learn how to set up each of these three types of firewall rules you will also learn how to change Microsoft threat intelligence from alert to alert and deny on the Azure portal homepage click firewalls in the Azure Services bar to go to the firewall Services page where you will set up firewall rules but before doing so you need to get the firewall's new public IP address on the main page click firewall public IP and copy the IP address for later use to go back to the main firewall page use the directory navigation at the top then click on go to Resource there are many settings that you can configure on the firewall Services page but in this video you will focus on creating fire wall rules so click rules in the left panel three tabs will appear for the three different rule collections the not rule collection the Network rule collection and the application rule collection start by creating a Nat rule collection by clicking on addn rule collection all rule collections need a name and it's good practice to give them a name that identifies the task they are fulfilling in this case just name it not test every rule needs a priority number which determines the order of processing these numbers should be in increments of 100 between collections to allow you to insert new rules in between for instance at 150 in this example use the priority number of 200 you can create a number of rules under collection but you are just going to create one call the rule Nat one web as it's going to translate the public IP to the web server's private IP for the protocol choose TCP and add a star for the source IP which means anything as the IP could be from anywhere in the world paste the firewalls public IP address that you copied earlier in the space for the destination address the destination Port will be 443 for secure web traffic which will be translated into the address of the web server 17216 4 keep the same port 443 for the translated Port once you are done click add to create the rule after a short time the rule will display play Under the not rule collection tab Network rule collection creation is very similar click add Network rule collection and give the rule a name again something relevant to the job it's doing in this example it will be a rule to allow DNS traffic so name it DNS and give it a priority of 200 set the action to allow which is the alternative to the deny action next under the rules and IP addresses section give the first ruler name in this case dns1 and select the protocol that it will allow for DNS in this case UDP next select the source IP address which in this example is the web server with the IP of 17216 1.4 you can specify specific allowed DNS service at the destination address but in this example add a star thus allowing anything and add the destination port for DNS which is 53 once complete click add the firewall will update adding the rule in the background lastly let's create the application rule collection by clicking on ADD application rule this rule will enable access to the Microsoft website from the web server so name the rule collection Microsoft using the priority number of 200 and choosing allow as the action for application rules you use the target fqdn section give the individual ruler name in this case Microsoft next specify the source IP address of the web server 17216 1.4 and specifying the protocol that can be used which is HTTP and https the last section to fill in is the target fqm box which in this case will be www.microsoft.com again more rules can be added but for now click add the firewall will again update with the latest rule finally let's configure threat intelligence which you can do from the leftand menu under the setting section by default thread intelligence is set to alert only you can change it to off or alert and deny if you want threat intelligence to automatically create rules select alert and deny and click on the save button which will turn on this automatic threat intelligence feature in this video you learned how to configure three firewall rule collection types natat Network and application these rules have many different variables that can help to customize network security by permitting or denying certain traffic you also discovered how easy it is to turn on Microsoft threat intelligence to automatically create deny rules for new threats meet Lara she loves animals and she has two dogs Nimbus and Mushu besides her dogs her other big love in life is biochemistry and her job brings those two passions together Lara works at a research firm that develops Medical Treatments for pets she's especially involved in research on a biomed based vaccine for a common dog virus but one morning when she arrives at work she notices a team of investigators crowded around the server room their Network had been hacked they are busy unraveling a plot where the company's firewall had been hacked to gain access to classified data such as protocols and formulas including all her hard work on the biomed vaccine she would have lost months of work the attempt almost worked but was ultimately unsuccessful however even though gaining access to the data failed the attackers still caused chaos they launched a Dos attack on the company website taking it offline for hours the cyber security investigators find out that a famous team of black hat hackers are behind the security breach and attack black hat hackers are known for their illegal activities and malicious intent they are the bad guys highly skilled individuals who use cyber security techniques and tools for personal through malicious or threat activity they might steal change or delete data to combat future security threats the company hires a cyber security analyst to assess vulnerabilities in their system and propose improvements the analyst finds that the firewall protecting the network has a number of weaknesses that made it possible for the hackers to expose the network with a two-pronged attack the first weakness is poor firewall management as passwords used to protect the the firewall are weak and the firewall itself hadn't been updated with the latest software for years the hackers used a dictionary attack to gain easy access to the firewall that still relies on simple usernames and passwords this enabled them to open a path into the network to search for data they can sell on the dark web after failing to retrieve this data they attempted to cover their tracks by performing a Dos attack flooding the firewall with traffic and taking it offline the system was overwhelmed causing a number of services to fail including the company's website the analyst suggests a cloud transformation plan that involves moving the network to Azure and installing the Azure standard firewall in combination with DOs protection moving to Azure ensures better authentication and authorization policies enforced by Azure active directory more importantly Microsoft continually updates the Azure firewall service making sure the firewall is a secure and robust as possible against zero day attacks and with Microsoft's Advanced threat protection and dos protection working alongside the Azure firewall the network won't be overwhelmed by dos attacks and is protected in other ways too this plan protects all services and also takes out the strain of updating and managing them another great benefit of moving these services to the cloud is that Lara and the other employees can work as they did before nothing about their work processes changes and they can carry on knowing that they are better protected with Azure to make sure the new protective measures work the analysts suggest a purposeful hack of the new system once the services have moved to Azure that's right just to make sure the company hires a team of white hat hackers to test the new security measures white hat hackers also known as ethical hackers or penetration testers are expert hackers who purposely try to hack their clients systems to find find and report on vulnerabilities fortunately the network security withstands the attempts of the white hats thanks to Azure and the great job done by the new cyber security analyst Lara is relieved that the whole episode is over allowing her to once again focus on her life passions all virtual machines are potential targets for an attack when a VM is successfully compromised it's used as an entry point to attack further resources within a virtual environment Scoops has the new web server up and running in Microsoft Azure and is looking to use more virtual machines for different aspects of the business a firewall has been deployed to protect these virtual machines but ports like RDP and SSH have to be open to allow remote access from management through that firewall which creates a security risk and threat actors actively hunt accessible machines with open management ports to solve this dilemma Microsoft Azure offers just in time or jit VM access which is used to prevent these attacks and in this video you will learn how jit can protect virtual machines as well as allowing remote access when needed first what exactly is just in time VM access it's a security feature that allows administrators to control and limit access to VMS by enabling temporary OnDemand access for authorized users it works by defining a set of policies and rules that determine when and for whom access to a VM should be granted as with all cyber security prevention techniques the goal is to reduce the attack surface in this case that means having fewer open ports especially management ports but the problem is legitimate users also use these ports so it's not practical to keep them closed all of the time the solution is to configure and enable just in time access which which will block inbound traffic but allow access on specific management ports this reduces exposure to attacks while providing easy access to connect VMS when needed jit is a part of Defender for cloud which ensures deny all inbound traffic rules exist for your selected ports in the network security group or NSG and Azure firewall rules these deny all rules restrict access to your Azure vm's management ports and defend them from Attack if other rules already exist for the selected ports then those existing rules take priority over the new deny all inbound traffic rules however if there are no existing rules on the selected ports then the new rules take top priority in the NSG and Azure firewall jit offers the perfect security solution for the Sam Scoops virtual machine running its website because the developer of the website only needs access when updating content once a month enabling jit keeps the machine secure until the developer needs access to it say the web developer requests access to the VM web server Defender for cloud checks that he has Azure ro-based access control or arbach if the request is approved Defender for cloud configures the nsgs and Azure firewall to allow inbound traffic to the selected ports from the relevant IP address or range for the amount of time that was specified when giving just in time access when you enable jit VM access for your Ms you can create a policy that determines which ports need protection how long the ports should remain open and the approved IP addresses that can access these ports the policy enables you to control what users can do when they request access in this example of the activity log in the Azure portal you can note that requests are logged allowing you to easily Monitor and audit access for all jit events the policy also helps you quickly identify the existing VMS that have jit VM access enabled and you can note the VMS where jit VM access is recommended in conclusion for Sam Scoops jit protection of the virtual machines makes sense for the business as most of the time management access will not be needed in this video you learned that jit is a great way to control access and reduce the risk from open management ports on your Azure virtual machines it enables you to close down these ports and only open them when a legitimate user needs access to that particular machine you learned how to better manage access to Virtual machines with just in time or jit but gaining access to a machine is not the only way data can be accessed data stored in the cloud could be hosted with other companies data all on the same hardware and when transporting the data it is vulnerable to interception when using any public cloud service it is critical to protect data at all times across the cloud and this is where encryption comes in in this video you will explore the best practices around encryption when using virtual machines in Microsoft Azure and learn how to describe Key Management processes that are used to protect data to understand the different types of encryption you should know that all data can be in different states at different moments in time at the most basic level data can have the following two states data at rest is settled and stored somewhere it can include storage objects and files that are on physical media the media can be Optical discs or magnetic discs such as hard drive discs or hdds and data in transit is being moved whether over a network or between two locations or between applications first let's examine data at rest encryption this kind of encryption is a mandatory step to ensure data privacy compliance and sovereignty the at rest encryption in Azure uses symmetric encryption to encrypt and decrypt large amounts of data quickly and the following two best practices are recommended you should apply dis encryption to help Safeguard your data you can use Azure dis encryption for Linux VMS or Azure dis encryption for Windows VMS disk encryption combines the industry standard Linux DM Crypt or Windows bit Locker feature to provide volume encryption for the operating system and data diss you should also use encryption to help mitigate risks related to unauthorized data access to do so you have to encrypt your drives before you write sensitive data to them protecting data in transit is also an essential part of any data protection strategy because data is moving back and forth from many locations it is recommended to use TLS protocols to exchange data across different locations in some circumstances you can isolate the entire Communication channel between your on premises and Cloud infrastructures by using a VPN it also depends what service is being used and by whom for example Azure customer traffic has to be encrypted when it moves between data centers in other words outside the physical boundaries of Microsoft's control a data link layer encryption method using the i e 802.1 AE Max security standards also known as maxc is applied from point to point across the underlying Network Hardware the packets are encrypted on the devices before being sent preventing physical man-in-the-middle sniffing and spoofing attacks best practices for data in transit include securing access from Individual workstations located on premises to an Azure virtual Network by using a point to site VPN securing access from multiple workstations located on premises to an Azure virtual Network by using a site to site VPN and moving larger data sets over a dedicated high-speed Wan link if you choose to use express right to create a high-speed Wan link you can also encrypt the data at the application Level by using SSL TLS or other protocols for added protection next let's move on to Azure Key Management in Azure encryption keys can be either platform managed or customer managed platform managed keys or pmk are encryption keys that are generated stored and managed entirely by Azure customers do not interact with pmk for example the keys used for Azure data encryption at rest are pmk by default customer manag keys or cmks on the other hand are those that can be read created deleted updated and or administered by one or more customers for example bring your own key or by is a cmk scenario in which a customer Imports keys from an outside storage location into an Azure Key Management Service another specific kind of customer managed key is the key key encryption key or kek a kek is a primary key that controls access to one or more encryption keys that are themselves encrypted customer managed keys can be stored on premises or more commonly in a cloud Key Management Service key vault is the Microsoft recommended solution for managing and controlling access to encryption Keys used by cloud services permissions to access keys can be assigned to services or to users through Azure active directory account when you use key Vault the customer maintains control and Microsoft never sees your keys and applications don't have direct access to them in conclusion securing data across any public Cloud platform is a vital part of any data protection strategy whether the data is in transit or at rest Microsoft Azure provides encryption mechanisms to cover both States for at rest data symmetric encryption is used because it's quick within Transit data many different mechanisms exist depending on what service and location is being used including VPN or maxc Technologies using a Key Management Service like Microsoft key Vault can help manage and control access to the Keys used across your Azure deployment following best practices is essential to reduce risk to your data and this includes managing the different encryption keys in use you have learned about just in time access and the benefits of protecting but still allowing access to management ports configuration of jit can be performed in a number of different ways you can use Defender for cloud programmatically enable jit VM access with your own custom options or you can enable jit with default hard-coded parameters from Azure virtual machines in this video you will focus on how to configure jit using hard-coded parameters from Azure virtual machines enabling SSH remote access before enabling jit Defender for cloud has to be enabled it has a 30-day free trial that converts to a paid for subscription from the Azure homepage search for and select virtual machines click the Sam Scoops web virtual machine and select configuration from the leftand menu select upgrade your Microsoft Defender for cloud subscription to enable a just in time access select upgrade on the Microsoft Defender for cloud page select continue without installing agents on the right hand side you are now running the 30-day Defender for cloud subscription and now you can follow along to learn how to enable jit on a VM from the Azure virtual machines pages of the Azure portal on the Azure portal search for and select virtual machines select the Sam Scoops web virtual machine you want to protect with jit in the leftand menu select configuration you can now select enable Just In Time by default just in time access access for the VM for Windows machines allow RDP access on Port 3389 for 3 hours and from any IP address as in this example to edit any of these values and add SSH access use Microsoft Defender for Cloud's justtin time page under the Justin Time VM access click on open Microsoft Defender for cloud from the configured tab right click on the VM to which you want to add a port and select edit under jit VM access configuration you can either edit the existing settings of an already protected port or add a new custom port to add SSH select add and add the port number for the SSH which is 22 select TCP and leave the allowed Source at per request which is any IP address also leave the default of 3 hours and select okay now that SSH has been added you can delete access for RDP by clicking the three dots on the right of the page and selecting delete the Sam Scoops web machine now just supports remote access via ssh in this video you saw how jit access can be set up to manage virtual machines this can be achieved in a number of ways but to start you have to enable Defender for cloud to enable the jit feature from here you can configure jit via Defender for cloud or from the virtual machine itself as in the example once configured jit restricts access to machines until a user requests access to the device you have come to the end of the first week of the course well done quite a lot was covered in these lessons so it's a good idea to revisit the most important points before you take the quiz to make sure you're ready let's start with reviewing lesson one in the first lesson you were introduced to the course you reflected on what you H to learn and how to be successful in the course and you also familiarized yourself with the course syllabus lesson two was all about Azure distributed denial of service protection you now know that there are two different types dods IP protection which protects any public IP Source without needing a separate protection plan and dos Network protection which offers protection for multiple subscriptions with just one protection plan you learned that Azure dos protection uses multiple layers of protection to guard against and M miate dos attacks these layers include firewalls Network segmentation traffic analysis and machine learning algorithms in this lesson you also learned how to configure dos protection and Link it to a virtual Network and you explored features of azure dos protection like always on traffic monitoring the service constantly monitors traffic usage and when the traffic threshold is exceeded dos mitigation is automatically initiated during mitigation traffic is re redirected to the Dos Protection Service where several checks are performed to ensure packets conform to internet specifications and are not malformed attack traffic is dropped and the remaining traffic is forwarded to its intended destination it also sends an alert via Azure monitor metrics delving deeper into the service you learned about dos IP and network protections reference architecture which is a set of proven best practices for deploying multiple Windows Virtual machines and you learned how to monitor Azure dos protection for security issues later in the lesson you explored the basic layout of the Azure portal as well as the different uses of virtual machines in Azure for example you can use them for application development and testing or running applications in the cloud perhaps the most important part of this lesson was the exercise in which you learned how to create a virtual machine in the Azure portal next was lesson three which was about Azure firewall protection in which you first learned about the components of virtual networks or v-ets Azure v-ets enable resources in Azure to communicate with each other the internet and on premises networks to be able to do this you first need to create a resource Group which acts as a logical container for Azure resources like web apps v-ets and storage accounts so they can be deployed and managed v-ets are critical and so is protecting them which you can do with an Azure firewall that provides centralized management and enforcement of connectivity policies allowing legitimate traffic while blocking unauthorized or unknown traffic and all Azure firewalls can filter traffic based on IP address port and protocol by placing an Azure firewall at the Hub of the network the firewall can filter traffic directly from the internet from an on premise Network or from different spokes in this lesson you learned about the three different firewall skews Azure firewall basic standard and premium and you compare the basic and standard firewalls for example the basic firewall is ideal for low data throughput demands typically less than 250 megabits per second while the standard firewall can autoscale to handle Peak traffic periods of up to 30 gigabits per second there's also the web application firewall or Waf which forms part of azure services for web application development and deployment configured to defend against common exploits like SQL injection or cross-site scripting the Waf is continually updated to counter new threats and there are multiple types of firewall rules like threat intelligence application Network firewall rules and network address translation or natat for example Nat is used to translate and filter traffic based on public IP addresses and all the types can be combined in a collection of rules and one or more collections make up a firewall policy in the practical activ activity and exercise in this lesson you also learned how to create a resource Group v-ets and three different types of rule collections for a firewall as well as deploying and configuring a firewall last was Lesson Four which was about just in time access or jit and encryption here you learned about the need to protect exposed management ports via jit just in time access allows administrators to control and limit access to Virtual machines by granting temporary OnDemand access for only authorized users this clever approach ensures that management ports are only open when needed significantly reducing the attack surface when it comes to encryption it's vital to know that you have to protect data at rest and data in transit remember data at rest is settled and stored somewhere while data in transit is moving over a network or between two locations or applications to unlock the power of encryption you need keys and and that's where Azure key Vault can help it helps with the management and control of encryption Keys used by CDE Services key VA also helps with Secrets management as it can be used to securely store and tightly control access to tokens passwords and other secrets you also learn that there are two kinds of encryption client side and server side client side encryption is performed outside of azure like data encrypted by an application that's running in the customer's data center or data that is is already encrypted when it is received by Azure with client side encryption customers maintain complete control of the keys then there's server side encryption which has three models service managed Keys customer managed keys and service managed keys in customer controlled Hardware each model has its own appeal and possesses specific advantages depending on your specific needs and requirements let's not forget about the best practices for securing Azure resources if you recall these are ensuring that only authorized users can set up new VMS and access them protecting machines from malware managing VM updates encrypting virtual hard disk files and monitoring and restricting VM direct internet connectivity these all help to reduce the threat landscape across your Cloud deployment in Microsoft Azure and your VM resources on a more practical note you learned how to create a jit policy and Implement just in time access to secure vulnerable ports and that's the end of this summary if there is anything that you feel unsure about after watching this video make sure to revisit the relevant items before you tackle the quiz good luck as organizations are increasingly relying on cloud platforms for their storage and Computing needs safeguarding data in the cloud is becoming more crucial than ever in this video you will explore the importance of cloud security and how it is implemented in Microsoft Azure you'll also discover how Azure security features are essential to guard Sam scoop's Cloud environment against constantly emerging cyber security threats Microsoft Azure is one of the leading Cloud platforms and it offers robust security measures designed to protect data and ensure the privacy and integrity of its customers it's important to understand that cloud security involves a series of practices Technologies and policies that work together to safeguard data stored and processed in the cloud securing ay comp's Cloud infrastructure is important because it prevents unauthorized access and cyber threats businesses should Implement measures to defend themselves against malicious actors attempting to steal sensitive information or disrupt operations these measures include authentication protocols encryption firewalls and intrusion detection systems Azure incorporates a wide array of security features to ensure data Protection One such feature is aure active directory which provides robust identity and access management allowing administrators to control user permissions and access levels additionally Microsoft Defender for cloud earlier known as Azure security Center offers continuous monitoring and threat detection analyzing data and providing actionable insights to prevent potential attacks furthermore azure's complian certifications also strengthen its Cloud security Microsoft Azure adheres to rigorous standards and regulations such as ISO 27001 gdpr and hiaa you will learn more about this in later courses in this program this compliance ensures that businesses operating in various sectors can meet industry specific security requirements next let's explore how Sam Scoops can utilize azure's Cloud security features Sam Scoops collects valuable customer data including payment information and personal details and maintaining the security and confidentiality of this data is vital for the company's success and reputation as a reliable Company by migrating their data to Azure Sam Scoops can Leverage The platform's robust security features they can protect their customers information from potential breaches and reassure them that their data is safe and secure azers encryption capabilities ensure that sensitive data remains encrypted both during storage and transmission safeguarding against unauthorized access furthermore azure's monitoring tools can help Sam Scoops maintain compliance with data protection regulations it enables them to monitor access logs detect unusual activity and respond promptly to any security incidents this proactive approach allows them to address potential vulnerabilities before they become major threats by prioritizing Cloud security through Azure Sam Scoops gains a competitive Advantage they can promote the trustworthiness of their brand demonstrating their their commitment to protecting customer data with data breaches becoming more common customers appreciate companies that prioritize their privacy and security needs in conclusion Cloud security is of utmost importance in today's digital landscape as organizations increasingly rely on cloud platforms like Microsoft Azure implementing robust security measures becomes vital to protect sensitive data and ensure the privacy and integrity of customers Azure offers a wide range of security features such as Azure active directory and Microsoft Defender for cloud which provide identity and access management continuous monitoring and threat detection capabilities you've also learned that cloud Security in Azure goes beyond just protecting data it also ensures compliance with industry specific security for Sam Scoops migrating their data to Azure enables them to leverage these security features and protect their customers valuable information and what's more by encrypting data during storage and transmission Sam Scoops can ensure that unauthorized access is mitigated additionally azure's monitoring tools allow them to monitor access logs and promptly respond to any security incidents maintaining compliance with data protection regulations protecting data in the cloud requires a layered security approach and that's why Microsoft Azure offers many different services that work together to protect your Cloud infrastructure against a wide range of threats so far you've learned about various Azure security tools in this course you covered dos protection and Azure firewall in depth and you are also introduced to elements of Microsoft Defender for cloud such as just in time access but Microsoft Azure offers even more features that form part of a comprehensive set of Security Solutions designed to help you Safeguard your data and applications knowing about all the advanced security features in Azure is important to excel in a care career in cyber security in this video you will explore some of the more advanced Security Solutions that Azure offers let's get started Defender for cloud formerly known as security Center is a unified Security Management and advanced threat protection solution with Defender for cloud you can monitor security across various resources ensuring realtime protection you will have access to security alerts threat intelligence and actionable recommendations to stay on top of indust standards and regulatory requirements next is Microsoft Sentinel previously Azure Sentinel which is a cloud native security information and event management or Sim and security orchestration Automation and response or sore solution leveraging Advanced analytics and machine learning Microsoft Sentinel helps you detect and investigate threats across your entire organization's infrastructure it can automatically respond to incidents by executing guidelines set out in predefined playbooks to mitigate potential risks A playbook is basically a collection of actions that guides response automation plus Sentinel seamlessly integrates with third-party Solutions and other Azure services like Azure active directory another powerful Azure security tool Azure active directory or Azure ad is a cloud-based identity and access management service it is your ally in protecting your applications data and users can you imagine how complex it becomes to keep thousands of azure resources PCI DSS compliant within a large corporation like this it also allows you to enforce strong password policies and use features like multiactor authentication or MFA and conditional access policies to ensure secure access and you already learned about the powerful cloud-based service Azure key Vault that provides Secure Storage and management of cryptographic keys certificates and and secrets with Azure key Vault you can protect your cryptographic keys and secrets with strong key protection you can deploy certificate securely and seamlessly across your applications and infrastructure and then there is also Azure information protection also known as AIP which is a cloud-based solution that helps you classify label and protect your sensitive data wherever it goes with Azure information protection you can classify and label your data based on its sensitivity this service allows you to apply Rights Management policies to control access to your data ensuring that only authorized individuals can view and interact with it furthermore you know about Azure dos protection by now and how it Shields your applications and data from distributed denial of service attacks with Azure dos protection you receive always on protection against dos attacks it scales as needed to handle even the largest scale attacks keeping your applications and data safe in conclusion Microsoft Azure offers a comprehensive set of Security Solutions that can help you protect your data and applications in the cloud Microsoft Defender for cloud is a powerful security service that helps businesses protect their Cloud environments from cyber threats earlier you learned that this unified Security Management solution enables you to monitor security across various resources you will explore its different features benefits and which Azure Services it can monitor and protect but which resources does it cover and how exactly does it work in this video you will explore how Microsoft Defender for cloud can benefit small businesses like Sam Scoops Microsoft Defender for cloud offers a range of capabilities including devc Ops Cloud security posture management or cspm and Cloud workload protection platform or cwpp these capabilities collectively contribute to safeguarding Applications data and and infrastructure let's discuss each of these in more detail devc Ops is a practice that integrates security into the software development life cycle ensuring that code is secure right from the start Defender for cloud provides insights into the security of the development environment from a single location giving businesses peace of mind cspm or Cloud security posture management helps businesses identify and fix security misconfigurations this reduces the risk of vulnerabilities being exploited with cspm Defender for cloud offers customizable security conditions based on industry benchmarks cwpp or Cloud workload protection platform helps businesses protect their workloads within the cloud environment it offers a comprehensive set of security controls safeguarding applications and data with cwpp Defender for cloud also offers real-time threat detection and response enabling quick actions to mitigate potential security incidents in addition to these capabilities Defender for cloud also offers several other features that can benefit businesses including multicloud coverage it can be used to protect workloads in multiple Cloud environments including Azure Amazon web services and Google Cloud platform Defender for cloud also offers a range of advanced tools that can help businesses improve their security posture including governance features Regulatory Compliance verification and a cloud security Explorer furthermore Defender for cloud gives you a data aware security posture to reduce data risk and respond to data breaches it does this by automatically identifying data stores containing sensitive information and continuously uncovering risks that might lead to data breaches additionally it also provides attack path analysis Defender for cloud models Network traffic to identify potential risks before implementing any changes in the environment and lastly it offers permission management Defender for cloud offers Microsoft entra permissions management which simplifies the task of managing permissions across popular Cloud platforms by adopting Microsoft Defender for cloud businesses can effectively secure their Cloud environments optimize their operational efficiency and ensure Regulatory Compliance here are some specific benefits that Sam Scoops can expect from using Microsoft Defender for cloud by identifying and fixing misconfigurations it can help Sam Scoops reduce vulnerabilities that could be exploited it can help Sam Scoops protect their workloads with a comprehensive set of security controls safeguarding their applications and data it also offers real-time threat detection and response it can help Sam Scoops quickly identify and respond to potential threats mitigating potential security incidents furthermore by automating security tasks Defender for CDE can help Sam Scoops safe time and money another benefit is a centralized view of security data Defender for cloud provides a centralized view of all security related data making it easier for Sam Scoops to identify and respond to threats and it also improves compliance Defender for cloud can help Sam Scoops to comply with industry regulations like health insurance portability and accountability act or Hippa General data protection regulations or gdpr and payment card IND data security standard or PCI DSS now that you know what Microsoft Defender for cloud does let's move on to which Azure resources it protects it monitors a vast range of services including virtual machines and virtual machine scale sets as well as other major third-party cloud services like those from Amazon and Google additionally it also offers protection for a range of P Services you might be familiar with many of these P services for instance def fender for cloud protects Azure cloud services which is a platform for building and deploying windows and Linux based applications it also secures Azure app service a fully managed platform for building and deploying web mobile and API apps and you've learned about Azure key Vault furthermore Defender for cloud protects Azure kubernetes service which helps you deploy and manage containerized applications and it protects Azure load balancer which distributes traffic across multiple Azure Resort make sure to review the list of P Solutions protected by Microsoft Defender for cloud later in this lesson overall Microsoft Defender for cloud is a powerful security platform that can help businesses of all sizes protect their Cloud environments by adopting Defender for cloud businesses can improve their security posture reduce risk and save time and money like many companies all over the world Sam Scoops moved their operations to the cloud because of all of the benefits Azure holds such as scalability flexibility and cost efficiency however in doing so they also face The crucial task of ensuring the security of their data and applications over the next few minutes you will learn about the best practices that Sam Scoops should follow to ensure the security of their Cloud infrastructure firstly to establish a robust security framework Sam Scoops must Implement a comprehensive identity and access management strategy within its Azure environment this inv involves leveraging Azure active directory for user authentication and employing role-based access control or arbac to manage permissions effectively additionally they should assign appropriate roles to different users based on their responsibilities granting access only to authorized individuals further to ensure secure access Sam Scoops should Implement a multiactor authentication policy adding an extra layer of protection these practices guarantee that the Azure resources remain accessible only to authorized people following best practices around network security also plays a vital role in safeguarding data during Transit and controlling the flow of traffic within the Azure environment Sam Scoops can achieve this by implementing virtual networks network security groups or nsgs and application gateways and by applying nsgs to these v-ets they can have granular control over inbound and outbound traffic ensuring that only authorized communication occurs furthermore the implementation of application gateways or a firewall enables them to securely expose their web applications to the internet shielding them from potential threats these measures significantly minimize the attack surface and reinforce data protection now let's move on to the next best practice which is data security protecting data both at rest and in transit is of utmost importance to achieve this Sam Scoops must utilize various Azure services such as Azure storage service encryption SSL and TLS certificates and Azure key Vault for storing and managing cryptographic Keys let's explore why to ensure data security at rest Sam Scoops can enable encryption for their Azure storage accounts to protect data in transit they can Implement SSL and TLS certificates to establish secure communication channels preventing unauthorized access during Transit by leveraging Azure key Vault they can securely store and manage their cryptographic keys maintaining the confidentiality and integrity of their sensitive data lastly let's discuss the fourth and final best practice monitoring and threat detection continuously monitoring the Azure environment and promptly detecting potential threats are vital aspects of maintaining a secure environment Sam Scoops can achieve this by leveraging Microsoft Defender for cloud security Center and Azure monitor by utilizing Microsoft Defender for cloud Sam Scoops can gain valuable insights into their Azure environment security posture it helps identify vulnerabilities misconfigurations and potential threats allowing them to take proactive measures to mitigate risks additionally Azure monitor provides comprehensive monitoring capabilities enabling them to monitor Logs set up alerts and gain realtime visibility into their environment security status these best practices serve as an EXC excellent guide for Sam Scoops to establish a secure Azure environment by diligently implementing these measures they can effectively protect their data applications and most importantly their customers it is crucial for any organization leveraging Azure to prioritize security these best practices lay the foundation for a robust security framework that ensures the resilience and protection of their digital assets Microsoft Defender for cloud is a central location for setting and monitoring your organization's security posture you can view which Solutions adhere to security measures and which systems need to be secured in this video you will learn about the Microsoft Defender for cloud interface and its main features Microsoft Defender for cloud is a solution for cloud security posture management or cspm and Cloud workload protection or cwp it can help you find weak spots across your Cloud configuration and it helps strengthen the overall security posture of your environment and protect workloads across multicloud and hybrid environments from evolving threats let's examine the interface specifically the main overview page an overview of security posture Regulatory Compliance workload protections and inventory can all be seen on the main overview page select the Microsoft Defender for cloud security posture page option and you can view the security posture of hybrid Cloud workloads security alerts coverage and information Defender for cloud continually assesses Cloud environments for security vulnerabilities and misconfigurations it then Aggregates the findings into a secure score in this case 69% the higher the score the lower the identified risk level is navigate back to the overview Page by selecting Microsoft Defender for cloud overview in the top leftand part of the screen then select recommendations Defender for cloud provides recommendations on how to resolve security issues as recommendations are implemented the secure score improves organizations often face a high volume of security recommendations like the ones listed here on the recommendation dashboard you can select and expand a recommendation like this one for internet facing virtual machines to help make sense of the recommendations the intelligent Cloud security graph and attack path analysis prioritize the most critical risks the paths shown have a potentially High business imp impact that attackers can exploit this graph shows the attack path nodes representing resources which are found across the top in round circles with all the potential attacks listed in the graph underneath in this example to prevent lateral movement an internet facing VM needs an NSG to protect the VM by selecting remediation steps you can view recommendations to kill the attack chain in this example there are no unhealthy resources because the Sam Scoops web machine is protected you can view it by clicking on healthy resources let's return to the recommendations to select another one this time for applying system updates by selecting remediation steps and the resource the task can be assigned to another user to remediate Step One select the virtual machine step two select a sign owner step three fill in the email address or select the select owner box to find the user in this example it's Jamie step four select a due date for the task and select save it will take a few seconds to take effect to view recommendations associated with a specific resource you need to navigate back to the overview page select inventory and then the virtual machine Sam Scoops web a list of recommendations for that VM now displays navigate back to the previous menu by selecting Microsoft Defender for cloud in the top left hand side of the screen for risk hunting and attack surface EXP exploring select the cloud security Explorer from the overview page Cloud security Explorer equips security admins and power users with query based tools and starter templates for risk hunting and resource exploring enabling users to query the graph for their own findings now select the overview option from the menu on the left hand side of the screen and then select Regulatory Compliance this function helps you check compliance across Industries thereby streamlining the process of meeting Regulatory Compliance requirements in an industry as recommendations are acted upon it reduces the environmental risk factors so compliance and posture improve you can select audit reports to view different compliances for example you can select PCI and download the payment card industry data security standard or PCI DSS report now select Microsoft Defender for cloud overview to return to the overview page from there select environment settings here you can manage the subscription settings for Defender for cloud by selecting your subscription you can see the defender plans that have been enabled click on the three dot menu select edit settings and then from the list displayed you can switch plans on or off these are some of the features you can access via the Microsoft Defender for cloud interface Defender for cloud closely monitors an Enterprise's security posture enabling you to reduce risks by prioritizing recommendations it also enables you to search for risks across the Azure subscription by exploring the attack surface of your resources this in turn allows you to improve compliance and Implement security governance just by using the defender for cloud interface server administrators understand that it's efficient to administer and maintain servers in an on premise data center remotely with Windows infrastructure as a service and virtual machines being deployed in Azure administrators must rely solely on Remote Management to administer and maintain cloud-based resources thus far you have learned that you can use jit access to protect ports during remote access but they are still exposed for a configured period of time so how can administrators securely connect to remote cloud-based VMS without exposing the management interfaces of those VMS to the internet the answer is azure Bastian a fully managed platform as a service or P service that allows you to securely connect our your VMS remotely by providing secure and seamless RDP and SSH access to your VMS thus reducing the attack surface in this video you will learn about this service and how it works to refresh your memory the attack surface is the number of possible points or attack vectors from which an unauthorized user can access a system and extract data the smaller the attack surface the easier it is to protect organizations must constantly monitor their attack surface to identify and block potential threats as quickly as possible but it's difficult to neutralize all attack vectors when remote access is needed because by necessity it relies on the internet let's consider an example suppose an organization's network administrator needs to connect to the Azure VMS remotely in the past this app ran on a couple of Windows Server computers in your head office data center whenever you needed to administer the app you connected using remote desktop protocol RDP over TCP Port 3389 you also use secure shell or SSH over Port 22 to administer the VMS because the app was hosted on a Computing resource in a private data center you had no concerns about malicious hackers gaining access over the Internet however the app now runs on VMS hosted in Azure which are exposed to connect to the VMS you must now expose a public IP address on each VM for your RDP SSH connections and potential protocol vulnerabilities make this type of connection undesirable as a solution you could use a jumpbox server VM a jumpbox server is an intermediary between your Management console and the target VMS network security policy permits access only to the jumpbox from remote networks denying direct access to the rest of the network in which the jump server resides only by accessing the jump server can you access other devices on the network jump servers are great but they have to be managed and maintained thereby creating a risk because if the machine isn't updated and maintained it can be attacked if you're using Azure a better solution would be to use Azure Bastion to protect access to these remote VMS because it doesn't require management or maintenance thus reducing Risk by implementing Azure Bastion you can manage the Azure VMS within a configured Azure virtual Network by using either RDP or SSH without needing to expose those management ports to the public internet let's examine the architecture of a typical Azure Bastion deployment and the endtoend connection process Azure Bastion is deployed in a v-net that contains another subnet with several Azure VMS nsgs protect the subnets in the virtual Network the NSG protecting the VM subnet allows RDP and SSH traffic from the Azure Bastion subnet Azure Bastion supports Communications only through TCP Port 443 from the Azure portal the typical connection process in Azure Bastion is as follows first an administrator connects to the Azure portal using any HTML 5 browser via a connection secured with TLS second in the portal the administrator selects the VM they want to connect to third the portal connects over a secured connection to Azure Bastion through an NSG that's protecting the virtual Network hosting the targeted VM fourth Azure Bastion initiates a connection to the Target VM and fifth the RDP or SSH session opens in the browser on the administrator console azer Bastion streams the session information through custom packages and these packages are protected by TLS by using Azure Bastion you bypass the need to directly expose RDP SSH to the internet on a public public IP instead you connect Azure Bastion securely with secure sockets layer or SSL and it connects to the Target VMS using a private IP Azure Bastion achieves the key goal of enabling secure Remote Management of hosted VMS thereby reducing the attack surface as a managed service you don't need to update Azure Bastion or manually configure nsgs and related settings it helps protect your hosted VMS because it provides the convenience of securely using both RDP SSH to manage VMS remotely and avoids exposing ports to the internet Azure Bastion represents the best solution to enabling secure Remote Management of azure hosted VMS in this video you will learn how to deploy Azure Bastion from the Azure portal on the Sam Scoops Azure tenant and use Azure Bastion to protect the Sam Scoops web VM you will also learn how Bastion can be combined with jit access for better protection let's begin from the Azure portal homepage use the search function to find virtual networks and select the virtual networks option then select the web server virtual Network on the page for the virtual Network in the left pane select Bastion to open the Bastion page on the Bastion page select configure manually this lets you configure specific additional settings when deploying Bastion to your v-net on the create a Bastion page configure the settings for the Bastion host the project details are automatically populated according to the selected v-net and subscription you are working with therefore the project details already has Azure subscription one and web server selected to configure the Bastion instance details give it a name in this case use Sam Scoops select a region West Europe selected tier you'll be using standard instance count is the setting for host scaling SC in it's configured in scale unit increments leave it at the default of two configure the virtual network settings by selecting the web server v-net from the drop-down menu next Azure Bastion needs a subnet named Azure Bastian subnet to configure the Azure Bastian subnet select manage subnet configuration on the ad subnet page create the Azure basan subnet using the following values leave the other values as default the subnet name must be Azure Bastion subnet the subnet address range for Sam Scoops is 17216 2.0 sl24 the subnet must be at least sl26 or larger to accommodate features available with the standard skew select save at the bottom of the page to save your values navigate back to the Bastion configuration Page by selecting create a Bastion in the top left hand side of the screen the public IP address section is where you configure the public IP address of the Bastion host resource on which RDP SSH will be accessed over Port 443 the public IP address must be in the same region as the Bastion resource you're creating to create a new IP address leave it as the default which is create new you can leave the default naming suggestion when you finish specifying the settings select review plus create this validates the values once validated passes you can deploy Bastion select create there will be a message letting you know that your deployment is in progress status will display on this page as the resources are created it takes about 10 minutes for the Bastion resource to be created and deployed let's now go over the steps to connect Bastion with jit access in the Azure portal select virtual machines select the Sam Scoops web VM at the top of the page select connect from the IP address drop-down menu select private IP address and select request access this opens the jit ports for Bastion to connect to at the top of the page select Bastion to go to the Bastion page and select use Bastion which will allow you to connect to a Windows computer using RDP and Port 3389 the authentication type is already specified as password leave this setting as is complete the required Authentication values in this case for the Sam Scoops VM the username is azed admin with the password P sign dollar sign dollar sign at sign1 234567 to open the VM session in a new browser tab leave open in a new browser tab selected select connect to connect to the VM the connection to this virtual machine via Bastion will open directly in the Azure portal over HTML 5 using Port 443 and the Bastion service in this video you learned how to configure and deploy Azure Bastion to connect a virtual machine in this example jit access was used with Azure basan for Extra Protection of the management ports in the modern business World policies are like compasses keeping companies on track with rules and guidelines to ensure consistency and compliance many of these rules and procedures are enforced on companies by industry standards or even require requirements set by the state where companies are based but many companies also need to enforce their own rules to ensure secure business operations and efficient spending such company policies are essential to control which resources are used in the Azure environment and their costs in this video you will learn how Azure policy can be used to enforce rules about the use of azure resources imagine a scenario where Sam Scoops grow so large that it is entirely m grated to the Azure Cloud environment using many Azure Services across the business but imagine their revenue starts slowing down due to factors out of their control to reduce costs management could ask the IT team to apply more granular control over the resources deployed in the Azure environment the it team's First Step will be to deploy the Azure policy to create assign and manage policy definitions policy definitions impose different rules and ction on resources like VMS so that those resources comply with corporate standards and service level agreements or slas policies focuses on both the properties of new resources during deployment and those of existing resources it assesses resources checking those that do not conform to policy definitions Sam scoop's it team would generally use these policies to address compliance control or scale needs policy definitions enable them to govern resource consistency Regulatory Compliance security and costs in fact with Azure policy they can specify configuration requirements for any resources that are created and take one of these actions identify resources that are out of compliance block the resources from being created add the required configuration there are three main pillars in the functionalities of azure policy enforcement and compliance applying policies at scale and Remediation let's explore each concept briefly the first pillar is about realtime enforcement and compliance assessment for example the IT team can use Azure policy to control costs by restricting the SKS of VMS they can also limit the deployment of VMS to less expensive regions and control which Solutions are used from the Azure Marketplace each policy also provides compliance assessment of all existing resources this data then Powers the compliance overview aggregating results across all applied policies this is an example from the policy overview dashboard within the Azure portal and it indicates that this environment has a compliance score of 100% the second pillar of azure policy is applying policies at scale by leveraging management groups by assigning a policy to a Management Group you can impact hundreds of subscriptions and all their resources through a single policy agreement two concepts are important here policy initiatives and exclusions policy initiatives allows you to group policies to view the aggregated compliance result this example within the policy definition dashboard demonstrates that you can create an initiative definition and add multiple policies to that definition at the initiative level there's also a concept called exclusions where one can exclude either the child Management Group subscription Resource Group or resources from the policy assignment when assigning a policy you can specify exclusions for the subscription as seen in this example policies will make changes to your virtual environment so make sure to test everything before creating them validate your policy syntax the actions that will be taken and the scope in use the scope of a policy definition typically includes the affected management groups subscriptions and resource groups as well as the inclusions exclusions and exemptions the third pillar of your policy is remediation a remediation policy will automatically remediate non-compliant resources so your environment stays compliant note that existing resources will only be flagged as non-compliant but they won't automatically be changed since changing them can impact your environment for these cases you can create a remediation task to make these resources compliant then you can use the Azure policiy compliance dashboard to check the results of your policy assignments in this example the subscription is only 50% compliant so more work is needed to meet the compliance goals in this video you learned that Azure policy can help companies control costs compliance security and management across Azure Sam scoop's it team can reduce Cloud infrastructure costs by creating compliance rules and implementing them on a large scale across the company through management groups fortunately this will not automatically affect existing resources thereby minimizing the impact on their Cloud environment Azure policy will only flag non-compliant existing resources and not automatically change them the IT team can create separate remediation tasks to make these existing resources compliant there is still a lot to learn about how Azure policy helps companies enforce policies and standards and you will explore all its features during the rest of this lesson as Sam Scoops will be using Azure services and virtual machines more often it makes sense to implement some rules that can help manage costs this can be done by creating a new custom policy that prevents the creation of more expensive virtual machines from the G Series G Series VMS are more costly because they have more memory and use Solid State Storage these resources are not needed for Sam scoop's current business applications so by creating this policy a request from any user in the organization to create a G Series VM will be denied in this video you will learn how to use Azure policy to create and Implement a custom definition across a business from the Azure portal homepage search and select policy from the policy page select definitions under authoring on the left side of the Azure policy page then select the plus policy definition button at the top of the page which will open the policy definition page here you will create the new policy start by entering the following information in the definition location box add the subscription for which the policy definition is intended search for the required subscription by clicking the ellipses next to the text box in this example it's subscription one add the name of the policy definition in this case require VM SKS not in the G Series next add the description of what the policy definition is intended for in this example this policy definition enforces that all virtual machines created in this scope have SKS other than the G Series to reduce cost for the category you can create a new category or choose from existing options in this example the existing category compute will be used the policy rule uses Json code and is the essence of the policy rule in this example the code was created earlier and pasted into the policy rule box you don't need to understand Json code at this point it's enough to know that this code uses an if then statement that says if the type of resource is a virtual machine of the skew standard G then the effect is deny another option is to import sample policies from the GitHub website which holds several policy samples once complete select save now that the policy is created you have to assign it to the intended subscription or a particular Resource Group in that subscription you can select your option from the ellipses next to the scope text box in this example let's assign it to the entire subscription subscription one if you assign a policy to an entire subscription or a Management Group you can also add exclusions to the policy using the ellipses under exclusions the assignment can then be given a name and a description of what the assignment is for in this example denying the creation of the G Series virtual machine on the whole Sam scoop subscription the policy can be enabled or disabled and the name of the user who assigned the policy should be specified in the provided box under assigned by In This example enabled by Ashton to assign the policy select review and create review the policy and then select create the policy will now be assigned to the subscription taking 10 to 15 minutes to take effect to view the policy assignment select policy from the top and then select assignments from the menu at the left then select refresh after 15 minutes you will see your newly created and assigned custom policy in this video you learned how to create a custom policy custom policies are useful to help a business enforce its governance requirements across subscriptions and resource groups it helps keep an organization's Azure implementation compliant by implementing a custom policy Sam Scoops can better control its Cloud costs as they expand their usage of azure so far you've learned how Azure policies can be used to govern resource creation across subscriptions but you might have realized that it will take a lot of effort to create and maintain policies for all the processes and resource types of a business using Azure how can you ensure cons consistency limit human error and Empower teams by only allowing secure and regulated deployment of azure resources that's where Azure blueprints come in and in this video you will learn how it helps streamline and scale a company's governance in a consistent and compliant way consider how an architect sketches a Project's design parameters using a blueprint in the same way Azure blueprints enables a business to define a repeatable set of azure resources that implements an ad ads to the company's standards patterns and requirements let's revisit the scenario where Sam Scoops grows into a large scale Corporation fully migrated to Azure when dealing with payment data they must comply with the payment card industry data security standards or PCI DSS can you imagine how complex it will become to keep thousands of azure resources PCI DSS compliant within a large corporation like this by using Azure blueprints the various development teams across the company can build new environments rapidly with the assurance that they're staying within PCI DSS requirements blueprints use buil-in components like networking to speed up development and delivery you can think about Azure blueprints as a package that you can use to deploy and deliver governance blueprints are composed of the following Azure artifacts rooll assignments policy assignments resource groups and Azure resource manager templates or arm arm templates are JavaScript object notation or Json files that Define the infrastructure and configuration for your deployment more information on arm can be found in the additional resources these artifacts are embedded into the blueprint or package which can then be composed versioned and assigned to a Management Group containing multiple subscriptions or it can be assigned directly to a single subscription once assigned the package will start the deployment of roles policies templates or resource groups against the management group or the chosen subscription a significant advantage of using Azure blueprints is that it offers several built-in blueprints for various regulations Sam Scoops can use a pre-built blueprint for PCI DSS compliance and apply it to its Management Group can you imagine how much time this will save them and what's more Microsoft keeps adding blueprints to Azure across many different Industries and countries various types of organizations across the world use these pre built blueprints to speed up the deployment of compliant environments in conclusion by using Azure blueprints organizations can easily create resources but also keep compliant at the same time and instead of developing their own rules and standards companies can save development Time by using Microsoft's pre-built blueprints by applying pre-built blueprints to their Management Group Sam Scoops can be assured that all resources that developers create will align with the selected compliance rules previously you learned that continuous monitoring of an on premise Network helps to track and mitigate any potential threats to a network the more information you can gather from different sources the better this is no different when a network is in the cloud security information and event management or SIM for short is a solution that helps organizations detect analyze and respond to security threats before they harm business operations in this video you will learn about Sim and how it is used to diagnose issues Sim combines both security information management and security event management into one Security Management System Sim technology collects event log data from a range of sources identifies activity that deviates from the norm with real-time analysis and takes appropriate action it gives organizations insight into activity within their Network so they can meet compliance requirements and respond swiftly to potential cyber attacks Sim tools collect Aggregate and analyze volumes of data from an organization's applications devices servers and users in real time so security teams can detect and block attacks the tools use predetermined rules to help security teams Define threats and generate alerts Sim is part of Microsoft Sentinel and it can gather data across the whole Microsoft Azure Cloud using all the different possible sources including the Microsoft Defender offerings Sim systems can mitigate cyber risks with a range of use cases such as detecting suspicious user activity monitoring user Behavior limiting access attempts and generating compliance reports these systems vary in their capabilities but generally offer these core functions first is log management Sim systems gather vast amounts of data in one place organize it and then determine if it shows signs of a threat attack or breach second is event correlation the data is sorted to identify relationships and patterns to quickly detect and respond to potential threats and third is incident monitoring and response Sim technology monitors security incidents across an organization's Network and provides alerts and audits of all activity related to an incident with the introduction of AI and machine learning Sim tools are also becoming more powerful with so many potential incoming risks it's hard for security teams to separate the legitimate risks and attacks could slip through unnoticed AI can be used to sift through millions of data points and algorithms to help produce a condensed list of threats and vulnerabilities to the cyber security worker thereby reducing workload Sim tools offer many benefits that can help strengthen an organization's overall security posture these benefits include a central view of potential threats real-time threat identification and response and advanced threat intelligence as well as Regulatory Compliance auditing and Reporting and greater transparency monitoring users applications and devices just like an on premise Network sim collects data and logs from as many sources as possible to detect threats organizations of all sizes use sim solutions to mitigate cyber security risks and meet Regulatory Compliance standards it's an important part of an organization's cyber security ecosystem when collecting data across the cloud Sim gives security teams a central place to collect Aggregate and analyze volumes of data across an Enterprise effectively streamlining security workflows it also delivers operational capabilities such as compliance reporting Incident Management and dashboards that prioritize threat activity previously you learned about Sim and that it's used to monitor Cloud Solutions and on on premise network devices the monitoring is performed by collecting data from many different sources across the on premise networks and the cloud as you now know Microsoft Sentinel is Microsoft Sim offering and in this video you will learn about Sentinel and how it is deployed Microsoft Sentinel is a cloud native Sim and sour system that a security operations team can use to collect data from virtually any source and get security insights across the Enterprise detect and investigate threats quickly by using built-in machine learning and Microsoft threat intelligence and automate threat responses by using playbooks and by integrating Azure logic apps unlike with traditional Sim Solutions you don't need to install any servers either on premise or in the cloud to run Microsoft Sentinel rather Microsoft Sentinel is a service that you deploy in Azure you can get up and running with Sentinel in just a few minutes in the Azure portal Sentinel is tightly integrated with other cloud services not only can you quickly ingest logs but you can also use other Cloud tools like authorization and Automation in their native environments Microsoft Sentinel enables endtoend security operations including collection detection investigation and response to store the data for Microsoft Sentinel a log analytics workspace is needed it's a unique environment for log data from Azure Monitor and other azure services such as Microsoft Sentinel and Microsoft Defender for cloud each workspace has its own data repository and configuration but might combine data from multiple Services more information can be found in additional resources now let's go through the steps needed to deploy Microsoft Sentinel to deploy Microsoft Sentinel first sign into the Azure portal next search for and select Microsoft Sentinel once on the Microsoft Sentinel page page select create Microsoft Sentinel from the bottom middle of the dashboard Microsoft Sentinel needs a workspace for data collection and storage this is a log analytics workspace if a workspace already exists this can be selected but in this example one will need to be created to do this select create a new workspace on the create log analytics workspace page select the resource Group where the workspace will reside in this example the RG web server give the instance a name in this example scoop Sentinel and select a region that the data will reside in in this example you shall use the same region as the selected Resource Group East us next select review plus create and now select create once the workspace has been created an add button will appear at the bottom of the page select add to add Microsoft Sentinel to the Scoops Sentinel workspace once added the Microsoft Sentinel free trial is activated for 31 days before billing for the service commences select okay Microsoft Sentinel has now been deployed The Next Step will be to add data sources which you will learn more about in the rest of this lesson in this video you learned more about Microsoft Sentinel a service that is set up from within the Azure portal when deploying it a workspace has to be created where the collected data can res and this also determines the region for that data to be stored in once the workspace has been created Microsoft Sentinel can be added and then you're ready to add data sources previously in this lesson you learned about Microsoft Sentinel and how it is deployed Sentinel delivers intelligent security analytics and threat intelligence across the Enterprise but it can only do this when provided with data this data is provided by a number of different sources and in this video you will not just learn about the sources but also the supported data formats let's consider a scenario where Sam Scoops business operations have expanded significantly its security operations or sack Ops team may be overwhelmed by a high volume of alerts which would mean that they may spend far too much time on tasks like infrastructure setup and maintenance as a result many legitimate threats may go unnoticed security analysts like this team face the huge huge task of triage by assessing alerts and determining how urgent they are they not only have to sift through a sea of alerts but also manually correlate alerts from different products or using a traditional correlation engine but there's an easier way to handle this task if they use Microsoft Sentinel it will do triage for them and what's more Sentinel offers nearly Limitless Cloud scale so it can quickly address security concerns the first step for the team would be to integrate Sentinel across their organization to onboard Microsoft Sentinel the security team first need to connect to security sources these data sources which can be Hardware devices or virtual machines can be connected using different data types and formats the first is an inbuilt data connector like the ones in this screenshot Microsoft Sentinel comes with a number of inbuilt connectors for Microsoft Solutions providing realtime integration for Services these Services include Microsoft threat protection Microsoft 365 sources Azure ad Azure ATP and Microsoft Cloud app security and more using the inbuilt connectors will increase deployment speed but the store may have lots of appliances like on premise firewalls that don't have built-in connectors yet to remedy this the security team can use CIS log and common event format or CF or rest AP API to connect data sources to Microsoft Sentinel CIS log is an event logging protocol common to Linux CF is an industry standard format on top of CIS log messages used by many security vendors to allow event interoperability among different platforms and rest API is an application programming interface that two computer systems use to exchange information securely over the Internet an agent is needed to translate the data before it s to Microsoft Sentinel in order to connect the data sources that can perform realtime log streaming using the CIS log protocol an agent is a computer program that performs various actions continuously and autonomously in this case translation depending on the appliance type the agent is installed either directly on the appliance or on a dedicated Linux server if there's no vendor provided connector you can use the generic CF or CIS log connector applications will send messages that may be stored on the local machine or delivered to a CIS log collector to connect the data sources the Microsoft Sentinel agent which is based on the log analytics agent converts CIS log format logs into a format that can be ingested by log analytics the agent must be deployed on a VM to support the communication between the appliance and Sentinel you can deploy the agent automatically or manually automatic deployment is only available if your dedicated machine is a new VM you created in Azure here a VM that has been installed in Azure is running the log analytics agent which is receiving the CIS log data from on premise sources before passing it on to Microsoft Sentinel some data sources are connected using apis typically most security Technologies provide a set of apis through which event logs can be retrieved the apis connect to Microsoft Sentinel and gather specific data types and send them to Azure log analytics using CIS log and apis work great when you are dealing with appliances that don't have inbuilt connectors but both options involve extra work like installing a virtual machine with an agent for translation or building your own connector via rest API where possible using the built-in connectors for Microsoft products is much easier because it's just a matter of switching them on there are also built-in connectors to the broader security ecosystem system for non-microsoft Solutions these are known as vendor connectors and they can reduce setup time these connectors primarily use the CF and syis log connector as their foundation in this video you learned that once Microsoft Sentinel has been deployed in an environment the next step is to connect it to data sources many Microsoft products have built-in connectors and connecting to these sources is simple for other vendors without inbuilt connectors and on premise equipment CIS log or apis can be used to connect data sources to Microsoft Sentinel additionally some third-party vendors have also created their own connectors to help make a security analyst deployment of Microsoft Sentinel an easier task in conclusion data connectors serve as critical links that enable seamless integration with a wide array of data sources previously you learned about Microsoft Sentinel Sim capabilities and how it collects detects and investigates threats and then responds to them Sentinel supports security teams by centralizing alerts but teams can still easily get overwhelmed by the volume of security alerts and incidents luckily Sentinel has other capabilities that can help security teams deal with this in this video you will learn about Sentinel security orchestration Automation and response or sore capabilities let's imagine Sam Scoops business operations have grown so large that they need to deploy Microsoft Sentinel to improve their security posture Sentinel is great at identifying security alerts and incidents that had previously gone unnoticed but a high volume of alerts and incidents may leave the available Personnel feeling overwhelmed which means many of these alerts are ignored this leaves the business vulnerable to attack let's investigate how they can address this vulnerability Microsoft Sentinel in addition to being security information and event management or Sim system is also a platform for security orchestration Automation and response or SAR the main goal of SAR is to collect threat related data and automate threat responses by doing so it frees up the precious time of the security team automation takes a few different forms in Microsoft Sentinel for example there are automation rules that centrally manage the automation of incident handling and response and Playbook books that run predetermined sequences of actions to provide powerful and flexible Advanced automation to your threat response tasks let's first examine rules more closely besides letting you assign playbooks to incidents and alerts automation rules also allow you to automate responses from multiple analytic rules at once automatically tagging assigning or closing incidents Sam Scoops can use this automation to assign specific incidents to security analysts in this way incidents are captured instead of being missed automation rules are made up of and or or statements looking to match specific alerts or incidents in this example if Microsoft Sentinel detects a multi-stage attack involving the IP address of 17216 1.1 the rule automatically assigns an owner to the incident automation rules also allow you to apply automations when an incident is created and updated this capability further streamlines automation use in Microsoft Sentinel and enables retail businesses to simplify complex workflows for incident orchestration processes now let's move on to Playbooks A playbook is a collection of response and Remediation actions and logic that can be run from Microsoft Sentinel as a routine A playbook can help automate and orchestrate your threat response it can integrate with other systems both internal and external and when triggered by an analytics or automation rule it can be configured to run automatically in response to specific alerts or incidents A playbook can also be run manually and On Demand responding to incident page alerts this would enable Sam Scoops to take off some of the pressure on their security team by automatically dealing with many of the alerts and incidents for example the business may receive a large volume of alerts with recurring patterns which can't be processed or investigated because it's so timec consuming and intensive using realtime automation the security team can significantly reduce their workload by fully automating the routine responses to recurring types of alerts here is an example where based on the user input The Playbook can change the status of the alert the control action intercepts the user input and if the expression is evaluated to be true statement The Playbook changes the sty status of the alert in case the control action evaluates the expression to be false the Playbook can run other activities such as sending an email in conclusion Microsoft Sentinel Sim is great at collecting data investigating threats and generating alerts but in larger organizations the volume of alerts and incidents can be overwhelming even though Microsoft Sentinel gives you one place to access all of this information responding to every alerted incident is timec consuming sore can help to automate some of these responses by using rule Automation and playbooks rule automation can help assign close or even send alerts and incidents to playbooks for further response and Remediation this automation frees up a lot of a security team's valuable time it's the end of the second week of the course and time to review what you've learned thus far to make sure you're ready to take the quiz let's start with lesson one one in this lesson you learned that Security Management of a company's Cloud infrastructure is vital because it prevents unauthorized access and protects against cyber threats Azure has several services that help businesses to implement defensive measures against cyber threats one such service is Microsoft Defender for cloud which offers continuous monitoring and threat detection analysis of data and actionable insights to prevent potential attacks you explored how Microsoft Defender for cloud can benefit businesses it offers a range of capabilities including devc Ops Cloud security posture management or cspm and Cloud workload protection platform or cwpp these capabilities collectively contribute to safeguarding Applications data and infrastructure except for specific services offered by Microsoft there are also best practices that a business like Sam Scoops can follow to ensure the security of their Cloud infrastructure for example protecting data both at rest and in transit is critical to do so Sam Scoops can enable encryption for their Azure storage accounts Implement SSL and TLS certificates and leverage Azure key Vault to securely store and manage cryptographic Keys Sam Scoops devops teams can use Azure devops and Azure policy to build secure applications and infrastructure Azure devops can also help the business Auto at the deployment of security updates and patches reducing the risk of security vulnerabilities being exploited in lesson two you explored virtual Security Solutions primarily how Azure Bastion can reduce the attack surface But first you learned how to use the Microsoft for Defender Cloud interface and how the service can help strengthen the security posture of a cloud environment then you moved on to the specifics of how Azure Bastion Works Bastion is a fully managed platform as a service or path service that allows you to connect to Azure VMS remotely by providing secure and seamless RDP and SSH access to your VMS thus reducing the attack surface very importantly in this lesson's practical exercise you learned how to deploy Azure Bastion to Shield virtual machines moving on to lesson three you learned about Azure standards and policies and how Azure policy can ensure compliance with industry rules and guidelines by creating a assigning and managing policy definitions policy definitions impose different rules and actions on resources like VMS so that those resources comply with corporate standards and service level agreements or slas policies focuses on both the properties of new resources during deployment and those of existing resources here you also learned about the three pillars of azure policy which are enforcement and compliance applying policies at scale and Remediation an initiative definition is a set of policy definitions that help track the state of resource compliance to meet the company's overall goal initiative definitions can be created or you can use the built-in definitions in Azure after creating initiative definitions you must assign policies to affected resources and then evaluate the state of compliance for scoped resources you also learned how Azure management groups enable you to apply one policy to an entire hierarchy of subscriptions Azure policy has over over 70 categories of built-in policies to support organizations in the governance of their Azure resources on a more practical note you learned how to use Azure policy to create and Implement a custom definition across a business to help manage costs specifically the demonstration showed how to create a new custom policy for Sam Scoops that prevents the creation of more expensive virtual machines from the G Series in this part of the course you learned about Azure blueprints and how the service can help streamline and scale a company's governance in a consistent and compliant way blueprints is like a package you can use to deploy and deliver governance and they are composed of azure artifacts which include role assignments policy assignments resource groups and Azure resource manager templates or arm these artifacts are embedded into the blueprint or package which can then be composed versioned and assigned to a Management Group containing multiple subscriptions or it can be assigned directly to a single subscription last was Lesson Four which was about Sim and sore security information and event management or SIM for short is a solution that helps organizations detect analyze and respond to security threats before they harm business operations next you learned about Microsoft Sentinel security orchestration Automation and response or SAR capabilities the main goal of SAR is to collect threat related data and automate responses by doing so it frees up the precious time of security teams automation takes a few different forms in Microsoft Sentinel for example there are automation rules that centrally manage the automation of incident handling and response and playbooks that run predetermined sequences of actions to provide powerful and flexible Advanced automation to your threat response tasks rule automation can help assign close or even send alerts and incidents to Playbooks for further response and Remediation so now you know that Microsoft Sentinel is a cloud native Sim and Source system that a security operations team can use to get security insights across the Enterprise by collecting data from virtually any source that is stored using log analytics detect and investigate threats quickly by using buil-in machine learning and Microsoft threat intelligence and automate threat responses by using playbooks and by integrating azure apps you also learned about Sentinel data connectors Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the Enterprise but it can only do this when provided with data via connectors Sentinel comes with a number of in-built connectors for Microsoft Solutions providing realtime integration for services ultimately combining Sim and sore make sense because they are complimentary Sim collects data and gathers evidence while sore provides Automation and intelligence and that wraps up the summary remember if you don't feel confident about a specific topic you can still review the relevant items before taking the quiz take your time to prepare and all the best for the quiz security threat prevention is not limited to just network security it also covers applications email collaborations endpoints crosss Solutions identity and more Security Professionals need a way to analyze the threat signals from each of these domains holistically to determine the full scope and impact of cyber threats and Microsoft 365 Defender provides the ultimate solution to this need previously you've learned about Microsoft Defender for cloud but many different Defender Services can be used together to form an integrated security solution over the next few minutes you'll learn about the integrated Defender services and how they operate to determine how a threat entered a cloud environment what domains it affected and how it's currently impacting an organization to understand what a GameChanger Microsoft Defender can be for a security team you need to grasp the challenges that they face cyber attackers do not operate in isolated domains of applications endpoints identities or data they establish a foothold and move laterally across these domains defending the entire landscape can be challenging first the number of threat signals from all domains can be enormous and lead to alert fatigue normalizing and analyzing alerts promptly is a near impossible task for security teams second when security teams view signals across domains in isolation they can't see lateral movement and persistence much less overall context and when different teams work in silos using domain-based Solutions it becomes challenging to put all the pieces of an attack together which brings up the last point when perimeter protection is domain based so too is the response if you only understand a threat within the boundaries of a single domain you might not discover understand or remediate so to understand a threat spread over several domains Microsoft 365 Defender offers integrated cross-domain threat detection and response Solutions it provides coordinated automatic defense across all service domains to block threats before they become attacks to reduce signal fatigue it automatically normalizes raw signal data from those domains analyzes that data and correlates it into incidents an incident in Microsoft 365 Defender is a collection of correlated alerts and Associated data that make up the story of an attack and it provides context for all the signals so security teams can understand the larger impact of the attack all this happens in One dashboard that requires no specific expertise or customization the Microsoft 365 Defender Suite protects user identities with Microsoft Defender for identity and Azure ad identity protection endpoints with Microsoft Defender for endpoint or mde applications with Microsoft Defender for cloud apps also referred to as MDC and email and collaboration with Microsoft Defender for Office 365 or mdo let's explore these different Microsoft 365 Defender Services in more detail starting with Microsoft Defender for identity or MDI which is a cloud-based security solution MDI uses your on premises active directory data called signals to identify detect and investigate Advanced threats compromised identities and malicious Insider actions directed at your organization Microsoft Defender for identity provides Security Professionals who manage hybrid environments the functionality to Monitor and profile user behavior and activities protect user identities and reduce the attack surface identify and investigate suspicious activities and advanced attacks across the Cyber attack kill chain and lastly it provides clear incident information on a simple time timeline for fast triage next Microsoft Defender for endpoint or mde is a platform designed to help Enterprise networks protect endpoints it does so by preventing detecting investigating and responding to Advanced threats mde embeds technology into current Windows operating systems and Microsoft cloud services this technology includes endpoint behavioral sensors that collect and process signals from various sources these include operating systems and Cloud security analytics that turn signals into insights detections and recommendations and threat intelligence with this data mde identifies attacker tools and techniques and it also generates alerts Defender vulnerability management is also built into mde which delivers asset visibility intelligent assessments and built-in remediation tools for Windows Mac OS Linux Android iOS and network devices let's move on to Microsoft Defender for cloud apps or MDC MDC is a comprehensive cross solution that operates as an intermediary between a cloud user and the cloud provider MDC provides Rich visibility to cloud services control over data travel and sophisticated analytics to identify and combat cyber threats across all Microsoft and third-party cloud services this service provides app governance by discovering all Cloud apps being used in the organization it can detect Shadow it which are installed apps that were not cleared by the IT department it also controls and protects data in all approved apps used throughout an organization and finally let's discuss data loss prevention or DLP which is a security feature that protects sensitive data and forms a key part of various Microsoft 365 Defender Services it prevents sensitive data from being accidentally or intentionally shared with unauthorized users for example DLP can prevent someone from sharing personal information or intellectual property it can also stop someone from accidentally emailing a file attachment to an unauthorized recipient in this video you learned about different Microsoft 365 Defenders services and how they can protect organizations holistically each of these different Services can protect identity Office 365 endpoints and Cloud apps many of them also include additional features like app governance with Cloud apps what's more is that mde also has built-in vulnerability management this is all brought together and accessible through the Microsoft 365 Defender portal Microsoft 365 defend vender protects organizations against sophisticated cyber attacks it coordinates detection prevention investigation and response to threats across endpoints identities email and applications Microsoft 365 Defender is a unified pre- and post breach Enterprise defense Suite in this video you will take a practical walkthrough of the defender 365 portal you will discover how it brings together many any services and features to correlate all related alerts across products into a single incident Microsoft 365 Defender can stop persistence attacks before they happen across all domains it automatically makes an enormous amount of normalized threat data available without the painful and timeconsuming task of analyzing it and to give security teams leverage over those threats before they become attacks Microsoft 365 Defender removes the fusion and clutter of siloed security portals it offers one solution to bring threat data together for rapid and complete responses for example Microsoft 365 Defender automatically correlates domain level signal data into incidents to give security teams a full attack timeline plus it provides a complete view of the affected assets including the infected identities end points and mailboxes it also recommends how to triage the damage quickly additionally it automatically uncovers connections between alerts across security domains enabling response across the entire attack and remediating all the damage including persistence this self-healing process handles both mundane and complex remediations last Automation and artificial intelligence free security teams to focus on hunting for sophisticated attacks using the wealth of data that Microsoft 365 Defender provides they can then use their organizational expertise and knowledge of internal behaviors to investigate and uncover the most sophisticated breaches next let's explore how the portal provides a unified experience for protection investigation and response beginning with incidents they're the starting point for your investigations which almost always include opening alert entity and investigation Pages no alert correlation into incidents isn't new what is new is that you can now wholly investigate an incident including alerts from all the included services without ever leaving the Microsoft 365 Defender portal nor do you leave the portal when you open alerts from included Services instead Microsoft 365 Defender provides a unified alert page to explore and investigate all of them alerts now have the same look and feel and provide a consistent experience across the board likewise go down a level by opening a device email or user and you'll notice the new entity Pages similar to how incidents correlate alerts entity Pages correlate signals for specific entity from the various included Services all in one View and without ever leaving the Microsoft 365 Defender portal so they don't interrupt the flow of your investigation next is the unified investigation page it introduces a shared language for all the included services investigations previously each had its own investigation page and this new unified page offers a consistent experience the last big area is threat analytics the builtin threat intelligence solution that helps security teams face emerging threats efficiently it provides reports that help you use the expertise of the Microsoft threat intelligence team with that knowledge you can identify and protect yourself from emerging threats all in one portal threat analytics includes endpoint data from Microsoft Defender for endpoint and email data from Microsoft Defender for Office 365 by integrating Microsoft Defender for endpoint Defender for identity Defender for Office 365 and Defender for cloud apps into Microsoft 365 Defender the broad scope of available data lets a security team see the complete story of an attack from start to finish allowing them to investigate and remediate incidents more quickly previously you learned how Microsoft 365 Defender brings several threat Protection Services together providing a dashboard to view all incidents and alerts Microsoft 365 Defender has many features and in this video you will focus on one of these features the incidence and alerts dashboard the incidence que is a central location to prioritize cross domain attacks and alerts it lists each incident by severity and includes the context and data security teams need for a comprehensive response to start your investigation select an incident the summary tab describes the incident's scope and context to help you quickly understand the threat for example it shows the total number of alerts and how many remain active to help you understand the scope of the attack the summary tab shows the number of affected assets including devices users and mailboxes plus a list of the top impacted entities ranked by risk level or priority below is a summary of the evidence that Microsoft 365 Defender investigated and its remediation status and to the right is some helpful metadata like tags data sensitivity and groups on this one tab you gain valuable Insight before you even begin digging into the others next the alerts tab lists alerts linked to this incident including for each the severity status and reason it was linked many of the alerts in this incident were automatically investigated and resolved by Automation and artificial intelligence which means less work for the analyst the devices tab lists each impacted device including its risk level and tags the detail side pane offers additional info and you can drill deeper into the device details by selecting it on the users tab you see a list of users associated with this incident notice the investigation priority it's based on user and entity Behavior analytics and can help guide your investigation the higher the number the closer you want to look at that user related to that are the mailboxes involved in the incident selecting a mailbox will open it in threat Explorer so that you can investigate further the investigations tab lists the statuses of automated investigations that Microsoft 365 Defender performed for each triggering alert select an alert to see more details including the remediation action the last tab is evidence initially this displays a summary of the evidence that Microsoft 365 Defender investigated including files emails users and more for each type you see the number of remediated malicious suspicious and unremediated entities you can drill down into each type to see a complete list for example you can select files then select a specific file to see its detail details in the side Paine in this case Microsoft 365 Defender automatically remediated the file Microsoft 365 Defender automatically investigates and remediates affected assets once you've checked over the incident and are satisfied that it's handled Market resolved to do that select manage incident then toggle the resolve incident switch classify the incident as true or false alert and choose a determination after saving the incident Microsoft 36 5 Defender marks any outstanding alerts as resolved next let's explore how Microsoft 365 Defender combines alerts from various detection sources into a single queue to help improve signal quality threats are listed and their sources are listed in the detection Source column including Microsoft Defender for endpoint Microsoft Defender for identity and more the unified portal lists the alerts from all these sources in one place providing a single single dashboard for SEC Ops to manage alerts across our Microsoft 365 security products helping you to understand the big picture select an alert to see more information about it in the detail side pane like the Alert state details and policy that triggered it plus information on the incident to which it's linked any automated investigation details and impacted entities likewise Microsoft 365 Defender offers a unified alert page it's a common layout and shared language for alerts from Microsoft Defender for Office 365 and other detection sources at the top of the page asset cards list the mailboxes devices and users impacted by the alert below the asset cards the alert story helps you understand what triggered the alert if you select any messages or activities in the alert Story the detail side pane updates to provide contextual information for the selected item select open email page to drill down even further into the new email entity page which can help you investigate emails quicker and with richly detailed information for example the analysis tab provides enhanced data about an email including authentication detection details and overrides plus it includes an email and header preview then there's the attachments Tab and the URL tab next to it they offer Rich detonation details like the files IP addresses and URLs observed for a threat plus screenshots application and URL behaviors and more of course alerts for other sources like Microsoft Defender for endpoint and Microsoft Defender for identity are here too not only are they all in this one place but they also have a similar user experience again once you're done with the alert classify it as a true or false alert and add a determination Microsoft Defender will use that signal to help tune future alerts in this video you learned that Microsoft 365 Defender automatically Aggregates malicious and suspicious events from different device user and mailbox entities in the network and you now know that grouping related alerts into an incident gives security teams a comprehensive view of an attack earlier you learned that you can manage roles for Microsoft Defender for Office 365 or mdo globally using azure ad roles but if you need more control over specific user roles then you can use the default email and collaboration roles in Microsoft 365 Defender you can use these role groups for the most common tasks and functions sometimes however these default roles do not suit the permission level of certain users in this case you can create custom roles in this video you will explore why custom roles are so useful and how to implement them within mdo Sam Scoops is on the way to becoming a large corporation they will need a big security team to support all the different aspects of Microsoft products and services used by the company now imagine that you are the manager of their security team and you need to refine the data that different security team members can access across different services including Microsoft Office 365 for instance the Microsoft 365 Defender administrator should be able to edit roles but the endpoint security analyst should only be able to view and remediate endpoints how can you do it if you use Azure active directory roles it will grant all users access to many different services so you need a way to specify different roles and permissions and that's why the roles in mdo are the perfect solution let's explore how you can go about this task using the default rooll groups of mdo permissions in the Microsoft 365 Defender portal first someone who manages roles must either have a global administrator role in Azure ad or an organization management role for mdo permissions specifically role Management in Defender for Office 365 allows users to view create and modify mdo role groups by default that role is assigned only to the organization Management Group with these permissions you can access all the different default roles to navigate to this view within the Microsoft Defender under portal select permissions in the leftand menu next to manage mdo permissions select email and collaboration roles and then roles on this page you can assign it team members to these default Ro groups which will only give them specific access to the data from Microsoft Office 365 by selecting the role group itself a list of the assigned roles appears you can get the full list of the different roles and permissions in the additional resources at the end of this lesson next let's explore how to set up custom roles with custom roles you can limit the access of users to only certain relevant data with the least permissive roles custom roles can be created in addition to Global Azure ad roles for instance endpoint security analysts do not need access to all the data within Microsoft 365 Defender because they are only responsible for remediating issues related to endpoints to to create a custom role select create a custom role in the top right hand side of the permissions page and fill in the configuration details on the custom roll setup Pages for instance add a name with a description of what the purpose of the role is when done select next you can then assign permissions based on three different permission groups Security operation security posture and authorization and settings for the endpoint security analyst choose the security posture option and then select all read and manage permissions which will allow them to act upon recommendations and remediate endpoints once these steps are complete you can select apply and then next the next step is to assign users to the new custom role for endpoint security analysts to do this select add assignment on the assignment page choose the correct data source in this case Microsoft Defender for endpoints and now you can add a user user to the custom role in this example the user Ashton is being assigned to this role once added select next and then review the role before selecting submit a final confirmation page appears to confirm the new role select done in this video you learned that with mdo now being part of Microsoft 365 Defender you can manage roles centrally from the permissions page on the portal you can use the builtin roles for email and collaboration to control what data users can see in Microsoft Office 365 but you can also create custom roles if you need even more granular control over what data users are allowed to access when creating a custom role you can select what permissions the role should have based on their responsibility level for Sam Scoops the built-in roles will work perfectly for many staff members in the security team and for staff members that do not fit any of the default roles you can set up customer roles to restrict access to certain data you now know that Microsoft Defender Services have been merged together under one portal known as Microsoft 365 Defender these Services include Defender for Office 365 identity Cloud apps and endpoint in this video you will learn more about Microsoft Defender for endpoint or mde and how it helps to secure endpoints against the latest threats and risks imagine a retail or organization like Sam Scoops expanding there would be many devices across multiple locations and Sam Scoops would need a solution to help protect the organization's devices that aren't always connected Can Microsoft Defender for endpoint help look after the many endpoints let's investigate unprotected or misconfigured devices can pose a risk to organizations for a retail organization to protect itself it has to ensure that all its devices are protected many organizations have suffered reputational and financial loss at the hands of attackers attackers can take advantage and do damage to devices or data that means that an organization's security posture has to be a secure as possible given that malicious actors regularly attempt attacks How Can Microsoft Defender for endpoint reduce vulnerabilities in its setup earlier you learned that mde is an endpoint security solution that offers vulnerability management endpoint protection detection and response mobile threat defense and manage services in a single unified platform it enables you to prevent detect investigate and respond to security threats and risks across Windows Windows Server Mac OS Linux Android and iOS devices this is great for a retail organization because it has a variety of devices Microsoft Defender for endpoint takes advantage of Technologies including endpoint behavioral sensors these sensors gather and process behavioral signals and activities on the endpoints and share this information with an MD Cloud instance this is a great benefit for a security team at a retail business as endpoints are widely dispersed across different sites and so tracking these behaviors locally is impossible Cloud security analytics translate these behavioral signals into insights detailed detections and then recommends actions to respond to Advanced threats it does this using tools such as UND device machine learning big data and cloud-based machine learning Microsoft also uses its unique visibility into activity across other products such as Microsoft 365 and its Windows ecosystem threat intelligence for Microsoft security teams and partners provide information that allows Microsoft Defender for endpoint to identify tools procedures and techniques used by attackers Microsoft Defender for endpoint then generates alerts when any threats are identified in the sensored data that it has collected mde provides protection through several capabilities these include core Defender vulnerability management attack surface reduction Next Generation protection endpoint detection and response automated investigation and Remediation Microsoft threat experts centralized configuration and administration and apis let's examine these a bit closer vulnerability Management in Defender for endpoint provides risk-based Discovery prioritization and Remediation of misconfigurations and vulnerabilities across endpoints Defender vulnerability managements built in an agentless scanners continuously Monitor and detect risk in your organization even when devices aren't connected to the corporate Network next attack surfice reduction resists attacks and exploitation by applying mitigation techniques and ensuring configuration settings are set properly it provides protection such as application control Network protection and web protection to regulate access to Applications domains IP addresses and more there is also next Generation protection which protects against emerging threats through behavior-based antivirus protection and Cloud delivered protection and endpoint detection and response enables an organization to detect investigate and respond appropriately to even advanc threats that might have succeeded in evading the attack surface reduction and threat and vulnerability components it also allows Advanced hunting through a query based hunting tool to proactively identify breaches and use custom detections next is automated investigation and Remediation which Ena suff phisticated automatic investigation and Remediation capabilities to efficiently and consistently respond to threats at scale and Microsoft threat experts takes advantage of expert level monitoring analysis and access to experts on demand for critical threats specific to your environment there's also centralized management through Microsoft 365 Defender which helps the organization access everything that is happening all on one portal and finally with apis different tools such as group policy and non-microsoft tools can be used for device management Microsoft Defender for endpoint comes with a built-in API that can be used to automate workflows and extend its capabilities using custom apps additionally mde integrates directly with several Microsoft Solutions including Microsoft endpoint manager Microsoft Sentinel Microsoft Defender for cloud and more to summarize Microsoft Defender for endpoint protects devices first by finding and detecting them before checking their configurations it can then remediate any misconfigurations and close any vulnerabilities by handling these misconfigurations and vulnerabilities it helps to reduce the potential attack surface learning typical behaviors also allows Microsoft Defender for endpoint to identify any anomalies further protecting endpoints all of this can be managed through the Central management of Microsoft 365 Defender as organizations shift more and more of their workload to the cloud it paves the way for employees to work from virtually anywhere and on any device thus organizations need solutions that ensure the security of all their endpoints while keeping their employees devices current and giving them a consistent and personalized experience Microsoft as both a cloud provider and operating system provider has built comprehensive of cloud computer Management Solutions these Solutions provide it departments with remote computer configurations and simplified endpoint management Tools in this video you'll explore how Microsoft's endpoint Management Solutions such as Windows autopilot Microsoft in tune and configuration manager deliver endpoint modernization you'll also discover the differences between Windows 365 and Azure virtual desktop and how device management differs between the two solutions in today's workplace it departments support different devices configured in different ways organizations might use Android and iOS mobile phones Windows and Mac OS PCS and custom devices employees bring to work Microsoft provides the tools and services to enable you to simplify the management of all these devices through their endpoint Management Solutions now let's examine those tools and services a little closer first first up is Windows autopilot Windows autopilot a cloud native service sets up and preconfigured new devices to prepare them for use it also resets repurposes and recovers devices and it aims to simplify the life cycle of Windows devices serving both it and end users from the initial deployment to the end of life stage autop pilot can pre-configure devices automatically join devices to Azure active directory enroll devices in in tune and customize the outof boox experience and it can also integrate with the configuration manager there is also Microsoft in tune a cloud-based endpoint management solution used to manage user access and simplify app and device management across many devices this includes mobile devices desktop computers and virtual endpoints Microsoft InTune protects access and data on organization owned and users personal device devices and it supports Android Android open- source project or AOSP iOS iPad OS Mac OS and windows client devices it also integrates with other services including Azure active directory next is configuration manager an on premises management solution used to manage desktops servers and laptops that are internet-based or on a network configuration manager can manage data centers apps software updates and oper ating systems it can be cloud enabled to integrate with in tune Azure active directory Microsoft 365 Defender and other cloud services additionally a tool called co-management is available it combines the existing on premises configuration manager with the cloud-based features in in tune including using the web-based endpoint manager admin Center co-management helps unlock more Cloud powerered capabilities like conditional access ultimately it enables organizations to concurrently manage Windows 10 or later devices by using both configuration manager and Microsoft in tune next let's move on to Virtual desktop Solutions Windows 365 and Azure virtual desktop services are both virtual desktop Solutions also known as desktop as a service or Daz but there are several important differences between the services let's explore some of these now Windows 365 is a cloud-based service that automatically creates a new type of Windows Virtual Machine known as a cloud PC for end users Windows 365 securely streams the full Windows Experience including apps data and settings from the Microsoft cloud to any personal or corporate device and windows manages the whole service for you Azure virtual desktop or avd on the other hand allows users to connect to a Windows desktop running in the cloud directly instead of streaming it the desktops are virtual machines in the customer's Azure tenant customers build virtual machines within their Azure tenant and can customize the service using Azure Cloud features like load balancing the customer has more control with this service and they can use features like host pools host pools are a collection of one or more identical virtual machines VMS within Azure virtual desktop environments each host pool can contain an app group that users can interact with as they would on a physical desktop the customer can then control the resources published to users through these app groups in conclusion device modernization can be applied to various types of devices including smartphones tablets laptops desktop computers and iot devices it often involves a combination of software updates and company policies to bring devices up to date enhance device security and improve user experience Microsoft endpoint Management Solutions make this task easier for it administrators by providing tools that can manage this process through easy to use management portals Windows 365 securely streams a personalized Windows Experience including all the apps content and settings to any device and as your virtual desktop allows organizations to quickly deploy virtual desktops and apps to enable secure remote work these Solutions enable organizations to meet their device management security needs while providing a streamlined user experience in a changing Workforce you have learned about the different Microsoft tools that can be used to deploy a device's operating system these tools can also manage applications and device policy but to keep both the devices and applications secure they also need to be kept up to dat in this video you will learn about how device updates can be controlled and managed by using Windows as a service or W and Microsoft 365 apps deployment and update channels Windows as a service is a modern approach to operating system deployment and management that allows organizations to receive regular updates and feature enhancements it eliminates the traditional upgrade cycle enabling a more agile and continuous delivery of Windows updates there are two release types for updates type one are feature updates which add new functionality and are released twice a year type two are quality updates which provide security and reliability fixes and are released once a month type two updates are issued as non-security releases or combined Security Plus non-security releases in addition accumulative update is released which includes all previous updates non-security releases allow it admins to do an early validation of content there are three types of deployment models modern dynamic and traditional the modern deployment model emphasizes Simplicity and Agility it allows for quick updates and feature releases enabling organizations to stay upto-date with the latest enhancements this method ensures minimal disruption during the update process making it ideal for businesses that require seamless transitions the dynamic deployment model focuses on providing more control over updates it allows organizations to choose the timing and pace of feature releases giving them the flexib ability to test and validate updates before deployment this method suits Enterprises with complex it environments and strict change management processes the traditional deployment model offers a more conservative approach to updates it allows organizations to control when and how updates are applied ensuring stability and compatibility with existing systems this model is suitable for Industries with strict compliance requirements or highly regulated environments now now let's move on to discussing the deployment methods and update channels for Microsoft 365 apps users can install Microsoft 365 apps individually but managing updates and deploying customized app selections ensures all users have necessary apps different deployment methods exist from using configuration manager to self-installing from the cloud more information on this can be found in additional resources one of the benefits of Microsoft 365 app is that Microsoft regularly provides new and updated features for office apps for example adding improved translation capabilities to word or adding support for 3D animations in PowerPoint specifying the update Channel allows you to control how often the users in your organization get these new features there are three options current monthly Enterprise and semiannual Enterprise channels let's examine these more closely the current Channel receives re feature updates as soon as they're ready but there's no set schedule this channel also receives security and non-security updates around two or three times a month Microsoft recommends this channel because it provides users with the newest office features as soon as they're ready the monthly Enterprise Channel receives feature updates once a month on the second Tuesday of the month this monthly update can include feature security and non-security updates Microsoft recommends this Channel if you want to provide your users with new office features once a month on a predictable release schedule the semiannual Enterprise Channel receives feature updates every six months in January and July on the second Tuesday of the month like with the previous channel this update can include features security and non-security updates Microsoft recommends this channel only for those select devices in your organization where extensive testing is needed before rolling out new office features Microsoft 365 apps regularly checks for updates and they're downloaded and installed automatically according to the channel used there aren't separate downloads for feature security or non-security updates the updates are cumulative so the most current update includes all the updates that have been previously released for that update Channel while updates are being downloaded your users can continue to use office apps after they're downloaded all the available updates for that update Channel will install at the same time if any office apps are open your users will be prompted to save their work and close the apps so that the updates can finish installing Microsoft offers various deployment and update models to ensure the security and efficiency of devices and applications Windows as a service was allows for regular updates and feature enhancements with three deployment methods cering to different organizational needs and Microsoft 365 apps provide C customizable deployment options and offer different update channels allowing organizations to control the frequency and timing of feature releases these models and channels enable businesses to keep their systems up to-date while ensuring stability and compatibility you now know that Microsoft Defender for endpoint can offer vulnerability management and endpoint detection it also offers many other features that can all be managed from the Microsoft 365 Defender portal in this video you will learn about how one such feature the Microsoft Defender for endpoint services and capabilities has been built into the Microsoft 365 Defender portal let's do this by exploring how Sam Scoops would use the endpoint feature in the Microsoft 365 Defender portal but first let's delve into how a tenant works the first step of using Defender for endpoint is to onboard it this is when a Microsoft Defender for endpoint tenant is provisioned for Sam scooter Scoops tenants are isolated from other tenants this means Sam scoop's data is never shared with other tenants and it's only accessible to that particular organization additionally all access is audited to ensure data remains protected a tenant relies on its own components including a built-in dictionary and custom sandboxes each tenant comes with a built-in dictionary that defines behavioral rules and anomaly detection algorithms to detect suspicious events when Gathering sensored data from devices a tenant also enables the creation of sandbox environments so that suspicious files can be uploaded and investigated and detailed reports about those files can be generated based on the findings of the investigations next let's discuss the Microsoft 365 Defender portal through which you can access the defender for endpoint features you can access and manage a tenant from the Microsoft 365 Defender Portal from here Sam Scoops can manage the security of the devices that are part of the tenant this is where they can use all the capabilities they need to manage and protect the endpoints such as threat and vulnerability management endpoint detection and response automated investigation and Remediation as you've learned the Microsoft 365 Defender portal can be accessed through a web portal using an internet browser the portal can be used to view and monitor devices and perform investigation and device REM ation for Microsoft Defender for endpoint let's catch up with Sam Scoops to assess how Microsoft Defender for endpoint can help with its needs the business has expanded to a number of ice cream shops and also has a warehouse to supply them this means that its end points are spread out across many locations so what can Microsoft Defender for endpoint do for Sam Scoops to protect these dispersed endpoints let's find out to make the most of Microsoft Defender for endpoint sensors need to be installed on Sam Scoops devices to gather security related information on each device this information is sent to the Sam Scoops Microsoft Defender for endpoint tenant sensors makes it possible to detect breaches investigate events collect information for security analytics and more they also enable Sam Scoops to trigger actions on devices such as Gathering suspicious files or isolating a device from the network this is great for the business because these devices can now be managed remotely Sam Scoops can use Microsoft Defender for endpoint to perform device Discovery and improve visibility of all the devices in the network mpoints that have already been on boarded with an mpoint sensor can then be used to actively probe devices on the Sam Scoops Network to enrich collected data this gives them much better visibility over all the devices coming onto the network and helps track vulnerabilities once devices have been discovered and onboarded the security team can view the current exposure of the or organization through the vulnerability management dashboard Microsoft Defender for endpoint can help Sam Scoops discover vulnerabilities and misconfigurations in real time based on sensors without the need for agents or periodic scans IT prioritizes issues based on many factors those factors include the threat landscape detections within the network sensitive information on vulnerable devices and the business context another useful endpoint feature available through the portal is built-in threat and vulnerability management this feature is Real Time cloud powerered and fully integrated with the Microsoft endpoint security stack it can create a security task or ticket through integration with Microsoft in tune providing Sam Scoops with a complete endpoint management system ultimately effectively identifying assessing and remediating endpoint weaknesses is pivotal to running a healthy security program and reducing organizational risk threat and vulnerability manag management serves as an infrastructure for reducing organizational exposure hardening end points and increasing organizational resilience Defender for endpoint provides Sam Scoops with the tools and services needed to remotely protect the many different sites and devices and monitor devices as they come onto the network Microsoft Defender for endpoint and the full Microsoft 365 Defender Suite employ a range of Cutting Edge threat Technologies including machine learning big data analysis in-depth threat research Behavior monitoring threat hunting built-in sandboxes automated investigations and expert guidance Microsoft 365 Defender seamlessly integrates these Technologies and leverages the power of a unified manager in this video you will learn how these different Technologies are used to help better protect organizations and effectively prevent cyber attacks first let's examine machine learning which lies at the core of Microsoft Defender for endpoint's ability to detect cyber attacks machine learning enables the system to recognize patterns anomalies and indicators of compromise across vast amounts of data by constantly learning from Real World threats and adapting to new attack vectors machine learning algorithms power the detection capabilities of the platform these algorithms identify and analyze potentially malicious files URLs and email attachments significantly reducing response time to emerging threats next let's move on to Big Data analysis harnessing the power of Big Data analysis Microsoft Defender for endpoint processes and correlates massive volumes of security related data from various sources this includes information from endpoints networks and Cloud environments by consolidating and analyzing this data the system gains invaluable insights into attack patterns indicators of compromise and emerging trends this holistic view enables proactive threat detection and empowers security teams to stay one step ahead of cyber criminals staying one step ahead of cyber attackers also means doing your research luckily Microsoft takes care of this for you as well Microsoft's dedicated team of threat researchers Works tirelessly to uncover new threats and vulnerabilities through continuous analysis of the threat landscape they identify attack techniques and develop counter measures to safeguard against them their research enhances the accuracy of threat detection algorithms and ensures that Microsoft Defender for endpoint is armed with the latest threat intelligence having the latest threat intelligence is crucial and this is where Behavior monitoring can help Behavior monitoring forms a critical component of Microsoft Defender for endpoint's defense strategy by monitoring and analyzing the behavior of processes applications and users the system can identify suspicious activities indicative of of a potential Cyber attack this realtime analysis helps prevent the execution of malicious code and provides security teams with immediate visibility into threats enabling rapid response and containment threat Technologies are also used to proactively seek out hidden threats that may have evaded initial detection this is called threat hunting highly skilled Security Professionals leverage their expertise and advanced tools to search for and investigate indicators of compromise within an organization's environment this proactive approach enables the discovery of stealthy threats enhancing overall security posture but what happens when a threat is detected and its files need to be executed safely and Its Behavior needs to be analyzed for this Microsoft Defender for endpoint employs isolated environments in the form of built-in sandboxes by running potentially malicious code in a controlled environment the system can assess its impact with without the risk of compromising the company environment sandboxing enables the identification of previously unknown malware and provides valuable insights into their behavior facilitating better protection against future threats other threat Technologies like automated investigations are used to accelerate incident response processes when a Potential Threat is detected the system automatically gathers and analyzes relevant data identifies the scope of the incident and provides actionable recommendations for containment and Remediation by automating timeconsuming investigative tasks security teams can respond swiftly to threats minimizing the impact of attacks while the aforementioned Technologies and techniques form the backbone of Microsoft Defender for mpoint the expertise of threat specialist is invaluable in the fight against cyber attacks Microsoft Security Professionals possess a deep understanding of the threat landscape and bring a human touch to the platform they provide additional context conduct in-depth investigations and fine-tune detection algorithms to ensure the highest level of protection against emerging threats in conclusion as the digital landscape evolves cyber criminals continue to divise sophisticated attack techniques Microsoft Defender for endpoint Rises to the challenge by harnessing the power of threat Technologies machine learning Big Data analysis indepth threat research Behavior monitoring threat hunting built-in sandboxes automated investigations and the expertise of threat experts collectively form a formidable defense against cyber threats by leveraging these Technologies organizations can Safeguard their environments detect threats in real time and respond swiftly to mitigate the impact of cyber attacks in today's digital age with the surge of remote workers and cloud-based storage usage the importance of data encryption is undeniable this video explores various types of endpoint encryption offered by Microsoft its management through Microsoft Defender for endpoint and its significance in securing data let's get started with why endpoint encryption is so important as companies have rapidly transitioned to remote work environments the number of dispersed endpoints has increased dramatically each of these devices whether they are at an office or an employees home holds potentially sensitive company data without appropriate security measures these end points can become entry points for cyber criminals encryption provides a critical line of defense by rendering data unreadable to anyone without the decryption key even if a device is loss stolen or breached encrypted data remains secure this measure is especially crucial for remote workers who often use personal networks and storage devices that may not have the same security levels as corporate Networks similarly cloud storage which has become an integral part of many businesses requires robust encryption to protect data with Microsoft's Cloud encryption data is safeguarded at rest and in transit ensuring protection against a wide range of threats now let's examine the different types of endpoint encryption first is device encryption a hardware-based encryption solution that is built into the Windows operating system this type of encryp ention secures the entire device by encrypting the contents of its internal storage when a device is encrypted unauthorized parties cannot access the stored data without the necessary decryption key even if they physically remove the device's hard drive next is full disk encryption or fde a software-based security measure incorporated into Microsoft bit Locker as the name suggests FTE encrypts all the data on a computer's hard drive by default it us uses the advanced encryption standard or AES encryption algorithm in Cipher blockchaining it can also use ze's tweakable block Cipher text stealing or XTS mode with 128bit or 256bit key bit Locker prevents Hackers from accessing the system files your computer uses to boot up or from running a software hacking tool while your computer is locked or off there is also file and folder encryption which offer a more granular level of control compar compared to device or full disk encryption Microsoft's encrypting file system or EFS provides this feature by encrypting individual files or folders with EFS you can protect specific sensitive data while leaving other less critical files unencrypted for removable storage device encryption Microsoft solution is bit Locker to go similar to bit Locker it utilizes as encryption to protect data on devices like USB drives ensuring the safe Transit of information between devices and locations last is cloud encryption which has become necessary with the proliferation of cloud services Azure storage service encryption automatically encrypts Data before storing it in the cloud and decrypts it upon retrieval and Azure storage uses server side encryption or ssse to automatically encrypt data when it is persisted to the cloud this process ensures that all data stored in the cloud is always protected from unauthorized access you might be wondering how all the types of encryption are managed and the answer is Microsoft Defender for endpoints dashboard using the intuitive dashboard it administrators can monitor the bit Locker status of each device which makes it possible to ensure that full dis and device encryption is consistently maintained in this example Defender for endpoint has flagged that bit Locker is not turned on and so it recommends that it is turned on on all devices this can be remediated by sending a request to Microsoft in tune the dashboard integrates with other Microsoft Security Solutions providing a comprehensive approach to endpoint encryption in conclusion Microsoft's encryption offerings provide comprehensive solutions to secure data across devices diss files removable media and the cloud with Microsoft Defender for endpoint managing these encryption Services become significantly easier enabling businesses to maintain a robust security posture in an increasingly digital and distributed world in today's interconnected world where organizations rely heavily on digital platforms and datadriven processes protecting identities has become Paramount cyber criminals constantly evolve their tactics employing various identity-based threats to breach organizational defenses and compromise sensitive information this video delves into the realm of identity-based threats exploring prominent attack vectors such as fishing password spraying and and identity spoofing furthermore it emphasizes the critical importance of identity defense in safeguarding organizations and highlights the range of solutions available to mitigate these threats let's start by exploring fishing attacks these attacks involve tricking individuals into divulging sensitive information such as login credentials or financial data by impersonating a trusted entity attackers use cleverly crafted emails to lure victims to click on a link to a fraudulent website to trick victims into revealing their identities the attacker can then collect the details from the fishing website and use it to access the actual website sophisticated fishing techniques like spear fishing and whaling specifically Target high value individuals within organizations these attacks exploit human vulnerabilities relying on unsuspecting users to inadvertently disclose critical information next is pass password spraying which is a type of Brute Force attack where attackers systematically test commonly used passwords against multiple user accounts instead of targeting a specific user this attack seeks to exploit weak or reused passwords across multiple accounts for example an attacker might gain access by testing a common pass1 123 password against a number of accounts by leveraging automation tools attackers can scale their efforts and increase their chances of success once they gain access to a single account they often move laterally within the organization to further compromise identities another common type of attack identity-based threat is spoofing spoofing refers to the act of assuming another person's identity to gain unauthorized access to systems or sensitive data attackers can exploit weak or misconfigured authentication mechanisms to impersonate trusted users systems or devices this technique often involves the use of stolen or forged credentials such as compromised usernames and passwords or falsified digital certificates by mimicking legitimate identities attackers can bypass security measures and gain unauthorized access to critical Resources by now you might have realized that protecting organizational identities is crucial for maintaining data Integrity preserving user trust and preventing devastating breaches by investing in robust identity defense strategies organizations can fortify their security posture and mitigate the risks associated with identity-based threats for instance by implementing multiactor authentication or MFA mechanisms organizations can add an extra layer of security Beyond traditional usernames and passwords MFA requires users to provide multiple forms of identification such as Biometrics or Hardware tokens significantly reducing the the likelihood of unauthorized access identity defense Solutions also provide mechanisms to detect and respond to stolen credentials effectively by employing Technologies like adaptive authentication and behavior analytics organizations can detect anomalous login activities and suspicious Behavior patterns this enables proactive measures such as Step Up authentication or account lockdowns preventing attackers from exploiting compromised credentials by implementing in granular access controls and identity governance policies organizations can enforce the principle of least privilege ensuring that users only have access to the resources necessary for their roles additionally these Solutions enable continuous monitoring and auditing of user activities enabling the detection of unauthorized data exfiltration attempts or fraudulent activities with this background information about identity theft methods and the importance of identity defense let's explore some of these defense Solutions identity and access management or IM am Solutions provide a centralized framework for managing user identities access Privileges and authentication mechanisms these Solutions enable organizations to enforce strong password policies Implement MFA and streamline user provisioning processes I am systems also facilitate identity Federation allowing secure access across multiple systems and applications user and identity Behavior analytics or ueba Solutions leverage machine learning algorithms to analyze user behavior and identify anomalies that may indicate potential threats by establishing Baseline Behavior patterns ueba tools can detect suspicious activities such as unusual login times or access attempts from unfamiliar locations this proactive approach helps organizations ident identify compromised accounts or Insider threats quickly another identity defense solution is privileged access management or Pam this solution focuses on securing privileged accounts which have elevated access privileges within an organization by implementing strict controls and monitoring mechanisms Pam Solutions ensure that privileged credentials are properly managed regularly rotated and only granted when necessary this reduces es the risk of unauthorized access and minimizes the potential damage from Insider threats or external attackers as identity-based threats continue to evolve and pose significant risks to organizations robust identity defense measures have become imperative by understanding the various attack vectors such as fishing password spraying and identity spoofing organizations can enhance their security strategies to protect against these threats implementing identity defense Solutions like I am UEA and Pam can fortify an organization security posture Safeguard identities and mitigate the potential impact of breaches by prioritizing identity defense organizations can ensure the Integrity of their data maintain user trust and effectively counter the ever evolving landscape of cyber threats in the digital age businesses are generating vast amount of data every day take a pharmacy for instance from the moment a customer walks through the door to the time they receive their prescription an abundance of information is collected this includes sensitive data such as patient records containing personal details and their history of medication lists and prescriptions which hold Vital Information such as dosage instructions and warnings but the pharmacy also stores inventory Data Tracking stock levels expiration dates and batch numbers furthermore they also manage financial data including Medical Aid claims and billing records with this explosion of data comes the need for Effective management and governance to ensure compliance security and organizational efficiency Microsoft perview is a powerful data governance solution that enables businesses like the pharmacy to gain insights into their data assets protect sensitive data and maintain compliance with data regulations in this video you will explore the key capabilities of Microsoft purview and how it can help you know protect and govern your data one of the fundamental challenges organizations face is understanding the data they possess Microsoft purview addresses this challenge by providing a unified view of an organization's data estate it automatically discovers and cataloges data from various sources both on premises and in the cloud allowing businesses to gain insights into their data assets the compliance portal in purview offers robust data classification capabilities empowering businesses to identify and categorize sensitive information effectively it leverages machine learning algorithms to automatically classify data based on predefined patterns rules and metadata for example the pharmacy can use purview to automatically identify and label patient records as sensitive based on predefined rules or patterns and it can classify prescriptions as confidential or restricted and inventory data as internal use only the compliance portal supports both built-in and custom classifiers providing flexibility to tailor the classification process according to specific business needs this classification helps organizations like the pharmacy to understand the sensitivity of their data data and take appropriate measures to secure it which is the next function of Microsoft purview you'll explore to protect data Microsoft perview uses sensitivity labels and sensitivity policies sensitivity labels enable organizations to classify data based on its level of sensitivity sensitivity policies then apply appropriate protection measures based on these labels sensitivity labels can be applied manually or automatically based on predefined rules sensitivity policies enforce encryption and access control measures ensuring that sensitive information remains protected throughout its life cycle this example from Microsoft Excel displays an applied sensitivity label from the window bar you can easily change the label by using the sensitivity bar that's available with the latest versions of office the labels are also available from the sensitivity button on the Home tab of the ribbon sensitivity policies also o play a role in data loss prevention or DLP which is another critical aspect of protecting sensitive information from unauthorized disclosure or misuse it allows businesses like the pharmacy to Define policies that automatically detect and prevent The Accidental or intentional sharing of sensitive data DLP policies can be customized to match specific regulatory requirements or business needs providing granular control over data protection for instance if a staff member tries to email patient records or prescriptions to an external recipient perview can enforce policies to block the transmission or encrypt the data the third pillar of Microsoft purview helps organizations govern their data it does this with effective data retention and Records management capabilities let's focus on data retention first organizations can utilize retention policies and retention labels to manage data retention effectively retention policies Define the duration for which data should be retained ensuring compliance with legal Regulatory and business requirements perview applies retention labels to data assets to enforce these policies and with purviews integration with Microsoft 365 and other data repositories businesses like the pharmacy can automate the enforcement of retention policies lastly efficient records management is crucial for organizations to maintain compliance streamline business processes and mitigate legal risks perview can assist the pharmacy in effectively managing records by providing a centralized view of data assets it can also help create a searchable catalog of Records making it easier to locate and retrieve specific patient records or prescriptions with purview organizations can ensure that important records are properly managed throughout their life cycle from creation to disposal in a compliant and efficient manner in the age of Big Data effective data governance is imperative for organizations across Industries Microsoft perview offers a comprehensive Suite of capabilities to address the challenges of data management protection and governance with its data classification capabilities sensitivity labels and policies data loss prevention retention policies and Records management features Microsoft purview empowers businesses like pharmacies to gain insights into their data protect sensitive information and maintain data compliance earlier you learned that organizations worldwide face Rising identity-based threats and attacks protecting user identities and ensuring secure access to resources is crucial for maintaining a robust security posture Azure active directory identity protection can help organizations Safeguard against identity-based threats this video explores the key Fe features of azure active directory identity protection or Azure ad identity protection you will also explore risk-based conditional access and Azure ad privileged identity management Azure ad identity protection leverages Advanced analytics and machine learning to detect and mitigate identity related risks it continuously monitors user activities login attempts and authentication patterns to identify suspicious Behavior or pot potential vulnerabilities let's explore key features of azure ad identity protection starting with user risk policies these policies enable organizations to Define rules and actions based on the level of risk associated with a user for example if a user's risk score exceeds a certain threshold Azure ad can enforce multiactor authentication or block access until the risk is mitigated another key feature of azure ad identity protection is signin risk policies organizations can configure policies that assess the risk associated with each sign-in attempt unusual signin locations multiple fail login attempts or suspicious IP addresses can trigger policy actions such as requiring additional verification steps or blocking access next is risk events and reports Azure ad identity protection provides detailed reports and alerts on identity related risk events enabling organizations to investigate and respond promptly to potential threats it offers insights into risky signings compromised identities and user Behavior anomalies and lastly Azure ad identity protection offers automated remediation when it detects a high-risk event or a compromised account it can automatically take remediation actions such as forcing a password reset or blocking access until the issue is resolved this proactive approach minim minimizes the impact of identity-based threats next let's focus on risk-based conditional access which is a powerful feature that enhances security by analyzing user Behavior and the risk associated with each access attempt by evaluating multiple factors such as user location device health and behavioral patterns Azure ad can determine the level of risk associated with a user's access request through risk-based conditional access policies or organizations can Implement Dynamic access controls say a user attempts to access sensitive data from an unfamiliar location or using an untrusted device Azure ad can prompt for additional authentication factors or deny access altogether this adaptive approach ensures access policies adapt to the changing risk landscape providing a solid defense against identity based attacks let's move on to another powerful feature which is azure ad privileged identity management privileged accounts such as administrator or service accounts pose a significant security risk if compromised Azure ad privileged identity management or Pim helps organizations effectively manage and control privileged access to critical resources it reduces the attack Surface by limiting privileged access to only when necessary and incorporating just in time access as well as approval workflows let's explore these features in more detail starting with just in time or jit access rather than granting continuous privileged access Azure ad pin allows organizations to implement jit access providing elevated privileges only for a limited duration when needed this minimizes the exposure of privileged credentials and reduces the risk of misuse Azure ad Pim enforces approval workflows for granting privilege access authorized approvers review and approve access requests ensuring accountability and oversight what's more organizations can track and monitor privileged access through comprehensive auditing and Reporting capabilities this enables organizations to monitor privileged activities and identify unauthorized or suspicious actions finally Azure ad Pim helps organizations identify and manage privileged accounts across their environment privileged identity Discovery functionalities provide insights into existing privileged roles identify potential security gaps and assist in establishing a strong privileged access management strategy in this video you've learned that Azure active directory identity protection offers robust features to protect against identity-based threats and attacks by leveraging risk-based conditional access and Azure ad privileged identity management organizations can strengthen their security posture and mitigate the risks associated with compromised identities implementing these features enables organizations to adopt a proactive approach to security constantly monitoring and responding to Identity related risks Azure ad identity protection helps organizations Safeguard critical resources from unauthorized access and data breaches by analyzing user Behavior detecting anomalies and enforcing access controls in an ear where identity based attacks are on the rise Azure active directory identity protection is a valuable tool for organizations seeking to fortify their defenses and protect their digital assets securing user identities and monitoring their behavior and activities are crucial aspects of maintaining a robust cyber security posture earlier you learned that Microsoft Defender for identity is one of the powerful Microsoft 365 Defender Services that focuses on precisely these areas it it offers organizations a comprehensive solution to protect user identities and credentials stored in active directory by leveraging learning based analytics this Advanced security offering detects suspicious user activities and helps identify and investigate potential threats in this video you will explore the importance of monitoring user behavior and activities the capabilities of Microsoft Defender for identity and how it simplifies incident response with clear incident information on a simple timeline user Behavior monitoring plays a pivotal role in modern cyber security strategies hackers and malicious actors often exploit compromised user accounts to gain unauthorized access to sensitive information and Resources by monitoring user behavior and activities organizations can establish a baseline of normal behavior patterns enabling them to identify anomalies and potentially malicious activities this proactive approach allows for the timely detection of security breaches and advanced attacks reducing the impact and mitigating potential damage Microsoft Defender for identity employs learning based analytics to provide organizations with a robust defense against evolving cyber threats but what does this mean by continually analyzing user activities and behaviors the system learns what constitutes normal behavior within an organization leveraging this knowledge Defender for identity can detect suspicious activities anomalous behaviors and potential IND IND ators of advanced attacks these learning based analytics leverage machine learning algorithms that evaluate a wide range of factors such as user access patterns authentication attempts Network traffic and historical data by comparing current activities against the established Baseline the system identifies deviations and highlights potentially risky actions in this way organizations stay one step ahead of attackers by detecting threats before they can cause significant harm Microsoft Defender for identity also analyzes authentication protocols and monitors privileged account usage to guard user identities and credentials in Azure active directory it continuously monitors Azure adid for suspicious activities such as password spraying Brute Force attacks and attempts to elevate privileges in the event of a security incident Swift identification and investigation are crucial to minimize damage and prevent further compromise Microsoft Defender for identity streamlines this process by providing clear incident information on a simple timeline this timeline highlights key events including suspicious activities authentication attempts and privilege escalations allowing security teams to quickly triage and respond to potential threats the incident information provided by Defender for identity includes relevant details such as affected users affected machines and the context surrounding the incident security analysts can access this information through a userfriendly interface enabling efficient investigation and timely response in conclusion Microsoft Defender for identity offers organizations a comprehensive solution for protecting user identities and credentials stored in active directory by monitoring user behavior and activities leveraging learning based analytics and providing clear incident information Defender for identity equips security teams with powerful tools to detect suspicious activities identify Advanced attacks and respond swiftly to potential threats as cyber threats continue to evolve Solutions like Microsoft Defender for identity become indispensable in safeguarding organizational security and maintaining the trust of users and stakeholders earlier you learned that Microsoft Defender for identity or MDI offers a powerful defense against identity-based attacks however to ensure MDI is deployed successfully it is crucial to Define Define and enforce prerequisites plan capacity configure essential components and establish authentication policies in this video you will delve into these Preparatory steps and explore how they contribute to securing identities and data before deploying MDI it is essential to establish and enforce certain prerequisites to ensure a smooth implementation process first ensure that an on premises active directory or ad environment is in place in this example m leverages data from the ad environment to detect suspicious activities and potential threats you also need to install and configure Azure ad connect to synchronize identities between your on premises ad and Azure ad this synchronization enables MDI to provide comprehensive threat detection and protection across both environments next let's focus on planning for capacity for MDI deployment a vital step to ensure Optimal Performance and scalability the following aspects are critical when planning capacity first determine the number of users in your organization and the expected growth rate this information helps in determining the appropriate resources and licensing requirements for MDI and is called user load you also need to analyze the network traffic patterns to understand the volume of data flowing between your ad infrastructure and Azure this analysis AIDS in selecting the appropriate deployment model and network bandwidth lastly you need to estimate the amount of storage needed to store security related data generated by MDI this includes considering factors such as retention periods and compliance requirements the next important aspect affecting successful deployment is the configuration of essential components including the configuration of Windows Event collection or wec on dedicated servers this is for collecting security related events from your domain controllers it's also important to set up event subscriptions to forward security Rel ated events from domain controllers to the wec servers additionally ensure that the appropriate event channels such as security audit success and audit failure are selected this step confirms that MDI receives the required data for threat detection and Analysis you should also regularly validate the event collection process to ensure that it's successfully forwarded to the we servers to enable Advanced detection capabilities you have to configure remote calls to the security account manager or Sam database on your domain controllers to enable remote Sam access you need to modify the appropriate Group Policy settings this modification enables MDI to access and analyze security related information stored in the Sam database it's advisable to regularly test the connectivity and access permissions to ensure seamless communication between MDI and the Sam database let's move on to the next important step to enhance security and manage Access Control control effectively organizations should create dedicated directory service accounts and configure role groups within MDI assigning appropriate permissions to these dedicated service accounts is essential for collecting security related data from domain controllers and by establishing role groups within MDI you can manage access and assign specific responsibilities to users for instance you can configure roles such as administrators analysts and Auditors defining their privileges and limitations based on the organization's security requirements lastly authentication policies should be leveraged by organizations to strengthen identity and data security during MDI deployment it is essential to Define conditional access policies within Azure ad to enforce MFA enforce location-based access restrictions and Implement other Access Control measures these policies will help protect against unauthorized access attempts and strengthen overall security posture additional it is important to implement strong password policies that enforce complexity requirements password expiration and password history encourage users to utilize unique passwords and educate them about best practices to mitigate password related risks in this video you learn that there are a number of essential steps to take in preparation for MDI deployment these include defining and enforcing prerequisites planning capacity configuring essential components like Windows Event collection and remote Sam access creating directory service accounts configuring role groups and setting up authentication policies by taking these steps organizations can establish a robust security foundation for the successful deployment of MDI meet Jack a software engineer and Avid gamer with countless online profiles open shopping carts gaming avatars and work accounts he is the modern-day Treasure Trove for identity thieves enter Cipher our antagonist she is infamous on the dark web for her uncanny ability to infiltrate networks steal identities and sell them to the highest bidder one day as Jack was engrossed in his work his Digital Shadow was being stalked by Cipher Cipher planned to infiltrate Jack's personal Network to get her hands on sensitive information to impersonate him and profit from his digital treasure what Cipher didn't anticipate was the silent protector guarding Digital Life Microsoft Defender for identity this Hightech security system uses Advanced AI algorithms to monitor a user's online footprint detecting and blocking any unusual activity that might indicate a security breach as Cipher began her infiltration she first tried a classic fishing attack aiming at tricking Jack into revealing his passwords what she didn't know was that Microsoft Defender for identity was already watching the AI detected the anomalous behavior and immediately alerted Jack of a potential fishing attempt confused Jack dismissed the suspicious email and changed his passwords to more complex ones but this was just the beginning undeterred Cipher tried another trick up her sleeve a Brute Force attack she hoped to crack Jack's passwords by trying multiple combinations in Rapid succession but Defender for identity wasn't about to be outwitted it quickly detected the UN usual login attempts blocked the IP address from where the attack was coming from and again alerted jack feeling a little worried now Jack realized he was under attack to be safe he took additional precautions enabling multiactor authentication on his accounts Cipher in the meanwhile grew desperate she decided to take a riskier approach attempting to inject a malicious script into Jack's Network A Move That Could Grant her administrative access but Microsoft Defender for identity's powerful analytics were a step ahead it noticed the inbound militia script isolated it and thwarted the attack even before it could make an impact like a seasoned chess player Microsoft Defender was defending Jack's Network so that it was an impenetrable Fortress discouraged Cipher retreated into the Shadows of the digital world she had met her match in the form of an AI driven security system that refused to be outsmarted this encounter served as a wake-up call for Jack he realized how much his Digital Life meant to him and how important it was to protect it in this digital age where we live a significant part of our Lives online cyber security tools like Microsoft Defender for identity act as the shield we need they stand ready to fend off attacks and keep us secure giving us the freedom to enjoy our digital lives without fear so here's to Safe browsing secure transactions and fearlessly living our best digital lives well done you've made it to the end of another week in the course let's take a moment to review what you learned about Microsoft 365 Defender threat protection before you take the module quiz Microsoft 365 Defender provides the ultimate solution to analyzing the threat signals from applications email collaboration endpoints crosss Solutions identities and more to help Security Professionals determine the full scope and impact of cyber threats the 36 five Defender portal has several features it provides a unified incidence page for all the included services this page has different tabs that include attack story alerts assets investigations evidence and response and summary it's a central location that prioritizes cross-domain attacks and alerts by listing each incident by severity also including the context and data security team's need for a comprehensive response in this lesson you also learned that Microsoft 365 Defender comes with two different plan types plan two provides all the capabilities of plan one but adds automation investigation and Remediation functionalities this means that threats don't have to be investigated and remediated manually to manage The Defender Services you need to set up roles and you can control permissions based on responsibility levels of Staff members Microsoft 365 Defender has various default roles that you can manage centrally from the permissions page on the portal you can also create custom roles and fine-tune the permissions to ensure access to only those resources and services required as part of this lesson you completed a practical exercise in which you connected different data connectors to Microsoft Sentinel to create a central Viewpoint for all incidents across an environment moving on to lesson two you learned how Microsoft Defender for endpoint helps to secure endpoints against the latest threats and risks Defender for endpoint provides protection through several different capabilities these include core Defender vulnerability management attack surface reduction Next Generation protection endpoint detection and response automated investigation and Remediation Microsoft threat experts centralized configuration and administration and apis in today's workplace it departments support different different devices configured in different ways organizations might use Android and iOS mobile phones Windows and Mac OS PCS and custom devices employees bring to work Microsoft provides endpoint Management Solutions like Microsoft in tune to enable you to simplify the management of all these devices you also learned about how device updates can be controlled and managed by using Windows as a service and Microsoft 365 apps deployment and update channels in this lesson you also covered the defender for endpoint capabilities accessible through the defender portal for example a useful endpoint feature available through the portal is built in threat and vulnerability management another feature is realtime threat detection and prevention leveraging machine learning and behavioral analytics it continuously monitors endpoint devices Network traffic and user Behavior to identify indicators of compromise there is also Behavior monitoring by monitoring and analyzing the behavior of processes applications and users the system can identify suspicious activities indicative of a potential Cyber attack Microsoft 365 Defender is classified as an ngav or next Generation antivirus this kind of next gen AV provides you with features that typical antivirus protection doesn't have for example it offers realtime protection where it continually scans from malware viruses and security vulnerabilities allowing it to stop threats before they can do damage Microsoft also offers various types of endpoint encryption through Microsoft Defender for endpoint one of those types is device encryption a hardware-based encryption solution that is built into the Windows operating system this type of encryption secures the entire device by encrypting the contents of its internal storage finally in lesson three you learned about identity defense implementing identity defense Solutions like IM am ueba and Pam can fortify an organization security posture Safeguard identities and mitigate the potential impact of breaches one of the fundamental challenges organizations face is understanding the data they possess Microsoft purview is a powerful data governance solution that enables businesses to gain insights into their data assets protect sensitive data and maintain compliance with data regulations another useful Microsoft service is azure active directory identity protection Azure ad identity protection incorporates risk-based conditional access a powerful feature that enhances security by analyzing user Behavior and the risk associated with each access attempt by evaluating multiple factors such as user location device health and behavioral patterns Azure ad can determine the level of risk associated with a user's access request you also learned about Microsoft Defender for identity and how it monitors user Behavior applies learning based analytics and provides clear incident information to protect user identities and credentials saved in Azure ad when deploying Defender for identity it's essential to First Define and enforce prerequisites plan capacity configure essential components and establish authentication policies after learning about this preparation you received a step-by-step guide to deploying Defender for identity and that was the end of the lesson and this week you are now well-versed in Microsoft 365 Defender threat protection and you should be ready for the quiz good luck you've almost reached the end of the Cyber Security Solutions and Microsoft defender course what's left now is to demonstrate the skills you've learned in this course in a course project comprised of setting up protection for a virtual machine in Azure using jit Azure Bastion Azure standard firewall as well as Microsoft Sentinel and then you will complete the final graded assess quiz this gives you the opportunity to demonstrate that you have a solid understanding of cloud-based security Concepts security information and event management or scene security orchestration Automation and response or soar and the various capabilities of Microsoft 365 Defender but before you get to that let's recap what you have learned up to this point to help orientate you for the final project and quiz in module one you learned about the built insecurity measures of azure and best practices for protecting Azure resources this included measures to protect against distributed denial of service or dos attacks firewall breaches and unauthorized access specifically you covered the steps and requirements for creating and configuring the two types of azure dos protection dods IP protection and dos Network protection you also gained valuable exposure to navigating the Azure portal and completed an exercise in which you learned how to create a virtual machine in the Azure portal the next section was about Azure firewall protection you discovered the purpose of azure firewall and its role in providing cloud-based network security can you recall the difference between the basic standard and premium Azure firewall SKS you also gained practical experience in setting up different types of firewall rules you then went deeper into just in time or jit access and encryption jit is a security feature that allows administrators to control and limit access to VMS by enabling temporary on demand access for authorized users lastly you learned about various data encryption best practices and techniques for data at rest and data in transit after this you moved on to module two which was all about Cloud security and its importance you were introduced to Advanced Azure security features like Defender for cloud and azure Bastion Microsoft Defender for cloud offers continuous monitoring and threat detection analysis of data and actionable insights to prevent potential attacks you also now know that Bastion is a fully managed platform as a service or PA service it allows you to securely connect to Azure VMS remotely using remote desktop protocol or RDP and secure shell or SSH thus reducing the attack surface moving on to lesson three you learned about azure standards and policies and how Azure policy can ensure compliance with industry rules and guidelines by creating assigning and managing policy definitions you learned about policy initiatives encompassing multiple policy definitions and how to apply them to an entire hierarchy of subscriptions with Azure management groups you also now know how to use the built-in policies and how to create custom policy definitions next you were introduced to seam and SAR seam is a solution that helps organizations detect analyze and respond to security threats before they harm business operations and the main goal of sore is to collect threat related data and automate threat responses you learned how seam and SAR Technologies like Microsoft Sentinel can detect respond to and remediate security incidents and threats after this you took a deep dive into Microsoft 365 Defender threat protection in the next module this was important because security professionals need a way to analyze threat signals from different infrastructure domains holistically to determine the full scope and impact of cyber threats and Microsoft 365 Defender provides the ultimate solution to this need you covered the different features of the Microsoft Defender portal specifically the incident page that acts as a central location for cross domain attacks and alerts listing each incident by severity and providing the necessary context for a comprehensive response you also explored how to set up default roles and create new custom roles in the portal to manage Defender Services as part of this lesson you completed a practical exercise in which you connected different data connectors to Microsoft Sentinel to create a central Viewpoint for all incidents across an environment moving on to lesson two you learned how Microsoft Defender for endpoint helps to secure endpoints against the latest threats and risks with features such as real real time threat detection and prevention it continuously monitors endpoint devices Network traffic and user Behavior to identify indicators of compromise and lastly you covered identity defense in lesson three you examined identity-based threats and attack vectors organizations are vulnerable to the importance of identity defense and the different identity defense Solutions available you covered a lot in this course this might only be the start of your journey toward becoming ay security analyst but you can be very proud of yourself for how much you've already learned and accomplished now you're ready to tackle the course project and graded assessment good luck congratulations on reaching the end of the Cyber Security Solutions and Microsoft defender course this course has helped you build the foundation you need to succeed as a cyber security analyst for example as a cyber security analyst your responsibilities would involve monitoring of networks to detect vulnerabilities and potential threats that could impact an organization's security Your Role would also entail implementing robust firewalls and effectively mitigating attacks on network infrastructures and you'd play a vital part in devising and executing strategies to safeguard sensitive data from breaches and unauthorized access learning to protect data within an Azure environment in this course has equipped you with the knowledge to safeguard valuable assets and skills to uphold the Integrity of businesses operating in the digital realm through a mix of videos readings and exercises you have learned about important cyber security Concepts and how they apply to a business environment you now have an understanding of the fundamental concepts of cyber security including cloud-based security Concepts security information and event management or seam and security orchestration Automation and response or sore as well as Microsoft 365 Defender capabilities specifically in the exercises you learned how to create and protect a virtual machine with jit Azure standard firewall and Azure Bastion as well as monitor its security environment using Microsoft Sentinel and you were able to demonstrate your new found abilities in the final project of the course completing this course contributes towards gaining the cyber security analyst professional certificate from corsera this certificate not only helps you to enhance your skills but also gain a qualification that can lay the groundwork for a career as a cyber security analyst it serves as proof of your job Readiness and can be shared with your Professional Network and it will help you prepare for the exam sc900 Microsoft security compliance and identity fundamentals the program has been uniquely mapped to key job skills required in cyber security analyst roles in each course you'll be able to consolidate what you have learned by completing a Capstone project that simulates real world cybercity scenarios you'll also complete a final Capstone project where you'll create your own cyber security proposal for the creation and protection of a business network and infrastructure when you graduate you'll have tangible examples to talk about in job interviews to round off your learning you'll take a mock exam that has been set up in a similar style to the industry recognized sc900 exam the exam sc900 measures your ability to describe the following concepts of security compliance and identity capabilities of Microsoft entra capabilities of Microsoft Security Solutions and capabilities of Microsoft compliance solutions to complete the exam you should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and identity strategies provide an endtoend solution across these platforms visit the Microsoft certifications page at www.ar.com certifications to learn more about the security compliance and identity fundamental certification and exam now that you have established a foundation for making more effective use of Microsoft 365 Defender and other Cloud Security Solutions to protect an organization's data and resources what's next there's a lot left to learn about keeping online resources safe so a good move would be to dig deeper into cyber security tools and Technologies you can do so by registering for the next course in the program doing so will enhance your cybercity analyst portfolio and help you gain the appropriate skills that you need to demonstrate your abilities in the workplace completing all the courses in the Microsoft cyber security analyst program will signal to potential employers that you are motivated capable and not afraid to learn new things your journey of Discovery has required a great deal of perseverance and you should take pride in how far you've come well done on your achievement and you found knowledge it has been a pleasure to accompany you on this path of exploration cyber threats are a constant reality there's no escaping them every day organizations of all sizes and differing Industries face the daunting challenge of defending their digital assets from malicious actors fortunately as the cyber security landscape continues to evolve there are many strategies organizations employ to strengthen their defenses in fact one such strategy involves hiring skilled hackers to find vulnerabilities in an organization's Network this practice is known as a penetration test and is now employed by many organizations worldwide this course will provide you with the skills necessary to conduct penetration testing and Implement additional attacks and defense strategies you will also work with the tools used for testing Security in Cloud environments by successfully completing all the courses in the series you will earn a professional certificate from corera this is also a great way to prepare for the Microsoft sc900 exam with that in mind let's go over what your Learning Journey over the next four weeks entails in this course you'll be introduced to penetration testing preventative tools and Azure penetration testing before completing the course with a project and assessment to start off you'll explore the fundamental concepts and techniques of penetration testing you'll discover best practices for conducting tests and the Strategies employed to ensure successful testing you'll also gain an understanding of what tools and techniques are deployed for conducting penetration tests and learn the importance of reporting and documenting test results then you'll explore key security tools used to prevent and detect Network threats before learning the best practices used for intrusion detection and prevention systems or idps firewall configuration virtual private networks or vpns and vulnerability management Additionally you will get get hands-on experience with Azure learn how to configure your VPN using it and discover vulnerability management and how to use Azure to apply it thereafter you will stay focused on Azure learning how to set up and configure penetration tests using Azure you will also discover how to run and analyze these tests and how the results can be used to find and fix vulnerabilities you will gain this knowledge through both theoretical and practical learning after all of this you'll be ready for the final course project and will have the opportunity to apply what you've learned and put it into practice by creating your own plan of attack in the end of course project this project will help you demonstrate your understanding of the key concepts of cyber security tools and Technologies to help you remember what you've learned the final week also summarizes the course's key learning points after this Hands-On learning you will complete one final graded assessment but be assured that everything you need to complete the assessment assment will be covered during your learning with each lesson made up of video content readings and quizzes to successfully complete this course you will need a laptop or desktop PC with a minimum of 6 to8 gigs of RAM an internet connection access to visual studio a subscription to MS Office 365 and an Azure cloud account you'll come across several videos in this course that will help you on your way to seeking a career in cyber security walk watch pause rewind and rewatch The videos until you are confident in your skills then consolidate your knowledge by Consulting the course readings and measuring your understanding of key Topics by completing the different knowledge checks and quizzes by the end of the course you will be equipped with the necessary skills to test within a cloud environment and the ability to implement testing strategies within your organization effectively imagine for a moment that you could identify all the security vulnerabilities in your computer system application or data in the same way a malicious attacker does what if you could duplicate the strategies and actions they would take and resolve these vulnerabilities before they had the opportunity to exploit them this is known as ethical hacking and in this video you will learn more about it and explore the benefits it provides as part of an offensive approach to security firstly what are the differences between offensive and defensive security offensive security involves the identification and exploitation of vulnerabilities and systems while defensive security focuses on protecting systems from attacks both approaches play a crucial role in maintaining a robust security posture ethical hacking which is a form of offensive security is usually performed with a permission of the target organization there is also a growing market for companies that perform ethical hacking and approach an organization to demonstrate the exploits they have found ethical hackers often referred to as white hat hackers use their Knowledge and Skills to discover vulnerabilities in systems applications and networks the organization implements the appropriate fixes to these reported vulnerabilities to strengthen security the benefits of ethical hacking are numerous and far-reaching let's explore some of these benefits in more detail firstly ethical hacking serves as a proactive measure to identify and address vulnerabilities before malicious attackers can exploit them organizations can significantly reduce the risk of security breaches and protect sensitive data from falling into the wrong hands by taking this proactive stance secondly by conducting thorough security assessments and penetration tests ethical hackers help organizations gain a better understanding of their weaknesses this process provides valuable insights that can be used to enhance security measures and fortify defenses against against potential threats lastly ethical hacking plays a role in raising awareness of security issues among employees by simulating attacks and demonstrating the potential consequences of security breaches ethical hackers help educate employees about the importance of adhering to security best practices a more security conscious Workforce reduces the likelihood of human errors that can compromise organizational security now that you know what ethical hacking is and the benefits it provides let's explore how ethical hackers assess and test system resilience including Network penetration testing web application penetration Testing mobile application penetration testing and social engineering testing let's examine each of these in more detail firstly in network penetration testing ethical hackers attempt to gain unauthorized access to a network to identify vulnerabilities and potential points of Entry by identifying we weaknesses in network configurations access controls or system misconfigurations organizations can address these vulnerabilities promptly secondly web application penetration testing examines web applications for vulnerabilities such as input validation flaws insecure session management or insufficient access controls organizations can implement the necessary patches or security measures to safeguard their web applications from potential attacks thirdly with mobile application penetration testing ethical hackers assess apps for vulnerabilities they evaluate the security of data storage communication channels authentication mechanisms and other components to ensure the protection of sensitive information and prevent unauthorized access finally in Social Engineering testing ethical hackers use social engineering techniques to evaluate the human element of security through activities such as fishing simulations impersonation attempts or manipulation tactics they aim to assess the susceptibility of employees to attacks this helps organizations to identify areas where additional training is needed to mitigate social engineering risks next let's explore how an exercise known as red versus blue holds great significance in the realm of security testing these exercises involve a team of ethical hackers known as the red team attempting to reach the security of a system while a team of Security Professionals known as The Blue Team defends it they help organizations identify vulnerabilities and enhance the skills of their Security Professionals in a controlled and collaborative environment in the next videos you will learn more about the roles and responsibilities of both the red and blue teams in this exercise you should now be familiar with the fundamentals of ethical hacking and how it is a valuable tool for organizations seeking to improve their security posture you should also be aware of the various security activities ethical hackers use to assess and test the resilience of systems and the benefits that this provides by leveraging the expertise of ethical hackers and understanding the different security activities they perform organizations can better protect themselves from potential threats for any organization to maintain a robust security posture regular security assessments penetration tests and red versus blue exercises are essential at this stage of your cyber security Journey you should be aware that a red versus blue exercise involves a team of ethical hackers known as the red team attempting to breach the security of a system while a team of Security Professionals known as The Blue Team defends it in this video you will explore the crucial role of the blue team in cyber security firstly let's dive into the blue team in more detail The Blue Team safeguards syst systems and data from unauthorized access use disclosure disruption modification or destruction they do this by implementing a variety of security measures including network monitoring vulnerability scanning intrusion detection and collaboration with other teams let's examine the responsibilities of the blue team in more detail one of their primary responsibilities is network monitoring through continuous surveillance of network traffic they remain vigilant for any indications of suspicious activity this includes identifying unusual logins tracking system changes and observing patterns of increased traffic that may indicate a potential security breach by staying proactive and monitoring the network closely they can quickly detect and respond to any security incidents minimizing their impact vulnerability scanning is another crucial aspect of the blue team's responsibilities they conduct comprehensive scans to identify weaknesses in the organization's systems this includes checking for outdated software versions misconfigurations weak passwords and known security vulnerabilities by proactively uncovering these vulnerabilities they can recommend and Implement appropriate measures to address them bolstering the organization's defenses against potential threats intrusion detection also forms an integral part of the blue team's role they deploy advanced systems and employ sophisticated techniques to detect unauthorized attempts to access or alter data within the organization's Network by promptly identifying and responding to these intrusions they help prevent potential damage and mitigate the risk of data breaches another key responsibility of the blue team is collaboration with other teams they work closely with the incident response team and the IT department and may also be members of those teams they share information coordinate responses and Implement necessary security measures this ensures a unified and efficient approach to cyber security incidents enabling a Swift and effective response to emerging threats finally The Blue Team assumes a proactive role in promoting a security conscious culture within the organization they conduct security awareness training sessions to educate employees about best practices and potential risks by empowering employees with the knowledge to identify and respond appropriately to security threats they enhance the overall security posture of the organization they also provide guidance to other teams on implementing secure configurations and practices ensuring that they integrate security considerations into various processes and systems throughout the organization so what impact does the blue team have in an organization well they play a critical role in protecting organizations from cyber threats by implementing a variety of security measures they can help to prevent data breaches system outages and other security incidents next let's examine how Microsoft Azure can assist the blue team in achieving their goals Microsoft Azure is a cloud computing platform that can help to enhance the capabilities of The Blue Team by offering a variety of Security Services let's explore these in more detail firstly Microsoft Defender for cloud provides a comprehensive view of security posture and identifies potential vulnerabilities and Azure resources secondly Microsoft Sentinel which is a cloud native security information and event management or Sim solution provides intelligent threat detection and response capabilities thirdly Azure active directory or Azure ad offers robust identity and access management capabilities ensuring authorized access to resources and finally defend Ender for identity provides Advanced threat intelligence detecting suspicious activities across on premises and Cloud environments and enabling Swift responses to Advanced threats now that you are aware of the security services provided by Microsoft Azure let's explore how Sam Scoops can benefit from the use of these services to enhance the capabilities of its blue team the company can use Azure to secure its online platform by implementing robust measures to protect customer data and prevent unauthorized access or fraudulent activities more specifically Sam Scoops can use aures network monitoring service to continuously monitor Network traffic to identify suspicious activity the company can use azure's vulnerability scanning service to conduct comprehensive scans to identify weaknesses in systems then with azure's intrusion detection service Sam Scoops can deploy Advanced systems and techniques to detect on unauthorized attempts to access or alter data what's more Sam Scoops blue team can collaborate closely with the incident response team to investigate contain and restore systems and finally The Blue Team conducts security awareness training tailored to employees you should Now understand why the blue team is a critical component of any organization's cyber security strategy by implementing a variety of security measures they can help to prevent data breaches system outages and other security incidents you also learned how Microsoft Azure provides a variety of security services such as Microsoft Defender for cloud Microsoft Sentinel Azure active directory and Defender for identity that can help to enhance the capabilities of the blue team in the next video you'll explore the role and responsibilities of the red team you know that when it comes to a red versus blue exercise The Blue Team stands guard to protect an organization's digital assets and defend against threats in this video you'll shift your focus to the red team who assume the role of the adversary mimicking the actions of real world attackers to test the security of an organization's systems and infrastructure the red team's function is to understand vulnerabilities and weaknesses in an organization's defenses they employ various methods like social engineering fishing and hacking to breach security and test its Effectiveness by using these techniques the red team can identify potential entry points and weaknesses that could be exploited by actual cyber attackers let's explore the red team's activities and learn why they are essential for organizations in multiple ways firstly they provide a realistic assessment of existing security measures helping organizations understand their vulnerabilities and take appropriate actions to mitigate risks by simulating real world World attacks they can identify weaknesses that may have been overlooked this ensures that organizations have a comprehensive view of their security posture secondly they help organizations to identify and address blind spots in their security posture by simulating real world attacks they pinpoint areas where vulnerabilities are most likely to be exploited this helps organizations prioritize their security efforts and allocate resources to strengthen their defenses in the areas that matter the most thirdly they contribute to improving the overall security culture within an organization by exposing employees to real world threats they raise awareness and Empower individuals to take proactive steps in protecting themselves and the organization these activities serve as valuable training opportunities helping employees to recognize and respond effectively to potential security risks finally collaboration between the red and blue teams is crucial for maximizing the effectiveness of an organization's security measures the red team's assessments provide the blue team with insights to enhance defense strategies and Implement necessary changes this collaborative approach ensures that the organization's security efforts are aligned and continuously evolved to counter the everchanging threat landscape as you have now learned the red team plays a critical role in ensuring organizations are resilient against sophisticated cyber attacks by simulating real world threats and providing valuable insights they fortify the defenses of our digital assets their activities help organizations stay ahead of potential adversaries by proactively identifying and addressing vulnerabilities before they can be exploited now let's explore some specific activities of the red team and how they can benefit Sam Scoops firstly they can conduct a comprehensive vulnerability assessment tailored to Sam scoop's online infrastructure and applications they employ various techniques such as vulnerability scanning to identify weaknesses in the company's online platform Network infrastructure and cloud services these assessments provide valuable insights into potential vulnerabilities that could be exploited by attackers secondly they can conduct live site penetration testing this ensures that Sam's Scoops Microsoft managed Cloud infrastructure services and applications are fortified against potential threats the red team can identify any vulnerabilities that may exist and provide recommendations for improvement by attempting to breach the live systems and infrastructure next they perform social engineering testing social engineering is a common tactic cyber criminals use that involves manipulating individuals to gain unauthorized access to systems or sensitive information the red team can assess Sam scoop's employees susceptibility to these attacks through simulated fishing camp campaigns or other techniques they test the employees awareness and response to potential threats this helps the company to educate its employees about potential threats and strengthen their security awareness another activity is risk assessment and mitigation providing Sam Scoops with a comprehensive understanding of their overall risk profile by assessing vulnerabilities and potential attack vectors they can help the company to prioritize and Implement appropriate security measures and risk mitigation strategies this ensures the protection of sensitive customer data and the maintenance of the Integrity of their online operations and finally there is security culture enhancement the red team Fosters a strong security culture within sem Scoops by simulating real world attacks and providing insights into vulnerabilities they raise awareness among employes about potential threats and the importance of adhering to secure practices this encourages is a proactive and Vigilant approach towards cyber security throughout the organization strengthening its overall security posture you should now be familiar with the red team's activities and understand why they are crucial for organizations in their cyber security efforts by simulating real world attacks conducting vulnerability assessments and Performing penetration testing the red team helps organizations identify weaknesses address blind spots and enhance their security posture for Sam scooops they play a vital role in securing their online infrastructure conducting tailored vulnerability assessments performing livesite penetration testing and educating employees about social engineering threats by embracing the expertise of the red team organizations can stay one step ahead of potential adversaries and Safeguard their valuable data and systems when buying products online you don't necessarily question the security of the application or app platform you're using to complete the transaction retail companies often sell products using an online platform that manages purchases and maintains your account and personal details take Sam Scoops for instance customers can order tubs of ice cream directly from Sam's website every time a purchase is made the transaction information is stored Sam has been meticulous about ensuring this information is kept secure but how can Sam truly be sure that security measures she's implemented so far work as they're intended to if you're thinking testing you're absolutely right this is where penetration testing comes in or as it's also known ethical hacking penetration testing is a systematic and authorized attempt to identify and exploit vulnerabilities in a computer system Network or application its primary purpose is to assess an organization's security by simulating real world attack scenarios penetration testing now plays a crucial role in identifying vulnerabilities within organizational systems and networks in this video you will dive deeper into the world of penetration testing exploring its numerous benefits the challenges organizations face during testing and the various stages involved in completing a penetration test let's begin by discussing some key benefits that penetration testing can bring to an organization firstly awareness penetration testing increases stakeholders understanding of possible sec security threats by conducting these tests organizations Better understand the importance of implementing robust security measures they also learn about the potential consequences of neglecting them risk mitigation is another benefit by identifying and addressing vulnerabilities through penetration testing organizations can reduce the risk of potential security breaches and data leaks by detecting these vulnerabilities organizations can successfully manage these risks before a breach and take any necessary steps lastly compliance many Industries have regulatory requirements to test their security by ensuring that businesses follow industry best practices and compliance requirements penetration testing helps them avoid fines and reputational harm while penetration testing is essential for assessing your organization's security it can present certain challenges live penetration testing can cause significant disruption to normal operations this can lead to inconvenience or even downtime for your organization it is therefore essential to carefully plan and coordinate testing to minimize disruption while ensuring thorough testing takes place in some cases live testing may also trigger false alarms leading to unnecessary panic and disruption by having a clear Communication channel with well- defined roles and responsibilities amongst your it teams management and employees you can ensure everyone is aware of the testing process leading to an increase in the overall efficiency of the test now that you know the benefits and challenges of penetration testing you may wonder how a penetration test is carried out well penetration testing follows a structured approach that involves several stages the first stage is reconnaissance ethical hackers gather information about your organization in this initial stage including Network architecture system configurations and potential entry points this information provides a foundation for the subsequent phases next is enumeration during this phase testers actively probe your organization systems identifying open ports services and user accounts this stage helps them gain a deeper understanding of their target environment and any potential vulnerabilities the ethical hackers then attempt to exploit the vulnerabilities identified during reconnaissance and enumeration they do this by simulating a real world attack scenario to gain unauthorized access to your system sys or data highlighting the potential consequences of these vulnerabilities once inside your systems the testers escalate their privileges to gain administrative access and move freely within your network mimicking an attacker's actions this stage helps identify potential weaknesses in Access Control and network segmentation lastly ethical hackers generate a comprehensive report after completing the testing the report will detail any vulnerabilities discovered and their potential impact it will also recommend remediation steps to tighten up your security these valuable insights will allow your organization to prioritize and address the identified issues effectively strengthening your overall security penetration testing has become an integral part of an organization cyber security strategy by identifying vulnerabilities and weaknesses in systems and networks organizations can proactively address them before malicious actors exploit them however however balancing security and organizational considerations is crucial ensuring that testing activities do not unduly disrupt daily operations with proper planning communication and Remediation penetration testing can greatly enhance an organization cyber security this video gave you a comprehensive overview of penetration testing and the various stages of a penetration test you discovered previously that Sam Scoops have security concerns about its online platform and have become aware of the importance of completing a penetration test to uncover any vulnerabilities in its software you also briefly covered the five main stages of penetration tests reconnaissance enumeration exploitation escalation and Reporting and Remediation in the upcoming videos You'll witness the implementation of the different stages of penetration testing as Sam Scoops carries out a penetration test on their own platform this video will dive into the first crucial penetration testing stage reconnaissance reconnaissance is exactly what it sounds like it has one job and that is to gather all valuable information about Sam Scoops to understand its systems applications and users reconnaissance involves three main activities information gathering footprinting and scanning firstly information gathering focuses on collecting data from public sources like search engines and social media media to understand Sam's infrastructure Technologies and Personnel then footprinting analyzes Sam's online presence including websites domain names and IP addresses this helps in mapping out Sam's digital footprint and identifying potential security vulnerabilities lastly scanning probe Sam Scoops Network and systems to find open ports services and vulnerabilities scanning will give a better understanding of Sam's attach tax surface and any potential entry points for exploitation reconnaissance is performed using a wide range of tools and techniques for example search engines are used to locate information about websites domain names and IP addresses social media platforms provide valuable insights into employees customers and partners and specialized tools like nmap help you scan the targets Network for open ports and vulnerabilities let's walk through the step-by-step process of how you implement the reconnaissance stage for Sam Scoops firstly you need to identify the Target and Define if it is a company website or network this helps ensure that you gather relevant information next utilize search engines social media and other public sources to collect data about the Target's website domain names IP addresses and more then analyze the target's online presence inspect the website source code explore domain name registration information and use who is lookup to gather details about hosting providers and DNS records now you can probe the targets Network and systems using tools like nmap nasus or openvz to identify open ports services and vulnerabilities you will learn more about these tools in stage two it's also crucial that throughout the reconnaissance process you document all the information you gather you can then analyze this collected data to identify patterns vulnerabilities and potential entry points for exploitation lastly once the reconnaissance phase is complete compile a detailed report summarizing your findings this report includes the vulnerabilities discovered their potential impact on security and recommendations for remediation this report is then shared with Sam Scoops to help them improve their cyber security reconnaissance is a critical phase of the penetration testing process it allows you to gather intelligence identify weaknesses and plan all the subsequent stages of the test effectively through reconnaissance you can replicate real world attacks and help organizations strengthen their security reconnaissance is the key to uncovering vulnerabilities and ensuring robust security next you will explore the next stage of penetration testing enumeration remember penetration testing should always be conducted with proper authorization and within legal boundaries the goal is to strengthen security not cause harm now that the reconnaissance stage is complete Sam Scoops move on to stage two of the penetration testing process enumeration in this video you'll learn how organizations use the enumeration stage of penetration testing to identify open ports services and vulnerabilities on a Target system enumeration is crucial to the penetration testing process because testers use it to assess assess a Target system giving testers valuable insights into the system security firstly let's explore what enumeration is in more detail enumeration is the process of gathering information about a Target system this information can include the system's IP address operating system open ports running services and even usernames and passwords enumeration uses various tools and techniques including Port scanning Banner grabbing and network sniffing but why is the enumeration phase in the testing process so crucial there are a variety of reasons for this first it assists you in locating weaknesses that a potential attacker may take advantage of for instance if you notice that a Target device in Sam Scoops is using an outdated operating system you can look up known vulnerabilities for that version of the operating system and try to attack them second enumeration can help you to better understand the target systems overall security using this information you can prioritize which areas of the system should be attacked now let's explore some of the tools and techniques you can use to complete the enumeration stage firstly nmap is a tool that helps you explore and understand the target system you are testing it works like a scanner checking for open doors or ports on the system ports are like computer entry points that allow different services to communicate by scanning for open ports and map can tell you which services are running on the target system such as web servers email servers or file sharing Services it also determines what operating system is running on the target system this information is valuable because it helps you understand what potential vulnerabilities might exist and what kind of security measures are in place next is nases another tool utilized to scan for Target system vulnerabilities it's more focused on finding specific weaknesses in the systems configur configuration or software that an attacker could exploit nasus has a database of known vulnerabilities and performs comprehensive scans to check if the target system is susceptible to any known issues it even generates detailed reports highlighting any vulnerabilities found allowing you to prioritize and address them however as a commercial tool nases may require a license to access its features thoroughly a common technique used by testers is Banner grabbing do you ever notice a banner displayed when a service starts on your system it's usually a small piece of text that provides information about the service in Banner grabbing you collect these banners to gather information about the system the banners can contain details like the name of the service the version being used and the vendor who developed it this information is helpful because it allows you to understand what software is running on the target system and potentially identify known vulnerabilities associated with specific conversions or vendors last is Network sniffing which involves capturing and analyzing Network traffic flowing between devices on the network allowing you to examine the transmitted data including usernames passwords and other sensitive information Network sniffing helps uncover potential security weaknesses such as weak encryption protocols or unencrypted communication you should note that Network sniffing should only be performed on networks where you have proper authoriz ation as unauthorized sniffing is illegal and unethical when you implement the enumeration stage there are several best practices you should follow starting with proper reconnaissance as you learned earlier gathering information about the target system beforehand is crucial it allows you to focus your enumeration efforts effectively and as you may remember this information is collected through various means like social engineering website analysis and public records next be mindful of the scan intensity and timing conducting scans with high intensity or during critical business hours may cause disruptions coordinating with system owners and stakeholders is crucial to minimize any impact you should also analyze the results of your enumeration it's not just about finding open ports and services but also understanding their significance in the context of the target system this will help you prioritize your next steps using the information you can prioritize which areas of the system should be attacked and lastly maintain documentation throughout the enumeration process documenting your findings observations and actions taken allows you to create a comprehensive report that will Aid in future Assessments in conclusion enumeration is another crucial step in the penetration testing process giving you a better understanding of a Target system this video demonstrated the importance of enumeration and expl explored several tools and techniques before outlining the best practices for performing effective enumeration by conducting thorough enumeration you can identify weaknesses prioritize areas for further testing and ultimately enhance the overall security of the target system Sam Scoops is now ready to move on to the next stage of the penetration testing process the testers have gathered the information required through stages one and two and are prepared to carry out their authorized attack this video will focus on stage three of the penetration testing process exploitation exploitation takes advantage of a Target system's vulnerabilities to gain unauthorized access previously you discovered how as a penetration tester you gather information about a Target system to identify vulnerabilities stage three is where you exploit these vulnerabilities to gain unauthorized access to a Sam scoop system there are many ways to exploit vulnerabilities including buffer overflow SQL injections and cross-site scripting a buffer overflow occurs when more data is written to a buffer than it can hold this causes your system to crash allowing an attacker to execute arbitrary code on your system next SQL injection is a technique for injecting malicious SQL code into your database this could allow the attacker to steal data from your database or even take control of your database server lastly cross-site scripting or xss s is a technique used to inject malicious JavaScript code into your web page allowing the attacker or penetration tester to steal cookies or other sensitive information once you have exploited a vulnerability you will gain unauthorized access to the Target system unauthorized access allows you to move laterally which allows you to gain access to other systems on the network or steal data such as financial data customer data or intellectual property install malware which can give you control of the system or steal data from it and disrupt operations by deleting files disabling services or causing other problems once you've gained unauthorized access to the system the next step is to inject a payload into the system a payload is a piece of code that is executed on the target system the payload can serve various purposes such as stealing data being used to steal sensitive data from the system such as financial data customer data or intellectual property or installing malware the payload can be used to install malware on the system which can give the attacker control of the system or steal data from the system and disrupting operations the payload could also be used to disrupt the operation of the system by deleting files disabling services or causing other problems the penetration tester will often analyze the payload to determine what it does and how it works this information can be used to improve the security of the system and prevent future attacks this final step of payload injection highlights the ethical considerations that accompany exploitation and penetration testing where ethical hackers conduct hacking activities with a permission of the system owner with the intent to improve system security organizations worldwide are now hiring ethical hackers to test their security systems weaknesses helping businesses identify and fix vulnerabilities before malicious attackers can exploit them a component of ethical hacking involves using techniques that will only cause minimal damage to the system while responsible disclosure involves reporting vulnerabilities to the system owner in a timely manner during the process of penetration testing collaboration is essential between the hackers and the organization to enable the strengthening of security measures and protection against malicious attacks organizations Security Professionals and ethical hackers can all play a role in improving sec security working together can make it more difficult for malicious attackers to succeed this video took a deep dive into stage three of penetration testing exploitation where you learned the steps involved for completing the exploitation process and several of the techniques that are used in the industry today as Sam Scoops progresses through their penetration testing Journey they have successfully completed the reconnaissance enumeration and exploitation stages uncovering valuable information and identifying vulnerabilities now it's time to go into the crucial Next Step escalation this video will guide you through the essential steps involved in the escalation stage of the penetration testing process you will also explore a range of best practices employed by ethical hackers to ensure effective completion of this stage the escalation stage of a penetration test focuses on three main goals consolidating access to your systems achieving privilege escalation and extracting sensitive data the first step in the escalation process is to consolidate access to a Target system this means ensuring that you have persistent and reliable access even if the initial exploit is patched or disabled there are several ways to achieve this firstly back doors are malicious programs or configurations that provide unauthorized access to a system they can be created by you or by exploiting a vulnerability in the system once a back door is in place you can use use it to regain access to the system even if the initial exploit is patched next are remote access Trojans or rats they are malicious programs that allow you to control a compromised system remotely rats can be used to execute commands steal data or install other malware on the system you also have web shells which are malicious scripts or programs that are uploaded to a compromised web server web shells allow you to execute commands on the web server such as a up loading files deleting files or changing configuration settings now that you have Consolidated access to a system the next goal is to achieve privilege escalation this means gaining access to higher level accounts such as administrator accounts privilege escalation can be achieved in several ways including exploiting misconfigurations within systems for example if a system allows employees to create their own accounts with administrator privileges you could create an account and then use that account to gain access to sensitive data or exploit vulnerabilities like unpatched software or known vulnerabilities which can be leveraged to elevate privileges for example if a system is running an unpatched version of a web application that has a known vulnerability you could exploit that vulnerability to gain access to the system with administrator privileges the final goal of escalation is to extract sensitive data from a system sensitive data can include anything from financial information customer data or intellectual property there are several techniques utilized by penetration testers for extracting data from a system including file transfer protocols or FTP secure copy protocol or SCP and secure file transfer protocol or SFTP can transfer files from the target system to your machine or steganography which is the practice of concealing data within another file such as an image or a document this can be used to EV detection by security measures such as antivirus software and lastly Network tunnels can be established between your machine and the target system this allows you to transmit data over the network without it being visible to network administrators now that you understand how escalation is performed let's explore several best practices you should adhere to when implementing the escalation stage firstly it's crucial that you obtain proper authorization and follow legal compliance before before you conduct any penetration testing activities this includes obtaining a written agreement from the organization that authorizes the penetration test and outlines the scope of work next ensure that all findings from the penetration test are documented and reported to the organization this report should be clear and concise and should include all relevant information such as details of any vulnerabilities found the impact of those vulnerabilities and any recommendations for remediation you should also ensure the penetration testing is conducted in a sandbox or isolated environment meaning that the target system should be isolated from any live production environment this ensures that any damage caused by the penetration test will not affect the production environment and lastly stay up to dat with all the latest vulnerabilities exploits and security news this will help you identify and exploit weaknesses in the Target system the escalation stage is a critical step of the penet rtion testing process by following the correct steps and adhering to best practices penetrating testers can assist organizations in identifying and mitigating security risks this video explored the techniques used to consolidate access before examining privilege escalation and data exfiltration you also gained a deeper understanding of the different tools and techniques that can be used and best practices for performing escalation Sam Scoops has undergone four stages of the penetration test to assess the security of their platform reconnaissance enumeration exploitation and escalation now the testing is entering the Final Phase reporting and Remediation this crucial stage of the penetration testing process takes place once the vulnerabilities have been identified and exploited this video will discuss reporting's best practices and highlight the importance of reporting you will also learn the significance of having having a robust remediation process reporting and Remediation allows you to confirm your findings provide recommendations for remediation and work with the organization to implement those recommendations the reporting stage is critical to the success of the penetration testing process a well-written report can clearly communicate the outcomes of the test it will also provide Sam Scoops with a list of the vulnerabilities located and the steps required to mitigate against those vulnerabilities this report should include an executive summary that provides a highlevel overview of the findings of the testing it should also provide a section detailing vulnerabilities located during the test and an impact assessment for each of these vulnerabilities then a list of recommendations to remediate against these vulnerabilities and lastly an appendix which includes any supporting documentation such as screenshots or network diagrams in the vulnerability section of the report you should also ensure that each vulnerability noted includes the name of the vulnerability and a description of the vulnerability you should also detail the impact the vulnerability will have on Sam Scoops and what steps are required to remediate against that vulnerability and lastly a list of recommendations for addressing the vulnerabilities you should also ensure any steps required for remediating against the vulnerabilities are specific actionable and prioritized based on the severity of the vulnerability just like previous stages there are several best practices you should follow when writing your report first use clear and concise language in the report write it in a way that is easy for both Technical and non-technical audiences to understand next be specific the report should provide information about the vulnerabilities that were found as well as steps that can be taken to remediate those vulnerabilities the report should also provide recommendations that are specific actionable and prioritized based on the severity of the vulnerability and lastly deliver the report in a timely manner remediation is equally important a solid remediation process ensures that any vulnerabilities found during the penetration test are mitigated quickly and effectively to ensure a successful remediation process you should communicate effectively with the organization throughout the process you should also prioritize the vulnerabilities based on the severity of the risk and make sure these vulnerabilities are remediated promptly and lastly test this remediation process to ensure that it is effective as you have discovered in this video reporting and Remediation is another vital step in the penetration testing process it's the final piece of the puzzle that allows you to document findings provide recommendations and implement the remediation measures that organizations can use to address their vulnerabilities and minimize the risk of potential attacks you also Now understand that clear and concise reports cater to both Technical and non-technical audiences which facilitates stakeholder understanding and decision- making the remediation process also ensures compliance with any regulatory requirements by emphasizing the significance of reporting and Remediation a comprehensive approach to cyber security will ultimately Safeguard critical assets and maintain data Integrity does the SEC security of your organization systems and network concern you this video will demonstrate how you can stay one step ahead of the ever evolving tactics employed by attackers by exploiting the miter attack framework a gamechanging tool that can revolutionize your cyber security strategy you'll examine the miter attack framework's powerful components and explore the invaluable benefits it offers organizations But first you are probably wondering what exactly the miter attack framework is well miter attack stands for adversarial tactics techniques and common knowledge it is a knowledge base of adversary tactics and techniques that is curated and maintained by miter a nonprofit organization with expertise in security systems engineering and information technology the framework comprises two main sections tactics and techniques let's begin with tactics first is reconnaissance the process of gathering information about a Target like its IP addresses employee names and network infrastructure next is resource development which relates to acquiring the tools and resources needed to carry out an attack such as malware hacking tools and fake identities then you have initial access a tactic focused on gaining access to a Target system such as through a fishing email or a vulnerability in software once inside the system execution comes into place play attackers use malicious code on a Target system like a virus or a trojan horse next is persistence which is a tactic used to maintain access to a Target system after initial access has been gained such as by creating back doors or rootkits privilege escalation is all about gaining higher privileges on the target system this can provide the attacker with enhanced control and Authority such as administrator privileges defense evasion is employed to hide malicious activity from detection by security tools such as by using encryption or obfuscation techniques credential access involves stealing or obtaining the credentials of an authorized user such as a username and password which can be used to gain access to systems and data Discovery focuses on locating sensitive data or systems on a Target Network such as financial data or intellectual property lateral movement comes into play when attackers move from one system to another on a Target Network this is usually done by exploiting firewall vulnerabilities or using shared accounts collection involves Gathering sensitive data from a Target system such as financial data customer records or intellectual property command and control tactics involve establishing communication with a remote attacker or exfiltration is the act of sending stolen data to a remote attacker and lastly impact fact the consequences that these Cyber attack tactics have on an organization can include Financial loss data breaches or reputational damage it's crucial to remember that these tactics are not necessarily in order and attackers may switch between them as necessary for example an attacker May first gain access to a system through a fishing attack then use that access to install malware that gives them persistent access they may then use that access to to escalate their Privileges and steal credentials which they can use to move laterally to other systems in the network Security Professionals can better protect their systems and networks by understanding the different phases of an attack and make it harder for attackers to succeed by putting security measures in place at each level let's explore several techniques that attackers employ during each phase of an attack first is the command and scripting interpreter which executes commands then there's OS credential dumping which extracts passwords and other credentials from the operating system while proxy intercepts and redirects traffic to a malicious server process injection can load malicious code into a legitimate process there's also masquerading which impersonates a legitimate user or process while valid accounts uses valid credentials to gain access to a system you also have public facing application this exploits a vulnerability in a public facing application to gain access to a system there's also modify registry which changes the registry to create persistence or modify security settings and also scheduled task job which creates a scheduled task or job to execute malicious code at a later time and lastly impaired defenses which disables or evades security controls to make it easier to attack a system understanding these techniques can help organizations Better prepare and defend against potential threats miter attack framework has several benefits including improving the threat detection and response capabilities of an organization by helping organizations to identify and prioritize security risks you can Empower them to deploy targeted security controls against the most likely threats they may encounter implementing the miter attack framework also leads to the overall Improvement of the organization's cyber security the adaptability of the miter attack framework also plays a crucial role in assisting organizations in defending themselves against the ever evolving threats they face making it an indispensable tool for any organization seeking to strengthen their cyber security defenses the miter attack framework is an invaluable resource for organizations seeking to enhance their cyber security by comprehending the tactics and techniques used by attackers organizations can proactively defend themselves against potential threats the framework brings increased visibility improved threat detection and response and an overall strengthening of security the miter attack framework remains at the Forefront of defense strategies miter constantly updates and expands the framework to meet the evolving needs of the cyber security Community they continually incorporate new tactics and techniques into the framework and strive to cover emerging platforms and Technologies imagine for a moment that you have a mechanical box in front of you you know what you put into the box and what you take out of it but you have no understanding of its internal mechanisms your focus is solely on manipulating the inputs and observing the outputs blackbox testing follows a similar principle and over the next few minutes you'll learn about this crucial approach to software and penetration testing black box testing is a technique where you examine the functionality of a system without having any knowledge of its internal workings in other words you treat the system as a black box focusing solely on the inputs and outputs and not concerning yourself with the internal code or structure this approach allows you to evaluate the system from an external perspective mimicking the actions of a potential attacker and identifying vulnerabilities that could be exploited the blackbox testing approach typically consists of four steps requirement analysis test case design test execution and defect reporting in the first step you gain a thorough understanding of the system's requirements including its intended functionality and expected outputs this helps you establish what the system should do and what results it should produce next you design test cases that cover different scenarios including both valid and inval valid inputs boundary values and special cases by designing comprehensive test cases you increase the chances of uncovering vulnerabilities or weaknesses in the system the designed test cases are then executed against the system during this step you input various data and examine the corresponding outputs to identify any inconsistencies or issues this step involves meticulous observation and comparison of actual results with expected results finally any defects or issues discovered during testing are reported to the development team or relevant stakeholders for further investigation and resolution this ensures that identified problems are properly addressed and rectified performing blackbox testing during penetration tests helps you to identify various vulnerabilities and attack vectors like injection attacks cross-site scripting authentication and authorization a flaws and misconfiguration injection attacks refer to SQL or command injections where an attacker manipulates input data to execute malicious commands within the system by conducting blackbox testing you can identify vulnerabilities that could potentially allow unauthorized access or data breaches cross-side scripting vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users identifying these vulnerabilities is crucial cral as they can lead to session hijacking or Data Theft authentication and authorization flaws can enable unauthorized access to sensitive information or functionalities within a system this is why it's important to identify weaknesses in the authentication and authorization mechanisms of the system improperly configured systems can expose sensitive data or provide unintended access to unauthorized individuals by analyzing the system during blackbox testing you can identify any misconfigurations that could be exploited by attackers to effectively perform blackbox testing various tools are employed to identify vulnerabilities and automate certain testing processes some popular tools used for blackbox testing include burp Suite oasp zap nessus and Metasploit burp Suite is a powerful toolkit for web application security testing it lets you intercept analyze and modify HT ttps traffic enabling you to identify vulnerabilities and assess the security of web applications oasp app is an open-source web application security scanner it helps you identify vulnerabilities in web applications by actively scanning and analyzing their security nessus is a comprehensive vulnerability scanner that scans networks and systems for known vulnerabilities you can use nesses to identify potential weaknesses that could be exploited by attackers finally Metasploit is a widely used penetration testing framework that provides a range of tools and exploits to simulate various types of attacks you can use Metasploit to assess the systems resilience against different attack vectors blackbox testing plays a vital role in both software testing and penetration testing by treating the system as a black box and focusing solely on its inputs and outputs you gain a valuable external perspective to evaluate its functionality this approach mirrors the actions of potential attackers enabling you to uncover vulnerabilities that could be exploited in this video you discovered that blackbox testing helps you identify various vulnerabilities and attack factors like injection attacks cross-site scripting authentication and authorization flaws and misconfiguration addressing these weaknesses is crucial because they can lead to unauthorized access data breaches session hijacking or data theft by simulating real world attack scenarios and following a systematic approach while utilizing specialized tools you can effectively identify potential security risks and provide recommendations to enhance the system's overall security blackbox testing means examining a system solely based on its inputs and outputs without any knowledge of its internal workings but now let's take it a step further imagine that you not only know what you put into the box and what you should get out of it but you also have an in-depth understanding of its internal mechanisms with this knowledge you can manipulate the inputs observe the outputs and even examine the intricate details of how the Box functions this approach forms the basis of white box testing another crucial approach to software and penetration testing in this video you'll explore more about what white box testing entails and its role in penetration testing white box testing also known as clear box testing or structural testing is a method of software testing where you have access to the internal structure design and code of the system being tested by examining the internal components of the software such as its algorithms data structures and control structures you can identify potential issues vulnerabilities and areas of improvement now let's explore the key approaches to white box testing Tes in the first is to review the source code of the system being tested this involves analyzing the code line by line to identify potential vulnerabilities logic errors and other issues that could impact the system's functionality or security the code review process may involve manual code inspection as well as the use of automated tools next code coverage analysis is an essential aspect of white box testing it ensures that all parts of the code or exercise during testing code coverage analysis tools are used to measure the percentage of code that is executed during testing this helps ensure that no critical code paths are left untested whitebox testing often includes unit testing where individual units or components of the software are tested in isolation unit tests focus on testing specific functions methods or modules to ensure that they behave as expected this help helps identify any bugs or flaws within specific units of the system path testing is a technique used in white box testing to analyze different execution paths within the software by traversing through various decision points and branches in the code you can identify potential issues or vulnerabilities that might arise in specific scenarios path testing aims to cover all possible paths and conditions within the code Branch Testing is another approach used in white box testing it involves evaluating every possible decision outcome within the code each branch is tested including true and false branches to ensure that all possible decision outcomes are covered this helps minimize the risk of untested code paths white box testing is a valuable technique in assessing the security of a system but how is it used in penetration testing there are a few techniques from code review and fuzz testing to static and dynamic analysis let's explore these in more detail during code review the system's source code is meticulously examined to identify potential security vulnerabilities by carefully analyzing the code you can uncover insecure coding practices back doors or other security flaws that malicious actors can exploit code review helps identify and fix security issues at the source code level fuzz testing also known as fuzzing involves providing invalid unexpected or random data inputs to the system to test how it handles them by subjecting the system to various inputs including edge cases and malformed data you can identify potential vulnerabilities or weaknesses in the system's input validation and error handling mechanisms static analysis is a technique where you analyze the source code without executing it here you can use static analysis tools that examine the code structure syntax and patterns to identify potential security vulnerabilities these tools can help detect common vulnerabilities such as SQL injection or cross-site scripting Dynamic analysis also known as runtime analysis involves executing the system and monitoring Its Behavior in real time Dynamic analysis tools can be used to capture Network traffic identify potential security weaknesses and understand how the system responds to various inputs this approach helps uncover vulnerabilities that may not be apparent during static analysis white box testing offers a unique perspective into the inner workings of a system allowing for a comprehensive assessment of its security and reliability it plays a vital role in penetration testing enabling the identification and Remediation of security flaws at the source code level by incorporating white box testing into the software development life cycle organizations can enhance their overall security posture and ensure the delivery of robust and resilient systems techniques like blackbox and white box testing have long been the go-to approaches for penetration testing however there is another technique that brings together The Best of Both Worlds graybox testing in this video you will explore the concept of graybox testing and discover its role in penetration testing gray box testing combines elements of both blackbox testing and white box testing it is called gray box because it represents a middle ground between complete ignorance and full knowledge of the internal workings of the system being tested on the one side you have blackbox testing a technique where you enter the testing phase with no knowledge of the internal structure of the system it's like trying to solve a puzzle without even knowing what the picture looks like on the Box in this approach you you evaluate the systems functionality inputs and outputs without any understanding of its internal workings you focus on testing the system from a user's perspective without considering the implementation details on the other side there's white box testing which provides complete knowledge of the systems internals you have access to the source code architecture and design it's like having the complete puzzle in front of you allowing you to test the systems internal logic structure and Pathways this approach is more focused on uncovering issues within the code Baye and verifying the correctness of the implementation gray box testing emerges as the perfect mix between black box and white box testing it's like solving a puzzle with some hints you're not completely in the dark but you're not handed the entire picture either in gray box testing you have some information about the system you're testing for example you might know the overall structure of the the system have access to design documents or limited knowledge of the source code this partial knowledge helps you understand how the system works internally even though you don't have the full picture with this understanding you can design tests that are more focused and efficient for example let's say you're testing a website and you know the highlevel architecture of the system you can then Target specific areas like the login process payment Gateway or user authentication by concentrating tring on these areas you can identify vulnerabilities and security weaknesses that might exist for instance with the knowledge of the systems architecture you might test if the login process is secure by trying different combinations of usernames and passwords you can also check if the system properly handles invalid inputs such as entering special characters in the payment form by simulating real world attack scenarios you can uncover potential vulnerabilities that an attacker might exploit even though you don't have complete visibility into the system the partial knowledge you have as a graybox tester allows you to make educated guesses and decisions about where to focus your testing efforts this helps you identify potential issues and improve the overall security of the software application in essence graybox testing combines the advantages of blackbox testing like evaluating the system from a user's perspective and white box testing having full knowledge of the systems internals it provides a balanced approach allowing you to test the system efficiently while considering its internal structure graybox testing is particularly valuable in the context of penetration testing penetration testing involves actively assessing the security of a software application by simulating attacks and attempting to exploit vulnerabilities by having access to internal information graybox testing provides a more comprehensive evaluation of the system security posture in graybox testing several common approaches are used during penetration tests one such approach is architecture analysis here you analyze the high level architecture of the system identifying potential weak points and areas vulnerable to attacks by understanding the systems components and their interactions testers can design tests that focus on these areas effectively exploiting potential security gaps another approach used graybox testing is data flow analysis in this approach you examine the flow of data within the system tracing its path from inputs to outputs the objective is to identify potential security vulnerabilities in the way sensitive data is handled ensuring that it is adequately protected and cannot be intercepted or manipulated by malicious actors API testing is also a crucial aspect of gray box testing this is where you focus on testing the application programming interfaces or apis of the system which are responsible for interacting with other components or external systems with partial knowledge of the system you can analyze API documentation test input validation and check for potential security flaws in the way apis handle data and access control while graybox testing does not provide full access to the source code you may have limited access to specific sections or modules this allows you to conduct code reviews searching for coding flaws insecure practices or potential back doors that attackers could exploit even with limited visibility code reviews can reveal critical security issues that might otherwise go unnoticed all in all gray box testing combines the strengths of both black box and white box testing by leveraging the partial knowledge available you can design targeted and effective tests simulating real world attack scenarios and ensuring the overall security of software applications by embracing graybox testing alongside other testing methodologies you can enhance the robustness and resilience of your applications ensuring a safer digital environment for users in an era where technology drives modern-day business the stakes have never been higher for organizations to protect their valuable data and systems as the threat landscape expands and becomes more complex proactive measures prove to be indispensable to ensure robust security throughout your learning this week you discovered that penetration testing emerges as a powerful tool for this specific purpose it goes beyond traditional security measures to assess the robustness and resilience of digital systems by simulating real world attacks penetration testing helps organizations uncover vulnerabilities strengthen their defenses and ensure the security of their valuable assets to help embed what you've learned let's recap the key Concepts and insights gained during your exploration of this topic first you delved into the topic of offensive and defensive security strategies learning that offensive security involves the identification and exploitation of vulnerabilities in systems while defensive security focuses on protecting systems from attacks you zoned in on penetration testing or ethical hack Ing and explored how it serves as an offensive approach to cyber security ethical hackers use their Knowledge and Skills to identify vulnerabilities in systems applications and networks allowing organizations to implement necessary fixes and enhance their overall security during your exploration of this topic you gained insights into various testing methods employed by ethical hackers to achieve their objectives these methods include Network penetration testing web application penetration Testing mobile application penetration testing and social engineering testing each of these techniques focuses on different aspects of an organization's digital infrastructure aiming to identify vulnerabilities and weaknesses that could be exploited by malicious actors one key concept you explored is the red versus blue exercises these exercises simulate real world scenarios where ethical hackers known as the red team attempt to breach system security while Security Professionals known as The Blue Team defend it red versus blue exercises provide a dynamic platform to test security measures enhance incident response capabilities and Foster collaboration between offensive and defensive teams by engaging in these exercises organizations can gain valuable insights into their overall security posture and identify areas for improvement delving deeper into the methodology of penetration testing you learned about the key stages involved in the process the first stage is reconnaissance where ethical hackers gather information about the target organization's Network architecture system configurations and potential entry points this information serves as a foundation for subsequent stages and helps ethical hackers better understand the target environment the next stage is enumeration where testers actively probe the target system identifying open ports services and user accounts this step provides insights into the system's internal components and helps ethical hackers gain a deeper understanding of its vulnerabilities once vulnerabilities are identified the exploitation stage follows here ethical hackers attempt to exploit the vulnerabilities to gain unauthorized access to the system emphasizing the potential consequences that such exploits could have this stage highlights the importance of addressing vulnerabilities promptly and effectively to minimize the risk of security breaches escalation is the subsequent stage where ethical hackers aim to escalate their privileges within the system by gaining administrative access and moving freely within the network ethical hackers mimic the actions of real attackers helping identify potential weaknesses in Access Control and network segmentation the final stage is reporting and Remediation after completing the penetration testing process ethical hackers generate a comprehensive report detailing the vulnerabilities discovered their potential impact and recommended steps for improving security you also gained insights into different types of penetration tests namely blackbox testing white box testing and gray box testing blackbox testing is a technique where you examine the functionality of a system without having any knowledge of its internal workings this this approach focuses on the systems inputs and outputs mimicking real world attacks from an external perspective by employing blackbox testing organizations can uncover vulnerabilities like injection attacks cross-site scripting authentication and authorization flaws and misconfiguration in contrast white box testing provides complete knowledge of the systems internals with access to the source code architecture and design ethical hackers can thoroughly evaluate the system's internal logic structure and Pathways white box testing aims to uncover issues within the code base and verify the correctness of the implementation it involves activities like source code review fuzz testing static analysis and dynamic analysis gray box testing represents a middle ground between black box and white box testing it provides ethical hackers with partial knowledge of the system such as the over all structure or limited access to specific sections or modules this enables them to design focused and efficient tests targeting specific areas of the system graybox testing plays a valuable role in penetration testing allowing for architecture analysis data flow analysis API testing and limited code reviews so this week you've learned that the field of penetration testing offers organizations a powerful means of assessing the robustness and resilience of their digital systems and you should be able to describe that by embracing ethical hacking techniques and employing various testing methodologies organizations can identify vulnerabilities strengthen their defenses and Safeguard their valuable data and systems you should now be able to describe what penetration testing is and explain how it maintains a strong security posture ensuring the continued success of modern-day businesses imagine you're the owner of a mult multistory parking garage grappling with vehicle break-ins you might mitigate against this Threat by installing security cameras to monitor the traffic entering and leaving the building but what happens when faced with a Cyber attack like a network breach of your security camera system how would you effectively monitor Network traffic in this scenario a camera is not an option so what technology is available to help this is where intrusion detection and prevention systems come in this video will take you through the concepts various types and components of intrusion detection and prevention systems so let's dive in you previously learned that intrusion detection and prevention systems or as it's also known idps are systems that monitor and scan networks for possible threats to prevent potential cyber attacks idps plays a vital role in safeguarding networks and hosts from unauthorized access misuse and malicious activities there are several types of idps each with its own unique capabilities let's explore the most common ones now first network-based idps monitors Network traffic analyzing packets and identifying suspicious patterns or anomalies this type of idps is typically placed at strategic points it can detect and prevent various attacks such as dos attacks Network scanning and unauthorized access attempts within the network to capture and analyze all incoming and outgoing traffic there are also host-based idps which reside on individual hosts or servers it monitors system logs file integrity and application activities to detect signs of intrusion or unauthorized access by analyzing activities at the host level this type of idps provides an additional layer of security to protect specific systems Wireless ID DPS is specifically designed to secure wireless networks it detects unauthorized access points monitors Wireless traffic and identifies potential threats like Rogue devices or unauthorized users trying to gain access with the increasing prevalence of wireless networks this type of idps is essential to protect against Wireless specific attacks each idps is comprised of several components let's explore some of the most common ones first sensors serve as the eyes and ears of an idps they collect Network traffic log events and send this data to the analyzers for analysis sensors can be placed at key points within the network to capture and monitor all incoming and outgoing traffic they provide crucial data for detecting and preventing intrusions next are analyzers they receive data from the sensors and analyze it using various techniques such as signature-based detection anomaly detection or behavior-based detection they compare incoming data against a database of known attack patterns or behavioral baselines to identify potential threats analyzers play a critical role in accurately identifying and alerting security Personnel about possible intrusions last is the management consoles which provide a centralized interface to configure Monitor and manage the idps security analysts use these consoles to review alerts investigate incidents and fine-tune the idps settings they provide valuable insights into the Network's overall security allowing organizations to make informed decisions about their security strategy idps is crucial in today's digital landscape there are several key reasons for this first early threat detection idps helps in the early detection of threats allowing security teams to respond promptly and mitigate potential damage by continuously monitoring Network activities idps can identify malicious behavior and Alert security Personnel this early warning system helps organizations stay one step ahead of cyber threats next idps acts as a gatekeeper preventing unauthorized access to sensitive systems and data it helps maintain the integrity and confidentiality of information by stopping malicious actors before they can exploit vulnerabilities by implementing effective idps measures organizations can significantly reduce the risk of data breaches and unauthorized intrusions many Industries have specific regulations and compliance requirements to protect customer data idps assists organizations in meeting these requirements by providing a robust security framework and monitoring mechanism organizations can build trust with their customers and partners by demonstrating compliance with industry regulations idps also plays a crucial role in incident response by providing realtime alerts and detailed information about intrusions idps enables security teams to respond quickly and effectively to mitigate the impact of an attack it aids an incident investigation forensic analysis and the development of strategies to prevent future attacks in conclusion idps is a vital component of modern cyber security by deploying the right idps organizations can significantly enhance their security and protect their networks and systems from evolving threats as you discovered in this video idps have an exceptional ability to detect and prevent unauthorized access they provide a crucial layer of defense against intrusions and help organizations stay ahead of cyber criminals by understanding the components of idps and recognizing their importance organizations can make informed decisions to secure their digital assets and Safeguard their critical information imagine sitting at your desk and browsing the web or accessing a website if you click a link or submit a request would you consider the multiple events occurring behind the scenes this is where internet packets come in they are the lifeblood of digital communication they facilitate the intricate network of information exchange that most of us use daily often without even realizing it these critical components of online communication are complex multifaceted entities comprised of several sections and monitored by security tools like intrusion detection systems or ids's let's dive deeper into the specifics of Internet packets and explore how they contribute to network security let's start by exploring the structure of an Internet packet the first step to understanding the essence of an Internet packet is to appreciate its functionality each internet packet is a digital carrier pigeon holding a piece of a larger message internet communication involves breaking down data into smaller manageable pieces called packets this system allows large volumes of information to travel seamlessly across networks reassembling at their final destination to create the original data inherently the structure of an Internet packet is divided into two primary sections the header and the payload the header of the packet contains Vital Information concerning the packet's delivery it's akin to the envelope of a letter bearing details such as the source and destination IP addresses these function as the return address and delivery address respectively the header also contains additional data such as the packet's total length length identification for reassembly time to live or TTL which prevents the packet from circulating indefinitely and transport protocols like TCP and UDP the payload on the other hand is the actual data being transported essentially it's the letter inside the envelope the payload size varies depending on the Network's maximum transmission unit or MTU if the data surpasses the MTU it's fragmented into to multiple packets each with its own header packets may also have a trailer used primarily for error checking the most common technique is the cyclic redundancy check or CRC which generates a specific value based on the packet's contents the receiving system computes its own CRC and matches it with the received one discarding the packet if discrepancies are found as essential as the packet system is the internet functionality it's equally attract AC active to malicious cyber activities where intrusion detection tools come into play intrusion detection systems or IDs serve as the cyber security industry's Frontline defense against potential threats they monitor detect and alert Network administrators of suspicious activities within internet traffic a core aspect of this involves scanning internet packets intrusion detection tools function using two primary methodologies signature-based and anomaly based detection signature-based ids's monitor Network traffic for specific patterns or signatures associated with known threats like a digital most wanted list these systems have a database of existing threat signatures the IDS triggers an alert upon identifying matching patterns within packet headers or payloads in contrast anomally based IDs operates using machine learning to define a normal Baseline of network Behavior a network Baseline refers to a collection of standard measurements that indicate typical performance levels any events or alerts that occur while these parameters are in effect essentially capture a moment in time view of what is considered normal operations by establishing this Baseline Engineers are better equipped to identify unusual patterns in network traffic such anomalies could manifest a significant deviations from the established Baseline and may signal a range of issues from security breaches and Hardware malfunctions to application performance problems or even just an authorized user downloading a sizable file this means that a deviation from the network Baseline indicative of a possible threat prompts an alert this method can detect new unidentified threats as their unusual behavior contrasts with the established normal monitoring packets involves deep packet inspection or DPI where an IDs examines the content of individual packets DPI can include checking packet headers to verify source and destination IP addresses and inspecting packet payloads for known malicious signatures or abnormal data patterns by scanning and analyzing packet data in real time ids's play a crucial role in identifying and preventing potential cyber threats however the analysis of encrypted data presents a challenge as additional ids's may not access the payload making it difficult to detect intrusion intrusion detection is an ongoing process that adapts to new threats and technological developments as dependence on digital communication continues to grow so does the importance of understanding and protecting the packet-based systems that facilitate this interaction in conclusion internet packets are fundamental to the networked World they consist of various sections each serving a specific purpose in ensuring smooth efficient data transmission as you discovered in this video intrusion detection tools tirelessly monitor these packets scanning their various components to detect and prevent potential intrusions safeguarding the Integrity of digital Communications imagine you're an employee of an organization that operates in multiple locations worldwide each of these locations runs its machines and applications virtually through the cloud while centrally there's an IT team responsible for managing the security of these locations but how can this team oversee cyber security for all of these locations devices and applications this is where Azure firewall premium intrusion detection and prevention systems come in in this video you'll discover how it works and explore its various benefits and capabilities Azure firewall premium idps is a cloud-based intrusion detection and prevention system that helps you protect your Azure resources from malicious traffic to achieve this idps employs signature-based detection which can also be used to identify zero day threats newly discovered threats more commonly known as zero day threats are the first instance of a particular threat to be found Azure firewall premium idps works by inspecting Network traffic that flows through your Azure firewall the firewall looks for patterns that match known attack signatures and it can also be configured to detect specific types of traffic such as traffic from known malicious IP addresses or traffic that uses specific ports if Azure firewall premium idps detects a malicious traffic pattern it can take one of two actions it can alert as your firewall premium idps will log the event and send you an alert or deny Azure firewall premium idps will block the traffic from reaching your Azure resources the idps signatures are updated regularly so you can be confident that your Azure resources are protected from the latest threats now that you understand how Azure firewall premium idps Works let's focus on its benefits firstly it increases security by helping you protect your Azure resources from a wide range of malicious traffic next it reduces false positives Azure firewall premium idps uses signature-based detection which means that it is less likely to generate false positives than other types of idps solutions it also offers centralized management through the Azure portal so you can easily configure and monitor it from a single location and lastly scalability Azure firewall premium idps can scale to meet the needs of your growing Network configuring the Azure firewall premium idps can be completed by creating an idps policy an idps policy defines the types of traffic you want to Monitor and the actions you want Azure firewall premium idps to take when it detects malicious traffic you can create an idps policy using the Azure portal or the Azure CLI once you've created an idps policy you can assign it to your Azure firewall idps policy consists of the following elements firstly traffic types you can specify the types of traffic that you want to monitor for example you can specify that you want to monitor traffic from known malicious IP addresses or traffic that uses specific ports next actions you can specify the actions that you want Azure firewall premium idps to take when it detects malicious traffic for example you can specify that you want Azure firewall premium idps to log the event or block the traffic and lastly rule priority specifying the priority of the rules in the idps policy determines the order in which the rules are evaluated in addition to configuring Azure firewall premium idps also logs all of the events that it detects you can use these logs to monitor your network traffic and investigate suspicious activity you can view Azure firewall premium idps logs in the Azure portal or using the Azure CLI the logs include the following information the type of event that was detected this could be a malicious traffic pattern a denied connection or a warning the source and destination of the traffic this information can help you to identify the source of the attack the ports that were used this information can help you to identify the type of attack the time and date of the event this information can help help you to track the attack over time Azure firewall premium idps is a powerful tool that helps you protect your Azure resources for malicious traffic this video demonstrated how easy it is to configure and use and how it provides increased security and reduced false positives compared to other idps solutions by leveraging signature-based detection and regular updates to the attack signatures Azure firewall premium idps keeps your resources safe you also discovered how configuring Azure Fireball premium idps involves creating an idps policy that defines the types of traffic to Monitor and the actions to take when malicious traffic is detected monitoring and analyzing idps logs allow you to track network activity investigate suspicious events and identify the source and type of attacks with centralized management and scalability aure firewall premium idps offers a comprehensive solution for safeguarding your Azure Resources by leveraging its capabilities you can ensure the security and integrity of your network infrastructure by now you know that Azure firewall premium idps is a cloud-based intrusion detection and prevention system that helps you protect your Azure resources from malicious traffic now it's time to explore how this works in practice in this video you will learn how to create an azure idps s and how to activate the rules within an idps to create an Azure idps you first have to get into the Azure premium firewall to do this type in firewall in the search bar then select it from the search result then to create an idps select create now let's provide the necessary details for the idps creation Begin by selecting the correct subscription and then create a new Resource Group name for this demonstration let's call it FW rg1 next within the instance details you name the firewall for this instance let's call it premium dfw1 Now select your region and availability Zone as this is not a production idps let's leave the availability Zone as none let's also ensure the firewall skew is selected as premium Now within firewall policy let's create a new policy by selecting add new and give it the name premium Das firewall policy 1 now select a region and policy tier as premium and select okay now let's create a new virtual Network give it a name vet and keep the address space default at 10.0.0.0 sl16 and then assign an address to the Azure firewall subnet as 10.0 0.0.0 sl24 now you can create an IP for the public address called premium firewall ip1 and select okay once you've reviewed everything select review plus create after it's validated and everything is okay the create button becomes active go ahead now and select create to deploy the firewall it may take a moment to deploy once the deployment is completed you can select go to Resource to access the Azure firewall premium Now select the firewall policy to review the connected policy for working on ipds now to review the policy options select idps in the sidebar the first tab relates to the ipds mode it is not enabled by default but you can activate it by choosing alert to receive alerts for harmful traffic or alert and deny to block the traffic and receive alerts when deploying it's recommended to test the configuration with alert mode enabled once fully tested you can switch to alert and deny for this demonstration let's choose alert mode now let's move on to the second tab called Signature roles this tab has all the active rules that are connected to this policy within the third tab you will locate the pr private IP range these ranges help to identify inbound and outbound traffic if you want to make any changes to your private IP range select the edit button you can also remove any range that's not relevant to your organization finally the fourth tab is the bypass list here you can add specific IP addresses to designate them as safe zones once added the idps won't filter any traffic ranges or subnets associated with those IP addresses great once you've reviewed all the settings and double checked your choices just select apply and wait while the updates get uploaded to the brand new firewall just keep in mind that it might take a couple of minutes so be patient deploying the Azure premium firewall and policy takes a massive step towards protecting your organization and increasing their cyber security in this helpful video you learned how to create an Azure ipds and how to activate the rules within an idps in this video you'll explore two types of intrusion detection including Network intrusion detection and host-based intrusion detection you'll also discover how Sam Scoops employs idps to protect its operations and learn about the vital role it plays in securing Network infrastructure and critical assets Sam Scoops relies on a robust network-based IDP s to safeguard its Network infrastructure this powerful system is responsible for a multitude of crucial tasks including detecting and mitigating against distributed denial of service or dos attacks ensuring the company's online ordering systems remain accessible and uninterrupted Additionally the network-based idps provides valuable insights into Network traffic patterns enabling Sam Scoops to identify potential anomalies and take appropriate action this realtime monitoring ensures the integrity and security of their Network environment sem scooops also employs host-based idps to enhance its security posture further this specialized system focuses on protecting its critical servers and end points by reviewing code and static analysis it can identify potential vulnerabilities in the software additionally it guarantees that any efforts to gain unauthorized access are thwarted and that the system's Integrity is preserved but what attacks could happen to organizations like Sam Scoops in the real world that could trigger its idps let's explore several scenarios and the response and actions you can take to prevent them first up are DOs attacks which you discovered earlier are malicious attempts to disrupt the Network Services of a Target to detect a Dos attack a host-based idps monitors Network traffic for sudden increases in volume or patterns associated with DOs attacks the idps then activates dos mitigation techniques such as traffic filtering rate limiting and diverting traffic to absorb the attack and collaborates with internet service providers to block malicious traffic and lastly the idps blocks the IP address associated with the suspicious traffic this is the most appropriate action in response to a Dos attack alert by blocking the IP address address you can prevent malicious traffic from overwhelming the network and ensure uninterrupted availability of online systems next up is Access Control policy violation which could allow unauthorized users to access restricted Resources by ensuring you adhere to access control policies you will be able to detect access violations if a violation does occur ensure you notify and escalate the security incident to the appropriate personnel for further analysis and response and lastly Implement Network segmentation and traffic isolation to minimize the impact of any compromised systems you could also have anomalies in network traffic patterns you can detect anomalies and potential security threats by analyzing Network traffic patterns it's also vital to generate realtime alerts for Network administrators to investigate and respond to potential threats promptly then then ensure you enhance your network security by implementing intrusion prevention systems deploying patches and updates and strengthening Network device configurations next up is fishing attacks fishing attacks can be detected by implementing email filtering scanning for suspicious links and attachments and monitoring for unusual email patterns or domain spoofing in response to fishing attacks you should educate your organization's users further and block malicious email senders remove malicious emails from user inboxes and Report incidents to appropriate authorities you can decrease the risk of fishing attacks by implementing multiactor authentication for email accounts conducting simulated fishing exercises to train users and enhancing Email encryption protocols you could also have malware infections idps along with antivirus software and endpoint Security Solutions to detect and quarantine militia software always ensure you initiate the malware removal process update security software and Patch all vulnerabilities to prevent further infections lastly reduce future risks by conducting a systemwide scan to ensure complete malware removal implementing application whitelisting prevents unauthorized software executions you can also implement sandboxing or containerization for suspicious files last up is Rogue access point which is a wireless access point that has been installed on a secure network without authorization by actively scanning the network you can identify unauthorized access points you should also ensure that any unauthorized access is immediately alerted to the IT team and finally track down to locate and disable the Rogue access point this will strengthen your organization's security measures overall the idps solutions implemented at Sam Scoops help to ensure the security and integrity of its Network infrastructure critical assets and wireless networks this enables the company to protect its systems data and customer information from potential threats and attacks in conclusion idps plays a vital role in the success and security of modern businesses like Sam Scoops whether it's protecting against Doos attacks blocking unauthorized access attempts or detecting and preventing malware infections idps ensures a secure network environment with network-based host-based and wireless idps Solutions in place Sam Scoops remains one step ahead of potential threats allowing them to continue delighting their customers while maintaining the highest standards of security as organizations increasingly Embrace cloud computing and migrate their infrastructure to to Microsoft Azure the need for robust security measures becomes Paramount in this video you will explore Advanced Techniques for Designing and implementing firewall strategies to secure your Azure environment before delving into the technical aspects it is essential to understand why firewall design is crucial in Azure a well-designed firewall serves as a critical barrier protecting your valuable resources from unauthorized access while enabling legitimate traffic to flow security it goes beyond just creating rules it considers factors such as scalability high availability and compliance requirements to ensure comprehensive security for your Azure environment let's explore some of the key design principles an effective firewall design in Azure helps Safeguard your resources from various cyber threats including unauthorized access attempts denial of service attacks malware viruses and potential data breaches by establishing robust security measures you can mitigate potential risks and prevent security breaches a well-thought-out firewall design can significantly impact the performance and scalability of your Azure environment by efficiently segmenting your network and controlling traffic flow you can reduce the volume of unnecessary traffic passing through the firewall this optimization frees up resources leading to improved performance and better scalability managing security across an Azure environment can be complex a well-designed firewall strategy ensures consistency in rules and policies simplifying the management and enforcement of security measures this consistent approach saves time and minimizes the risk of human errors another critical component of firewall design is the network topology Network topology plays a pivotal role in the overall security performance and manageability of resources in an Azure environment let's explore some common Network topologies and their significance The Hub and spoke Network topology is a popular design that centralizes Network Services in a hub virtual Network while connecting it to spoke virtual networks containing the resources this architecture allows for better control security and traffic monitoring by funneling all the traffic through the Hub virtual Network peering enables direct communication between virtual networks this facilitates resource sharing while maintaining isolation and control between the interconnected networks this topology is useful when you need to establish connectivity between distinct environments while keeping them separate by using private endpoints the Azure firewall can be integrated into a virtual Network ensuring that traffic to and from the firewall remains within the Azure backbone Network this design provides additional security by eliminating public internet exposure for the firewall now let's touch on another essential aspect of firewall design traffic segmentation traffic segmentation adds an extra layer of security to the Azure environment by dividing the network into segments and controlling the traffic flow between them you can prevent lateral movement of threats and reduce the attack surface some effect active techniques for traffic segmentation include service tags application rules and network security groups or nsgs Azure service tags help Define and group Azure resources based on their roles and access requirements by creating application rules you can specify what traffic is allowed to access specific resources tightly controlling communication within the environment network security groups act as virtual firewalls at the network interface or subnet level they allow you to filter Network traffic to and from resources based on rules you define nsgs provide granular control over inbound and outbound traffic ensuring only authorized communication when designing your firewall strategy considering High availability and Disaster Recovery is vital to ensure continuous operation and minimal downtime in case of unforeseen events let's explore some best practices in this area deploying resources across multiple availability zones provides redundancy and false tolerance this approach ensures that even if one zone experiences a failure the services will remain available in other zones improving overall availability Azure firewall premium is a higher tier option that offers built-in High availability with a service level agreement or SLA by using this service you ensure that the firewall remains available even during plan maintenance or unexpected failures this video introduced Advanced Techniques for Designing and implementing firewall strategies in Microsoft Azure a well-designed firewall is your first line of defense against cyber threats protecting your Azure resources and data from unauthorized access and malicious activities by considering factors like Network topologies traffic segmentation and high availability you can build a robust secure and high-performing Azure environment remember that security is an ongoing process it is essential to regularly review and update your firewall design to adapt to emerging threats and evolving business needs creating a secure and resilient Azure environment is a shared responsibility between you and Microsoft Azure stay informed about the latest security features and best practices to ensure that your firewall design aligns with industry standards and provides a strong defense against potential threats with a well-planned and implemented firewall strategy you can confidently harness the full potential of Microsoft Azure while maintaining a secure and protected Cloud environment designing and configuring effective firewall rules for your Azure environment lays a strong foundation for network security let's take it a step further and delve into the advanced features of Azure firewall in this video you will explore how to design and configure effective firewall rules you'll also come to understand the significance of rule priorities and learn how to utilize Azure firewalls Advanced features for application Level filtering let's start by learning about designing effective firewall rules setting rule priorities lets you control the order in which the rules are applied by Azure firewall for instance imagine you have two rules in your Azure firewall one that allows secure socket shell or SSH traffic from specific IP addresses and another that denies all incoming traffic to ensure that the deny rule takes precedence over the allow rule you need to set the deny rules priority higher than the allow rules priority next let's explore rule types Azure firewall offers two main types of rules Network rules and application rules Network rules are based on IP addresses ports and protocols for instance you might want to allow inbound traffic from a specific IP address range like 192.168.0.0 sl24 to access a web server running on Port 80 in that case you would create a Network rule that permits traffic from the specified IP address address range to the destination IP address of your web server on Port 80 application rules on the other hand are based on fully qualified domain names or fqdns imagine you have a backend API service hosted in Azure and want to allow only specific external fqdns to access in this scenario you would create an application rule that permits traffic to the fqdns of the allow external services and deny all other traffic now let's talk about how rule conditions can Empower you to achieve even more precise control over your network traffic picture this scenario you have a virtual Network or vnet in Azure with multiple subnets and you want to allow communication between certain subnets while blocking traffic to others in this case you would set up Network rules with specific source and destination IP address ranges to achieve granular control over the flow of traffic moving on to configuring rule collections imagine you have an application running in Azure you want the application to communicate with an on-premise database server using a specific Port like TCP Port 1433 in this case you would create a Network rule collection to allow outbound traffic from the application subnet to the IP address of the database server on on Port 1433 now let's say you have a web application hosted in Azure that needs to access specific external services like apis and databases through their fqdns in this scenario you would create an application rule collection to allow outbound traffic from the web application to the fqdns of the approved external services having explored the various rule types and configurations it's time to delve deeper into Azure firewalls Advanced features let's say you want to enhance your Azure firewall security by blocking traffic from known malicious IP addresses here's where threat intelligence-based filtering fulfills an important role by enabling this feature and integrating Azure firewall with threat intelligence feeds you can automatically block traffic from these malicious sources this additional layer of security helps fortify your network against potential threats and authorized access next let's consider a situation where you have multiple Azure Services deployed in your virtual Network to facilitate seamless communication between these services without having to create individual application rules you can leverage Azure firewall application fqdn tags an fqdn tag represents a group of fully qualified domain names associated with well-known Microsoft Services these tags are pre defined for common Azure Services simplifying rule management and streamlining traffic between Azure services with ease by implementing the Knowledge and Skills gained in this video you are better equipped to secure your Azure Network effectively safeguarding your valuable resources from potential threats remember to continually Monitor and update your firewall rules as your network evolves security is an ongoing process and staying proactive is key to maintaining a robust defense against cyber threats network security groups are the basic building blocks of network security in Azure they act as a virtual firewall that controls inbound and outbound traffic to network interfaces subnets or virtual machines based on userdefined rules Azure firewall on the other hand is a cloud-based network security service that provides highlevel security to protect your Azure virtual network resources it allows you to create and enforce connectivity policies for applications and resources in your Azure environment combining network security groups or nsgs and Azure firewall provides a robust security Solution by allowing granular control over Network traffic this video will cover the design considerations for this integration helping you to optimize network security and performance in Azure the integration of network security groups and Azure firewall brings several benefits such as centralized network security management application Level filtering and enhanced traffic inspection now let's explore how to set up this integration the first step is to design the network architecture and identify the different subnets and network interfaces that require security restrictions this is essential to ensure the traffic flows efficiently through the system while maintaining a secure environment next next you will need to configure NSG rules to allow or deny specific types of traffic to your network interfaces or subnets these rules will act as the first line of defense filtering traffic based on source and destination IP addresses ports and protocols with the NSG rules in place it's time to implement Azure firewall this managed service will provide additional security layers by inspecting and filtering traffic based on application rules Network rules and threat intelligence now that you have gone through the steps of Designing the network architecture configuring NSG rules and implementing Azure firewall it's important to consider some critical design considerations for successful integration when integrating nsgs with Azure firewall rule prioritization is crucial NSG rules are evaluated before Azure firewall rules therefore you must carefully plan the order of rules to ensure that traffic is processed according to your security requirements overlapping rules between nsgs and Azure firewall can lead to unexpected Behavior it's essential to avoid conflicts by clearly defining the responsibilities of each security layer logging and monitoring are vital aspects of any security setup by enabling logging on both nsgs and Azure firewall you can gain valuable insights into Network traffic p patterns and potential security threats with these design considerations in mind let's explore how the integration of network security groups and Azure firewall can further optimize Network traffic flow Azure firewall's application aware filtering allows you to Define rules based on specific applications and services enabling granular control over allowed and denied traffic this enhances security and ensures that only necessary traffic is allowed to better understand the Practical implications of this powerful integration let's explore some real world examples imagine you have a web application running on Azure and you want to restrict access to specific IP addresses by combining nsgs and Azure firewall you can create a layered defense nsgs can block traffic from unwanted IP addresses at the network level while Azure firewall filters HTTP and http s traffic based on application rules protecting your web application from potential threats in a multi-tier application you may have different subnets with varying security requirements nsgs can be configured to allow communication between specific subnets while Azure firewall adds an extra layer of protection by monitoring traffic between these subnets and enforcing additional security policies the integration of network security groups and Azure firewall is a GameChanger for network security in Microsoft Azure by thoughtfully designing your network architecture configuring rules and leveraging the capabilities of both tools you can achieve unparalleled network security and optimize traffic flow remember to consider rule prioritization avoid overlapping rules and enable logging and monitoring to proactively address potential threats appoint to site VPN Gateway connection is an essential tool that enables individual client computers to establish a secure connection with a virtual Network in the cloud it enables secure reliable and efficient connections from remote locations to Azure virtual networks also known as vets or on premises data centers in this video you'll delve into this crucial element of the network architecture and learn the key features and benefits of a pointto site VPN Gateway connection along with an explanation of how it works to begin let's explore the key features of a pointto sight VPN Gateway connection first let's examine the security and encryption features point to site VPN Gateway provides a secure connection between the client computer and the virtual Network by employing the secure sockets layer or SSL or Internet Protocol security also known as IPC this feature ensures that all data transmitted between the two points is encrypted and safe from potential attackers another feature is scalability and elasticity point to sight VPN Gateway allows a large number of concurrent connections which means many remote users can connect to the virtual Network at the same time Azure allows up to 10,000 concurrent pointto side connections per Gateway offering substantial flexibility and scalability for businesses of varying sizes the next feature of a point to sight VPN is authentication it supports both Azure certificate authentication and radius authentication providing diverse and robust methods for verifying the identities of client computers trying to establish a connection another feature is multiple platform support point to sight VPN connections are supported on various operating systems including Windows Mac OS and Linux this enables a diverse range of devices to securely connect to the virtual Network and finally another feature is integration with Azure Services pointto site connections can be integrated seamlessly with other Azure services such as Azure active directory and can access all services hosted within the virtual Network including Azure virtual machines or VMS and cloud services next let's examine the benefits of a pointto sight VPN Gateway connection the first benefit is secure remote access pointto sight VPN provides secure remote access from anywhere with an internet connection it ensures that sensitive data is protected during transmission between the client and the server a key consideration in today's increasingly mobile and Global Workforce secondly there's ease of use pointto sight connections do not require a VPN device unlike sight to site or S2s connections this makes it a more straightforward and accessible solution for individual users who can use native VPN clients on their devices to connect to the network the next benefit is flexibility the point to site VPN Gateway enables users to connect to the network from any location for businesses with a distributed Workforce or for employees who travel frequently this can prove especially useful and finally it is costeffective with no need for expensive Hardware the pointto sight VPN Gateway is a coste effective solution it enables businesses to provide remote access to their networks without significant investments in infrastructure now that you are aware of the key features and benefits of a pointto sight VPN Gateway connection let's delve into how it enables connection to Azure vets or on premises data centers when an individual ual client computer attempts to establish a pointto sight VPN connection the process is initiated with the client's VPN software this software presents the certificate for authentication to the Azure VPN Gateway once the Azure VPN Gateway verifies the authenticity of the certificate it sets up a secure and encrypted SSL IPC tunnel with the client through this secure tunnel the client can send and receive data to and from the ver virtual Network or on premises data center securely essentially the client is virtually on the network able to access all resources as though it was physically present within the network this allows employees or stakeholders to access data or services from anywhere in the world if they have a valid certificate and a stable internet connection in this video you learned that a point to site VPN Gateway connection is a valuable networking solution that allows secure efficient and reliable connections to Azure virtual networks or on premises data centers from any location you've also explored how its features and benefits make it an ideal choice for businesses seeking to maintain data security while providing flexible and coste effective remote access Solutions previously you learned about the concept of virtual Network gateways you examined different Gateway types and the various VP PN connection configurations in this video you'll gain insight into how Azure VPN can help your business you'll explore the key benefits of azure VPN examine its various use cases across multiple Industries and learn important details about VPN gateways let's begin by examining the numerous benefits Azure VPN provides for businesses of all sizes and industries the first benefit of azure VPN is secure connectivity by utilizing izing industry standard encryption protocols Azure VPN ensures that your data remains protected as it travels between your on premises networks and Azure this includes safeguarding the confidentiality and integrity of your data providing you with peace of mind another significant advantage of azure VPN is its scalability you have the flexibility to add or remove VPN gateways as per your requirements Additionally you can easily adjust the connection bandwidth to accommodate your evolving needs this scalability feature allows your connectivity to grow alongside your business finally Azure VPN provides Global reach with its availability in over a 100 regions worldwide this means that regardless of where your business is located you can connect seamlessly to Azure from anywhere across the globe This Global reach ensures that your business can access Azure Services no matter where you operate now that we understand the benefits of azure VPN let's explore some specific use cases across various Industries the following scenarios demonstrate how you can leverage Azure VPN to enhance operations improve efficiency and secure data in different sectors in the retail industry Azure VPN has several use cases let's explore a few of them firstly it facilitates the connection of retail stores to a central data center enabling seamless access to shareed data and applications this streamlines operations enhances efficiency and reduces costs secondly it enables Remote Management of point of sale systems in retail stores IT staff can troubleshoot problems and make necessary changes without physically visiting each store location this Remote Management capability enhances operational agility saves time and allows for prompt issue resolution finally it provides secure connect activity to e-commerce platforms and inventory management systems common azure-based applications used in the retail industry this secure connectivity enhances the performance of these applications and safeguards sensitive retail data it ensures that authorized Personnel can access critical applications while maintaining data integrity and confidentiality now let's examine the healthc care industry where Azure VPN offers some valuable use cases let's explore a couple of examples firstly it enables secure connectivity for tele medicine platforms and remote patient monitoring systems this allows healthc Care Professionals to remotely access patient data collaborate on diagnosis and provide virtual care this ensures timely and efficient Health Care delivery while maintaining patient privacy and data security secondly it facilitates secure connections between hospitals and research institutions this enables researchers to access patient data for studies clinical trials and Analysis with a seamless exchange of data this secure connectivity promotes collaboration and advances medical research in the financial services industry Azure VPN also plays a crucial role let's explore a couple of examples it enables secure remote access for banking employees allowing them to securely connect to the organization's Network and access critical Financial systems and customer data data this ensures that employees can work remotely while maintaining the highest levels of data security and confidentiality secondly it facilitates secure interconnectivity between Bank branches and the headquarters this enables seamless access to centralized banking systems databases and customer information ensuring efficient operations and reliable data transmission Azure VPN also offers valuable use cases in the manufactur ing industry let's explore a couple of examples firstly it enables secure connectivity for managing Supply chains this allows manufacturers to securely connect with suppliers Distributors and Logistics Partners this secure connectivity enhances collaboration improves visibility into the supply chain and ensures the secure transfer of sensitive data secondly it enables secure remote monitoring and predictive maintenance of manufacturing equipment this allows realtime data transmission from machines to the cloud facilitating proactive maintenance reducing downtime and optimizing production efficiency finally Azure VPN offers valuable use cases in the education industry let's explore a couple of examples firstly it enables secure connectivity for remote learning platforms and virtual classrooms this ensures that students teachers and administrators can securely access educational resources collaborate in real time and participate in Virtual learning environments secondly it facilitates secure interconnectivity between different campuses of educational institutions and their administrative offices this enables seamless access to centralized systems student information databases and other resources promoting efficient Administration and secure data transmission now let's shift our Focus to VPN Gateway an essential component of azure VPN when setting up a virtual Network in Azure it's important to note that the virtual Network itself is free of charge however you should be aware that there's a cost associated with the VPN Gateway that connects your on premises Network and other virtual networks within Azure this cost is based on the duration of the VPN gateways provisioning and availability in this video you explored the key benefits of azure VPN including secure connectivity scalability and Global reach you also examine specific use cases across various Industries demonstrating how Azure VPN can enhance operations secure data and improve efficiency lastly you delved into an important detail about VPN gateways and the cost associated with their setup by leveraging Azure VPN businesses can establish secure and reliable connectivity between their on premises networks and Azure unlocking a world of possibilities for their operations and growth the insights you gained by watching this video will help you to leverage Azure vpns across multiple Industries in your cyber security career by now you know that businesses use Virtual private networks or VPN gateways to facilitate secure access between remote employees and data or applications on the internet it essentially encrypts data transfers to prevent sensitive information from being leaked such as user identities or access credentials it also creates one network stream that is shared between multiple business locations so it lends itself to Growing businesses requiring a safe scalable solution however configuring vpns may appear daunting because setting this up incorrectly May expose information that can lead to cyber attacks causing damage in this video you'll discover how to configure vpns and Microsoft Azure specifically you'll focus on the different options available for deploying a VPN the key components involved and how to configure security protocols let's begin to unpack the essential components that you need to configure a VPN to configure a VPN on Azure you need three key components the first component is an Azure virtual Network which acts as the foundation for your resources in the cloud next you require an on premises Network work that represents your existing infrastructure outside of azure and finally a VPN Gateway serves as the bridge between these two networks to allow communication that's secure let's examine these components in more detail to begin let's explore the Azure virtual Network within the Azure portal you can create and manage virtual networks effortlessly these virtual networks enable you to logically isolate and segment your resources in Azure just like you would with traditional on premises networks you'll cover this in more detail a bit later now an on premises Network refers to your existing Network infrastructure outside of azure this may be an office Network or a data center it's important to have a VPN device or software on your on premises Network to establish a secure connection with Azure this device or software is responsible for encrypting and decrypting the traffic between the on premises Network and the Azure virtual Network finally let's examine the VPN Gateway component of an Azure VPN the VPN Gateway provides a managed VPN solution that enables secure communication between your on premises Network and the Azure virtual Network it acts as the Gateway for data transmission ensuring that the traffic flows securely and efficiently Azure offers different types of VPN gateways to cater to various networking scenarios this allows you to select the best suited VPN Gateway for your needs the first VPN Gateway option connects to a virtual Network also known as vnet to vnet another available option connects to an on-premises Network commonly referred to as site to site and a pointto site VPN Gateway enables secure connections from Individual devices to the Azure virtual Network now it's time to walk through the steps of configuring a VPS and Azure Begin by creating a VPN Gateway within your Azure virtual Network this Gateway acts as the Anchor Point for your VPN connections the next step is to configure the connection between your VPN Gateway and your on premises Network device or software at this point in the configuration you need to define the IP addresses encryption protocols and authentication mechanisms it's important to be aware of this for now but you'll explore these steps in detail a bit later a crucial part of configuring a VPN is ensuring that data transmitted via the communication channel is secure and encrypted this avoids data exposure and mitigates the risk of potential cyber threats the component that the VPN Gateway uses to secure the communication Channel over the Internet is known as Internet Protocol security tunnels or IPC tunnels IPC is a suite of protocols designed to ensure the confidentiality integrity and authenticity of data transmitted between your VPN Gateway in Azure and your on premises device or software when setting up a VPN on Azure you establish IPC tunnels to create a protected pathway for your data these tunnels act as virtual pipes encapsulating your data and encrypting it before it traverses the public internet this encryption guarantees that even if someone intercepts the data it remains indecipherable and shielded so how does want establish an IPC tunnel to do this both ends of the VPN connection must exchange encryption Keys these keys are used to encrypt and decrypt the data packets adding an additional layer of security by doing so only the intended recipient can decipher the data ensuring its confidentiality throughout the transmission in addition to confidentiality IPC also verifies the integrity and authenticity of the transmitted data each data packet within the IPC tunnel contains a cryptographic check sum referred to as a hash the hash allows the receiving end to verify that the data hasn't been tampered with during Transit this feature provides reassurance that the data remains intact and hasn't been modified or compromised IPC also includes authentication mechanisms that establish the identity of the communicating parties when configuring a VPN on Azure you need to to Define authentication protocols like pre-shared keys or digital certificates to validate the authenticity of both the VPN Gateway and the on premises device or software this Mutual authentication ensures that both ends of the connection can trust each other and prevents unauthorized access while maintaining the overall security of the VPN so be sure to utilize ipack tunnels to establish a robust and secure VPN infrastructure on azure it provides you with a peace of mind that the necessary encryption verification and authentication mechanisms enable your VPN to function effectively and your data remains safe with ipsec at the core of your VPN configuration you can confidently explore the vast potential of azure while maintaining the trust and privacy of your network communication you can monitor the VPN connection status within the Azure portal once the configuration is complete complete in this video you unpacked the key components required to configure a VPN namely the Azure virtual Network the on premises Network and the VPN Gateway furthermore you learned that using IPC tunnels in your configuration ensures that your data is encrypted when transmitted via the communication Channel between the UN premises Network and the Azure virtual Network imagine having a remote Workforce that needs to securely access your organization's Azure virtual Network however without a reliable solution they face difficulties establishing a secure connection from their individual computers to Azure this not only hampers productivity but also puts your company at risk since you only have a few clients requiring access a sight tosite VPN solution is Impractical what you need is a secure and efficient solution that allows your telecommuters to connect to Azure from anywhere that's where pointto sight VPN comes in offering a convenient and cost-effective way for your telecommuters to connect securely over the next few minutes you'll learn more about what pointto sight VPN is the protocols it uses and how clients are authenticated with a pointto sight VPN Gateway connection you can establish a secure connection to your virtual Network directly from an individual client computer unlike a sight to sight VPN which requires configuring connections on both ends a pointto sight connection is initiated from the client computer itself this provides flexibility and convenience for your remote workers to connect to Azure securely when it comes to pointto sight VPN there are several protocols that can be used openvpn protocol is an SSL tls-based VPN protocol a TLS VPN solution can penetrate firewalls since most firewalls open TCP port P 443 outbound which TLS uses openvpn can be used to connect from Android iOS versions 11 and above Windows Linux and Mac devices with Mac OS versions 10.13 and above secure socket tunneling protocol or sstp for short is a proprietary tls-based VPN protocol sstp is also a TLS VPN solution which can penetrate most firewalls since most firewalls open TCP Port 443 outbound sstp is only supported on Windows devices Azure supports all versions of Windows that have sstp and support TLS 1.2 including Windows 8.1 and later versions Ike V2 VPN is a standards based IPC VPN solution I V2 VPN can be used to connect from Mac devices including Mac OS versions 10 11 and above before Azure accepts a point to site VPN connection the user has to be authenticated first there are two mechanisms that Azure offers to authenticate a connecting user the first is certificate authentication when using the native Azure certificate authentication a client certificate present on the device is used to authenticate the connecting user client certificates are generated from a trusted root certificate and then installed on each client computer you can use a root certificate that was generated using an Enterprise solution or you can generate a self-signed certificate the validation of the client certificate is performed by the VPN Gateway and happens during establishment of the p2s VPN connection the root certificate is required for the validation and must be uploaded to Azure the second method is azure active directory authentication Azure ad authentication allows users to connect to Azure using their Azure active directory credentials native Azure active directory authentication is only supported for the openvpn protocol and also requires the use of the Azure VPN client the supported client operation systems are Windows 10 or later and Mac OS with Native Azure ad authentication you can use Azure ad's conditional access and multiactor authentication features for a VPN what's more active directory domain server provides on premise authentication ad domain authentication allows users to connect to Azure using their organization domain credentials it requires a radius server that integrates with the ad server organizations can also use their existing radius deployment as you may recall radius is a network protocol that provides centralized authentication authorization and accounting services for remote users allowing secure access to a network from various locations the radius server can be deployed on premises or in your Azure vet during authentication the Azure VPN Gateway acts as a pass through and forwards authentication messages back and forth between the radius server and the connecting device gateway reachability to the radius server is important if the radius server is present on premises then a VPN S2s connection from Azure to the on premis site is required for reachability the radius server can also integrate with ad certificate services this lets you use the radius server and your Enterprise certificate deployment for pointto Sight certificate authentication as an alternative to the Azure certificate authentication the advantage is that you don't need to upload root certificates and revoked certificates to Azure a radius server can also integrate with other external identity systems this this opens up plenty of authentication options for a pointto sight VPN including multiactor options in this video you explored what pointto sight VPN is how it works and the different authentication methods that can be used with it since you only have a few clients requiring access a sight to sight VPN solution is Impractical pointto sight VPN is a convenient and cost-effective way for users to connect to Azure from remote locations if if you're looking for a way to secure your remote access to Azure point to site VPN is a good option to consider in this video you'll learn how to create a virtual Network or vnet for deploying a virtual private Network or VPN you'll review the essential settings and learn about configuring an IP version 4 address space and a subnet to get started search for virtual Network and select it from the services search results then then select create on the basic tab make sure you select the right subscription under the resource Group select create new and type test rg1 then select okay insert the virtual network name as vet one then check that the region is set to us for security settings leave all the defaults disabled keep Azure Bastion Azure firewall and Azure dos Network protect section unchecked you can enable them by checking the boxes if needed now let's move on to the IP addresses section this is where you add an IP version for address space and a subnet for the IP address let's use 10. 1.0.0 and keep the address space as 16 then delete the default subnet and add a new one by selecting the add a subnet button name the new subnet as front end and keep the IP address as 10.1.0 sl24 you don't need to select any security settings simply select add with all the necessary settings in place you can now select the review plus create button this will run the required validations in the back end if everything is set up correctly the create button will turn blue select it to initiate the v-net creation process once the the deployment is completed you'll receive a confirmation message indicating that your v-net has been successfully created in this video you learned how to set up your v-net with the necessary configurations to ensure a secure and efficient Network environment for your applications and resources after setting up your VPN you're ready to set up a virtual Network Gateway in Azure this video will walk you through the steps of creating a secure and reliable Gateway for your network to begin you'll create a virtual Network Gateway let's start by searching for virtual Network Gateway and then selecting it from the search results once the page loads select create to get started on the basic tab you need to provide the project details and the instance information ensure that you have the correct subscription added in the instance details let's name the instance vnet 1gw and keep the region as East us the Gateway type should be VPN and the VPN type should be route based for the skew select VPN gw2 from the drop-down menu next select generation 2 for the generation under virtual Network let's choose the vnet created earlier which is vnet one you'll notice that the subnet details are automatically populated from the vnet you'll also notice that the resource Group is Auto automatically selected once the virtual network is chosen now let's move on to the public IP address section let's name the public IP vet 1G wpip ensure that active mode and bgp are disabled once all the necessary details are filled select the review plus create button the system will go through validation and once it passes you can proceed by selecting create the creation process process may take a little time but don't worry once done you'll receive confirmation of successful deployment you can select go to Resource to view the VPN Gateway in a later video you'll explore how to make use of this virtual Network Gateway enabling secure access to your network resources from anywhere after setting up your VPN you're ready to set up a virtual Network Gateway in Azure this video will walk you through the steps of creating a secure and reliable Gateway for your network to begin you'll create a virtual Network Gateway let's start by searching for virtual Network Gateway and then selecting it from the search results once the page loads select create to get started on the basic tab you need to provide the project details and the instance information ensure that you have the correct subscription added in the instance details let's name the instance vet 1gw you and keep the region as East us the Gateway type should be VPN and the VPN type should be route based for the skew select VPN gw2 from the drop- down menu next select generation 2 for the generation under virtual Network let's choose the vnet created earlier which is vnet one you'll notice that the subnet details are automatically populated from the vnet you you'll also notice that the resource Group is automatically selected once the virtual network is chosen now let's move on to the public IP address section let's name the public IP vnet 1G wpip ensure that active mode and bgp are disabled once all the necessary details are filled select the review plus create button the system will go through validation and once it passes you can proceed by selecting create the creation process may take a little time but don't worry once done you'll receive confirmation of successful deployment you can select go to Resource to view the VPN Gateway in a later video you'll explore how to make use of this virtual Network Gateway enabling secure access to your network resources from anywhere so far you've learned about creating a vnet and setting up an Azure VPN Gateway now let's go over the steps of using the VPN Gateway from the client side within the properties navigate to Point to site configuration here you'll find the assigned address pool tunnel type authentication settings and other configurations next you can click on download the VPN link to get the VPN client once downloaded you can install it on your device for this demonstration it will be installed on a Windows 11 machine on the Windows 11 PC see the VPN client is copied to the desktop to install simply doubleclick the client file you receive a prompt to install the VPN client for vnet 1 select yes to proceed with a quick installation after installation go to your network settings and navigate to the VPN section there you'll find the VPN named vnet1 already available Select v-net 1 and choose connect this will open a detail page where you can select connect to establish the VPN connection this will open a small window whenever you want to connect simply select the connect button then to disconnect select cancel once you connect you receive a message stating that the v-net needs to make some routing changes to your system select continue the status will then display that you are connected in this video you learned how to use the VPN Gateway from the client side allowing you secure access to your network resources many large corporations such as technology companies have complex network infrastructures with employees operating from multiple locations this means many IP addresses are used and monitored for security purposes to manage and detect unauthorized access it is essential that large networks are efficiently organized to manage broadcast traffic that flows quickly this is done by dividing the network into smaller parts with groupings of certain IP addresses allocated to each part this configuration not only maintains a well organized network but saves time and allows for secure boundaries to be defined such as between organizational departments now you'll discover how this is achieved in this video you'll explore the steps to configure IP addressing on Microsoft Azure with some fundamental concepts by following these steps you can ensure a seamless and efficient networking environment you'll also familiarize yourself with the IP addresses needed for the resources and establish proper connectivity within the Azure virtual Network before examining the steps to configure IP addressing in Microsoft Azure it's important to first understand relevant Concepts beginning with what IP addressing is IP addressing is a way of identifying devices that are connected to a network it uses unique numerical identifiers called IP addresses and I IP address consists of four sets of numbers separated by dots like 1 192.168.0.1 these addresses are used to locate and communicate with devices on a network just like a phone number helps us reach someone on a telephone Network A system that helps organize and represent IP address ranges and subnets is called classless intradomain routing or cidr it allows you to specify the network address and the number of bits used for subnetting within that address range to better understand subnetting let's use an example imagine you have a large piece of land and you want to divide it into smaller plots or subplots similarly subnetting involves dividing a larger IP address range into smaller subnetworks or subnets this helps you organize your network resources more efficiently and gain better control over Network traffic and security when you use subnets you essentially borrow bits from the host portion of the IP address to create the subnet identifier think of these borrowed bits as the address numbers on each plot in the land example by borrowing bits you create multiple smaller subnets within the larger IP address range let's think of it in this way suppose you have an IP address range starting at 10.0.0.0 in cidr notation you can express this range as 10 10.0.0.0 sl24 the forward sl24 means that the first 24 bits of the IP address are used for Network identification but what if you want to divide this range further into four smaller subnets to do this you need to borrow additional bits from the host portion in this case using a cidr notation of forward sl26 means you have four subnets and each subnet can have 62 usable IP addresses subnetting has several benefits it allows you to use the IP address space efficiently ultimately reducing wastage it helps to better manage Network traffic by dividing it into smaller more manageable segments subnets also enhance network security by isolating resources within each subnet making it difficult for unauthorized access to happen furthermore subnetting enables better organization and control over Network resource es which is particularly useful in large Network structures subnetting within the Azure virtual Network allows you to create a well organized and optimized Network infrastructure with increased control and flexibility to manage resources efficiently so cidr and subnetting are important Concepts in IP addressing they help divide IP address ranges into smaller subnets enabling efficient resource allocation improved Network performance and enhanced security now that you know what IP addressing and subnetting is let's move on to the steps to configure IP addressing on Microsoft Azure the first step is to create an Azure virtual Network recall that the virtual Network acts as the foundation for resources in Azure and provides the networking infrastructure necessary for configuring IP addressing like a traditional on-premises Network you can logically isolate and segment Resources with a virtual Network in place you can move on to configuring the IP address space and begin examining subnetting at a deeper level this step involves defining the range of available IP addresses to be assigned within the virtual Network as well as creating subnets using cidr notation the next step is to create them to group similar resources together and control Network traffic flow within your virtual Network the final step is assigning IP addresses to your resources each resource within the virtual Network such as virtual machines or Azure Services gets allocated an IP address from the defined IP address space this ensures that the resources can communicate with each other within the virtual Network as well as with external networks if it's necessary in summary an IP address is a unique numerical identifier assigned to each device connected to a network it consists of a series of four sets of numbers separated by dots and serves as the address that enables devices to locate and communicate with each other on the Internet or within a private Network subnets allow you to divide a large IP address range into smaller more manageable segments this segmentation helps in organizing and optimizing network resources while applying security policies at a more granular level subnets can be seen as virtual neighborhoods within a network where devices with similar roles or requirements reside in this video you've explored the steps to configure IP addressing on Azure and broadened your understanding of Ip addressing and subnets by following these steps you can create a well-designed and interconnected Network environment within the Azure virtual Network so far you've learned about various tools that cyber Security Experts use to strengthen their digital defenses now let's dive into another vital aspect of cyber defense vulnerability management discovering its importance and understanding its role in securing an organization's it environment will reveal an additional layer of defense for your digital resources first what exactly is vulnerability management you can think of it as a regular Health checkup for computer systems just as you wouldn't ignore a potential health issue vulnerabilities in a network must not be overlooked as they can lead to Serious consequences if left un addressed vulnerability management is a proactive approach to cyber security encompassing the process of identifying assessing mitigating and managing security vulnerabilities within an organization's it infrastructure these vulnerabilities can manifest in various forms including software flaws misconfigurations or even weaknesses in network components the process of vulnerability management involves a well-defined sequence of steps first organizations conduct vulnerability assessments to identify potential weaknesses in their systems subsequently these vulnerabilities are carefully evaluated to determine their severity and potential impact on the infrastructure armed with this information organizations prioritize the vulnerabilities based on risk and begin implementing appropriate measures to mitigate their impact but it doesn't end there vulnerability management is an ongoing process as organizations continuously monitor for new threats and adapt their defenses accordingly by staying ahead of potential attackers businesses can ensure their systems remain adequately protected the importance of vulnerability management cannot be overstated especially in today's digitally connected world where cyber threats are everywhere a single unaddressed vulnerability could lead to devastating consequences for an organization a successful Cyber attack can result in data breaches significant financial losses damage to an organization's reputation and even legal liabilities vulnerability management equips organizations with the necessary tools to identify and eliminate these weaknesses before they can be exploited by malicious actors for example regular vulnerability scanning allows organizations to identify weaknesses in systems while penetration testing assesses the effectiveness of existing security measures by conducting regular vulnerability scans and promptly implementing mitigation measures organizations can stay ahead of potential attackers and reduce the window of opportunity for exploitation this proactive approach to security maintenance ensures that organizations can respond swiftly to emerging threats and prevent potential cyber catastrophes effective security patch Management on the other hand ensures that software is up to-date reducing the risk of exploitation due to known vulnerabilities and creating a robust incident response plan prepares organizations to handle potential breaches efficiently minimizing the impact of cyber attacks now let's move on to discussing the two main types of vulnerabilities that can exist in an organization's it infrastructure first are software vulnerabilities which are flaws or weaknesses in the code of software applications that can be exploited by malicious actors these may include programming errors outdated software versions or inadequate security measures and then their configuration vulnerabilities which arise from incorrect or inadequate configurations of hardware software or network devices these oversights can open doors to attackers if left unaddressed combining both software and configuration vulnerability assessments provides a comprehensive view of an organization's security posture and help cyber Security Professionals prioritize their efforts effectively in conclusion vulnerability management is an essential component of any comprehensive cyber security strategy by diligently following the best practices outlined in this video or organizations can significantly improve their security posture and reduce the risk of falling victim to cyber attacks remember in today's digital age no organization is immune to cyber threats and vigilance is key to safeguarding critical assets and information embracing vulnerability management as a proactive security measure enables organizations to navigate the complexities of the digital landscape it ensures a robust and resilient defense against emerging threats vulnerability management is a critical aspect of cyber security it lets you identify assess mitigate and manage security vulnerabilities within an organization's it infrastructure protecting it from harm this video will focus on the core components of the vulnerability management process such as identifying vulnerabilities prioritizing them based on risk and applying remediation strategies to ensure a secure environment as you may recall vulnerabilities are weaknesses or flaws in a system or software that can be exploited by threat actors to compromise its Integrity confidentiality or availability these vulnerabilities can arise from coding errors misconfigurations or design flaws the first step in vulnerability management is to identify these weaknesses which starts with vulnerability scanning a proactive process that involves using specialized tools to scan networks systems and applications to identify potential vulner vulnerabilities these tools simulate attacks attempt to exploit known vulnerabilities and report back the findings vulnerability scanners continuously evolve to keep up with emerging threats and new vulnerabilities once vulnerabilities are identified through scanning the next step is to analyze them during this stage cyber Security Experts review the scan results and assess the severity and potential impact of each vulnerability factors considered in this analysis include the vulnerabilities exploit ability potential consequences and affected assets not all vulnerabilities carry the same level of risk so prioritization is crucial vulnerabilities are often categorized into different levels of severity such as low medium high and critical the prioritization process helps organizations focus on fixing the most critical vulnerabilities first factors that influence prioritization includes the potential impact on the organization the likelihood of exploitation and the availability of public exploits to prioritize vulnerabilities effectively organizations need to have a comprehensive asset inventory an asset inventory includes all Hardware software and network devices within an organization's environment classification of assets based on their criticality and importance enables better decision- making during vulnerability prioritization highly critical assets such as servers hosting sensitive data or essential business applications should receive special attention and frequent vulnerability assessments understanding the relationships between assets can help organizations assess the potential impact of an attack on an interconnected system once vulnerabilities are prioritized the focus shifts to remediation where various effective strategies come into play the initial approach involves applying patches and updates which are regularly released by software vendors to address known vulnerabilities sometimes vulnerabilities stem from misconfigurations adapting configurations according to Industry best practices can significantly reduce the attack surface in cases where immediate patching is not possible implementing temporary workarounds can mitigate the risk until a permanent solution is available another strategy involves security controls implementing additional security controls such as firewalls intrusion detection systems or access controls can add layers of protection against potential exploits finally collaborating closely with vendors is vital particularly for vulnerabilities in third-party software or Hardware this collaboration ensures timely updates and fixes further enhancing the remediation process vulnerability management is not a one-time process it's an ongoing effort organizations should continuously monitor their systems for new vulnerabilities apply the latest patches and reassess their risk posture feedback l loops and regular vulnerability assessments help ensure that any new vulnerabilities are promptly identified and addressed there are a number of factors that organizations should consider when managing vulnerabilities these include an organization's risk tolerance budget and compliance requirements risk tolerance varies among organizations some may be more risk averse and prioritize the remediation of even low severity vulnerabilities while Others May Focus primarily on critical vulnerabilities due to Resource constraints it's essential to strike a balance between risk tolerance and resource allocation to achieve effective vulnerability management organizations should also establish clear risk management policies and communicate them across the organization this ensures a shared understanding of severity thresholds and the necessary actions for different vulnerability types another factor to consider is the organization's budget the cost of remediation can vary based based on vulnerability severity and system complexity another Factor involves compliance requirements which significantly influences vulnerability management especially for regulated Industries regulatory bodies often set specific standards and guidelines for handling vulnerabilities organizations must align their vulnerability management practices with these requirements to maintain compliance regular vulnerability assessments reporting mechanisms and documented remediation efforts are critical components of compliance-driven vulnerability management the vulnerability management process is a vital component of a robust cyber security strategy by identifying prioritizing and remediating vulnerabilities organizations can significantly reduce the risk of security breaches and data compromises staying ahead of cyber threats requires vigilance constant learning and a proactive approach to ensure the safety of digital assets micros roft Defender vulnerability management offers intelligent assessments risk-based prioritization and built-in mitigation and Remediation tools these capabilities help you to discover assess and remediate vulnerabilities and misconfigurations all in one place for example you can see Consolidated asset inventories block vulnerable versions of applications and proactively monitor compliance against industry benchmarks and customizable baselines for the rest of this video I'll demo Defender vulnerab ility management starting right here in the dashboard it provides a quick overview of your security landscape based on Microsoft threat intelligence with tiles like your organization's exposure and device scores threat awareness details leveraging Microsoft threat insights and prioritized security recommendations to see a more detailed list of security recommendations just select show more Defender vulnerability management provides extended asset coverage see Consolidated asset inventories of software browser extensions and digital certificates it found in your organization these inventories help you to monitor potential vulnerabilities and misconfigurations across your entire digital estate first the browser extensions tab lists the extensions found in your organization for each extension in the list you see the permission risk the number of devices that have it installed and importantly the number of times the extension requested permissions select any browser extension to see more details about it in this case ad block plus has a critical permissions risk so I'll start here in the details side pane you see some basic information about the extension and you see a list of permissions that it requested on the permissions tab what makes this extension a critical risk is that it requires access to all urls next is to see where this extension is installed by selecting the installed devices tab for each I can see whether the extension is turned on or not which version is installed and so on on similarly the certificates tab lists the certificates found in your organization the list contains the obvious details like issue and expiration dates key length and so on that's great but filtering the list is the value here to get a sense of things you need to prioritize select filter and then filter to show certificates that are expiring soon and those with a short key length the details side pane for certificate provides all the expected certificate details then then select installed devices to see a list of the devices that have the certificate installed now back to the software tab the first application in the list is Google Chrome because it has the greatest impact on my exposure score select an application to see more information in the details side pane but to really drill down select open software page the overview provides well an overview of the software that includes a summary of the weaknesses discovered in the software and the number of exposed devices over time the security recommendations tab lists all the actions associated with this software the first one update Google Chrome addresses the greatest number of weaknesses so I'll select it to get more details I see that there is one critical cve and 72 high priority cves associated with it not only that but I also see the note that a verified exploit is publicly available ouch the exposed devices tab lists the devices where this software is installed and the associated cve tab provides a full list of all the cves associated with it it's clear that updating Google Chrome is super important so I'm going to request remediation right here without having to jump over to use a different tool to get started select request remediation while I could Target this remediation at all device groups I'll choose to Target selected device groups and then select North America on the remediation request page you can choose to update the software uninstall it or something else I'm updating it of course provide a d date priority and any notes that will help it complete your remediation request things get interesting on the next page where you can choose a mitigation action these are temporary measures to reduce risk until it has updated the software in this case I want to block the application until it remediates it when users try to run Google Chrome they'll see the warning message Mage you provide here and that's it submit the remediation request and you're done all within Defender vulnerability management I was able to identify a problem request its remediation and temporarily block it nice you can also pivot to a wider more comprehensive view to focus on the biggest vulnerabilities on your most critical assets the recommendations page consolidates multiple data feeds to provide a detailed list of security actions like protecting Network shares that we prioritize by risk impact along with each action's relevant threat insights for example updating Chrome and wire shark are prioritized first because of the high number of weaknesses associated with them selecting a recommendation shows contextual details that include relevant cves and exposed devices then after reviewing the details you can move seamlessly into remediation by selecting request remediation keeping with the all-in-one Place theme you can also track the status of your requested remediations within Defender vulnerability Management on the remediation page in this case I can see that my remediation is in progress and by selecting it I get more details including information about the mitigation action and the remediation status this capability Bridges the SE Ops and it teams to help ensure the organization doesn't Overlook vulnerabilities while blocking vulnerable software and planning remediations are important so is proactively managing your security posture and measuring compliance with configuration benchmarks in Defender vulnerability management the baselines assessments page helps you do just that the overview tab summarizes device compliance top failing devices top misconfigured settings and compliance over time to use this tool you must first customize it to meet your organization's goals to do that you create custom profiles that continuously monitor your assets and configurations against the benchmarks that you choose for my demo I'll select create to create a new profile that monitors Windows 10 compliance with CIS benchmarks give the profile a memorable name and I'll describe what I'm trying to achieve with this profile and then I'll scope the profile by first choosing the software I want to monitor Windows 10 in this case selecting CIS version one as my Benchmark and setting the compliance level to one after scoping my new profile I can choose the specific settings I want to monitor in this case I want to monitor a small number of settings around our organization's password policies like setting the minimum password length to 14 characters our users are going to love this one next I can simply choose to monitor all device groups or I can Target specific groups by selecting choose device groups and followed by the groups I want to Monitor and that's it I'll click through to the end to create the profile you see that here at the top of the list now I can continuously monitor compliance Against The Benchmark at both the device and configuration levels including the number of compliant and non-compliant devices Defender vulnerability management helps you to discover assess and remediate vulnerabilities all in one place we encourage you to experience it for yourself by signing up for a free trial at akam ms/ mdvn M Microsoft [Music] security now that you know more about vulnerability management it's time to consider specific vulnerabilities and best practices for managing them within the Azure environment this video explores Azure specific vulnerabilities related to Azure active directory and Azure virtual machines and provides valuable guidance on how to effectively identify and remediate those vulnerabilities you'll also learn about essential security tools like Microsoft Defender for cloud and other Azure specific solutions that Aid in vulnerability management by now you know that vulnerabilities are weaknesses or flaws in a system that can be exploited by malicious actors as a popular Cloud platform Microsoft Azure faces its share of specific security challenges however with the right approach and tools you you can effectively manage and Safeguard your Azure environment let's shed light on some common Azure vulnerabilities and how you can address them Azure active directory or Azure ad is a vital component of your Azure environment but misconfigurations in Azure ad can lead to significant risks insecure permissions unsecured authentication and inadequate access controls can all expose sensitive data and lead to unauthorized access to address Azure ad vulnerabilities you should Implement multiactor authentication MFA to enhance user identity protection you should also regularly review user permissions and enforce the principle of least privilege leveraging Azure ad's conditional access policies can further strengthen your security posture by allowing you to define specific access rules based on user location device and risk level Azure virtual machines provide scalable computing power but outdated software and missing security updates on VMS can expose your system to known exploits to prevent virtual machine vulnerabilities you should Implement a robust patch management strategy Azure update management can be utilized to automate patch deployment across your virtual machines ensuring they're upto-date and protected against known vulnerabilities now let's move on to discussing Microsoft Defender for Cloud's vulnerability management features Defender for cloud vulnerability management is instrumental in bolstering the security of your Azure environment it offers a robust set of tools to gain comprehensive visibility into your Cloud infrastructure identifying potential threats and equipping you with effective response measures with Microsoft Defender for cloud you can confidently manage vulnerabilities and fortify your Azure resources against cyber threats Microsoft Defender for cloud offers a range of features including threat detection incident investigation and threat hunting capabilities the platform employs Ai and machine learning to analyze vast amounts of data and identify suspicious activities across your Azure workloads when Defender for cloud detects potential vulnerabilities or threats it provides actionable insights and recommendations for remediation it also integrates with Azure security Center allowing you to prioritize and address critical issues promptly in addition to Microsoft Defender for cloud there are several other Azure security tools that can augment your vulnerability management efforts first there is Microsoft Defender for identity this tool formerly known as Azure Advanced threat protection focuses on identity-based attacks and Insider threats it uses behavioral analytics and machine learning to detect suspicious activities related to identities in your Azure environment next is azure information protection protection or AIP for short AIP helps protect sensitive data by classifying and labeling files and emails based on their content it also enables encryption and access controls to safeguard critical information from unauthorized access you can also make use of the Azure application Gateway this service provides application Level firewall and load balancing capabilities helping protect your web applications from common exploits and distributing traffic efficiently and finally there's the Azure web application firewall a cloud-based service that protects web applications from common web vulnerabilities and attacks these include SQL injection cross-site scripting and more while Microsoft Defender for cloud offers an array of features the combination of these additional tools further enhances your ability to manage vulnerabilities and protect your Azure resources comprehensively but but it's not just tools that you have to consider you also have to keep best practices in mind when implementing continuous vulnerability management these best practices include regular security assessments and vulnerability scans you should conduct periodic security assessments and vulnerability scans to proactively identify weaknesses and potential threats in your Azure environment you should also employ automated security controls automating security controls and configurations whenever possible minimizes human error and ensures consistent security measures across your Azure resources and don't forget about timely patch management it's important to keep track of security updates and apply patches promptly to address known vulnerabilities in your Azure virtual machines and other services and finally there centralized monitoring and response by using centralized monitoring and response mechanisms such as Azure security Center you can gain a holistic view of your security posture and respond swiftly to any emerging threats by following these best practices and using effective Azure security tools you can greatly enhance the security of your Azure environment your exploration this week has been centered on a crucial facet of cyber security employing preventative tools and strategies to fortify your systems and shield your data you started with a deep dive into intrusion detection and prevention systems or idps for short idps detects and prevents unauthorized access making your digital world safer it keeps an eye on your network scanning for threats and preventing cyber attacks it's like a digital guard for your data there are different types of idps network-based idps watches Network traffic for anomalies while host-based idps resides on individual servers adding a layer of security Wireless idps protects wireless networks from unauthorized access you discovered several key components of idps including sensors that collect network data analyzers that analyze the collected data looking for attack patterns and management consoles which provide a centralized interface to Monitor and manage the idps following this you learned more about Azure firewall premium idps a robust tool that safeguards your Azure resources it uses signature-based detection like a digital fingerprint to spot threats including zero day vulnerabilities when malicious patterns are detected it can either alert you or block the traffic from reaching your resources benefits of using Azure firewall premium idps include enhanced security against a wide range of threats reduced false positives centralized management through the Azure portal and scalability to grow with your Network's needs configuring Azure firewall premium idps involves creating an idps policy this policy defines what traffic to Monitor and the actions to take upon detecting threats you can assign this policy to your Azure firewall with elements like specifying monitored traffic types actions to take and Rule priority you also touched on the importance of incorporating incident response plans into your cyber security strategy incident response is a crucial process that handle security incidents from detection to remediation organizations should have a well-defined incident response plan in place outlining steps to detect contain neutralize recover and remediate incidents next you learned about Advanced Techniques for Designing and implementing firewall strategies in Azure a well-designed firewall serves as a critical barrier protecting your valuable resources from unauthorized access while enabling legitimate traffic to flow securely it considers factors such as scalability high availability and compliance requirements to ensure comprehensive security for your Azure environment what's more you learned that Network topologies are another critical component of firewall design influencing the overall security performance and manageability of resources in an Azure environment Hub and spoke architectures centralized services in a Hub Network funneling traffic for control and security virtual Network peering facilitates resource sharing while maintaining isolation between interconnected networks and Azure firewall with private endpoints integrates firewalls with virtual networks enhancing security by eliminating public exposure you then moved on to learn that VPN gateways are essential components that connect on premises networks and Azure virtual networks more specifically you learned that a point to site VPN Gateway connection enables individual client computers to securely connect with a cloud-based virtual Network such as Azure virtual networks or on premises data centers it offers secure reliable and efficient connections from remote locations it offers numerous features including security and encryption scalability authentication multiple platform support and integration with Azure Services you also learned about the pointto side connection process and delved Deep by learning how to set up your own in Azure first an individual client computer initiates a p2s VPN connection using VPN software the client software presents a certificate for authentication to the Azure VPN Gateway the Azure VPN Gateway verifies the certificate's authenticity upon verification the Gateway establishes a secure SSL IPC tunnel with the client through this tunnel the client can securely send and receive data with a virtual Network or on premises data center you follow this by learning about the importance of vulnerability management a proactive approach to cyber security that involves identifying assessing mitigating and managing security vulnerabilities within an organization's it infrastructure this process includes vulnerability assessments to find weaknesses evaluating their severity and impact prioritizing them based Onis risk and implementing measures to mitigate their effects to further embed your understanding you delved into the key steps involved in vulnerability management including using specialized tools to scan networks systems and applications for vulnerabilities simulating attacks to identify potential weaknesses analyzing scan results to assess the severity and potential impact of vulnerabilities considering factors like exploitability and affected assets prioritizing vulnerability ities based on severity to focus on fixing the most critical ones first and addressing vulnerabilities through patches configuration changes workarounds security controls and collaboration with vendors and third parties you learned that vulnerability management is not a one-time process it's an ongoing effort that involves continuous monitoring and reassessment supported by feedback loops and regular vulnerability assessments equipped with this knowledge you are better prepared to implement preventative measures respond effectively to incidents and maintain the security and integrity of your systems and data with its robust capabilities the command line has become an indispensable instrument in the hands of ethical hackers assisting them in navigating the intricate security assessment landscape and safeguarding digital assets against emerging threats by harnessing the command lines power penetration testers Traverse complex environments execute targeted tests and retrieve critical information that might evade graphical user interface or gooey based approaches over the next week you will discover how the command line empowers penetration testers to perform in-depth analysis make informed decisions and ultimately enhance the security posture of the systems they assess in this video you will explore the command line interface or as it's also called the CLI you will understand its importance to penetration testing and discover several tools used for ensuring thorough testing but before you explore its tools let's discuss what makes the CLI so crucial to penetration testing as you previously learned penetration testing involves meticulously assessing systems networks and applications for potential vulnerabilities penetration testers prefer the CLI due to several key advantages firstly efficiency is essential to a successful penetration test and an area where the CLI shines unlike graphical user interfaces or GUI that often require numerous clicks and navigations the CLI allows penetration testers to execute commands rapidly and precisely for instance let's consider Network scanning by using network mapper or nmap through the CLI you can swiftly scan a range of IP addresses and identify open ports and services this speed is crucial especially in time sensitive scenarios require IR iring immediate analysis you will learn more about Network mapping later in this video with a c's concise syntax you can often accomplish tasks Faster by typing commands rather than navigating through menus in a guy this efficiency empowers penetration testers to cover more ground in less time next is flexibility in the dynamic landscape of penetration testing adaptability is Paramount the CLI tool allows penetration testers to tailor their approach to different systems networks and scenarios imagine you encountered a unique Network architecture or a specific vulnerability that requires a custom approach with a CLI testers can easily modify command parameters change flags and fine-tune their tools to suit the target environment this adaptability is invaluable when dealing with complex systems or evolving attack vectors the CLI empowers you to Pivot quickly ensuring your tactics remain effective in the face of changing circumstances automation has become a GameChanger for penetration testers it allows you to streamline repetitive tasks and maintain consistency throughout your assessments a CLI tool can be scripted to automate tasks like scanning root Force attacks and data analysis so instead of manually executing the same command sequences multiple times testers can write scripts to hand handle these tasks automatically consider a scenario where you must test a list of user accounts for weak passwords with the CLI you can use a tool like Hydra to perform Brute Force attacks on different protocols saving you time and effort you will learn more about Hydra later you also have resource efficiency another compelling reason to embrace the CLI and penetration testing CLI tools are often leaner and consume fewer system resources compared to their gooey counterparts when conducting resource intensive tasks like Network traffic analysis or password cracking using the CLI ensures that your system remains responsive and doesn't get bogged down by heavy graphical interfaces this efficiency is especially advantageous when running multiple tests simultaneously or when working with limited Computing resources last upop is remote access penetration testing frequently involves assessing remote systems or Network works the CLI and Technologies like secure shell or SSH offer secure and reliable remote access with SSH penetration testers can establish encrypted connections to remote servers enabling them to execute commands transfer files and conduct tests without being physically present this remote access capability is essential for assessing systems in different Geographic locations enabling testers to conduct evaluations without needing on-site visits now that you have explored the core advantages of using the CLI in penetration testing let's delve into some standard CLI tools indispensible for conducting thorough assessments first up is Network mapper or nmap which you discovered earlier nmap is a versatile open-source tool for network discovery and security auditing it helps testers scan hosts identify open ports services and potential vulnerabilities next is Metasploit framework a comprehensive tool Suite that aids penetration testers in simulating attacks with a vast collection of exploits payloads and modules Metasploit helps testers uncover system weaknesses you also have wire shark which is a leading Network protocol analyzer it captures and displays data traveling across a network enabling testers to analyze Network traffic identify anomalies and potential security issues next is burp Suite an essential tool for web application security testing its modules including a proxy scanner and Intruder allow testers to assess the security of web applications and apis earlier you discovered Hydra Hydra is a powerful password cracking tool designed to perform Brute Force attacks on various protocols like secure shell file transfer protocol and more aiding testers in testing weak credentials next aircraft nexgen or NG is a set of tools focused on wireless network security it assists testers in capturing packets analyzing encryption and conducting attacks on wireless networks to uncover vulnerabilities and lastly grap regular Expressions which stands for Global regular expression print reflects its primary functionality of searching for regular expressions and printing matching lines grap is a command line utility used in Unix oper rating systems you can use graph and regular Expressions to uncover signs of unauthorized access unusual activities or potential vulnerabilities hiding within the logs it helps testers search for specific patterns within text files logs and outputs from other tools aiding in identifying relevant information the command line interface with its efficiency flexibility automation capabilities resource efficiency and remote access features is an indispensable asset in the world of penetration testing this video demonstrated the importance of the CLI to penetration testing and explored the various CLI tools available for conducting thorough assessments as you embark on your journey into penetration testing mastering these CLI tools will Empower you to effectively identify vulnerabilities assess security risks and provide valuable insights into the security posture of systems Networks and applications so far you've learned that the command line interface or CLI is a text interface for your computer allowing you to give commands quickly which are then passed on to the computer's operating system to run in fact the CLI has now become a powerful tool in the fight against cyber crime you also explored penetration testing and learned how it has become a crucial tactic for assessing and enhancing an organization security by simul ating real world attacks penetration testers can identify vulnerabilities before threat actors can exploit them but what makes the CLI a powerful tool the CLI provides you with a powerful and efficient method for controlling your computer's operating system enabling you to perform several tasks including navigating the file system seamlessly and executing numerous commands this video will explore the CLI and demonstrate several commands penetration testers used during their testing whilst there are numerous commands available for you to use in the CLI the following are some of the most common first is who am I during a penetration test who am I gathers a list of users who are currently active on a device in order to determine how much access and privilege each user has by identifying the current user identity penetration testers can further explore this system and assess the potential impact of a security breach next is a command that allows you to mount a remote Network as a penetration tester mounting a remote Network share can help you to identify if there are misconfigured share permissions that allow unauthorized users to access sensitive data this helps organizations understand their Network vulnerabilities and take steps to secure their file sharing infrastructure next up is net share by using the net share command you can identify if there is an open or accessible share that shouldn't be accessible to unauthorized users the result of running this command can help testers to recommend a secure network security solution to the respective organization and lastly net local group with net local group you can retrieve the local groups to understand the user and group privileges on a Windows system this command helps you to identify potential vulnerabilities and security misconfigurations related to user management and group memberships by using the local group command you can identify privileged accounts access privileged escalation paths identify misconfigurations and simulate attack scenarios you previously learned that to launch the CLI on your windows you simply click win plus r on your keyboard or within the start menu type CMD in the search bar and press enter Mac OS is a little different you can open Terminal from the applications or utility folder and lastly within Linux you can find the terminal in your applications menu or by simply using the shortcut Control Plus alt plus T great now that you understand several commands that can be used and how to launch them on your own system let's dive into the demonstration by learning how to use the CLI to perform penetration testing tasks like viewing current Network shares current user information retrieving local groups and administrators adding a new user and gathering information about a network system to start let's get a list of current users type the who am I command into the command line currently the only active user is C6 M mod next let's retrieve the local groups from the system to do this type net local group into the command line to view the current Network shares type net share into the command line this shows you all current shares on the system now let's retrieve the list of local administrators you do this by typing net local group administrators into the command line there may be occurrences where you need to add a new user to the current host to do this run the command net user then put the name of the user you would like to add for this scenario let's use cod user pentest pass/ add lastly let's gather information about the configuration of your network settings user account accounts and other security related parameters on a Windows system to do this type in the command net config this provides information about the target system which you may require for any testing you are performing in this video you explored the CLI you learned how to launch the CLI and some of the common commands that are used before diving into a demonstration of how to enter these commands You Now understand that CLI is a versatile tool it enables you to carry out Network reconnaissance vulnerability assessments and perform several exploitation techniques however it's crucial to remember that unauthorized penetration testing is unethical and against the law ethics should always be a factor in your decisions you should always ensure that before you perform penetration testing you have Express Authority from the organizations to access their systems have you ever wished you could have a personal assistant to help manage your personal life like planning your social events doing the school runs or simply assisting with chores around the house you would benefit from the organization a personal assistant would bring to your life with its powerful features Powershell has become the personal assistant of it professionals it's now a crucial command line shell and scripting language that has redefined system management and automation Powershell allows users to interact with and manage resources using commands within the Microsoft and Azure space this integration of Powershell with Azure offers penetration testers a powerful tool set to assess and test the security of cloud environments designed as a task engine Powershell uses CMD lets or command lets to do everything from managing your files and resources to troubleshooting issues and automating workflows this video will demonstrate the Azure Cloud Shell by completing several basic commands including retrieving a list of resources available viewing a list of virtual machines and Gathering a list of storage accounts you have active in your environment let's start by retrieving a list of resources to do this use the get-az resource command this provides you with a list of all the resources in the environment and includes information on the resource Group location the resource ID and confirms if there are any tags next let's get a list of virtual machines with in the environment you complete this by using the command get-az VM currently there are seven active virtual machines as well as displaying the active machines it also gives you details relating to their locations the virtual machine size the operating system type the network interface card and the provisioning state of the virtual machine lastly let's retrieve a list of storage accounts you do this through the command line get a storage account again you'll notice a list of storage accounts available and several details relating to these storage accounts by using the get keyword within your command you are able to retrieve information about any of your resources while these are some basic commands that are available there are several other commands which can be used like SQL database which can be used to obtain information about Azure SQL databases including settings and access controls you also have network security groups or nsgs which can be used to retrieve details about nsgs including Associated security rules or ad user which can retrieve information about Azure active directory users including roles and group memberships next key vault which can obtain details about Azure key vaults which stores keys and certificates and log which can retrieve azure active logs and diagnose security related events and lastly network interface which can obtain information about network interfaces including Internet Protocol configurations and associations these commands comprise a formidable toit however there may also be instances where you need to perform tests on your network this can be done with the following commands network security rule config can be used to validate Network Security Group gr rules for correct syntax and potential misconfigurations while VM network access can be used to check network connectivity to and from Azure virtual machines while there is a more expansive list of commands in the additional resources at the end of this lesson you might be wondering how you can locate these commands within Powershell thankfully Windows Powershell provides you with various techniques and resources to find the command let for your your specific task first is the get help command which provides you with a list of all Powershell commands available in your module and their usage you also have the get module command which allows you to explore the available modules by listing them on the screen at the execution of the command in this video you learned how Powershell commands can be used to automate tasks while mastering Powershell may seem daunting through practice and repetition you can make your Learning Journey easier try using Powershell yourself to perform some of the commands witnessed in this video by embracing Powershell you can enhance your efficiency reduce manual effort and ultimately achieve more within your organization you will dive deeper into Powershell as a scripting language later organizations are increasingly migrating their infrastructure to platforms like Microsoft Azure however as the cloud landscape expands so do the potential attacks surfaces penetration testers play a vital role in identifying these vulnerabilities in Azure environments as you may recall Powershell is a scripting language commonly used for Automation and administration tasks in the windows environment the Azure command line interface or Azure CLI is a set of commands used to manage resources in Microsoft Azure Microsoft developed power shell as a robust and versatile command line shell in scripting language Powershell provides provides a comprehensive framework for creating executing and automating tasks it is an indispensable tool for users or administrators who want to streamline execution processes and improve productivity within the windows ecosystem in this video you will explore these fundamental Azure CLI tools that penetration testers should be well versed in to assess and secure Azure deployments effectively you will also get a Hands-On demonstration of CLI and discover several administrative tasks including creating a resource Group and virtual machine Let's Start by exploring the various tools used by testers first up is azure CLI which is a cross-platform command line tool that allows penetration testers to manage Azure resources it offers a vast range of commands for provisioning managing and monitoring Azure Services pent testers can use the Azure CLI to create virtual Mach machines resource groups storage accounts blob containers manage storage configure networking and more for example the avvm create command can deploy a virtual machine by mastering Azure CI penetration testers gain the ability to interact directly with Azure resources mimicking real world attacker scenarios next is azure Powershell which as you discovered earlier is another valuable tool for penetration testers built on Windows Powershell it provides a comprehensive set of command lets that are specifically designed for Azure Resource Management penetration testers can leverage Azure Powershell to perform tasks like creating and managing Azure active directory users configuring Azure key Vault and handling Azure resource manager templates using the Azure Powershell testers can automate complex tasks and conduct detailed Assessments in azure environments enhancing efficiency during penetration testing activities Azure resource graph Explorer is another indispensible CLI tool that enables penetration testers to query and analyze the entire Azure resource landscape it assists in identifying potential misconfigurations such as exposed storage accounts or overly permissive network security groups Azure resource graph Explorer AIDS penetration testers in gaining a holistic view of azure environments for a more thorough assessment next is azure active directory Powershell module which is now a crucial tool for penetration testers focusing on identity and access assessments it lets you manage Azure active directory allowing testers to examine user accounts roles groups and authentication policies pentesters can utilize this tool to simulate attacks involving privilege escalation weak password policies and unauthorized access by understanding how Azure active directory Powershell operates testers can uncover identity and access management vulnerabilities a crucial aspect of cloud security now that you've explored the various Azure CLI tools penetration testers use to assess and secure Azure deployments effectively let's demonstrate the use of several Powershell scripts using the Azure CLI console let's start by connecting to the Azure environment to do this type in the command line syntax a login when you press enter you are redirected to a web browser where you enter your Microsoft admin credentials to sign in once you are logged in you can go ahead and close the browser to return to the Powershell console when you return to the console your details will be displayed on the screen now let's get a list of azure subscriptions you have in your account to do this use syn tax a account list then type-- output table again just press enter displayed are the details of all Azure subscriptions within your environment and includes the subscription ID tenant ID and status of the Azure subscription next let's create a resource Group using the Azure command line the syntax to create a resource Group is a group creates then again type - Dash and name now you need to open a quotation to put in your resource Group name for this scenario let's use the resource Group name Sams scoop RG in this instance the RG represents Resource Group now close the quotation next you need to provide the region for your resource Group let's use East us and place it within quotation marks great you have now placed all details in for creating the resource Group just press enter on your keyboard and in a few seconds your resource Group will be created you will notice the provisioning state has succeeded now let's create a storage account using the command line syntax a storage account then enter create you also need to mention the name variable like earlier enter D- name then open the quotation and put in the name of your storage account for this scenario Ario let's call it Sam scoop storage location now simply close your quotation next you need your resource Group variable in this case within your quotations you enter the resource Group name you created earlier Sam scoop RG then enter the location again this is East us the last step is to confirm the SKU details so again Dash Dash and in quotation marks type standard _ lrs all information needed to create a storage account has now been entered once you have confirmed the information entered is correct just press enter the creation should be completed within a few seconds when using Azure CLI you should replace all the placeholder values like Resource Group names subscription names or IDs like account names and passwords with your own values you also need to ensure you have the Azure CLI installed and are log logged in before running these commands otherwise you can use the cloud shell in this video you gained an understanding of the different command line tools a penetration tester can employ to perform administrative tasks within the Azure space you also explored how to use the Azure CLI completing several commands that can be used to execute various tasks within Azure CLI it's important to remember that powershell's command list can vary based on the modules you have installed and your own systems configuration Microsoft Azure has emerged as a prominent player in cloud computing it offers a robust and versatile platform for organizations to build deploy and manage applications and services however the convenience and power of cloud Solutions also come with increased security challenges in this video you will learn how penetration testing often referred to as ethical hacking is a proactive approach to identify vulnerabilities and ensure the security of azzure environments you will explore the best practices for performing a penetration test and which activities are encouraged and prohibited while conducting the test conducting penetration tests is a critical practice to assess the security posture of cloud environments firstly let's kick things off by exploring the fundamental best practices for conducting a penetration test before you begin penetration testing there are several crucial steps to put in place ensure that you have the necessary permissions from all stakeholders including those who own or manage systems that may be tested identify the systems and data that are critical to your business operation and prioritize them for testing identify any systems or data that cannot be tested due to confidentiality issues document all assets in scope for penetration testing and create a testing plan outlining the steps to be taken during the assessment identify any thirdparty applic apption or services that you use in your environment and ensure that they are included in the penetration test gather the required information and assets required for testing such as usernames passwords IP addresses URLs and so on disable any unnecessary services or applications that may interfere with the testing process and finally check that all systems have the most recent security updates installed these best practices lay the foundation for for a successful and comprehensive penetration test especially for Azure environments the process of azure penetration testing involves identifying potential vulnerabilities in Azure infrastructure assessing them to determine the impact they can have on your business and recommending appropriate mitigation strategies Microsoft encourages you to test their Azure services and to report your findings to help address security gaps however to protect their customers data and to avoid disruption in their services you must follow Microsoft's penetration testing Rules of Engagement which outline the activities that are prohibited and encouraged while performing penetration testing the prohibited activities include the following scanning or conducting tests on other Azure customers assets accessing data that is not completely self-owned conducting any distributed denial of service or dos attacks performing Network intensive fuzzing against any asset accept your Azure virtual machine performing tests that generate significant amounts of traffic through automated testing methods attempt fishing or any social engineering attacks on Microsoft's employees and finally using any services that violate the acceptable usage policies as mentioned in the online usage terms now that you are aware of the prohibited activities while performing penetration testing let's examine the activities that are encouraged firstly create multiple test or trial accounts to test cross account access vulnerabilities on your virtual machine run vulnerability scanning tools perform Port scans or perform fuzzing test your account by generating traffic that is expected to match regular working periods and can also include surge capacity attempt to break out of azure services to access other customer assets if any such vulnerability is found report it to Microsoft and seize any further tests now that you are up to speed with the penetration testing Rules of Engagement let's explore some tools that you can use to perform a penetration test Microsoft's cloud-based platform offers multiple attack Vector options for Azure penetration testing you can use the Azure portal Azure virtual networks and Azure web apps to gain unauthorized access or disrupt ongoing business operations by by manipulating the data flow through different components Microsoft also provides a free trial version of its Azure assessment tools that include SEC rat a security risk assessment tool and Cloud assessment proxy or cap depending on the criticality and nature of issues identified during the assessment phase you can use many other tools these include Cloud inspect from bit site which audits Cloud infrastructure from misconfigurations or V vulnerabilities Azure site 247 networks a security scan tool that scans all ports on Azure VMS and reports any open TCP UDP ports along with possible threats associated with them etics wvs which provides web application scanning capabilities as well as DNS enumeration testing and as you may recall nessus is an excellent choice for vulnerability scanning while open vas focuses more on network scanners such as nmap and SS lies among others and finally Microsoft's Azure security Center is also a good choice for Azure penetration testing if you're considering implementing a new cloud-based application it's best to be as prepared as possible for potential threats performing Azure penetration testing provides you with more information on vulnerabilities in your organization and helps provide Secure Solutions before problems arise in this video you learned about the best practices for penetration testing the penetration testing Rules of Engagement and some tools that you can use to conduct your testing by doing some research and taking precautionary measures you can help to prevent your data being breached by hackers and improve your organization security posture penetration testing is a vital component in ensuring the security and resilience of cloud environments hosted on the Microsoft Azure platform in cyber security the dynamic Dynamic interplay between offensive and defensive techniques forms the basis of an effective strategy to safeguard sensitive data applications and infrastructure from the ever evolving landscape of cyber threats in this video you will learn about how Azure penetration testing works the relationship between the offensive and defensive aspects of penetration testing and how it creates a comprehensive approach to identifying weaknesses simulating potential attacks and fortifying defenses within an Azure ecosystem let's begin by examining offensive and defensive techniques in more detail offensive techniques similar to the actions of ethical hackers involve simulating real world cyber attacks to assess the ezure environment susceptibility to breaches and unauthorized access these techniques demonstrate the tactics employed by malicious actors acting as a crucial litmus test to identify potential threats within the Azure infrastructure on the other hand defensive techniques involve the Strategic deployment of security measures designed to protect against these identified vulnerabilities by proactively addressing security gaps building defensive measures around access controls and optimizing security configurations organizations can build robust defenses that prevent the occurrence of risk and mitigate potential threats the interaction between offensive and defensive techniques is the core mechanism through which Azure penetration testing operates this Dynamic interplay is similar to a game of cat and mouse enabling Security Professionals to stay one step ahead of cyber attacks as offensive techniques identify vulnerabilities defensive techniques develop security measures to strengthen these vulnerabilities creating a continuous cycle of assessment and refinement in this manner Azure penetration testing becomes a holistic and iterative process C that not only identifies risks but also empowers organizations to proactively secure their Azure environments to understand how Azure penetration testing Works imagine a scenario where a Sam Scoops it Security administrator wants to conduct a penetration test on Sam's Microsoft Exchange servers that run in an Azure environment the first step involves scanning the available Azure infrastructure for Azure virtual machines or VMS that are running exchange servers after Azure vm's hosting exchange servers are identified the administrator can use a suite of tools to identify vulnerabilities in those Azure components and exploit them to conduct Azure penetration testing successfully it security administrators need access to both offensive and defensive tool sets a way to achieve this would be through something you are familiar with red versus blue operations and an offensive tool set enables administrators to discover potential loopholes or exploits while conducting Azure penetration tests it is important that administrative staff are aware of how these attacks work so they can take the appropriate steps to defend their organization against such threats when you understand what Azure penetration testing is and how it works it becomes clear why it is important for organizations who are considering deployments in Azure platform infrastructure it administrators should not only have expertise in the offensive methods used during Azure penetration testing but they must also understand the defensive techniques so that they can apply them while defending against these attacks now that you are aware of how Azure penetration testing Works let's examine offensive techniques penetration testers or ethical hackers use offensive techniques to emulate the tactics that malicious hackers might employ offensive techniques simulate and replicate real world cyber attacks against a system Network application or infrastructure the primary objective of this technique is to identify vulnerabilities and potential security gaps within a Target environment thereby helping organizations proactively address and remediate these issues before malicious hackers can exploit them organizations can prioritize remediation efforts allocate resources effectively and enhance their overall cyber security posture with the help of the information gathered from offensive testing now that you understand what offensive techniques are in the context of azure penetration testing let's explore some examples firstly vulnerability scanning involves scanning the Azure environment for known vulnerabilities in both the infrastructure and the application this may involve using tools like the open vulnerability assessment scanner or open vas or Azure security Cent vulnerability assessment features next is Brute Force attacks which are an attempt to gain unauthorized access to Azure accounts virtual machines or Services by using multiple combinations of user names and passwords another offensive technique is exploitation which is an attempt to exploit a misconfigured Azure resource or a vulnerable application hosted on Azure to gain unauthorized control control and finally fishing simulations involve sending simulated emails to users in a bid to assess their susceptibility to social engineering attacks next let's examine defensive techniques defensive techniques involve implementing several measures to protect Azure environments from potential threats and vulnerabilities identified during offensive testing it is a technique designed to mitigate vulnerabilities strengthen security measures and prevent unauthorized access exploitation or compromise of sensitive data these techniques are an integral part of maintaining a robust cyber security posture and safeguarding digital environments from various forms of cyber attacks let's explore some examples access control and identity management requires implementing strong authentication methods r-based access control and the least privileged principles to restrict access to authorized users only using role-based access controls grants access to resources based on the role assigned to the user in the request the principle of least privilege allows a measure of access to be granted to the user in the request with limited time and limited coverage this is also known as just in time and just enough access firewalls and network security groups control the inbound and outbound traffic between Azure resources Azure encryption Services can encrypt data at rest and data in transit intrusion detection and prevention systems or idps monitor Network traffic for signs of malicious activity and perform automated actions to prevent attacks finally developing an incident response plan including procedures for containing and mitigating breaches can help when dealing with security incidents in this video you learned how penetration testers can use offensive and defensive techniques to mitigate and remediate risk both techniques play crucial roles in maintaining the security of an organization offensive techniques help to expose vulnerabilities that might go undetected while defensive techniques ensure that the environment is adequately protected against potential threats it is important for organizations to engage in regular penetration testing and security assessments to identify and address weaknesses before they can be exploited by malicious actors there are several examples of organizations experiencing incidents that could have been avoided if the proper protection mechanisms had been in place such incidents include information leakage unauthorized access and data loss among many others in this video you will identify the steps involved in penetration testing on Azure to help you find vulnerabilities and provide a solution before a cyber criminal can take advantage of them to begin let's examine the goal of penetration testing this is to simulate real world attacks evaluate the system's ability to withstand them and strengthen your Azure resources security posture these processes can reduce the cost and time required to solve future problems due to application vulnerabilities a penetration test involves conducting offensive tests against the existing defense mechanisms in the environment these tests range from exploring the victim's devices to studying the human factor using social engineering in the the context of Microsoft Azure penetration testing is aimed at ensuring the security of cloud-based resources preventing data breaches and safeguarding sensitive information performing penetration testing in Azure requires careful planning and adance to Microsoft's guidelines to ensure the security of the environment let's examine the steps to perform penetration testing in Azure in more detail to begin it is important to secure proper authorization and document your testing plan obtain proper authorization from the Azure account owner or administrator before conducting any penetration testing and document the scope objectives tools and techniques you intend to use during the testing next select an appropriate testing approach this can be white box black box or gray box testing depending on the information you have available about the Azure environment after choosing your approach establish a dedicated testing environment create a separate or segregated environment within Azure configuring the required resources and networks for testing purposes this is crucial to prevent inadvertent interference with the production environment then deploy the necessary resources virtual machines and networks for testing purposes subsequently identify your targets and Define testing scenarios identify the specific Azure resources and services that will be tested then Define scenarios and attack vectors that simulate real world threats next choose your penetration testing tools select penetration testing tools suitable for Azure environments such as Azure security Center Azure Sentinel and other third-party tools keep in mind that you must ensure the tools are compliant with azure's policies and security guidelines then execute the penetration test using the selected tools perform vulnerability scanning Network mapping and application testing the primary focus should be on identifying common vulnerabilities such as misconfigurations weak access controls and known security issues once the test is concluded thoroughly analyze the results review the findings from the penetration test including vulnerabilities weaknesses and potential exploits based on their severity and potential impact prioritize the identified issues after analyzing ing the results of the test perform remediation and mitigation work with the Azure environment owner to address the identified vulnerabilities and weaknesses apply necessary patches updates and configuration changes to mitigate the risks then retest and validate conduct a retest to ensure that the identified vulnerabilities have been properly addressed validate the effectiveness of the applied remediations the next step is reporting and communication prepare a detailed penetration test report that includes the testing process findings vulnerabilities and recommended actions communicate the findings to the Azure account owner or administrator including any risks that need immediate attention finally Embrace a culture of continuous Improvement learn from the findings and experiences of the penetration test incorporating these lessons into future testing Endeavors and security measures me remember that Azure has its own specific guidelines and requirements for conducting penetration testing before starting review Microsoft's official documentation on penetration testing in Azure to ensure compliance and prevent unintended disruptions to your environment by following these steps you can conduct effective penetration testing in Microsoft Azure enhancing the security of your Cloud environment and safeguarding your valuable assets from potential threats Azure penetration testing can help you improve the security posture of your Azure environment by identifying and fixing the weaknesses that could be exploited by malicious actors it can also help you comply with security standards and regulations that require regular testing of your Cloud infrastructure in this video you learned that penetration testing in Microsoft Azure is an ongoing and iterative process as the cloud environment evolves new vulnerabilities can emerge necessitating regular testing to ensure the system security posture remains robust by following a systematic and well-defined penetration testing process you can confidently improve your Azure security proactively identify and address vulnerabilities and Safeguard your digital assets and sensitive data in the ever evolving landscape of cyber threats there are many benefits to having isolated resources to conduct penetration testing in this video you will explore the steps to create and configure azure resources to be used for penetration testing and how to create these resources using the Azure portal first let's examine the steps to configure your Azure resources in preparation for penetration testing setting up the Azure environment for penetration testing requires configuring Azure resources this involves setting up and customizing various components within the Azure Cloud platform to start log into the Azure portal using your Azure administrator account credentials this is the central interface where you manage and configure your Azure resources you can create various types of resources such as virtual machines databases storage accounts web apps and so on depending on the type of resource you are creating you can configure the resource settings by providing specific details such as the resource name region size operating system and more for many resources you'll need to configure networking syst settings this might involve setting up virtual networks subnets IP addresses and security groups networking configuration is crucial for controlling how your resources communicate and interact with each other in the outside world if you're setting up storage resources like Azure storage accounts you'll need to configure storage options access controls and data redundancy settings for databases you'll need to configure data storage backups and security next you may be required to configure identity and access management settings using Azure active directory or Azure ad and roll-based access control or rbac this configuration allows you to assign appropriate roles and permissions to users and groups to control who can access and manage your resources after resources configuration you can configure monitoring and alerting settings to track the performance and health of your resources Azure provides tools tools such as Azure Monitor and Azure log analytics for the tracking of metrics logs and generating alerts depending on your resource type you can also configure scaling options for example you can set up autoscaling for virtual machine instances based on load Additionally you can consider using Azure automation to automate routine tasks and Resource Management next you can integrate your resources with other services or Solutions for example you might integrate your web application with Azure content delivery Network or CDN for improved content distribution for continuous integration and continuous deployment or cicd pipelines you can use Azure Dev Ops before finalizing your configurations review your settings to ensure that they align with your requirements you can then validate your configurations for accuracy and potential security vulnerabilities when you're satisfied with your configurations you can deploy your newly created Azure resources at this stage it is recommended that you test their functionality to ensure they're working as intended the last step is to set up a plan to continuously monitor the performance and security of your resources you can adjust this plan as needed and stay informed about updates and changes to your Azure Services now that you're familiar with the steps to configure Azure resources for penet ation testing let's explore how to do this practically using the Azure portal to configure your Azure environment in preparation for penetration testing you must create and configure a resource including its Associated network settings depending on the administrative or automation task you want to test to create an automation account select create a resource and under automation select create the automation account contains information about the Automation runbooks and configuration used for automating operations and management tasks in Azure and non aure resources to create an automation account you must have an active subscription if you do not have an active subscription you must create one before moving on to the next step next select an active Resource Group from the drop-down menu if you do not have an active Resource Group you must create one before moving on to the next step for the purposes of this video Let's select the Sam Scoops Resource Group next enter an automation account name for example pentest automation next select the region for your resource for example West us2 and select next leave the system assigned checkbox selected by default and select next you can also leave the network connectivity configuration set to Public Access by default and select next you can create tags for your automation account on the tags page for the purposes of this video let's leave this as default and select next review your automation account settings and once the validation pass message displays select create it may take a few minutes to deploy your automation account when the deployment completes select go to Resource to view the details of the resource you have created in this video you learned about the steps involved in configuring your Azure resources in preparation for penetration testing you also explored how the process of configuring Azure resources can vary based on the specific resource type you're working with and you learned how to create a resource using the Azure portal by following these steps you can create and configure your Azure resources in preparation for penetration testing a penetration testing framework is used to create a similar or familiar environment used for different distributions it's a structured approach and set of tools used by cyber Security Professionals to conduct thorough security assessments of systems networks applications and other digital assets these Frameworks provide a systematic methodology for identifying vulnerabilities assessing risks and recommending remediation measures they help to ensure that tests are conducted consistently efficiently and with a focus on best practices before you take a deep dive into some popular penetration testing Frameworks let's explore a brief overview of what tools are available one popular penetration testing framework is the penetration testing execution standard or pte however there are many other popular open-source penetration testing tools and Frameworks such as Metasploit framework the open web application security project zet attack proxy or oasp zap gobster Network mapper or nmap and structured query language or SQL map these can be adapted and used to assess the security of azure environments in this video you will learn how to set up Metasploit on Azure as one of the penetration testing Frameworks before you set up the Metasploit framework let's take a deep dive into how it works while exploring some other well-known open-source penetration testing tools that you can use for testing Azure environments the Metasploit framework is a penetration testing tool that provides a wide range of exploits payloads and auxiliary modules a Metasploit penetration test begins with the information gathering phase where it integrates with various reconnaissance tools such as nmap SNMP scanner and windows patch enumeration to find vulnerabilities in your system after the vulnerabilities ident identified you can choose an exploit to penetrate it if the exploit is successful the payload is executed at the Target and the user gets a shell to interact with the payload once on the target machine Metasploit offers various exploitation tools for privileged escalation packet sniffing screen capture and pivoting tools the extensive features of Metasploit are modular and extensible making it easy to configure for every user requirement another open-source pen testing tool is oasp zap a web application security scanner that is intended to be used by both beginners and professional penetration testers it identifies vulnerabilities in web applications hosted on Azure next is gobster which is a tool used for directory and file brute forcing it can also help in discovering hidden files and directories on web servers in your Azure environment finally SQL L map is used for detecting and exploiting SQL injection vulnerabilities in web applications which can be relevant if you are testing Azure hosted web applications with database backends now that you are familiar with the kinds of Open Source tools available for penetration testing on Azure let's discuss the steps involved in configuring the Metasploit framework in more detail to set up the Metasploit framework on your machine for use and Azure you should first prepare your local machine or the dedicated penetration testing system where you will run Metasploit from the Metasploit website download the Metasploit framework when the download is complete open the downloaded file follow the process to complete the installation in the installation wizard select next accept the terms in the license agreement and select next select browse to choose the location where you want to install the framework use the default settings to install the framework on the C drive select next then select install to begin the installation process you can monitor the progress of the installation using the status bar the installation may take a few minutes to complete when the installation process is complete select finish next from the file explorer navigate to the location where you installed the mesit framework open the metlo folder and copy the file path C SL Metasploit next open the command prompt by typing CMD in the windows search bar and selecting the command prompt app to launch the M exploit framewor console perform the following steps first move up one level in the directory Tree by typing cd- do Dot and press enter move up another level in the directory Tree by typing CD space dot dot once again and pressing enter paste the path you copied and press enter now that you have navigated to the Metasploit directory launch the framework using the msf console command you can now use this environment to conduct penetration testing on your Azure resources in this video you learned about the various open-source tools that you can configure for Azure penetration testing you also explored how to configure the metes sploit framework to conduct responsible effective and ethically sound penetration testing on Azure resources incorporating the Metasploit framework into your process will prove invaluable staying informed of changes in both the metlo framework and Azure will help you to continue to be successful in conducting your penetration tests Azure security testing is the process of evaluating the security measures and defenses of resources and services within Microsoft Azure the process of Azure security testing involves the use of several techniques methodologies and tools to assess the security posture of azure resources this can involve both automated and manual testing to thoroughly evaluate various aspects of the environment in this video you will learn how to configure Azure security settings Azure groups and Azure firewall settings for penetration testing one of the best reasons to use Azure for your applications and services is to take advantage of its wide array of security tools and capabilities Azure security provides visibility and control over the security of azure resources like virtual machines cloud services Azure virtual networks and blob storage you are already aware that security is the responsibility of everyone in the organization therefore you should be familiar with the tools and capabilities that make it possible to create a secure Solution on the Azure platform for your existing resources config furing Azure security settings for penetration testing involves creating a controlled environment that allows ethical and responsible penetration testing without jeopardizing the security and integrity of your Azure resources Azure security testing includes vulnerability scanning penetration testing configuring auditing network security assessment web application testing identity and access management review data security assessment and more it is is crucial for maintaining a strong security posture especially as Cloud environments are Dynamic and subject to ongoing changes now that you are aware of the basics of azure security testing let's explore how to configure Azure groups for penetration testing an Azure group in the context of penetration testing could refer to a group of users or components within Microsoft Azure that play a role in organizing resources controlling access and managing security when conducting penetration testing in Azure focus on ensuring proper isolation of test environments it is also important to control access through role-based access control or rback and permissions and lastly you should follow security best practices to prevent accidental disruptions to production resources using the Azure portal you can create Azure groups and add members from roles including Global administrator user administrator role ad administrator and groups administrator after you have successfully created the group you can use it to manage access and run a penetration test on any Target resource now that you are familiar with Azure groups let's examine the role of azure firewall for penetration testing controlling outbound network access is an important part of an overall network security plan one way to control outbound network access from an Azure subnet is with Azure firewall with with Azure firewall you can configure application rules and network rules application rules Define what type of traffic is allowed for a given application and network rules Define source address protocol destination port and destination address next let's examine how to configure Azure groups and Azure firewall settings for penetration testing in more detail getting started with the Azure security Center requires you to have access to Microsoft Defender for class CL Microsoft Defender for cloud enables you to view the security posture of your organization it also enables you to view active recommendations or configurations to enhance the security level of your organization to create an Azure group type group in the search field and under Services select groups select new group to create a new Azure group for the group type select security from the drop-down menu for the group name type Sam's Scoops group Next provide a group description Learning and Development for the Azure ad roles that can be assigned to the group select yes you can scroll down to assign owners members and roles select create to create your Azure group for penetration testing to configure the Azure firewall settings type firewall in the search field and under Services select firewalls to create a new firewall select create first confirm you have an Azure subscription before you deploy your Azure firewall settings next select create new to create a new Resource Group for the name type Sam Scoops Resource Group and select okay next for the firewall name type Sam Scoops firewall select east west from the region drop-down menu to create a new firewall policy select add new for the policy name type Sam scoop policy select eastest for the region scroll down and select okay in the virtual network name field type Sam Scoops virtual Network for the address space type 10.0.0.0 sl16 type 10.0.0.0 sl24 for the subnet address space to add a public IP address select add new for the name type Sam Scoops IP and select okay now that you have entered all the required information select review plus create after the validation pass message displays select create when your deployment is complete a message displays confirming that you have a successful deployment in this video you learned how configuring Azure firewall settings and groups for penetration testing requires a balance between granting controlled access and maintaining security it's an essential aspect of ensuring the security assessments provide valuable insights into vulnerabilities while upholding the Integrity of azure resources organizations that approach penetration testing with a focus on responsible testing ethical consideration and proper configuration are better equipped to enhance their security posture effectively when it comes to cyber security the security of web applications within Azure is a crucial concern as the digital landscape expands so do the potential avenues for cyber threats this is where the practice of web application penetration testing steps in in leading the charge are the powerful tools of azure CLI and Azure Powershell these tools and power Security Professionals to conduct comprehensive tests discover vulnerabilities and reinforce the Integrity of their azure environment in this exploration of web application penetration testing this video delves into the practicalities of securing azure's digital domain through the capabilities of azure CLI and Azure Powershell you'll review the intricate process of safeguarding web applications ensuring they remain resilient in the face of evolving cyber risks from mimicking potential attack vectors to deciphering vulnerabilities that may lurk within code by the end of this video you'll come to know the potential of these tools to enhance security measures solidify defenses and cultivate a secure digital environment Azure CLI and Azure Powershell provide a dynamic and programmatic approach to web application penetration testing for instance let's say you're responsible for the security of Sam scoop's e-commerce website running on Azure your team is concerned about a potential vulnerability that could allow attackers to compromise customer data it's a critical issue that that needs immediate attention in this scenario speed and precision are vitally important manually testing every aspect of the web application is timec consuming and prone to human error this is where automation with Azure CLI and Azure Powershell fulfills an important role these tools allow you to script and automate tests ensuring consistent and thorough evaluations of your web applications within the Azure ecosystem now let's learn more about about how Azure CLI and Azure Powershell unveil vulnerabilities through web application penetration testing before delving into testing it's crucial to map out the attack surface of the web applications Azure CLI and Azure Powershell can be used to gather information about the applications such as URLs endpoints and apis this initial reconnaissance helps you to create a comprehensive testing strategy now let's fast forward to the testing phase here you set up scripts to automate input validation tests input validation testing aims to identify vulnerabilities like SQL injections cross-side scripting and other injection attacks Azure CLI and Azure Powershell can automate the process of sending malicious inputs to web forms and apis to uncover potential vulnerabilities with tools like oasp app a free tool that helps to find the vulnerabilities in the applications or API endpoints or burp Suite another web penetration testing toolkit you can simulate various attack scenarios to identify weak points in the application but that's not all Azure CLI and Azure Powershell also enable you to simulate authentication bypass attempts this ensures that unauthorized users cannot gain access to sensitive parts of the application by scripting login attempts with incorrect credentials or attempting to escalate privileges you can evaluate the strength of authentication and authorization mechanisms security headers play a crucial role in mitigating common web vulnerabilities Azure CLI and Azure Powershell can be used to extract and analyze HTTP response headers checking for the presence of security headers like content security policy or CSP HTTP strict Transport Security or hsts and other missing or misconfigured security headers can indicate potential vulnerabilities web applications often rely on apis for data exchange using Azure CLI and Azure Powershell you script API requests to evaluate the security of API endpoints this involves testing for unauthorized Access Data exposure and potential injection attacks that could compromise the Integrity of the application it's important to note that not all reported vulnerabilities are real threats and some actual vulnerabilities might be missed this is why it's critical to analyze test results carefully verifying whether reported vulnerabilities are exploitable and prioritizing them based on their potential impact Azure CLI and Azure Powershell can automate the process of categorizing vulnerabilities based on their severity and potential impact on the application and underlying systems this allows security teams to Prior prioritize their efforts focusing on critical vulnerabilities that could lead to data breaches or service disruption interpreting test results is not only about identifying problems but also providing actionable steps for remediation Azure CLI and Azure Powershell can be used to script fixes configuration changes and patches that address the identified vulnerabilities this ensures a more streamlined and efficient remediation process web application pen penetration testing on Azure resources is a Cornerstone of maintaining a secure Cloud environment the utilization of azure CLI and Azure Powershell empowers security teams to automate and streamline the testing process enabling thorough evaluations of web applications by interpreting test results identifying vulnerabilities and providing targeted remediation organizations can significantly enhance the security posture of their web applications hosted on azure regular and systematic web application penetration testing not only identifies existing vulnerabilities but also assists in proactively identifying potential threats reinforcing Azure standing as a robust and secure Cloud platform Azure security Center offers robust features for automating the testing and continuous monitoring of your Azure resources to detect security issues and vulnerabilities these assessments are scheduled to run automatically at specified intervals examining your resources thoroughly if any vulnerabilities are identified during these checks the system generates alerts these realtime alerts are highly configurable allowing you to receive notifications through various channels including email SMS or Azure monitor to conduct recurring penetration tests effectively within Azure security Center you have two options Azure automation or Azure logic apps Azure automation is a comprehensive solution that allows you to orchestrate and automate a wide range of tasks and processes within your Azure environment with Azure automation you can create schedule and manage run books that Define the specific steps and actions required for penetration testing on the other hand Azure logic apps offer a more streamlined and simplified approach to conducting recurring penetration tests these apps provide a visual workflow designer that allows you to build automated processes using pre-built connectors and triggers Azure logic apps provide a more straightforward and efficient way to automate security assessments while Azure automation is ideal for organizations that require fine grained control over the testing process in this video you will learn how to configure an account and a runbook to implement recurring penetration tests using Azure automation this process will enable you to proactively maintain the security of your Azure environment let's say you've established a virtual environment or container which serves as your designated testing environment the next crucial step is configuring Azure automation to create a runbook this runbook will house the necessary commands or scripts required to initiate a penetration test now let's explore how you can accomplish this with a step-by-step demonstration to create a runbook on azure create an automation account you can do this by selecting automation account on the dashboard blade and using the create button if it's not visible on the homepage type automation account in the search field and select it from the suggestions select the create tab to create a new automation account or use the create the automation account menu below then you can add the necessary information first select the subscription it must be an active subscription and attach it to an existing Resource Group if you don't have an existing Resource Group use the create new tab next provide an account name for instance Sam Scoops account and choose East us as the region select next on the advanced tab ensure system assigned is enabled you can leave all other settings as default once you receive the message that validation passed select the create button next let's create a runbook for a penetration test navigate to runbook on the left navigation panel use the create a runbook tab to create a new runbook enter the runbook name for example Sam Scoops book select the Run book type you can choose any of the available options select the runbook version that is available and provide a description if required after providing the required information select create now that you have successfully created a run book in the Azure automation account you can proceed to input your command using templates or runbooks using any of these items or assets once you've selected the resource you want to test you run the test pane with the Sam Scoops account and the Run book created the next step is to set up a schedule for the runbook to execute the penetration test at the desired frequency in this video you explored the capabilities of azure security Center which enables automated testing and continuous monitoring of azure resources to identify security issues and vulnerabilities these assessments run automatically at specified intervals generating alerts if vulnerabilities are detected you observed how to create an account and runbook for a recurring penetration test within Azure security Center using Azure Automation in an upcoming video you'll learn how to use a runbook to create a recurring schedule and configure alerts using the automation account configuring automatic testing and Azure security Center involves setting up automated security assessments and vulnerability scanning within an Azure environment this is crucial for maintaining the security and integrity of your resources after creating an automation account for your penetration testing you'll need to configure it with a recurring schedule to control the frequency of vulnerability checks and resource testing additionally configuring alert generation is essential to promptly notify you if vulnerabilities are found during penetration testing now let's move on to a demonstration of how to configure recurring schedules for testing and establish alert generation to ensure timely responses to security issues to configure a recurring schedule on your run book within the Azure environment you first need to ensure that your run book has been published to publish a run book go to the runbook deployment page select the edit drop down and choose Visual Studio or portal from the edit view select publish you will receive a confirmation prompt choose yes this may take a few minutes to propagate with the Sam Scoops book runbook now published the next step is to set up a schedule for the Run book to execute the penetration test at your desired frequency you can configure your schedule to recur as needed to do this select the Sam Scoops book from the runbook list select schedules from the left navigation panel then choose add a schedule you have the option to link a schedule to a runbook select okay to proceed next select add a schedule to link the Sam scoop's runbook account since you are attaching the schedule to the runbook created earlier name your schedule Sam scoop's book schedule provide a description next under the recurrence option select recurring you can now configure your schedule settings specifying the recurrence frequency the default is every 1 hour for this demonstration let's set the frequency to every one week and select Mondays and Tuesdays for the days of recurrence you can also set the star time for instance let's say you want the schedule to start on the 10th of October you can select a date from the calendar Additionally you can also create an expiration date if required once you've input the correct details select create to create your schedule now you've completed the process for creating a schedule for a runbook for the purpose of penetration testing within the Azure environment finally you can configure the Azure security Center to generate alerts for specific security related events alerts help track and respond to security issues identified during the penetration testing so so let's go over the steps to set up an alert from the Sam Scoops Account dashboard select alerts under monitoring in the menu pane then select create a rule now you can configure your alert policy from the signal name drop- down menu select custom log search to attach or configure the alert to a particular activity the log page is displayed once you click on the custom log search option expand the navigation men menu click on query Tab and use any of the templates you can configure an alert for any of the log queries using the automation jobs for instance you can set up your alert based on log queries and Azure automation jobs that are completed among other options then run the test click on the X sign at the top of the log analytics page to close the page on the create an alert rule page click the create menu to create the configured rule rule you can now review the summary of the alert policy in place now that all the necessary information has been provided you can go ahead and create the alert policy by following the steps demonstrated you can configure Azure security alerts to help track and respond to security issues that are identified during penetration testing in this video you've learned how to set the testing frequency for vulnerability assessments and configure an alert policy to notify you when vulnerability are detected in your resources these steps are vital for maintaining a secure Azure environment and proactively addressing potential security issues automating these processes not only saves time but also ensures that your Azure resources remain resilient in the face of evolving threats the aroma of freshly made waffle cones fills the air at Sam Scoops the once small local favorite that has now evolved into a thriving business apart from its delectable ice cream Sam Scoops is known for its state-of-the-art online ordering system but today isn't about flavors it's about digital Warfare in one corner of the corporate office is team red LED by Ashton a tech Maverick with a penchant for hacking on the opposite side is team blo led by Kim a cyber security genius the challenge is set team red will simulate cyber attacks on the company's online infrastructure while team blue defends it the digital background Sam scoop's online ordering platform which holds crucial data from thousands of dessert lovers at 9:55 a.m. the countdown begins Ashton smirks with confidence ready to get schooled Kim Kim just winks and replies just don't cry into your ice cream when you lose as the clock strikes 10 team red unleashes its first wave they bombard the site with DOs attacks mimicking thousands of users trying to access the platform at once Kim's team is ready they swiftly reroute genuine user traffic to auxiliary servers keeping the primary servers focused on diffusing the attack nice move Ashton murders round two an Ashton's team deploys malware in the form of a fake promotional email hoping someone from Sam Scoops will bite but Kim's crew has trained the staff well not a single person clicked on the fraudulent 50% off coupon however the real challenge comes after lunch Ashton has saved the best for last using a zero day vulnerability team red attempts to access the database directly Kim's heart races as alarms blared they didn't expect this Riley a key member of Team blue exclaims they're trying to extract the flavor recipes those are proprietary Kim ever the problem solver proposes an audacious plan let's redirect them to decoy databases fill them with red herrings team blue created false data bases filled with ludicrous flavor recipes like bacon and mint or pickled pineapple Ashton initially thinking he gained the upper hand soon realizes he's been duped the clock neared 5:00 p.m. signaling the end of the challenge both teams connect on the company's group chat Ashton trying to hide his disappointment congratulates Kim you about done yourself this time Kim replies it's not about winning or losing Ashton it's about ensuring our customers can enjoy their midnight chocolate fudge or vanilla bean without a side of cyber security issues Sam the CEO enters the chat today was a demonstration of our strengths and weaknesses you've learned and you'll grow now come join me in the kitchen for a cone on the house amidst laughter and camaraderie two teams United by common love of ice cream and digital security toasted their waffle cones in the world of cyber security it was just another day at Sam Scoops where flavors met firewalls sprinkles aside let's review the key takeaways from this tale as demonstrated at Sam Scoops penetration testing allows businesses to proactively identify and rectify vulnerabilities in their digital infrastructure before malicious hackers can exploit them simul ating real cyber attacks as team red did offers an invaluable Hands-On perspective on potential threats It prepares the defensive team in this case team blue for real world attack scenarios the fishing attempt by team red underlined the importance of Staff training a well-informed team can be the first line of defense against cyber threats ensuring they don't fall for deceptive tactics Kim's team's ability to divert genuine traffic and create decor databases during the test reinforced the importance of having a multi-layer defense strategy and validated its Effectiveness this scenario highlights that when it comes to cyber security every day is a challenge and every challenge is an opportunity to strengthen your digital defenses just as Sam Scoops continues to Delight customers with its ice cream it also ensures that cyber security remains a top priority you've embarked on a journey through essential tools techniques and best practices that Empower you to enhance security conduct comprehensive penetration tests and effectively Safeguard your gital assets let's take a moment to reflect on the key takeaways from this week's learning firstly you explored the pivotal role the command line interface or CLI plays in penetration testing more specifically you discovered that the clii empowers you to execute commands swiftly and precisely enabling tasks such as rapid Network scanning to efficiently scan a range of IP addresses and identify open ports and services this efficiency proves to be critical in time-sensitive scenarios Additionally the CLI provides you with the flexibility to tailor your approach to different systems and scenarios making it adaptable even in complex environments but that's not all automation with CLI tools streamlines repetitive tasks fostering consistency throughout assessments a CLI tool can be scripted to automate tasks like scanning Brute Force attacks and data analysis CLI tools are also resource efficient consuming fewer system resources compared to their graphical user interface or gooy counterparts this ensures your system remains responsive during resource intensive tasks plus secure shell or SSH and the CLI offer secure and reliable remote access facilitating remote system assessments enabling you to execute commands transfer files and conduct tests without being physically present furthermore you delved into the essential CLI tools for penetration testing including nmap a versal tool for network discovery and security auditing the Metasploit framework a comprehensive suite for simulating various types of attacks wire shark a leading Network protocol analyzer for C capturing and analyzing Network traffic burp Suite a vital tool for conducting web application security testing Hydra a powerful password cracking tool air crack NG which focuses on securing wireless networks and GP and regular Expressions which are handy tools to help you search for specific patterns within logs and text files you follow this by learning about Powershell and how it integrates with Azure for penetration test testing discovering that Powershell isn't your run-of-the-mill tool it's a robust command line shell and a versatile scripting language that revolutionizes system management and automation its integration with Azure provides a powerful tool kit for assessing and fortifying the security of your Cloud environments but that's not all powers shells command lets are your go-to tools for efficiently handling files diagnosing issues automating complex workflows and seamlessly interacting with Microsoft and Azure resources you also got handson with the Azure Cloud shell putting it to work with essential commands like retrieving a list of resources available viewing a list of virtual machines and Gathering a list of storage accounts you have active in your environment Additionally you explored a range of other Nifty Powershell commands like SQL Database Network Security Group active directory user key Vault log and Azure network interface each serving specific purposes in managing Azure resources and conducting thorough Network tests you then moved on to explore penetration testing within the Azure environment discovering best practices Rules of Engagement and essential tools some of the best practices you covered involved ensuring that you have the necessary permissions from Key stakeholders identifying the systems and data that are critical to your business operations and prioritize them for testing identifying any system or data exclusions documenting assets to be tested and creating a testing plan specifying any third-party applications or services that need to be included gathering information like usernames passwords IP addresses URLs and so on disabling any unnecessary services or applications and finally ensuring that all systems are up to dat plus you learned about the importance of following Microsoft's penetration testing Rules of Engagement distinguishing between prohibited activities like scanning other Azure customer assets and encouraged activities such as creating test accounts and vulnerability scanning in addition to this you reviewed various penetration testing tools including Azure management portal virtual networks and web apps by following these best practices adhering to The Rules of Engagement and leveraging a range of penetration testing tools you can enhance your organization security posture mitigate potential threats and Safeguard your valuable data in the cloud environment you then moved on to learn about the Synergy between offensive and defensive techniques offensive techniques simulate real world cyber attacks to assess azure's vulnerability unveiling potential threats while defensive techniques involve deploying security measures strategically to protect against identified vulnerabilities and mitigate potential threats this Dynamic interplay between offense and defense isn't a one-time deal it's a continuous cycle of assessment and refinement it's what propels Azure security forward ensuring your sensitive data applications and infrastructure is protected from cyber threats what's more you learned about web application penetration testing using Azure CLI and Azure Powershell discovering that automation with Azure CLI and Powershell streamlines testing ensuring precision and efficiency you gained insight into the importance of Thoroughly mapping out the attack surface of web applications this crucial step involves gathering information about URLs endpoints and apis to conduct comprehensive assessments you zoned in on the key components of web application testing including input validation testing authentication and authorization testing analyzing security headers and API testing understanding the foundation of the pent test is one thing distinguishing between real threats and false positives or negatives is another in your learning you encounter the concept of risk prioritization which relies on verifying whether reported vulnerabilities are exploitable and prioritizing them based on their potential impact Azure CLI and Azure Powershell can automate the process of categorizing vulnerabilities based on their severity and potential impact on the application and underlying systems plus Azure CLI and Azure Powershell can be used to script fixes configuration changes and patches that address the identified vulnerabilities this ensures a more streamlined and efficient remediation process finally you learned that configuring automatic testing in Azure security Center is an essential step from maintaining the security and integrity of your resources within an Azure environment this process involves creating an automation account for penetration testing and configuring with a recurring schedule to control the frequency of vulnerability checks and resource testing additionally setting up alert generation is crucial to receive prompt notifications in case vulnerabilities are discovered during penetration testing you are now equipped with the knowledge and tools needed to understand and Excel in Azure CLI Powershell and penetration testing by exercising these skills you can proactively enhance security measures identify vulnerability and protect your organization's digital assets effectively you've almost reached the end of the course after working hard to finish the various videos readings quizzes and exercises you've gained a solid understanding of the topics covered including penetration testing preventative tools and how to complete a penetration test in Azure now it's time to demonstrate the numerous skills you learn throughout this course by completing the course project where you will complete a testing strategy for the white box testing of a penetration test following this you will take on the final graded assessment this assessment will gauge your understanding of the course's objectives and your ability to identify the types and stages of penetration testing including the various roles and responsibilities of the blue and red teams identify security tools including virtual private networks and intrusion detection and prevention systems and your ability to discuss penetration testing in the Azure environment including configuring a test environment and the use cases of the command line interface and Powershell however before you take on the project and assessment let's pause for a moment to explore what you discovered on your Learning Journey doing so allows you to evaluate your comprehension of essential Concepts and identify any areas needing additional study before moving on you started this course with an ruction to penetration testing a powerful tool that goes beyond traditional security measures to assess the resilience of digital systems you learned about its critical stages including reconnaissance enumeration exploitation escalation and the final stage reporting and Remediation these stages form the foundation of effective penetration testing which can Encompass various methods including Network application and social engineering testing you then dived into intrusion detection and prevention systems often referred to as idps gaining insights into how these systems detect and prevent unauthorized access making your digital world safer you also explored network based idps host-based idps and wireless idps and discovered the critical components of an idps including sensors that collect network data and analyzers that analyze the collected data following this you learned how Azure firewall premium idps safeguards your Azure resources you now also understand the value of incident response plans which provide a structured approach to dealing with security incidents these plans outline the steps to take when identifying containing neutralizing recovering from and resolving security issues next you discovered that a well-designed firewall is a critical barrier that protects resources sources from threats while enabling secure traffic flow in Azure afterwards you dove into a variety of network topologies such as Hub and spoke virtual Network peering and Azure firewall with private endpoints you then moved on to VPN gateways and learned how a point to site VPN enables individual client computers to connect with a cloud-based virtual Network securely and even discovered how to set up your own VPN within Azure you followed this by gaining an understanding of the importance of vulnerability management which involves identifying assessing mitigating and managing security vulnerabilities within an organization this process includes vulnerability assessments to find weaknesses which involve several steps including vulnerability scanning vulnerability analysis categorizing vulnerabilities remediation strategies addressing vulnerabilities and continuous monitoring following this you explored penetration testing in azzure with a focus on the command line interface or as it's also called the CLI you learned how the CLI empowers you to perform in-depth penetration testing analysis Additionally you reviewed several crucial CLI tools used for penetration testing such as nmap Metasploit and wi shark you then witnessed a demonstration of Powershell and the CLI performing various penetration testing tasks including retrieving a list of resour ources available and viewing a list of virtual machines transitioning into the Azure environment you gained a deeper understanding of penetration testing specific to azure's architecture you also observed Azure system in action where it created a resource Group for a penetration test you then moved on to configuring Azure security settings for penetration testing and learned how Microsoft Defender for cloud is a cloud native security solution that monitors and protects resources hosted in Microsoft Azure furthermore you learned about the importance of web application testing and how Azure CLI and Azure Powershell Empower you to automate and streamline the testing process then you examined a web application penetration test in detail looking at its many stages methods employed and the displayed results before concluding the week a demonstration Illustrated the integration of penetration testing with Azure security Center underscoring the importance of aligning security measures with azure's robust security features it's important to remember that regular penetration testing coupled with effective remediation strategies is the Cornerstone of resilient web applications this concludes your review of what you learned in this course on cyber security tools and Technologies now that you have a solid knowledge base about cyber security tools and the various technological Concepts you are ready to dive into the course project and final assessment best of luck congratulations on reaching the end of this course when you started this course you probably had a limited understanding of what penetration testing is and the various stages it involves you also may not have been aware of the different tools and Technologies available to testers for completing penetration testing but now you should be aware of the methods used for testing an organization cyber security resilience this includes a particular focus on the Brilliance of azure and how it supports organizations around the world in their fight against cyber crime by learning about Azure and the variety of tools available you have equipped yourself with a knowledge to safeguard valuable infrastructure that operates in the digital realm through a mix of videos readings and exercises you have learned about important Concepts and how to apply them to a business environment you now have a solid understanding of penetration testing including how it's completed and the various stages involved involved preventative tools used in cyber security including Azure firewall premium intrusion detection and prevention system or idps VPN and Azure firewall you then dived into the command line and learned how penetration testers use it in their testing you even saw the command line and Powershell in action where you witnessed the completion of several administrative tasks used in penetration testing completing this course contributes towards gaining the cyber security analyst professional certificate from corsera the certificate not only helps to enhance your skills but also lays the groundwork for a career as a cyber security analyst it serves as proof of your job Readiness and can be shared with your Professional Network what's more the program helps you prepare for the exam sc900 Microsoft security compliance and identity fundamentals it has been meticulously aligned with the essential job skills necessary NE for cyber security analyst roles in each course you'll be able to consolidate what you have learned by completing an endof course project that simulates real world cyber security scenarios when you complete the professional certificate you'll have tangible examples to talk about in job interviews to round off your learning you'll take a mock exam that has been set up in a similar style to the industry recognized sc900 exam the sc900 exam me measures your ability to describe the following concepts of security compliance and identity capabilities of Microsoft Azure active directory which is part of the Microsoft entra capabilities of Microsoft Security Solutions and the capabilities of Microsoft compliance solutions to complete the exam you should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and identity strategies provide an end to end solution across these platforms visit the Microsoft certifications page at www.learn.cashtracking.com you've made great progress but your journey doesn't end here there's still much more for you to learn and discover the Microsoft cyber security analyst program offers a diverse selection of courses each tailored to develop specific skills and knowledge with topics like Security Administration compliance management and regulations and standards the program offers a comprehensive learning experience designed to provide you with key competencies across various Industries enrolling in another course is a great opportunity to expand your skill set and gain expertise in new and exciting areas of cyber security completing all the courses in the Microsoft cyber security analyst program will signal to potential employers that you are motivated capable and not afraid to learn new things your journey of Discovery has required a great deal of perseverance and you should take pride in how far you've come well done on your achievement and Newfound knowledge it has been a pleasure to accomp you on this path of exploration by now you understand that cyber criminals Target any organization big or small if their security posture is not robust they leverage security vulnerabilities to gain access to confidential and sensitive information therefore organizations must comply with changing laws and Industry standards to maintain security control and avoid any breaches this means becoming proactive and not only reactive by continuously monitoring and assessing devices Network works and systems to put measures in place that detect and mitigate data breach threats failing to do so can lead to penalties and mistrust between customers and stakeholders this course is designed to benefit anyone interested in cyber security whether you aspire to start a career in the field Advance your cyber security career or simply brush up on your skills you'll gain a thorough understanding of the different compliance and Industry standards to ensure you manage your cyber security with that in mind let's go over what your Learning Journey covers over the next coming weeks to begin you'll explore Security Administration specifically you'll learn about the principles of cloud security planning with security requirements such as the awareness of access authentication and authorization management you'll also learn about Disaster Recovery planning and data backup for information systems and services you'll explore the Azure Cloud adoption framework or CF how to design a security plan and data management and administration consisting of Microsoft's privacy principles this week concludes with maintaining the availability and continuity of azure here you'll discover Concepts including continuity planning and availability and resiliency in the following week you will explore compliance management with a focus on the importance of data and Records management you'll begin by investigating Microsoft perview a solution that unit data governance information protection risk management and compliance functionalities then compliance Frameworks and Records will give you the necessary insight into various management policies to maintain compliance you'll address data life cycle management data loss prevention information protection managing records and privacy as well as automated audits next you'll learn about Insider risk threat detection and mitigation and complete an exercise on how to use use Azure Security Solutions to detect and respond to threats Microsoft perview has a feature to monitor Communications and identify potentially harmful interactions such as negative or offensive language you'll realize you can Implement policies that monitor infractions like insider trading or Implement defensive strategies to determine further incidents furthermore you'll examine information protection and the data life cycle in more detail thereafter you'll comprehend that regulations are industry and geopolitical specific with a focus on Information Security Management act or isma next you learn about International Organization for standardization or ISO standards and how they relate to cyber security compliance at this stage you'll realize that the Azure blueprint can be leveraged to enforce compliance behaviors the week ends with more about control objectives for information and related Technologies or Coit specifically you'll learn about the fundamental ele elements and how to monitor change in the context of nist which is a National Institute of Standards and technology cobit and the Microsoft Azure audit program and finally you'll apply what you've learned by creating your own compliance strategy for the end of course project this will help you demonstrate your understanding of the key Concepts and the best practices for implementing and maintaining organizational compliance watch pause RND and re-watch the videos until you're confident in your skills then consolidate your knowledge by Consulting the course readings and measuring your understanding of key Topics by completing the different knowledge checks and quizzes this will prepare you to take the sc900 exam on Microsoft security compliance and identity fundamentals modern organizations run on robust but integrate systems with resources distributed across local and cloud services this means that operations must run smoothly even in the event of an unexpected outage this outage or failure will have an impact on the organization as well as the time taken to recover from it with the ever increasing Reliance on distributed systems it is more crucial than ever for technology dependent businesses to implement a robust Disaster Recovery plan establish effective data backup and practice secure electronic data disposal in this video you'll discover how a solution like Microsoft Azure can provide an Enterprise with Comprehensive Solutions in these domains azure's virtual desktop service employs business continuity and Disaster Recovery or bcdr strategies to safeguard customer metadata during outages the service infrastructure components can switch over to a backup system or secondary location to preserve operational continuity this is known as failover Azure offers a comprehensive range of bcdr services including aure backup and aure site recovery or ASR you'll explore the role these Solutions play in the bcdr process a bit later these services are cost effective secure and scalable ensuring data protection and application recovery with low recovery point and recovery time objectives azure's cloud-based structure promotes High availability and resilience enabling rapid recovery during disruptions or data corruption in anticipation of regional outages it's advisable to replicate personal virtual machines or VMS to a different Azure region as a secondary location to ensure uninterrupted user access in addition user identities need to be made accessible at the secondary location using methods such as profile containers an alternative to VM replication could be deploying multiple pooled host pools across regions these allow for multiple users to access the host VM at the same time when strategizing for potential outages it's essential to account for various aspects of your it infrastructure this might include include a virtual Network to maintain network connectivity using redundant connections or automated failover to a secondary Network virtual machines as you can replicate VMS or deploy non-persistent host pools across Azure regions to keep applications available and user and app data by using FX logic's profile containers to replicate data in a secondary location FS Logics is a solution for enhancing the user experience in Virtual desktop Computing environments you'll also want to consider user identities which can be managed by services like Azure active directory to remain available during outages and application dependencies as it is important to plan for line of business applications dependencies to fail over to the secondary location your Disaster Recovery strategy can be either active passive or active active based on resource allocation and cost considerations in an active active configuration all systems or locations are running and serving user traffic concurrently in contrast an active passive approach keeps the secondary Network on standby until it is needed for failover Azure site recovery facilities VM replication and failover allowing a range of options based on VM configuration next let's go over virtual machine replication a key element of Disaster Recovery this involves creating a copy of vm's data and state often in a different geographic location to keep applications running during an outage or disaster the Azure site recovery service facilitates this process supporting replication both between Azure regions and from on premises infrastructure to Azure you can customize your VM replication based on your needs and VM setup for instance you could replicate all VMS using ASR create a new host pool in the failover region or establish a host pool with VMS built in both primary and failover regions availability sets in Azure which are logical groupings of VMS are critical for maintaining application availability ensuring Wim resources are isolated to minimize the impact of Hardware or software failures ASR is easily managed via the Azure portal and is automatically updated with new features keeping your VM replication strategy up to date Azure provides robust services for data backup including Azure backup supporting various workloads like files virtual machines databases and more this service offers secure application consistent backups with encryption for data at rest and in transit backups are stored in a geographically distanced location enhancing protection against data loss from natural disasters or outages Azure emphasizes the importance of well-informed IT staff and users for efficient and secure operations to this end it provides a multitude ude of resources including Azure Knowledge Center an online resource that answers frequently asked questions Azure architecture Center which AIDS in the design and implementation of azure-based solutions by offering design patterns best practices and reference architectures and Azure blog which keeps users updated with Azure related news updates features and expert articles this video introduced you to the basics of Disaster Recovery planning effective data back and secure electronic data disposal which are critical tasks for any technology Reliant business you found that services like Microsoft Azure provide comprehensive Solutions in these areas including azure's virtual Desktop Service Azure backup and Azure site recovery the Azure platform also offers resources in various Azure topics all these features combined make Azure a reliable and secure platform for handling disaster recovery and data backup while also providing the necessary training and education for IT staff and users in today's datadriven world the security of information is of utmost importance with the Advent of cloud computing corporations are increasingly moving their operations online primary concerns around digital security are data security network security and physical security by the end of this video you'll have a comprehensive understanding of these aspects and Microsoft assures approach to securing its infrastructure let's start with how Azure ensures that data is protected and how it is disposed when no longer needed Microsoft Azure security policy strictly governs the access to customer data which is denied by default to operations and support Personnel data access is granted on a need to know basis following a just in time model under strictly audited policies aligned with compliance and privacy standards no user or administrator has default access to customer virtual machines and only the least privilege that's necessary is granted for tasks all Azure support Personnel are assigned unique active directory accounts managed by Microsoft information technology and multiactor authentication is required from secure consols for Access Azure provides robust data security implementing logical isolation for data segregation in its multi-tenant service which ensures separate storage of customer data and prevents unauthorized access customers can encrypt data at rest in Azure with Solutions such as Azure key Vault disk encryption and storage service encryption for intransit data protection Microsoft provides options such as virtual private networks transport layer security and protocols directly on Azure VMS along with encryption for all Azure traffic between data centers my Microsoft also ensures data redundancy with three different storage options these are locally redundant storage or lrs which replicates data three times synchronously in a single physical location in the primary region Zone redundant storage or zrs which distributes copies across three Azure availability zones in the primary region and Geo redundant storage or GRS which applies lrs and then duplicates these copies in a secondary region in a geographically distant location when data is deleted or a contract is terminated Microsoft adheres to strict standards for data deletion and physical Hardware destruction Microsoft does not claim ownership over customer data and does not monitor the data stored on Azure lastly for ecovery Azure customers are responsible for their data preservation and can request exports from Azure customer support Microsoft employs nist 880 8 compliant procedures and a wiping solution for data bearing Services nist 888 is a set of guidelines that specify how to adequately remove data from storage media if a hard drive cannot be wiped it under goes a destruction process such as disintegration shredding pulverization or incineration which makes data recovery impossible the disposal method is selected based on the asset type and all records of Destruction are retained at the end of A System's life cycle Microsoft adheres to similar rigorous data handling and Hardware disposal procedures to prevent your data from falling into untrusted hands a secure eraser method is utilized for compatible hard drives while those that cannot be wiped undergo a similar destruction process next let's move on to the Azure approach for network security the Azure Network architecture which is instrumental in providing connectivity from the internet interet to Azure data centers is used across all workloads deployed on Azure including IAS pass and SAS it consists of four main components The Edge Network which serves as a demarcation point between Microsoft and other networks enabling internet and express route peering into Azure the wide area network a globally spanning backbone Network that links Azure regions the regional gateways Network a point of aggregation for all data centers within an Azure region providing High interdata Center connectivity and the data center Network offering connectivity between servers within the data center this network is built with redundancy at all levels to ensure maximum availability from physical Hardware to control protocols as a modified version of a multi-stage circuit switching Network more commonly known as a clause Network the data center Network minimizes the impact of of individual Hardware failures and environmental events it utilizes OSI model layer 3 routing to eliminate traffic loops and employs equal cost multipath or ecmp routing for high redundancy and bandwidth finally let's discuss the physical measures implemented by Microsoft to safeguard data at its data centers a dedicated division manages these facilities utilizing a multi-layered approach to deter unauthorized physical access to data and data center resources security protocols include previsit access request and approval based on valid business justification visitor access controls with temporary Badges and constant escorts for visitors additional measures include perimeters with tall fences surveillance cameras and security patrols entry is monitored by train security officers while inside the building two Factor authentication with Biometrics and stringent access restrictions to approved areas are enforced the data center floor itself is subject to full body metal detection screenings and video surveillance with strict controls on device authorization to prevent unauthorized data transfer these measures ensure the highest levels of security at all times and are the ultimate expression of the defense in-depth Concepts in this video you learned how Microsoft Azure applies a comprehensive multifaceted approach to security it ensures data security by strictly controlling and auditing access implementing logical isolation for data segregation and offering extensive encryption capabilities for data add rest and in transit data disposal procedures comply with nist 888 and the maintenance of rigorous data handling and Hardware disposal standards which Safeguard against data breaches from obsolete Hardware the network security is upheld through a well structured and resilient Network architecture designed for Optimal Performance and safety and azures physical security features stringent Access Control protocols secure facility parameters rigorous surveillance and preventative measures against unauthorized data transfer these measures collectively exemplify Microsoft azure's commitment to safeguarding its client data integrity and Trust in the increasingly data Centric World in an age where data is a commodity Enterprise rely on multiple applications to manage process and analyze vast amounts of information however such Arrangements can open doors to potential vulnerabilities and threats that can wreak havoc on an organization fortunately awareness of the dangers and taking steps to protect against them can greatly improve your organization Security in this video you'll identify common vulnerabilities and threats to Enterprise applications become familiar with the fundamentals of application security and explore the security risks associated with Enterprise application integration or eai this is the practice of connecting Standalone applications to share data and work together to automate certain workflows it is a critical aspect of modern-day businesses responsible for ensuring that various applications within an organization work in harmony however it comes with a set of vulnerabilities and threats understanding the vulnerabilities and threats that Enterprise applications face is a first step in securing them let's identify a few of them data breaches are a common outcome of attackers targeting sensitive data transmitted between applications in a man-in-the-middle attack an attacker secretly intercepts and potentially Alters the communication between two parties denial of service or dos is an attack in which the perpetrator seeks to make a network resource unavailable by overwhelming it with traffic and malware and ransomware attacks involve malicious software that infiltrates networks sometimes encrypting data and demanding ransom for its release but dangers are un limited to direct attacks as there are also problems related to insecure configurations these include API vulnerabilities as poorly secured apis can be exploited to gain unauthorized access to data inadequate authentication and authorization which allow unauthorized users to access sensitive data and authenticated users to access more data than required and SQL injection which refers to attackers manipulating and insecure applications SQL queries to gain unauthorized access to a database there is also cross-site scripting or xss which occurs when an attacker indexs malicious scripts into web pages viewed by other users compromising their interaction with the application a security misconfiguration is when applications and systems are not configured correctly leaving the organization susceptible to attacks and finally you have data exposure meaning that sensitive data like passwords financial information or personal data if not properly encrypted can be exposed to unauthorized parties to mitigate the threats that Enterprise applications face there are fundamental security practices that organizations should adopt implementation of robust authentication and authorization mechanisms ensures that users can only access data and resources that are necessary for their roles applying the principle of lease privilege gives users only the Privileges they need and reduces the risk of unauthorized data access while input validation validates and sanitizes all user inputs to prevent injection attacks having a secure configuration means regularly updating and securely configuring all elements of the application ecosystem including firewalls routers and the applications themselves encryption of sensitive data both in transit and addressed ensures that even access data is unreadable monitoring and logging means continuously observing Network and application activities detailed logs should be maintained for future analysis in case of an incident regular audit should be conducted to assess vulnerabilities and patches and updates are best applied promptly adopting secure coding practices minimize vulnerabilities in application software and having a well-drafted incident response plan ensures that the organization can promptly and effectively address any security issues that arise lastly integrating applications increases the complexity of the system and inadvertently the attack surface let's examine some risks specifically associated with applications integration for one more applications mean a more complex Network which can make it more difficult to maintain security dependency risks involve integrated applications that depend on each other a vulnerability in one application May propagate through the system applications integration usually involves aggregation of data from various sources if an attacker gains access to the integration layer they may have access to a gold mine of sensitive information and because middleware is often employed for integration vulnerabilities in middleware can expose the entire integrated environment in this video you found that Enterprise application integration can enhance organizational efficiency but its intricate nature also makes it vulnerable to numerous security threats proactive identification of common vulnerabilities such as data breaches API weaknesses and SQL injections coupled with implementation of security fundamentals including robust authentication encryption and regular audits can fortify the Enterprise against these strats by fostering a culture of security vigilance and continual adaptation to emerging threats businesses can harness the immense benefits of application integration while ensuring the integrity and security of their critical data and systems as the digital footprint of Enterprises expands so does the necessity for Vigilant Security measures an essential component of cyber security is log collection analysis and retention these tasks are important for detecting and investigating suspicious activity identifying patterns of behavior that may signify a security breach and supporting incident response furthermore maintaining logs ensures compliance with industry regulations and AIDS in system system troubleshooting and proactive security enhancements Microsoft Azure a renowned cloud computing platform offers extensive features for managing security logs in this video you'll explore how Azure handles security log collection and Analysis discuss techniques for using Azure for log retention and delve into managing thirdparty vender security and compliance security log collection and Analysis is a critical component of assur security that accumulates and scrutinizes logs for suspicious activity or security anomalies let's explore the tools in Azure that makes this possible Azure monitor empowers users to collect analyze and act on Telemetry data from cloud and on premises environments and then produce logs it allows ingestion of data from sources like application logs Windows event logs and Azure activity logs Azure monitor logs is a feature that stores and analyzes log data providing insights and allowing for troubleshooting issues and understanding Trends over time Azure Sentinel is Microsoft's Cloud native security information and event management or Sim service it combines security logs and events across the Enterprise environment leveraging the scalability and power of azure to detect analyze and mitigate security threats in real time log analytics workspaces are containers that collate data from Azure monitor logs they allow users to consolidate large volumes of data allowing for advanced searches and applying machine learning algorithms to Aid in detecting threats now that you know about the services used to log and analyze data let's go over the steps and configurations for retaining security logs in Azure to retain logs you'll need to enable and configure diagonostic settings on the Azure resource our es this will allow you to stream log data to different destinations such as log analytics workspaces Azure storage accounts or event hubs you'll also need to create a log analytics workspace within Azure monitor to store the logs collected this workspace will serve as the centralized repository for your log data Azure allows you to set data retention policies for your logs you can Define the duration for retaining the log data in your work space which can range from a few days to several years finally you should Implement Azure policies to enforce consistent monitoring and log retention settings across your resources this ensures uniformity in log collection practices within your organization you should know that thirdparty vendors can introduce security risks into your Azure environment managing their security and compliance is vital and can be done by standardizing a few practices conduct a comprehensive risk assessment before engaging with vendors evaluate the vendor security practices and ensure they align with your organization's standards Implement role-based access control or arbac to Grant minimal necessary permissions to thirdparty vendors arbac ensures that vendors have access only to the resources they require reducing the risk of unauthorized access use Azure Monitor and Azure Sentinel to keep an eye on vendor activities within your environment setting up alerts for abnormal or suspicious activities can help in early detection of security incidents verify that the thirdparty vendors adhere to the compliant standards and regulations that are pertinent to your industry use Azure compliance manager to assess and manage compliance across your Azure environment periodically review and audit the security practices of thirdparty vendors ensure that they are m maintaining high security standards and complying with regulations use Azure private link to ensure that the traffic between Azure services and users is kept on the Microsoft network this can reduce exposure to threats and secure thirdparty interactions with your Azure environment ensure that any data shared with or handled by thirdparty vendors is encrypted both in transit and address using Azure key Vault for managing encryption keys and secrets can enhance security collaborate with thirdparty vendors to establish a well-defined incident response plan this plan should detail how to react swiftly and efficiently in the event of a security breach or any other incidents and finally ensure that all security requirements and obligations are clearly stated in contractual agreements with thirdparty vendors this should include compliance requirements data handling policies and responsibility in case of a security breach in this video you found out why log collection analysis and retention are imperative for maintaining a secure and compliant environment Azure offers robust tools like Azure monitor logs and Azure Sentinel for collecting and analyzing security logs by configuring retention policies archiving data and employing backup strategies Enterprises can effectively use Azure for log retention however as businesses often rely on thirdparty vendors it is critical to manage their security and compliance diligently Azure features such as arbac Azure policy and compliance manager can help in setting the proper access controls and ensuring compliance conducting vendor risk assessments encrypting data and having an incident response plan are essential measures moreover defining clear security obligations in contractual agreements with thirdparty vendors is a must up to now you've been made aware of Microsoft azure's capabilities as a comprehensive cloud computing solution this covers critical needs such as disaster preparation and Recovery secure application integration and handling security logs but what are the technologies that make all this possible in this video you'll become familiar with a range of azure Security Services tailored for today's businesses these include Azure front door which optimizes and secures Global web applications Azure private link ensuring private access to Azure Services Azure key Vault for safeguarding cryptographic keys and certificates Azure application Gateway for web traffic balancing and protection and Azure policy for managing security policies over resources together these tools bolster the security framework of azure-based infrastructures now let's explore each of them one at a time in Greater depth Azure front door is an essential component of Microsoft's Global Edge Network serving as an application delivery Network or ADN that offers layer 7 load balancing capabilities for web applications as a scalable and secure entry point Azure front door uses Dynamic site acceleration or DSA to improve performance of dynamic websites and Global load balancing to achieve near realtime failover combined with a split TCP based anycast protocol this ensures Superior application performance and Rapid delivery of global web applications intelligent Health probe monitoring for backend resources ensures the availability and reliability of applications while URL path-based routing directs requests efficiently and supports the hosting of multiple websites Azure front door also features cookie based based session affinity and web application firewall alongside endtoend transport layer security or TLS for secure communication security being an indispensable aspect of any web application is prominently addressed in assure front door dos protection is incorporated to safeguard against distributed denial of service attacks additionally web application firewall policies can be used in conjunction with Azure fror to provide Global protection for inbound HTTP or https connections across Azure regions it's also recommended to configure Azure friendor with operational excellence in Mind by ensuring that traffic is re-encrypted for secure communication to the backend as a global Service Azure friendor is not limited to a specific Azure region thereby serving as a high availability solution for organizations seeking a globally scalable application infrastructure azure private link offers a secure way to access Azure pass services and services hosted in Azure over a private endpoint in your virtual Network eliminating exposure to the public internet traffic between your virtual Network and the service travels over the Microsoft backbone Network which provides a robust secure connection when private link is enabled on Azure front door premium a private endpoint is created upon approval the private link connection is established and a private IP address is assigned from the Azure front door managed virtual Network the establishment of this private link ensures that incoming traffic to your origin is secured when arriving at your azour front door Azure key Vault offers a secure cloud-based storage system for cryptographic Keys certificates and other sensitive data it enables organizations to tightly control access to such data and maintain its confidentiality and integrity security features include Network restrictions allowing specific IP addresses to access the walls aure private link service integration and TLS and https protocols to ensure secure authenticated and authorized communication organizations should ensure application accessing the key VA service run on a platform that supports TLS 1.2 or a reason wor for optimal security Azure application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications security features include a web application firewall which provides centralized protection of your web applications from common exploits and vulnerabilities it also allows secure sockets layer or SSL termination at the Gateway reducing the load on internal servers and improving application performance Azure policy is a service in Azure that you use to create assign and manage policies these policies enforce different rules and effects over your resources helping you maintain corporate standards and service compliance Azure policies can control properties such as locations tags Azure resources and much more for instance you can enforce a policy that only allows the creation of storage accounts with secure transfer enabled enhancing data security Azure policy is also integrated with Azure security Center and Azure advisor offering additional insights and recommendations for resource Security in this video you became aware of Microsoft azures assortments of robust reliable and flexible Security Services that help businesses Safeguard their Cloud environments Azure front door Azure private link Azure key Vault Azure application Gateway and Azure policy offer a comprehensive toolkit for a secure infrastructure protecting sensitive data and applications in today's ever evolving threat landscape harnessing the power of these Services is imperative for any organization seeking to maintain the security and integrity of their cloud deployments in the constantly evolving landscape of modern Enterprise organizations are steadily embracing the cloud as an Avenue for Innovation scalability and efficiency Azure Cloud adoption framework or calf emerges as an integral part of this journey aiding businesses to navigate the cloud adoption life cycle skillfully in this video you'll explore Azure CF as well as best practices for planning design identity and access management you'll further learn about the integration of azure into an existing it environment Azure C is an all-encompassing framework that consolidates best practices documentation and tools it Fosters an environment where Cloud Architects it professionals and business decision makers can effectively achieve their Cloud adoption objectives Azure CF is a comprehensive approach that encompasses a spectrum of methodologies it uses the following methodologies to support organizations throughout the cloud adoption life cycle manage govern and organize essentially it combines the wisdom of Microsoft partners and customers to provide tools guidance and narratives that shape strategy plan ready migrate innovate and secure technology business and people strategies this contributes to delivering optimal business outcomes through Cloud adoption let's explore the cloud adoption framework life cycle a bit further the Microsoft cloud adoption framework for Azure is designed to support organizations through the entire life cycle of cloud adoption through a range of methodologies each methodology is aimed at addressing specific aspects of the cloud adoption journey and helps organizations overcome common challenges here is an overview of the life cycle covering the following nine phases strategy focuses on defining the business justification for adopting client Technologies this involves understanding the business objectives and determining the expected outcomes of cloud adoption plan involves developing actionable adoption plans that are aligned with business outcomes this might include creating a timeline defining resource requirements and identifying the key Milestones ready is a phase where the organization prepares the cloud environment for the plan changes this includes setting up the required infrastructure and ensuring that the cloud environment is configured according to the organization's requirements migrate is where the organization begins migrating and modernizing existing workloads to the cloud it includes the actual movement of data applications and other elements from the on premises environment to the cloud innovate follows the migration face and shifts Focus to developing new Cloud native or hybrid Solutions next is secure and as you know security is is an ongoing process this phase focuses on continuously improving security measures to protect data and applications in the cloud environment manage involves managing the operations for cloud and hybrid Solutions it specifically includes monitoring Performance Management and ensuring that the cloud environment is running efficiently govern is about implementing policies and controls to manage and monitor Cloud resources effectively and finally organize allows the organization to align teams and roles supporting Cloud adoption efforts such as ensuring clear communication and well- defined roles and responsibilities the development life cycle also plays an important role particularly when it comes to adopting Cloud Technologies it encompasses considerations and recommendations for repository strategies brand strategies automated bills deployments and roll backs during automatic Landing Zone creation note that in this context a roll back strategy during automatic Landing Zone creation means having a plan to revert The Landing zone to its previous state if there are issues during its automatic creation for example adopting a version control system like git is recommended for flexibility in code sharing and management the cloud adoption framework brings together best practices documentation tools and assessment ments to enable a structured approach to Cloud adoption this helps organizations in better aligning their business and Technical strategies ensuring success in their Cloud adoption Journey one critical area in Cloud adoption is planning and design it's always a good idea to follow best practices to ensure success in these areas calf provides best practices and formulating strategies planning actionable adoption preparing cloud envir ments migrating existing workloads developing new Solutions security Improvement management of cloud and hybrid Solutions governance and organization it's important to Define business justification and expected outcomes additionally prepare the cloud environment to accommodate planned changes by setting up management security governance tools and putting operational compliance policies in place organizations must must establish a landing Zone that incorporates security governance and compliance furthermore they should be ready to migrate and modernize existing workloads while innovating through developing new Cloud native or hybrid Solutions this ensures sustainability of the adopted Cloud architecture you're familiar with identity and access management or IM am using I IM in the Azure CF establishes a foundation for managing identity and access at its core IIM ensures that only authorized individuals can access the right resources at the right time for the right reasons this is achieved through identity authentication and authorization controls IM am also acts as boundary Security in the public Cloud Azure active directory or Azure ad is at the heart of identity management and provides a base level of access control and identity management for Azure resources the level of integration with an existing on premises identity infrastructure can be achieved through options like directory synchronization and active directory Federation services so what are the considerations when integrating Azure into an existing it environment well first consider the identity integration requirements these requirements hinge on factors such as the complexity of the organization's on premises active directory infrastructure and the necessity for a consistent set of identities groups and roles between on premises and Cloud environments additionally support for applications that depend on Legacy authentication mechanisms might necessitate deploying active directory domain services in the cloud the integration process should be iterative allowing for gradual refinement and maturation of the cloud identity solution in this video you learn that Azure Cloud adoption framework plays a vital role in ensuring a smooth and effective Cloud adoption process you also learned about best practices to help align Business and Technology strategies specifically planning and design and identity and access management are critical components you then conclude it with the integration of azure into an existing it environment security is a critical aspect of any Cloud adoption journey and the Microsoft cloud adoption framework or CF for Azure provides a comprehensive approach to address security considerations as organizations embrace the cloud they must ensure that their data applications and infrastructure are protected from potential threats the Microsoft cloud adoption framework or calf offers a structured methodology to guide organizations in implementing security measures that align with their business goals and objectives in this video you'll explore five key points of security in the Azure calf this includes access control with a zero trust approach security operations focusing on detection including response and Recovery asset protection strategies security governance for maintaining a consistent security posture and Innovative security practices that align with operational practices let's begin with Access Control utilizing a zero trust approach in the Azure calf Access Control plays a critical role in ensuring the security and integrity of cloud resources and services by utilizing the zero trust model the framework promotes a more rigorous approach to security by operating on the assumption that threats can exist both outside and within an organization's Network this means that trust is never assumed and verification is required from everyone trying to access resources in the network regardless of whether they are within an organization's parameter or not the principles of zero trust include assuming a breach is always possible it explicitly verifies the identity and context of the user or device requesting access and adheres to the principle of least privilege to perform their functions this approach coincides with robust authentication mechanisms which may include multiactor authentication and stringent authorization policies that Define what actions users can perform with the accessible data by doing so the zero trust model in azour CF adds security layers that minimize the risk of unauthorized access and data breaches this creates a more resilient and secure Cloud environment let's examine security operations involving detection response and Recovery effective security operations are crucial for identifying mitigating and recovering from security incidents in the cloud the Azure calf emphasizes the importance of detection response and Recovery capabilities organizations should Implement robust monitoring systems leverage threat intelligence establish incident response plans to detect security threats respond promptly to incidents and recover their systems to a secure state by adopting proactive security operations practices organizations begin to minimize the impact of security breaches and maintain the Integrity of their Cloud environment this begins with security operations or secops culture seops performed by Engineers are considered the most valuable Assets Now seops culture emphasizes the integration of security operations with an organization's mission and goals there are three key cultural elements that form the foundation of an effective seops culture the first is Mission alignment security operations should always have a clear understanding of how their work connects to the overall organization's mission and goals next is continuous learning security operations involves detailed work with constant changes because attackers are creative and persistent it's critical to continuously learn and work to automate highly repetitive or highly manual tasks these types of tasks can quickly wear down morale and team effectiveness ensure that the culture rewards learning finding and fixing these pain points finally there's teamwork working alone with security operations isn't effective nor efficient nobody is as smart as the whole team together teamwork also makes a high pressure working environment more enjoyable and productive it's important that everyone support each other learn from one another share insights and coordinate and check each other's work next is asset protection which involves implementing strategies and measures to safeguard critical Assets in the cloud organizations must identify their valuable data applications and infrastructure components and Implement appropriate security controls to protect them from unauthorized access data breaches and other security risks this includes implementing encryption data classification and data loss prevention mechanisms by prior prizing asset protection organizations reduce the risk of data loss ensure compliance with regulatory requirements and maintain the confidentiality integrity and availability of their resources the Microsoft cloud adoption framework emphasizes the need for organizations to establish clear security policies procedures and controls to comply with security standards and regulatory requirements so how do you maintain a consistent security post posture well security governance is essential for maintaining a consistent and upto-date security posture in the cloud by regularly assessing the security posture conducting Audits and implementing security best practices organizations can mitigate risks address vulnerabilities and maintain a strong security posture throughout their Cloud adoption Journey Innovation is a driving force in the cloud environment and security must align with all operational practices to ensure effective protection the Microsoft cloud adoption framework recognizes the importance of integrating security with devops practices also referred to as Dev SEC Ops it's important to align security approaches with operational processes by embedding security controls and considerations into the development and deployment pipelines organizations can foster a culture of security and enable continuous security improvements this approach allows organizations to balance security requirements with business enablement goals and drive innovation without compromising on security in this video you learned about the five key points of security in the Azure Cloud adoption framework this includes access control with a zero trust approach security operations focusing on detection with response and Recovery asset protection strategies security governance for maintaining a consistent security posture and Innovative security practices that align with operational practices You Now understand that security is a critical aspect of any Cloud adoption journey and the Microsoft cloud adoption framework for Azure provides a comprehensive approach to address security considerations in an age where data breaches and cyber attacks are rampant data privacy is of Paramount importance as a technology leader Microsoft employs six governing princi principles for managing data to ensure that privacy is respected these are control transparency security legal protections no content-based targeting and benefits for the customer in this video you'll be introduced to each of these principles and discover how together they serve as a road map for best practices in administering and managing customer data let's start with control control as a principle puts the power in the hands of the users Microsoft gives users the ability to manage data collection and usage this includes data localization which means deciding where data resides and access control which allows users to determine who can access it empowering users to have control over their data is essential in establishing trust and ensuring that data handling is aligned with user preferences your control is reinforced by Microsoft compliance with broadly applicable privacy laws and privacy standards transparency is vital in enabling users to make informed decisions regarding their data Microsoft upholds this principle by keeping users well informed about how their data is collected processed and shared reports are published on government requests for data and resources are available for users to learn more about Microsoft's privacy practices transparent operations allow users to be cognizant of how their data is utilized which is crucial for building trust with the growing presence of cyber threats strong security is more important than ever Microsoft employs robust security measures such as encryption and firewalls to protect customer data moreover their security development life cycle or sdl ensures continuous evaluation and enhancement of security features sdl refers to a set of 12 practices that help organizations stay compliant with regulations and meet security Assurance standards these practices are providing training defining security requirements defining metrics and compliance reporting performing threat modeling establishing design requirements and defining and using cryptography standards businesses should also manage the security risk of thirdparty compon components use approved tools perform static analysis security testing perform Dynamic analysis security testing perform penetration testing and establish a standard incident response process by prioritizing security Microsoft minimizes the risk of data breaches and unauthorized access hence safeguarding the integrity and confidentiality of customer data state-of-the-art encryption protects your data both add rest and in transit and encryption protocols erect barriers against unauthorized access to the data this includes two or more independent encryption layers to protect against compromises of any one layer all Microsoft managed encryption keys are secured and work with Azure key Vault to help you control access to passwords encryption keys and other Secrets Microsoft upholds local privacy laws and advocates for the legal protection of privacy as a basic human right they Safeguard user data through meticulously outlined response policies established processes and strong contractual commitments resorting to legal recourse when necessary Microsoft maintains that all government requests for user data should be directed towards the user they do not provide any government with direct or unrestricted access to customer data nor do they disclose close data to a government or law enforcement agency unless directed by the user or required by law when user data is requested the user is promptly informed and given a copy of the request unless legally prohibited Microsoft pledges not to use data for advertising purposes and restricts disclosure to government agencies this is crucial in an era where content-based targeting is a common practice businesses must make a similar commit m not to exploit customer data for purposes that haven't been explicitly agreed upon Microsoft does not engage in using email chat files or other personal content for the purpose of targeting advertising Microsoft does not share user data with Advertiser supported Services nor do they mine the data for any purposes such as marketing research or advertising when Microsoft does collect data it's used to benefit customers and make their experiences better for example data may be gathered for troubleshooting for the prevention detection and repairing of problems affecting operations of services Improvement of features including increasing reliability and protection of services and data and providing better customer experiences in this video you were introduced to the six governing principles that Microsoft adheres to for data management these are control transparency security legal protections no content-based targeting and benefits for the customer so what is the result of these principles it means that users are empowered trust is built data is secured with encryption and firewalls user rights are upheld privacy is respected and users gain a better service experience collectively these principles form a robust framework that sets a high standard for data privacy and should Inspire businesses to adopt similar practices for a more secure and privacy conscious ecosystem in today's digital age data security and compliance are at the heart of any organization's operations as businesses increasingly turn to cloud services for a range of functionalities the need for Reliable and secure platforms is Paramount one such platform is a Microsoft service trust portal or STP a comprehensive resource providing tools and content to ensure the security and compliance of Microsoft's cloud services in this video you will be introduced to the users privacy tools the compliance manager and Industry and Regional information features of the service trust portal let's start with a brief overview you can access the portal by logging in with your Microsoft cloud services account and accepting a non-disclosure agreement once inside you can explore various sections in including certifications regulations and standards reports white papers and artifacts industry and Regional resources and resources for your organization the portal contains a comprehensive document library that you can filter Based on data and cloud service it also allows for the saving of relevant documents to a personal library and provides notifications for updates to cater to a global audience the portals supports multiple languages and encourages users to provide feedback continually aiming to enhance the user experience now let's explore the uses of the service trust portal the service trust portal true to its name Fosters trust by enabling transparency and control over data and its security one of the Portal's main uses is offering access to a wide array of audit reports and white papers which can help in understanding the security and compliance mechanisms in in place these resources also extend to Microsoft's range of products such as Azure Microsoft 365 Dynamics 365 and windows Additionally the portal assists organizations in keeping up with the evolving regulatory landscape with sections dedicated to regulations and standards it provides a readily accessible repository of documents related to Industry and Regional compliance requirements one of the standout features of the service trust portal is is its focus on privacy and compliance Microsoft has made a commitment to data privacy as part of its core values to achieve this the service trust portal includes a newly introduced privacy area that offers guidance on responding to personal data breaches and tools for handling data subject requests notably the data subject requests or DSR section helps you to locate export and erase data across Microsoft's cloud services this this is crucial for organizations looking to comply with regulations such as a general data protection regulation or gdpr which place significant emphasis on individuals rights to control their data Additionally the portal offers data protection impact assessments or dpas providing the information needed to create dpas that evaluate data protection risks associated with various data processing activities another instrumental component of the service trust portal is the compliance manager this feature measures and assists you in tracking your progress in completing compliance activities especially relevant in the context of gdpr compliance manager is equipped with tools and assessments that are integrated into the updated gdpr detailed assessment toolkit this proves invaluable for organizations aiming to maintain a high standard of compliance with complex regulations another crucial aspect is how the the service trust portal includes information specific to different Industries and regions this is significant because regulations and compliance requirements can vary based on industry and location having access to tailored information ensures that you can remain compliant with the specific requirements that pertain to your industry or region this section includes documents that apply to the following Industries and Regions Financial Services containing resources elaborating Reg Regulatory Compliance guidance by country or Region Healthcare and Life Sciences detailing capabilities offered by Microsoft for the healthcare industry media and entertainment containing media and entertainment industry resources United States government providing resources exclusively for US Government customers and Regional resources containing documents describing compliance of Microsoft's online services with various Regional policies and regulations in this video you learn that the Microsoft service trust portal stands as an indispensable Ally for organizations seeking to bolster their data security and compliance measures in the era of cloud services with its many resources including audit reports white papers and Industry and region specific information it paves the way for enhanced transparency and control over data the addition of specialized tools such as the compliance management helped to facilitate adherence to regulations like gdpr the service trust portal helps to safeguard user data and Foster a culture of trust and compliance in an increasingly interconnected world in the modern business landscape where digital transformation and Cloud adoption are at the Forefront security remains a Paramount concern with the rapid acceleration of cloud technology the potential attack surface for cyber threats has expanded necess fac itting the development of advanced security mechanisms one such mechanism is cloud security posture management or CPM a fundamental element Incorporated within Microsoft Defender for cloud in this video you'll delve into the main features of cspm and its integration with Microsoft Defender for cloud let's begin with a brief overview cspm is a security solution focused on maintaining and enhancing cloud environment security through continuous assessment monitoring and automation it provides insights into the existing security status giving guidance on how to improve and maintain secure Cloud configurations cspm has gained prominence for its ability to mitigate risks and maintain compliance by managing security policies and detecting configuration drifts Microsoft Defender for cloud integrates cspm as a fundamental component Defender for cloud evaluates resources subscriptions and organizations for security issues and represents the security posture through a secure score where a higher score indicates a lower risk level cspm in defend of a cloud features both foundational and optional enhancements foundational capabilities include security recommendations asset inventory and secure score the optional enhancements include attack path analysis Cloud security Explorer Advanced threat hunting and security governance capabilities among others while the foundational cspm capabilities are free optional features are part of the defender cspm plan that incurs charges for servers databases and storage resources now that you've had an overview of cspm let's explore how it integrates with Microsoft Defender for cloud in more detail mic Microsoft Defender for cloud is a unified Cloud native application protection platform offering extensive security for multicloud and hybrid environments it ensures unified visibility of security posture across multiple cloud services and provides realtime access to critical risks and context aware Cloud security by integrating CPM Defender for cloud enables continuous assessments of multicloud environments it monitors security postures with secure scores and provides visibility and contextual insights Additionally the integration helps in conducting proactive attack path analysis managing security policies and implementing security governance Defender for cloud uses the policies to periodically analyze the compliant status of your resources to identify potential security misconfigurations and weaknesses it then provides you with recommendations on how to remediate those issues recommendations are the result of assessing your resources against relevant policies and identifying resources that don't meet your defined requirements Defender for cloud makes its security recommendations based on your chosen initiatives recommendations are actions for you to take to secure and Harden your resources each recommendation provides you with the following information a brief description of the issue the remediation steps to carry out to implement the recommendation and the affected resources Defender for cloud cspm is also equipped with agentless and agent-based vulnerability scanning which is crucial for identifying vulnerabilities in Cloud resources without requiring agents to be installed additionally prioritized security alerts and automated workflows enable quick detection and resp response to threats another area where this integration is particularly beneficial is devops through Defender for cloud cspm organizations can enable governance for devops related recommendations by activating the defender cspm plan on the azzure subscription hosting the devops connector this ensures centralized insights for multi-pipeline and multicloud devops thereby improving application development Security in this video you learned how the integration of cspm in Microsoft Defender for cloud provides an Innovative approach to fortifying Cloud Security in today's digitally driven business environment through continuous monitoring assessments and compliance evaluations cspm equips organizations with the tools necessary for maintaining secure Cloud configurations and responding swiftly to vulnerabilities Microsoft Defender for clouds integration with csbm ensures a more cohesive context aware security platform across multicloud and hybrid ecosystems moreover by providing actionable recommendations and offering both agentless and agent-based vulnerability scanning it facilitates a more proactive stance in security governance particularly the integration contribution to securing devops highlights its indispensability in safeguarding not just the present but also the future of cloud computing in an age where cloud computing is revolutionizing the way organizations operate resource governance plays an essential role in ensuring efficient and secure management of cloud resources Microsoft Azure offers a suite of governance capabilities that Empower organizations to maintain control over their resources and applications in this video you'll learn about resource governance in Azure and explore Azure policy Azure Blueprints and Microsoft perview let's begin by examining assure governance which encompasses a range of services and components that help you control and manage your Cloud resources efficiently understanding and implementing these capabilities are prerequisites for maintaining the health and security of cloud infrastructure with azure's Advanced set of governance capabilities you can Implement effective Resource Management strategies through components like Azure management groups Azure policy Azure blue blueprints Azure resource graph and cost management additionally for applications involving containers and services Azure service fabric enables resource governance to ensure Fair allocation of resources among Services next let's explore Azure policy which is a pivotal component in resource governance that enables policy enforcement throughout the Azure environment through Azure policy you can Define policies for resources and uring compliance with corporate standards and regulatory requirements for example you can set policies to ensure that virtual machines comply with specific configurations or that database Services enforce a certain level of security the Azure policy service allows you to assess the compliance state of your resources and take corrective actions when resources are non-compliant it evaluates the properties of resources in Azure and Arc enabled resources against business rules these rules described in Json format can be grouped into policy definitions or initiatives and assigned to different Scopes like management groups subscriptions or individual resources Azure policy continuously evaluates resources and can automate responses to non-compliance such as denying changes or deploying compliant resources while aszure policy focuses on resource compliance Azure role-based access control or arbac manage es user permissions and actions both should be used in tandem for comprehensive control and governance in Azure now let's examine Azure blueprints which aims to streamline the process of setting up governed environments Azure blueprints is a service that enables you to define a repeatable set of azure Resources with specific configurations and policies it enables the orchestration of resource deployments and configurations in a compliant and scalable manner you can create templates that include resource groups permissions policies and more to ensure consistency and compliance across multiple environments it enables development teams to swiftly provision new environments while ensuring adherence to organizational compliance requirements blueprints incorporate various components such as role assignments policy assignments Azure resource manager or armm templates and resource groups and replicates them across multiple Azure regions for low latency and high availability in addition Azure blueprints preserves the relationship between blueprint definitions and assignments facilitating better tracking and auditing of deployments while Azure blueprints ensures compliant deployment Azure policy is recommended for continuous monitoring of resources to maintain compliance finally let's explore Microsoft perview which is a comprehensive data governance service that enables you to manage and secure data across on premises multicloud and software as a service or SAS environments it enables the creation of a data map through automated Discovery sensitive data classification and tracking of data lineage the purview data catalog facilitates data Discovery by employing filters such as glossery terms sensitivity labels and classifications additionally data estate insights provide an overview of the data landscape enabling data and security officers to monitor sensitive data and its movement perview also features data sharing capabilities and access policy management for regulating access to various Data Systems in this video you learned how Microsoft Azure offers a powerful Suite of governance tools Azure policy Azure Blueprints and Microsoft perview which are integral in the modern cloud computing landscape Azure policy ensures compliance through continuous evaluation of resources against organizational standards while Azure blueprint facilitates streamlined and compant deployment of azure resources Microsoft perview on the other hand provides robust data governance by helping you map manage and secure data across various environments together these tools enable you to make maintain efficient secure and compliant management of cloud resources which is crucial for realizing the full potential of cloud computing have you witnessed a business suffering downtime after an unforeseen Cyber attack compromising its functions and services in a technology dependent world with cyber crime constantly evolving ensuring that systems and services remain accessible and functional even in the face of adversity is Paramount in this video you'll learn about two crucial Concepts availability and continuity you'll gain an overview of how these concepts are integral to Modern businesses additionally you'll discover how Microsoft Azure achieves availability and continuity by employing regions and zones let's start with availability availability refers to the accessibility and functionality of systems and services it means that the systems are up and running efficiently and are accessible when needed for example a website is considered available if users can access it without encountering server errors in cloud computing availability is often a product of reliable infrastructure Microsoft Azure prioritizes the availability of critical environment infrastructure through reliable building blocks thorough controls effective Health monitoring and robust maintenance programs azure's reliability is underpinned by its extensive Global Network of data centers which are strategically distributed across various regions worldwide each Azure region is a set of data centers located within a latency defined parameter and connected through a dedicated Regional low latency Network this design allows Azure to provide High availability and low latency ensuring optimal service performance the Azure platform categorizes its services into three types based on their characteristics of availability these are Zone redundant Services zonal services and non-zonal services Zone redundant services are replicated across availability zones in a region providing resilience against Zone level failures these Services include Azure SQL database Azure storage and Azure kubernetes service among others zonal services on the other hand are pinned to a specific availability Zone and can be manually replicated across zones for higher availability examples of these Services include Azure virtual machines and managed diss thirdly non-zonal services are those that are deployed region-wide and do not reside in a specific Zone these services such as Azure traffic manager and Azure active directory are inherently resilient and designed to be available despite potential Zone level failures now that you know what availability entails let's unpack continuity continuity goes beyond availability it involves strategies and plans to ensure that critical business functions continue to operate or can quickly recover after a disaster or failure this includes having backups Disaster Recovery plans and alternative processing facilities Microsoft Azure exemplifies continuity through its Azure business continuity man management or BCM program BCM focuses on customer Centric resilience and continuous Improvement through people processes and Technology Azure is renowned for its robust and highly regarded business continuity Management program the primary objective of this program is to enhance the resilience and Recovery capabilities of all services that are able to independently recover these Services can either be customer facing form part of azures offerings or they can be internal services that support the platform understanding business continuity involves recognizing that many offerings consist of multiple services in azures ecosystem each service is distinctly identified using specific tools and serves as the metric for privacy security inventory risk business continuity management and other functions to accurately gauge a Services capabilities it's essential to consider the three key elements of people process and Technology irrespective of the type of service consider the following illustrative representation elements like people involved in the service and necessary for service support process which is any procedure required to carry out tasks supporting the service and Technology delivering the service or is a service itself amalgamates to create a service that adds value for a Cloud user so in the case of a people-based business process like a help desk or team the service delivery is their function these individuals utilize processes and Technology to execute the service when it comes to technology as a service such as Azure virtual machines the service delivery comprises the technology along with the people and processes that facilitate its operation now let's discuss the interplay of availability and continuity in Azure Azure takes a comprehensive approach to availability and continuity by incorporating these Concepts into its data centers through regions and zones Azure regions are sets of data centers located in specific Geographic locations each region is made up of multiple data centers and offers a high level of availability and lower Network latency for services running in that geographic area within regions Azure has availability zones these are unique physical locations with independent Power Cooling and networking if one zone experiences issues the others remain operational ensuring the availability of applications and data azures BCM program plays a critical role in ensuring service continuity the program conducts comprehensive testing including region shutdowns and Zone loss simulations this testing ensures recoverability and helps in honing incident response procedures so Services remain highly available and reliable azure's approach to critical environment infrastructure availability makes data centers themselves reliable by investing in reliability engineering and collaborating with vendors for risk evaluations and continuous Improvement Azure proactively addresses risks in its data centers this effort contributes significant ly to both the availability and continuity of the services that Azure provides in this video you learn about availability and continuity as two fundamental pillars for maintaining seamless business operations you learned about azure's business continuity Management program that emphasizes people processes and Technology the integration of this program with service specific tools and mechanisms contributes significantly to azures resilience recovery capabilities and overall service value as cloud computing evolves it's important to understand the division of responsibilities Microsoft Azure operates on a shared responsibility model this model outlines the service level responsibilities between Microsoft and its customers and ensures a clear understanding of who is accountable for what in this video you'll gain insight into the shared responsibility model in Azure you'll also explore the division of service level responsibilities and the significance of compliance in business continuity planning let's start by examining the shared responsibility model several services offered by Azure necessitate that customers establish Disaster Recovery across multiple regions a task that falls outside Microsoft scope not all Azure Services come with automatic data replication or failover capabilities from one malfunctioning region to another active one in such instances the owners is on the customer to set up recovery and replication while Microsoft guarantees the availability of fundamental infrastructure and platform Services certain usage scenarios may require customers to replicate their deployments and storage across multiple regions these instances are typical of the shared responsibility model which serves as a crucial element in your business continuity and disaster recovery planning now let's explore the division of responsibility in a traditional on premises data center the entire stack is under your control however when transitioning assets to the cloud certain responsibilities shift to Microsoft here the division of responsibility between you and Microsoft is depicted depending on the deployment type a practical illustration of the shared responsibility model is the deployment of virtual machines suppose a customer desires to establish cross region replication for resilience in case of a regional failure they then need to create a duplicate set of virtual machines in another active region the customer is responsible for this as Azure does not automatically replicate these services in the event of a failure the customer must either have a procedure to manually switch primary regions or employ a traffic manager to detect and automatically fail over the Shar responsibility model in Azure is a framework that defines the roles and responsibilities of Microsoft and its customers in managing and controlling Cloud resources this model is not a one-size fits-all instead it varies depending on the service model which may be infrastructure as a service or IAS platform as a service or pass or software as a service or SAS let's expand upon this in an isas model Microsoft takes responsibility for the underlying infrastructure including physical Hardware Network and data center operations customers are however responsible for the management of their data endpoints accounts and access controls in A Pas model Microsoft extends its responsibilities to include the operating system middleware and runtime environment customers are still responsible for their applications and data but they are relieved from the burden of managing the underlying infr infastructure in a SAS model Microsoft assumes most of the responsibility managing everything from the infrastructure to the applications customers are only responsible for managing their data and user access understanding these service level responsibilities is crucial for customers to ensure they're adequately protecting their resources and data it helps them identify potential security gaps and take necessary measures to mitigate risks now that you're up to speed on the shared responsibility model and the division of responsibility let's explore business continuity compliance this tool helps service owners to define the service properties conduct a business impact analysis map dependencies identify the workforce list external suppliers and rate recovery every service in Azure is required to complete business continuity Disaster Recovery or bcdr records using the the Azure business continuity manager tool this tool helps service owners service properties Define the service and how disaster recovery and resiliency are achieved the business impact analysis helps Define the recovery time objective or RTO and Recovery Point objective known as RPO based on the services criticality however Microsoft doesn't publish RTO or rpos for services because these are internal measures the dependencies of each service are mapped to ensure they operate smoothly the workforce supporting the service is identified to avoid single points of failure Microsoft maintains a list of external suppliers and measures their capabilities to ensure a thirdparty outage doesn't disrupt any Azure Services now regarding the recovery rating it measures several key elements to create a resiliency score Azure requires every every service to have a detailed recovery plan and to test that plan as if the service has failed due to a catastrophic outage so when the customer is responsible for setting up Disaster Recovery Azure provides public facing documentation for guidance once a service has completed its bcdr record it must be submitted for approval Microsoft and Azure conduct extensive testing for both disaster recovery and availability Zone r services are self- tested in a production or pre-production environment pull the plug type testing is done in Canary environments that are fully deployed regions matching production Canary environments are where new features are tested with a small number of users during these tests Azure uses the same production process for detection notification response and Recovery this includes Services where the customer is responsible for setting up Disaster Recovery by using Microsoft public facing documentation in this video you learned that in the intricate landscape of cloud computing the shared responsibility model in Azure plays a pivotal role in defining the division of responsibilities between Microsoft and its customers this model varying across iaz Pas and SAS ensures that customers understand their role in managing and protecting their resources and data it also highlights the importance of business continuity compliance where Azure provides tools and guidance for customers to establish disaster recovery and conduct necessary tests as customers transition their assets to the cloud understanding this shared responsibility model becomes crucial in identifying potential security gaps mitigating risks and ensuring smooth operation regions and availability zones in Azure provide an infrastructure that guarantees High availability and Disaster Recovery this robust system is designed to ensure that Services remain online even when unexpected events occur in this video you'll explore how Azure delivers reliable service offerings through regions and availability zones Microsoft Azure offers services in multiple Geographic areas around the world known as regions each region consists of one or more data Cent centers equipped with Power Cooling and networking these regions provide customers with the flexibility to run their applications and services close to specific geographical locations where their customers are ensuring Optimal Performance and user experience to further enhance reliability Azure provides availability zones availability zones are physical separate locations within a region each housing its own independent power Cooling and networking to safeguard against data center failures with availability zones you can design and operate applications and databases that automatically transition between zones without interruption asure availability zones are highly available fault tolerant and more scalable than traditional single or multiple data center infrastructures Azure provides the most extensive Global footprint of any cloud provider and is rapidly opening new regions and availability zones Azure has availability zones in every country or region in which it operates a data center region there are multiple regions that currently support availability zones within the Americas Europe Middle East Africa and Asia Pacific you can examine the specific regions a bit later in additional resources there are also special regions within Azure that you may wish to use when building applications for compliance or legal purposes these special regions include US Government Virginia and US Government Iowa that's a physical and logical Network isolated instance of azure for US government agencies and partners with additional compliance certifications such as the federal risk and authorization Management program or fed ramp to read more about compliance certifications visit the additional resources reading China East and China North which are regions that are available through a unique partnership between Microsoft and 21 vonet whereby Microsoft does not directly maintain the data centers Germany Central and Germany Northeast which are regions that are available via a data trusty model whereby customer data remains in Germany under the control of t- systems a Dua Telecom company acting as a German data trustee each Azure region is paired with another region within the same geography graphy such as the US Europe or Asia this approach allows for the replication of resources like virtual machines or VMS and storage this is across a geography intended to reduce the likelihood of of natural disasters civil unrest power outages or physical Network outages affecting both regions at once there are additional advantages of region pairs such as in the event of a wider Azure outage one region is prioritized out of every pair to help reduce the time to restore for applications planned Azure updates are rolled out to paired regions one at a time to minimize downtime and risk of application outage data continues to reside within the same geography assets pair except for Brazil South for tax and law enforcement jurisdiction purposes Azure services that support availability zones including zonal and Zone redundant offerings are continually expand expanding there are three types of azure Services supporting availability zones including zonal Zone redundant and always available Services you can combine all three of these approaches to architecture when you design your reliability strategy Azure offerings are grouped into three categories that reflect their Regional availability foundational mainstream and strategic Services azure's General policy on deploying Services into any given region is primarily driven by region type service category and customer demand let's expand upon the three categories that reflect their Regional availability foundational services are available in all recommended and Alternate regions when a region is generally available or within 90 days of a new foundational service becoming generally available mainstream services are available in all recommended regions within 90 days of a Region's General availability mainstream services are demand driven in alternate regions and many are already deployed into a large subset of alternate regions strategic services are targeted service offerings that are often industry focused or backed by customized Hardware strategic services are demand driven for availability across regions and many are already deployed into a large subset of recommended regions in this video you learn that azures infrastructure utilizes regions and availability zones to guarantee High availability and Disaster Recovery ensuring service reliability Azure boasts the largest global footprint among Cloud providers with an ever increasing number of regions and availability zones including special regions for compliance you learn that regions are also pair geographically for resource replication and risk reduction furthermore Azure services are are categorized into zonal Zone redundant and always available Services reliability in Azure is not just a keyword but a significant aspect of ensuring business continuity but what determines this reliability factors such as availability latency service level agreement or SLA and unique business requirements play a vital role as Azure users understanding the interplay of these factors assists in devising a robust architecture tailored to your workloads specific needs in this video you'll learn about the reliability requirements how to build reliability and the significant role that regions and availability zones play in establishing reliability you'll discover that this is governed by the shared responsibility between Microsoft and its users let's begin by examining reliability requirements as mentioned availability latency SLA and business requirements are factors that determine the level of reliability necessary for Azure solution these factors guide the architecture and resiliency level of the solution for instance availability requirements are dictated by the amount of permissible downtime and its cost to the business as well as the resources available for ensuring High availability of the application building reliable systems on Azure is a joint effort between Microsoft and its users Microsoft takes charge of the reliability of the cloud platform encompassing its Global Network and data centers on the other hand Azure customers and partners are responsible for the resiliency of their Cloud applications implementing architectural best practices tailored to the needs of each workload even though Azure consistently aims for the highest possible resiliency in SLA for the cloud platform users must set their own Target slas for each workload in their solution an SLA provides a means to assess if the architecture aligns with the business requirements as users pursue higher SLA guaranteed uptime percentages the cost and complexity associated with achieving such levels of availability increases for example an uptime of 99.99% equates to roughly 5 minutes of total downtime per month and the worthiness of the cost and complexity necessary to reach that percentage depends on the specific business requirements therefore understanding Microsoft's supported slas given that each Azure service has its own is crucial when establishing final SLA commitments so how do you build reliability reliability requirements for an application should be defined early in the planning process if certain applications don't always require 100% High availability cost can be optimized during those non-critical periods it it's important to identify possible failures that an application might experience and plan for their potential impact the recovery plan should include strategies for individual components and the overall application with protection against zonal Regional and application Level failure regular testing should be conducted to measure application reliability and resilience against unexpected failures let's walk through a checklist for reliability planning big Begin by defining availability and Recovery targets to align with business requirements design your application's reliability features based on its availability requirements ensure that your applications and data platforms meet your reliability requirements set up connection paths to enhance availability then utilize availability zones and Disaster Recovery planning where applicable to improve reliability and cost Effectiveness make sure your app application architecture can withstand failures and understand the implications if SLA requirements are not met identify potential failure points in the system Your application's Design must tolerate dependency failures by deploying circuit breakers finally build applications that can operate even in the absence of their dependencies regions and availability zones play a significant role in ensuring reliability a region comprises multiple physically separate availability zones that are interconnected by a high performance Network ensuring less than 2 milliseconds latency this setup allows your data to remain synchronized and accessible even during issues you can strategically use this infrastructure when designing applications and data infrastructure that automatically replicate and provide uninterrupted Services across zones and regions When selecting the best region base your decision on Technical and Regulatory considerations including service capabilities data residency compliance requirements and latency Microsoft Azure Services support availability zones which enable your Cloud operations to run at Optimum High availability while supporting your disaster recovery and business continuity strategies the choice of region plays a crucial role in enhancing your reliability strategy remember that establishing Dependable systems on aure necessitates a coop operative effort so Microsoft is responsible for the dependability of the cloud platform itself encompassing its worldwide Network and data centers azures clients and partners however bear the responsibility for ensuring the dependability of their Cloud applications employing architectural best practices tailored to the specifications of each workload in this video you learn that ensuring reliability within ashure applications requires a blend of resol resiliency and availability governed by a shared responsibility between Microsoft and its users Microsoft provides a Dependable Cloud platform and users should adhere to architectural best practices to shape their Cloud applications resiliency according to the unique needs of each workload this combined Endeavor is underpinned by carefully calibrated slas strategic use of regions and availability zones and a well-devised recovery plan reliability monitor ing in Azure revolves around understanding and promptly responding to the health of applications and Associated Resources with the ever growing ecosystem of the Azure platform having a robust monitoring system in place is crucial for businesses that aim to harness the power of the cloud without compromising on reliability in this video you'll differentiate scalability from reliability and discover the tools and strategies to ensure reliability monitoring in Azure you'll also learn learn about best practices to follow to increase reliability while both scalability and reliability play pivotal roles in the cloud environment their monitoring focuses differ slightly scalability mainly pertains to how well a system can handle increased loads this involves understanding metrics to determine when to scale up out in or down Dynamic scalability a notable value of transitioning to the cloud allows systems to adjust based on demand within scalability monitoring there are factors that you need to be aware of metrics analysis assists in defining the thresholds for various scaling actions such as scaling up or scaling down minimum instance awareness is being aware of the least number of instances that should run at any time to ensure the system remains functional even under minimum load autoscaling capabilities are offered with certain Azure Services it's vital to determine the best metrics on which these rules are based and configure them accordingly manual scaling alerts apply to services that don't support autoscaling whereby creating allert rules becomes essential reliability on the other hand focuses on how well an application or system maintains its operations under different conditions it concerns early warnings system health and dependencies to ensure that operations continue smoothly reliability monitoring factors include early warning systems through monitoring tools that promptly flag potential issues allowing teams to intervene proactively before users start experiencing disruptions detailed capturing involves comprehensive monitoring to quickly restore applications this helps developers understand and rectify root causes to prevent recurrence and Source variability is data for reliability monitoring that stems from various sources each offering different insights now that you understand the difference between scalability and reliability let's unpack five Azure tools used for monitoring reliability Azure boasts a suite of tools designed to monitor the reliability of applications and resources application insights is a flagship service of azure that produces logs that offer deep insights into application health and performance this service facilitates detailed capturing that's vital for Effective reliability monitoring Azure monitoring agents collects performance metrics from operating systems ensuring that the foundational layers of an application remain stable and performant Azure monitor provides full stack monitoring Advanced analytics and intelligent alerting Azure monitor pulls metrics from a variety of azure resources offering a unified solution for holistic monitoring Azure service health is a dashboard oriented tool that allows allows users to track active events providing realtime information on the health of azure Services Azure ad logs is built directly into the Azure platform for security and compliance it ensures that only authorized users access resources thereby indirectly maintaining reliability by taking advantage of these tools businesses can craft a comprehensive reliability monitoring strategy that not only detects issues but also provides actionable insights to rectify them the integration of the Azure monitoring tools and methodologies enables the implementation of an early warning system a system such as this enables proactive intervention by promptly detecting issues that may disrupt the normal functioning of applications or services for instance Azure service Health alerts users to potential disruptions that may affect their cloud services this ability to foresee issues can significantly reduce downtime ensuring that services remain functional and continue to meet user requirements the combination of comprehensive monitoring and early Warning Systems ensures that applications can be restored efficiently it also guides system designers and developers to modify the system based on the insights provided by the monitoring data ultimately preventing recurring issues azures best practices for monitoring applications for reliability stem from extensive experience to enhance reliability be be sure conduct regular health checks by using health probes then check the functions outside the application to spot any health and performance degradation monitor long running workflows by addressing issues promptly to avoid large scale roll backs or multiple corrective Actions application logging involves logging at production and service boundaries using semantic and asynchronous methods be sure to distinguish between application and audit logs analyze remote call data by measuring metrics like latency throughput which are items passing through the system and errors to provide immediate insights into application Health conduct statistical analysis to pinpoint errors monitor exceptions which involves tracking transient exceptions and retries to preempt potential service failures early Warning Systems allows you to identify and set threshold values for key performance indicators alert op operations if the thresholds are reached stay within aure limits by monitoring the usage of resource types to adhere to Azure subscription limits oversee thirdparty Services by documenting your interactions and linking them to your application's health using unique identifiers finally train adequate staff ensure multiple operators are trained to monitor the application and execute recovery steps for continuous coverage in this video you learned how to different differentiate scalability from reliability and discovered the tools and strategies to ensure reliability monitoring in Azure you explored best practices to follow to increase reliability the value of early warning signs and system resilience within the cloud occasional failures are inevitable rather than focusing solely on preventing these the aim shifts towards reducing the impact of individual malfunctioning components in this video you will explore the Azure well architected framework and form an understanding of the key principles of Designing reliable applications in Azure the Azure well architectured framework provides you with guiding principles to enhance the quality of your workload this framework is built on Five Pillars that exemplify architectural Brilliance reliability which is to recover from failures and continue to function security focusing on protecting data and applications cost optimization which is managing costs to maximize the value delivered operational excellence where processes keep a system running and performance efficiency concerning system adaptability to changes in load these principles Aid in evaluating the reliability of applications hosted on Azure for an application to be considered reliable it must uphold a set percentage of uptime termed as availability balancing High resilience minimal latency and cost Effectiveness is Paramount embodying High availability the applications capacity to bounce back from failures showcases its resilience let's examine some key principles of Designing reliable applications in Azure first you should prioritize business needs reliability varies based on business demands for instance an application with a 99.999% SLA needs more reliability than one one at 95% SLA however enhancing reliability and high availability can Elevate costs this balance is essential then anticipate failures design solutions that anticipate setbacks ranging from minor components to vast assure areas to improve reliability monitor application Health by recognizing the problems then continuously monitor your application against healthy Benchmark aids for early detection And Timely intervention opportunities Monitor and measure application availability through key targets such as meantime between failures or mtbf which is the average time between failures of a component and meantime to recover or mttr which is the average time it takes to restore a component after a failure Embrace automation human errors like deploying untested software to misconfigurations can disrupt applications reducing Errors By integrating Automation in Cloud operations enhances reliability testing deployment and management aim for self-healing which is a system's capacity to autocorrect failures this technique links to defined remediation strategies connected to the systems failure patterns so combine monitoring and automation for Superior reliability next opt for scaleout designs instead of magnifying existing resources systems should adapt to demand by adding more resources in parallel this method known as scaleout ensures the system can manage both expected and surprise traffic spikes functional and non-functional requirements encompasses both availability and Recovery targets that are crucial for gauging workload uptime and downtime these targets are essential benchmarks and their definition helps in improving reliability in line with business expectations the foundation of resiliency and availability lies in clear requirement identification considering factors like tolerable downtime and its Associated business costs here are some key considerations set acceptable uptime standards for workloads assertain permissible durations of workload unavailability and data loss during calamities prioritize application and data platform requirements let Lage assure services to guarantee connection availability and augment reliability and evaluate overall workload Health it's essential to comprehend and align the service level agreements or slas service level objectives or slos and service level indicators known as SLI of all applied dependencies with the application's availability targets composite SLA is an aggregate SLA encompassing all application components and dependencies it offers insights into designed availability relating to customer expectations regarding Disaster Recovery considerations when in disaster recovery mode availability targets applicability may vary using an n+1 model ensures enhanced availability but it may lead to cost implications but what are the consequences of unmet targets potential penalties often Financial might be incurred for not meeting SLA obligations preventative measures can be taken but they might increase the operational cost so understanding these consequences is essential especially when considering a failover it's important to note that recovery targets indicate permissible workload unavailability and data loss during a disaster the key metrics include recovery time objective or RTO which is the maximum time an application can be down post incident and Recovery Point objective or RPO which is the maximum tolerable data loss duration during a Calamity recovery targets driven by business requirements should align with RTO and RPO standards with Azure application platform requirements Azure offers resiliency features tailored to app reliability these features might depend on specific configurations like the tier or size of a stock keeping unit or skew you have chosen or the deployment type Regional deployment concerns applications that should span multiple regions based on needs utilizing zones is costeffective and straightforward however Regional isolation is recommended when single region setups don't meet slas or when user distribution demands it regarding availability zones and sets Services utilizing availability zones can be deployed zonally or across multiple zones availability sets instruct Azure to diversify virtual machine instances ensuring fault tolerance zones offer more reliability than sets but might involve added costs and performance considerations finally availability considerations include applications being hosted on at least two platform noes adhering to the n+1 model Health probes in Azure load balancer and Azure application gateways evaluate backend Health however custom Health probes monitor the application including its dependencies in this video you learned about the Azure well architectured framework focusing on pillars like reliability and security achieving reliability in Azure involves balancing up time resilience and cost necessitating proactive measures and continuous monitoring during this week you learned about important security Concepts that are essential for keeping data safe you covered essential security Concepts such as security planning and Disaster Recovery as well as data management and availability now let's review some of the key topics that you learned you started by setting your expectations for the course exploring the course syllabus and doing some foundational reading in additional resources then you explored Cloud security planning beginning with identity disaster recovery and training This concerns having a strategy to stay operational and to protect customer data in the event of an outage you are introduced to Microsoft azures solutions for implementing business continuity and Disaster Recovery or bcdr this includes tools to create various configurations for a backup system Azure side recovery that replicate workloads that become accessible should the primary system fail and Azure backup to create encrypted data backups stored in geographically distant locations you also learned about the the approaches used by Azure to protect Data Network and physical security this consists of strict access policies encryption and data disposal procedures to safeguard customer data High redundancy Network infrastructure to maximize availability in the event of Hardware failures and secure facilities and train staff to control access at data centers next you learn about Enterprise application integration or eai which is about connecting applications to share data and create a more streamlined workflow you found that while this practice can open applications to certain vulnerabilities and threats this can be mitigated with sound security fundamentals such as robust authentication encryption and regular audits you then covered log collection analysis and retention and how to use azured monitor to collect and store logs from monitored resources these logs can then can be processed and analyzed by tools such as Azure Sentinel and log analytics workspaces and transformed into insightful information Azure Security Services are customized for businesses through Solutions such as Azure front door Azure private link Azure key Vault Azure application Gateway and Azure policy together these tools bolster the security framework of azure based infrastructures moving on you were given an overview of the azur Cloud adoption framework an approach that consolidates best practices documentation and tools azures Cloud adoption framework supports organizations throughout the cloud adoption life cycle with manage govern and organize methodologies you learn that planning and design identity and access management are critical components within the Azure Cloud adoption framework and what's involved when integrating Azure into an existing it environment you then delved into the planning stages with a focus on cloud adoption framework tools and resources to assess Monitor and optimize a cloud environment you also examined governance and security considerations when adopting Cloud Solutions and maximizing Cloud Investments the Five Points of security introduced you to access control with a zero trust approach security operations focusing on detection including response and Recovery asset protection strategies security governance for maintaining a consistent security posture and Innovative security practices that align with operational practices it's important that organizations Implement robust monitoring systems leverage threat intelligence establish incident response plans to detect security threats respond promptly to incidents and recover their systems to a secure State you then learned about the price privacy principles that guide Microsoft's data management practices these are control transparency security legal protections no content-based targeting and benefits for the customer these serve to empower users build trust secure data uphold user rights respect privacy and provide an improved experience next you learned about the Microsoft service trust portal a resource to help ensure the security and and compliance of Microsoft's cloud services you were presented with privacy tools the compliance manager and Industry and Regional information features this enhances transparency and control over data you then covered how Microsoft manages privacy and implements its privacy commitments for customers as well as the customer privacy controls involving external regulations and certifications you discovered Cloud security poster management or cspm as a security solution for maintaining and enhancing Cloud environment security this is achieved through continuous assessment monitoring and automation when integrating cspm Defender for cloud enables continuous assessments of multicloud environments it monitors security postures with secure scores and provides visibility and contextual insights finally resource governance provided you with a set of tools such as Azure policy Azure Blueprints and Microsoft perview to maintain efficient secure and compliant management of cloud resources finally you covered availability and continuity availability refers to the accessibility and functionality of systems and services whereas continuity involves maintaining critical business functions or quickly recovering after a disaster or failure you learned about business continuity management which relates to system Readiness for Disaster Recovery this relies on understanding the shared responsibility model in Azure a division of obligations between Microsoft and customers for preparing infrastructure components for failure you also discovered how Azure utilizes regions and availability zones to deliver reliable service offerings each region is a separate geographic area containing data centers which places applications and services closer to customers availability zones are physical separate locations within a region that enhance reliability you continued on to continuity planning which involves assessment planning capability validation and communication and coordination an effective continuity plan not only addresses immediate organizational needs but also anticipates and prepares for potential future challenges and disruptions in availability and resiliency you learned about the reliability requirements how to build reliability and the role that regions and availability zones play in establishing it the spotlight then shifted to availability and resiliency testing you were introduced to key testing practices and various types of testing recommended practices include testing regularly automating the process and using both test and production environments testing types can be broken into the categories of resiliency performance simulation fault injection and Peak load testing you moved on to reliability monitoring which involves responding to the health of applications and resources tools for this include application insights Azure monitoring agents Azure monitor Azure service health and Azure ad logs you also learned about the value of early warning systems and best practice practices for reliability monitoring finally you worked through availability and resiliency by Design where you were introduced to the guiding principles of azure's well architectured framework for Designing reliable applications these principles Encompass reliability security cost optimization operational excellence and performance efficiency the achievement of reliability within the Azure environment hinges on striking a balance between uptime resilience and cost necessitating proactive measures and ongoing vigilance by completing Security Administration you have expanded your knowledge of cyber security management and compliance remember it's important to protect data and you can do that by implementing sound security practices compliance in any industry is the adherence to regulatory legal and Company standards and policies it ensures that businesses operate responsibly and ethically when it comes to cloud services compliance is especially significant due to data storage security and Global business operations in this video you'll enhance your understanding of how compliance is defined and applied within the realm of cloud computing you'll also become aware of the steps taken by Microsoft to ensure the alignment with common standards and the tools that help them to achieve this Microsoft provides cloud services via Azure and its Suite of Microsoft applications and and has established a robust system for compliance Microsoft Azure leads the cloud industry with over 100 compliance offerings these offerings are both General and region specific covering regions such as the US European Union Germany and more furthermore they also address specific Industries like Health government and finance but what inputs form the Bedrock of such compliance offerings Microsoft engages globally with with governments Regulators standards bodies and non-governmental organizations to understand the emerging needs of various sectors the goal is to continually update and expand their compliance offerings to align with industry best practices and regulations an entity that informs many of Microsoft's standards is a center for Internet Security or CIS a non-profit organization that develops cyber defense best practices it draws on Expert s from various sectors worldwide CIS benchmarks offer configuration standards for securing a system and every guidance recommendation relates to one or more CIS controls these controls align with known standards such as Nest cyber security framework ISO 27,000 PCI DSS Hippa and more that's a lot of acronyms so let's take a moment to break those down nist is the National Institute of standards and Technology ISO refers to the international organization for standardization PCI DSS is the payment card industry data security standard and Hippa stands for the health insurance portability and accountability Act of 1996 benchmarks undergo two phases of consensus review during initial development and after the benchmarks publication based on internet Community feedback there are two security settings levels level one which relates to essential basic security requirements with minimal disruption and level two which concerns enhanced security requirements with potential for reduced functionality CIS hardened images are virtual machine or VM images based on the benchmarks ensuring protection against cyber threats by addressing vulnerabilities CIS has benchmarks for Microsoft products such as Microsoft Azure Microsoft 365 Windows 10 and Windows Server 2016 the CIS Microsoft Azure foundation's Benchmark offers guidance for establishing a secure Azure configuration CIS benchmarks are recognized internationally and guide organizations in achieving a secure Baseline configuration those working with Microsoft products can use these to enhance application security and Microsoft participated in the creation of these benchmarks there are also CIS hardened images on Azure which conform to the benchmarks available on the Microsoft Azure Marketplace this includes images for Windows servers and Linux versions which have been pre-tested for compatibility and are certified for Azure use Azure blueprints provided by Microsoft assist in deploying Cloud environments adhering to compliance and cyber security standards Microsoft offers Azure blueprint specifically for the CIS Azure foundations Benchmark this AIDS in deploying policies compliant with the Benchmark recommendations to maintain this array of compliance offerings Microsoft has integrated tools that simplify and expedite the compliance process some notable tools include Azure security Center a solution to unify Security Management and provide Advanced threat protection across hybrid Cloud work loads Azure policy which helps Define and enforce policies to ensure a cloud environment aders to compliance standards it also offers real-time policy enforcement and evaluation ensuring that resources and configurations remain compliant and Azure blueprints a tool for cloud Architects and it groups to set and meet organizational standards patterns and requirements thereby enabling rapid environment development within comp compliance Norms there's also Microsoft purview compliance manager which offers automated assessment and compliance management across multicloud environments it provides pre-built assessments for various standards and regulations aiding organizations in their compliance journey and finally you have Microsoft compliance Center as part of the Microsoft 365 Suite this tool AIDS businesses in meeting Global industry and Regional standards and regulations its functionality encompasses the three pillars of compliance and offers insights into compliance risk and posture Microsoft's offerings also extend to specific Industries for instance in the financial sector Microsoft cloud ensures compliance with globally applicable standards US Government standards industry specific and region or countrys specific standards in this video you learned about cloud computing compliance standards and discovered how Microsoft aligns with them through Azure and its Suite of applications with over 100 compliance offerings for different regions and sectors Microsoft sets a high bar in the industry this is reinforced by its collaboration with the center for Internet Security highlighting the importance of best practices for cyber defense Microsoft also provides a toolkit to ensure streamlined and efficient compliance processes these tools together with the compliance offerings underscore a dedication to secure compliant and responsible Cloud operations catering to diverse Industries globally risk assessment is a foundational element of any Cloud migration strategy within the context of Microsoft Azure assessing risks enables organizations to maintain confidentiality Integrity availability and privacy by implementing a rigorous risk ass assessment process you can ensure a smoother transition to the cloud while addressing potential security and compliance concerns in this video you'll learn to identify and establish risk levels and how to mitigate the risks associated with them you'll also become familiar with how compliance scores in Azure can help organizations determine their compliance posture understanding and identifying the risk levels associated with various applications and data sets is crucial applications might vary in terms of their age origin and underlying Technologies some may resist modernization due to being Legacy apps or having brutal thirdparty Integrations such challenges require a methodical approach to inventory before migrating to Azure active directory or Azure ad it's vital to understand all the apps in use and the associated risks conducting an inventory of your apps can help prioritize which ones to modernize first and determine the necessary security controls after cataloging all the apps you should determine their impact by answering several questions these might include what types of sensitive data does the app access for example is personally identifiable information involved how much revenue is associated with the app what happens when access to the app is denied and who needs access to the app you can use the answers to classify apps based on their impact levels High business impact medium business impact and low business impact you may also encounter these terms as hbi MBI and LBI respectively after identifying potential risks the next step is to establish or measure their levels in the Cloud's shared responsibility model the cloud service provider or CSP manages security and compliance while the customer is responsible for aligning these with their specific needs and risk tolerance understanding where the responsibility lies is crucial the type of cloud deployment dictates the responsibility distribution between the CSP and the customer this could be infrastructure as a service platform as a service or software as a service or is pass and SAS respectively for instance in an is model the customer retains more responsibility compared to SAS after risk identification and establishment organizations must employ strategies to mitigate them let's explore a few notable methods credential Management in Azure ad relies on multiple dependencies when a second factor is added the complexities increase it's recommended to enable multiple second Factor options and if possible use passwordless authentication methods like Windows hello for business or PH2 security Keys Microsoft suggest suggests that customers map their risk and controls framework to a standardized one like ISO 2701 or nist SP 853 such Frameworks help in addressing Cloud risks and accelerate risk assessments customers should utilize Microsoft tools like the perview compliance manager which helps organizations create assessments that gauge compliance with relevant industry regulations to validate the cloud service providers Effectiveness in managing security and compliance it's beneficial to review their external audit reports periodically and finally as you migrate your apps to Azure ad you should understand the required security controls for each app this ensures that applications are protected from potential threats and vulnerabilities next let's discuss compliance scores this is a crucial metric within Microsoft azure's risk assessment framework it provides organizations with an overview of their compliance posture and helps them gauge their adherence to Industry standards and regulations a higher compliance score signifies a stronger alignment with best practices and demonstrates a commitment to maintaining a secure Cloud environment by regularly monitoring and improving their compliance score organizations can continuously enhance their security measures and reduce the likelihood of security breaches or compliance violations micro oft 365 business premium introduces the compliance manager a tool designed to streamline compliance related activities the compliance manager offers features such as data loss prevention data life cycle management and internal risk management it assists organizations in identifying compliance gaps suggesting improvements and ultimately enhancing their compliance score through its intuitive interface and actionable insights the the compliance manager empowers organizations to establish a robust and secure Cloud environment let's consider a hypothetical scenario to illustrate the practical application of risk assessment in Microsoft Azure imagine a healthcare organization that stores patient records in the cloud the organization identifies the risk of unauthorized access to sensitive patient data to mitigate this risk they Implement Azure active directory for identity management enforcing multiactor authentication and utilizing Azure information protection to classify and encrypt patient records based on their sensitivity this reduces the organization's risk of data breaches and ensures compliance with Healthcare regulations in this video you discovered that risk assessment is crucial for cloud migration especially in the Microsoft Azure framework this involves identifying risks understanding shared responsibilities and setting risk levels organizations should use various tools and strategies to tackle these risks this includes Microsoft's compliance manager for assessing compliance and compliance scores that reflect how closely an organization follows best practices with azure's Comprehensive tool set and persistent monitoring organizations can safely transition to the cloud maximizing its advantages while curbing potential dangers Microsoft perview has emerged as a forerunner in the realm of data management as a crucial asset in today's digital age understanding data's intricacies life cycle and security is of Paramount importance in this video you'll explore how Microsoft perview can be used for data life cycle management data loss prevention and information protection Microsoft perview offers a comprehensive Suite of tools tailored to meet the data governance and risk management needs of organizations in an age where information is scattered across various devices applications and locations a tool that provides holistic oversight is invaluable Microsoft perview combines the former Azure purview and Microsoft 365 compliant Solutions and services together into a single brand together these Solutions help your organization to gain visibility into Data assets across your organization enable access to your data security and Risk Solutions Safeguard and manage sensitive data across clouds apps and endpoints manage endtoend data risks and Regulatory Compliance and Empower your organization to govern protect and manage data in new comprehensive ways Microsoft purview includes unified data governance solutions that help you manage data services across your on premises multicloud and software as a service estate that includes Azure storage services powerbi databases like SQL or Hive file services like Amazon S3 and many more these governance Solutions are accessible through the Microsoft purview governance portal which provides tools to enable your organization to create an upto-date map of your entire data estate that includes data classification and endtoend lineage identify where sensitive data is stored in your estate and create a secure environment for dat data consumers to find valuable data organizations can also generate insights about how data is stored and used and manage access to the data in your estate securely and at scale Microsoft perview has a functionality called data use management this allows data owners to enable access policies on their resources by enabling it data owners can regulate devops policies data owner access policies and even self-service access policies which are automatically generated by Microsoft perview after approval of an access request note that before any data policy is created on a resource data use management needs to be enabled on that resource ensuring that security is at the Forefront of data access Microsoft perview offers two key Services information protection and data life cycle management let's explore each one in more detail information protection helps organizations discover classify and Safeguard sensitive and crucial content throughout its lifespan its core objectives are to know your data by understanding the data landscape in environments like on premises cloud or hybrid and using tools such as trainable classifiers activity Explorer and content Explorer protect your data by applying measures like encryption access limitation ations and visual markings and prevent data loss by spotting risky behaviors and stopping unintended data sharing with tools like data loss prevention policies and endpoint data loss prevention data life cycle management is for handling the content life cycle specifically importing storing and classifying vital data it aids in data governance for compliance or regulatory obligations the goal is to govern your data by ensuring it's kept deleted or stored in a compliant way using features like retention policies retention labels and Records management together these Services ensure data is classified protected and governed effectively no matter where it resides or travels Microsoft purview data loss prevention or DLP aims to protect sensitive data and prevent its unintentional disclosure the admin capabilities in DLP include being able to identify Monitor and automatically protect sensitive information throughout Microsoft 365 platforms like one drive for business SharePoint online Microsoft teams and exchange online you can educate users about compliance for example by sending email notifications or displaying policy tips if they attempt to share sensitive content and you can access DLP reports to monitor content in line with the organization's d D LP policies and track policy matches over time DLP policy structure consists of three key components conditions are criteria that content must meet for the policy rule to apply actions or automatic measures taken when the conditions are met and locations which are specified platforms where the policy is active such as SharePoint or one drive for example an admin can set a DLP policy to detect data relevant to Hippa acoss across SharePoint and one drive preventing such data from being wrongly shared one scenario for implementing DLP is locating a document in a users's one drive that contains a credit card number another is blocking an email with employee personal data from being sent outside the organization a DLP policy can comprise multiple rules each rule has at its core conditions and actions when the conditions of a rule are met its actions are Auto executed various rules each with unique conditions and actions can be Consolidated into one policy for ease of management and Reporting in this video you were introduced to Microsoft purviews capabilities for data life cycle management data loss prevention and information protection it integrates Azure perview and Microsoft 365 solutions to meet modern data governance and risk management needs pervie provides organizations with full visibility of the data ensuring its protection ction security and compliance this makes it essential for the safeguarding and management of organizational data these days organizations face an Ever growing challenge how to effectively manage their high value content from legal and Regulatory obligations to business continuity companies need a robust and efficient system for managing their records this is where Microsoft perview and its records management capabilities come into play in this video you'll discover how to use perview to manage records in a way that upholds privacy you'll also learn how to perform automated audits which saves time while helping organizations maintain compliance records management is all about maintaining and controlling the records within an organization it isn't just about storage it's about understanding which documents have value when to keep them and when to dispose of them Microsoft 365 offers tools to help companies manage their records for various obligations when an item is declared a record by using a retention label several things happen restrictions are placed on the item in terms of what actions are allowed or blocked additional activities about the item are logged and you have proof of disposition when the item is deleted at the end of their retention period Microsoft perview allows you to create and manage retention labels through the file plan manager compared to the data life cycle management portal this offers a more detailed and organized approach for managing records Microsoft perview records management includes many features such as labeling content as a record establishing retention and deletion policies within the record label triggering event-based retention reviewing and validating disposition proof of Records deletion and exporting information about disposed items for an administrator to set up retention labels several steps are involved the label first needs to be given a name along with an optional description the admin then defines the label settings like whether items should be retained forever or for a specific period next the duration of retention period should be set as well as the point at which it begins finally the last step is to set the action that occurs once the retention period ends such as deleting items or automatically items such as documents and emails can then be marked as records based on those retention labels items must be marked as records but they can also be shown as regulatory records which provide other controls and restrictions namely the label can't be removed when an item has been marked as a regulatory record and retention periods can't be made shorter Microsoft purview records management is flexible and there are different ways to manage records across an organ organization including enabling administrators and users to manually apply retention and deletion actions for documents and emails and automatically applying retention and deletion actions to documents and emails you can also enable site admins to set default retain and delete actions for all content in a SharePoint Library folder or document set and enable users to use Outlook rules to automatically apply retain and delete action to emails to ensure records management is used correctly across the organization administrators can work with content creators to put together training materials documentation should explain how to apply labels to drive usage and ensure a consistent understanding to ease growing concerns about data privacy Microsoft perview ensures that organizations can manage and protect sensitive data effectively privacy management is no longer just a regulatory need but also a business imperative with perview organizations can understand where sensitive data resides who accesses it and how it moves within the organization's ecosystem Microsoft understanding the need for region specific Solutions also provides services tailored to specific environments such as Office 365 for the US government and Microsoft 365 operated by 21 vnet for China these Solutions ensure that data storage access and management meet the Regulatory and privacy requirements specific to these regions one of the standout features of Microsoft perview is its capability for automated audits in traditional systems auditing could be a timeconsuming process requiring manual checks and validation with perview organizations can set up automated processes to regularly check and verify data access usage and compliance for instance if a company needs to ensure that specific high value content is in accessed outside of a particular department or region perview can automatically monitor this and flag any anomalies this not only streamlines the auditing process but also significantly reduces the potential for human error moreover for those keen on mastering the intricacies of data life cycle and Records management within purview Microsoft offers comprehensive training resources this helps organizations to harness the full power of Microsoft perview and its capabilities leading to a more streamlined and efficient records management system in this video you explored Microsoft purviews capabilities for records management which range from retention labels to automated audits with its ability to intuitively categorize retain or delete data perview is not only a solution for regulatory adherence but also a mechanism for efficient organizational workflow for organizations aiming for thorough data governance understanding and leveraging Microsoft purviews Myriad capabilities is undeniably invaluable before you continue discovering the capabilities of Microsoft perview for managing your organization's data let's make sure you know how to set up an account in this video you'll be guided through the steps to complete the following create creting a Microsoft perview account creating a collection and sharing and receiving data to create a Microsoft perview account first access the Azure portal by visiting the URL portal. azure.com then enter Microsoft perview accounts into the search bar and select it from the search results this will display any existing perview accounts however you'll be creating a new account entirely select create to begin setting up the Account Details In the project details section you'll need to specify a resource Group from the drop-down menu in this case let's select default Resource Group e us which stands for Eastern us for the managed Resource Group name enter Resource Group one and then select next networking to move on to the networking page in this page you can select to connect to your micros oft perview account either publicly via public IP addresses or service end points or privately using a private endpoint here keep all networks selected and then select next configuration for the next page this page is for setting up Kafka configurations which are beyond the scope of this video so let's leave it for now and select next tags to move on here add a tag with the value value test and the name Ms resource usage and then select next review and create on this page verify that the settings displayed are correct here the create button is dim because a tenant level account with the name Sam's Scoops already exists however you can select it if this is not the case for you after creating your account it will appear in the main Microsoft perview accounts page with your account created let's go through the steps for creating a collection navigate to the URL web. perview do azure.com where you will be prompted to select a Microsoft purview account under account name select the name of the account you created earlier and then select continue on the account homepage select data map from the left pane followed by collections in the submenu that appears this opens the collections management page here select your root collection this is the top collection in your collection list and will have the same name as your Microsoft perview account in this example it's called Sam's Scoops select the role assignments tab in the collection window note that to create a collection you'll need to be in the collections admins list if you created the account you should be listed as a collection admin under the root collection already if not you'll need to contact the collection admin to Grant you permission to continue navigate once more to data map and then collections from the left pane to open the collection management page continue by selecting new collection at the top of the collection window in the right panel you're required to enter the collection name and you can also provide a description and search for users to add them as collection admins in this example let's enter development for the name and then select create under the root collection in the collections page you should find the new collection you just created you can select it to view the basic details and collection path next let's create a share start by selecting data map in the left pane of the account homepage then select shares and finally select new share this opens a page that prompts you to select the storage account type and the storage account you want to share data from choose Azure blob storage as the type and select a source then select continue the next step is to specify a name which is required and a description of share contents which is optional let's enter storage 2 as the name and select continue you'll then need to search for and add all the assets you'd like to share at the container folder and file level tick the Box beside shared folder and then select continue you can edit the display names the shared data will have if you like then select continue the next step is to select ad recipient and choose user or app to share data to a user select user then enter the Azure signin email address of who you want to share the data with by default the option to enter the email address of the user is shown to share data with the service principal select app and then enter the object ID and tenant ID of the recipient you want to share data with after defining a recipient select create and share optionally you can specify an expiration date for when to terminate the share you can share the same data with multiple recipients by selecting add recipient multiple times you've now created your share the recipients of your share will will receive an invitation and they can view the share invitation in their Microsoft perview account when a share is created a new asset of type send share is ingested into the Microsoft perview catalog in the same collection as the storage account from which you created the share you can search for it like any other asset in the data catalog note that for this tutorial I've set myself as the recipient of the share this means that the invitation appears when I select share invites from the data sharing section of the data map menu you can access share invitations in both the classic Microsoft purview portal at web. perview azure.com and in the new purview portal found at purview microsoft.com in this video you cover the steps for creating a Microsoft perview account creating a collection and sharing and receiving data with this knowledge you're now ready to learn more about organizing data in perview organizations recognize the importance of managing their data to ensure compliance the Microsoft perview compliance portal offers tools like sensitive information types trainable classifiers content Explorer and activity Explorer to help admins understand their organizational data in this video you'll become familiar with these tools and how they aid in data classification Microsoft perview offers three methods for identifying and categorizing sensitive data manual classification by users automated pattern recognition for instance sensitive information types and machine learning data classification in the Microsoft purview governance portal involves categorizing data assets using logical tags or classes this classification is driven by the business context of the data leading to classes such as passport number driver's license number and credit card number this makes data assets more comprehensible searchable and governable it also highlights the risks associated with each data asset helping to protect sensitive or crucial data sensitive information types or sits are pattern-based classifiers with Microsoft perview providing built-in patterns defined by regular expressions or functions examples include credit card numbers passport details and Health Service numbers Microsoft perview also allows for the creation of custom sits and exact data match or EDM classification trainable classifiers powered by Ai and machine learning are adapt at categorizing unique data like specific contracts or customer records they come in two types pre-trained classifiers which are ready to use immediately and custom trainable classifiers tailored to an organization's specific data their efficacy is determined by seeding testing and refining the prediction model to manage the large volume of classifiable resources the compliance portal offers an overview section this provides a snapshot of sensitive items their locations and user actions on this content content Explorer is a feature that allows administrators to view the items in full detail offering greater insight into classified content due to the sensitive nature of the information access is limited to two roles content Explorer list viewer and content Explorer content viewer the activity Explorer gives insight into discovered and labeled content allowing monitoring of actions related to the content it provides visibility into document level actions like label changes and features filters for better understanding of actions on labeled content over time this tool is instrumental in evaluating the efficacy of EX existing controls activity types that can be analyzed include file copy to removable media file copy to network share label applied and label changed admins can use more than 30 filters for data including location user sensitivity label and retention label by monitoring actions taken with sensitive content administrators can determine the effectiveness of their data loss prevention policies for instance if many items labeled as highly confidential are suddenly labeled as public it signals a need to adjust policies and limit unwanted Behavior Microsoft perview traces the Journey of data across an organization's data landscape which is known as data lineage this is essential for tasks like troubleshooting root cause analysis in pipelines and impact evaluations given the complexity of Enterprise data data environments visual representations can be intricate perview offers several options including entity level which displays data as a graph showing connections between data sources processes and targets attribute level which highlights specific data attributes that move or transform between systems and process status which captures the operational status of data processes aiding in data quality checks and root cost analysis data lineage in Microsoft perview enhances data Quality Trust and auditability the goal is to seamlessly integrate all data systems offering a Consolidated view for improved data governance next let's explore some key benefits of the data map feature in Microsoft perview it provides functionality and facilitates data governance by capturing metadata across diverse platforms ensuring continuous updates through built-in scanning for scalability each perview account begins with a single data map capacity unit which adjusts based on metadata volume and requests capacity units in data map hold important details such as structural details and operational logs a single unit handles 25 operations per second and stores up to 10 GB of metadata data map's adaptive nature offers cost savings especially with its autoscaling feature and en enhanced scanning capabilities and finally the service is invaluable for practical usage users can start with a basic size for the data map leveraging its flexibility to scale with demand monitoring tools in the Azure portal enable tracking of storage and operations aiding cost management The Meta model in Microsoft perview data map is a tool that offers detailed insights into the organization usage impacts and daily roles of business data while purviews technical metadata outlines data structures it lacks insights on real world applications a gap that the meta model fills this feature is particularly valuable for addressing non-technical queries about data origins or its relevance to certain projects for data managers The Meta model clarifies the importance and health of data guiding efficient data governance especially when different data uses have varying privacy requirements The Meta model is structured around assets like sales teams or SQL tables and how they relate to one another the concept of asset types within the meta model provides templates for defining non-technical business aspects like departments users can both utilize provided templates and customize their own through the meta model interactions between these assets can be easily defined and understood simplifying the mapping of complex business business data relationships for example if you want to use Microsoft purview to show how key data sets are used in our business processes you can represent that information as a template you can then use it to describe how a specific business process uses a specific data set in this video you were introduced to data mapping and the tools in Microsoft purview for accomplishing it these help to enhance data governance understanding and management across organizations data lineage offers visual representations of data's Journey fostering trust and auditability while the meta model in the perview data map fills the gaps between technical metadata and real world data applications through its functionalities perview streamlines data governance ensuring that businesses can easily map monitor and manage their data assets efficiently and effectively by now you're aware that Microsoft purview offers organizations a vast degree of control over their data including the conditions for Access but doesn't this also create a large amount of additional work that needs to be done fortunately with access policies in play this doesn't have to be the case in this video you'll learn about the components of policy statements in Microsoft perview as well as how access and devops policies are enforced Microsoft purviews Access policies allow you to manage access across various Data Systems through the policy management app in the purview governance portal users can be given direct access to resources such as reading and Azure storage account once registered these data access policies can be enforced on Data Systems via perview let's go over some key concepts of Microsoft purview Access policies defined simply Microsoft purview policy is a collection of policy statements which when published to Data Systems are enforced by by those systems a policy statement is an instruction detailing how a data source should handle a specific operation it includes four components which are action effect data resource and subject let's explore these one by one action describes the operation allowed or denied by the policy like read or modify effect refers to the outcome of a policy currently only the value allow supported which dictates the resultant effect of the policy a data resource specifies the exact path of the data asset to which a policy is applied and a subject represents the Azure active directory identity such as a user group service principle or managed service identity for which the policy is relevant to better understand how this all comes together consider this example a policy could allow a group named Finance analyst to read data from a storage container named fin data if group member tries to read from fin data they'd be allowed note that policies can be applied hierarchically meaning if a policy is set on a container it affects all its child objects if multiple policies pertain to the same data asset perview will consolidate and choose the most restrictive one for instance if one policy allows reading and another denies it for the same use group The deny policy takes precedence new policies start in draft mode and are only visible in Microsoft perview publishing the policy enforces it in the specified Data Systems if a policy refers to an asset from another data source this is disregarded during enforcement Microsoft perview allows it and devops Personnel to manage access to system metadata crucial for maintaining database system health performance and security users with a policy author role at the root collection level in Microsoft perview can create update and delete devops policies once saved these policies are automatically published there are some functional differences between access policies and devops policies access policies manage access to data systems across an organization's entire data estate they act as access grants created through Microsoft perview Studio and determine whether certain Azure active directory principles should have specific types of access to data sources or assets within them devops policies are a subset of access policies focused on access to database system metadata not user data they streamline access for it operations and security auditing staff unlike General access policies devops policies only Grant access they don't have the capability to deny it the core elements of a devops policy include the subject which refers to the Azure ad users groups or service principles granted access the data resource that specifies the scope of enforcement currently only SQL type data sources are supported and the role which represents the set of actions permitted on the data resource current roles include SQL performance Monitor and SQL security auditor both providing access to SQL system metadata as with access policies devops policies follow hierarchical enforcement it is not only enforced on the specified data resource but also all its child resources for example a policy on an Azure subscription affects all related resource groups data sources and databases within imagine that Bob and Alice need access to multiple SQL Server instances their manager groups these servers into a single Resource Group creates an Azure ad group for Bob analice and grants them access via a Microsoft perview devops policy this approach eliminates the need for individual server logins enhances security via the principle of least privilege automatically enforces policy on new servers simplifies permission adjustments via Azure ad group updates and gives a centralized view of all granted permissions in Microsoft perview Studio the key principles that guide devops policies are to simplify reduce effort and enhance security for simplification role definitions encapsulate necessary permissions for typical it and devops roles minimizing the need for detailed permission expertise to make things easier a graphical interface and support for policies on entire Azure groups and subscriptions expedite the process and for improved protection centralized access management easy review and revocation capabilities alongside the support for the principle of leas privilege bolster security measures in this video you learned about policies in Microsoft perview specifically the components of a policy statement and the differences between access and devops policies purviews approach ensures efficient control over data resources enabling hierarchical enforcement and promoting best practices such as the principle of least privilege with a use user friendly interface and role definitions that cater to specific it and devops needs perview streamlines access management and enhances security making it an invaluable tool for data governance Insider risk is a significant concern for organizations worldwide it refers to the potential threats posed by individuals within an organization such as employees contractors or business partners who have inside information concerning the organization security practices data and computer systems these threats can be both unintentional and intentional ranging from accidental data breaches to malicious Insider attacks in this video you'll explore what Insider risk is the various types of Insider threats and begin understanding how this impacts organizations consider that an employee might accidentally send sensitive data to the wrong person or leave their computer unattended in a public place Insider risk are not always intended to be malicious often it arrives from well-intentioned employees who inadvertently cause security breaches recall fishing for example which is when an attacker attempts to deceive people into providing sensitive information often through emails containing dangerous links however there are also cases where employees with authorized access intentionally harm the organization for personal gain or other motives now let's unpack the two types of Insider threats accidental data breaches refer to unintentional incidents where employees or Associates accidentally expose or compromise sensitive or confidential information but why might these breaches occur unintentional threats are non-malicious threats arising from negligence or accidents some examples include ignoring security protocols or mistakenly sending sensitive information to the wrong recipient collusive threats involved insiders inadvertently collaborating with external entities to harm the organization third-party threats come from contractors or vendors who have some level of access to the organization's resources mishandling of data involves scenarios where employees accidentally share confidential files with unauthorized individuals misplace them or leave them exposed in public or unsecured places sending information to the wrong recipient occurs when an employee mistaken L sends sensitive or confidential data to an unintended recipient this can happen through email messaging apps or other communication tools the final reason is failure to secure data this pertains to situations where employees neglect or forget to implement security measures such as failing to encrypt sensitive files using weak passwords or not following security protocols malicious Insider attacks are intentional and deliberate actions taken by employees assoc Ates or other insiders to harm the organization or compromise its data Integrity let's examine the three forms that these threats can take intentional threats often termed as malicious insiders these individuals intentionally harm the organization for personal gain or grievances their actions can range from leaking information to sabotage Data Theft is where insiders intentionally steal proprietary confidential or sensitive information the motive can be personal gain selling the information or benefiting a competitor or adversary then data corruption involves malicious Insider altering tampering with or deleting data to cause harm disrupt business operations or sabotage the organization's functions and data leakage consists of insiders intentionally sharing confidential proprietary or sensitive information with unauthorized parties competitors or the public this can damage the organization's reputation competitive advantage or lead to Legal repercussions but how are Insider threats manifested there are several ways in which this is done one possibility is violence which includes threats or acts to create a hostile environment Espionage involves spying activities for political military or financial gains sabotage aims to harm an organization's infrastructure theft concerns stealing money or intellectual ual property and cyber threats through technology are either unintentional like falling for fishing emails or intentional like inserting malware now that you understand what Insider risk and threats consist of let's unpack the potential impact this has on organizations Insider threats can result in substantial Financial loss whether through fraud data theft or the exposure of proprietary information organizations can face direct monetary losses and costs associated with damage control reputational damage may occur from data breaches involving customer or client data resulting in tarnishing an organization's reputation a compromised reputation can lead to a loss of customer trust decreased business and potential legal ramifications next is operational disruption here actions by malicious or negligent insiders can hinder regular business operations which might result in Project delays increased operational costs and loss of business opportunities then there are legal consequences organizations are bound by various regulations to protect sensitive data failure to do so especially due to negligence in managing Insider risks can lead to Legal penalties fines and lawsuits in this video you learn what Insider risk is the various types of Insider threats as well as the impact it has on organizations you now know that Insider risks such as falling victim to a fishing scam are unintentional or it can be intentional and malicious from individuals with inside access it can manifest in various forms from accidental data breaches to deliberate sabotage the consequences of such threats impact an organization's Financial standing reputation operational efficiency and legal standing it is imperative for organizations to recognize and Pro proactively address these risks to safeguard their assets reputation and future Insider risk management is a crucial aspect of any organization security and compliance strategy with the increasing complexity of it environments and the growing sophistication of cyber threats organizations are more vulnerable than ever to risks posed by their own employees contractors and partners in this video you'll unpack Insider risk management you'll learn about modern risk in the workplace the role of Insider risk management monitoring through analytics to identify potential risk and how you can start implementing Insider risk management let's first provide you with context so that you understand modern risk in the workplace managing risk in today's organizations requires a deep understanding of the various types that are present some of these risks arise from external events Beyond an organization's contr control While others stem from internal events and actions by users notably risks can emerge from illegal inappropriate unauthorized or unethical actions by members of the organization examples of such risks include leaks of sensitive data violations of confidentiality theft of intellectual property fraudulent activities insider trading and Regulatory Compliance breaches in the contemp orary workplace users have the capability to create manage and distribute data across numerous platforms however many organizations lack the necessary resources and tools to effectively identify and mitigate these risks all while upholding user privacy standards this is where Insider risk management comes in Insider risk management employs a comprehensive approach utilizing both service and thirdparty indicators to swiftly pinpoint assess and address risk activities by leveraging logs from platforms like Microsoft 365 and Microsoft graph organizations can establish specific policies to detect risk indicators these policies recognize risky behaviors and the steps to counteract them the core principles of Insider risk management include transparency by balancing user privacy and organizational risk through a privacy Centric architecture configurability where policies based on industry location and business groups are tailored integration involving seamless workflow integration across Microsoft purview Solutions and actionability which offers insights that facilitate reviewer notifications data probes and user investigations it's important to be equipped with tools that help you identify potential risks Insider risk analytics provides a means for organizations to evaluate potential Insider threats without the need to set up any specific risk policies these evaluations guide organizations in pinpointing areas with heightened user risk and determining the nature and extent of Insider risk management policies to implement additionally these evaluations can inform decisions regarding licensing needs or refinements to existing risk policies you may be new to Insider risk management or want to create new policies the recommended actions feature offers a streamlined experience this includes steps like setting up permissions selecting policy indicators and crafting a policy specifically an Insider risk management involves the following phases policy alerts triage investigate and action let's unpack these phases in more detail the workflow for Insider risk management is designed to identify investigate and address internal risks it utilizes policy templates activity signals from Microsoft 365 and alert and case management tools to provide actionable insights on risky behaviors policies in Insider risk management are crafted using predefined templates and conditions these conditions dictate which events and risk indicators are monitored how they trigger alerts which users are covered the services in focus and the detection time frame there's a variety of policy templates available such as data theft by departing users security policy violations and risky browser usage alerts are automatically generated when risk indicators match policy conditions these are showcased in the alerts dashboard which provides an overview of all alerts their status severity and other pertinent details when new user activities arise that warrant investigation they generate alerts labeled built needs review reviewers can then assess these alerts either opening a new case linking the alert to an existing case or dismissing it the triage process which evaluates findings and determines how to solve them allows reviewers to delve into the specifics of the alert this includes user activity and profile information the investigate phase is facilitated by user activity reports which allow for a thorough examination of a user's activity over a specific period cases are created for alerts that demand a more in-depth review the case dashboard offers a comprehensive view of all Active cases their status and other relevant statistics the primary tools for investigation include the user activity chart content Explorer and case notes Additionally the audit log feature ensures transparency by logging actions taken on Insider risk management features the Final Phase involves taking action reviewers can decide on the next steps whether it's resolving the case or collaborating with other stakeholders for minor policy violations reminder notices can be sent to the user in more severe cases the information might need to be shared with other departments or Services note that Insider risk management integrates seamlessly with other Microsoft perview Solutions such as ecovery premium for an endtoend workflow and Office 365 management apis for exporting alert data to other Platforms in this video you learn that Insider risk management is an indispensable component of modern organizational security IT addresses potential risks that occur from within the workforce itself you also learn that by using Advanced analytics and comprehensive workflows organizations can proactively identify assess and mitigate internal threats with features ranging from automated alerts and triage processes to in-depth investigation tools it offers a robust framework for balancing user privacy with organizational security Insider threats pose a significant risk to organizations often more so than external threats you've learned that these threats come from individuals within the organization such as employees contractors or business partners they have inside information concerning the organizations security practices data and computer systems establishing an effective Insider thread program is Paramount there are different techniques that allow response teams to detect triage and investigate incidents and include understanding the behavior patterns of insiders monitoring user activities and setting up alerts for suspicious activities in this video you'll learn about user activity reports explore the alert dashboard and comprehend the importance of an incident threat response plan investigating potentially risky user activities is pivotal in reducing Insider threats within an organization these activities may be trigger alerts from Insider risk management policies or compliance related risks detected by policies without immediate alerts to probe into these activities organizations can utilize the user activity reports or the alerts dashboard user activity reports facilitate the examination of potentially risky behaviors for specific users over a designated time frame without necessarily linking them to an Insider risk management policy in many cases users are clearly outlined in policies with potential policy alerts and risk scores however there are situations where you may need to inspect user activities that are not explicitly mentioned in a policy this could be due to tips about the users's risky Behavior or because certain users don't usually fall under any Insider risk management policy so what happens during the configuration and Reporting process for user activity reports well once indicators are set up on The Insider risk management settings page the system starts monitoring user activities for any potential risks associated with these indicators this ensures that all user activities are up for review irrespective of whether they trigger an event or alert reports are generated for individual users encompassing all their activities over a customizable 90day span however creating multiple reports for a single user is invisible after analyzing the potentially risky activities investigators have the option to classify certain user activities as harmless they can also share the report with other investigators or decide to temporarily or permanently link users to an Insider risk management policy only those assigned to The Insider risk management investigators role group have access to the user activity reports page there are various components within the user activity report the report for a chosen user is divided into three main sections namely user activity activity Explorer and forensic evidence user activity is an investigative chart of potentially risky actions and any related sequential activities it offers a comprehensive review of a case showcasing a historical timeline activity specifics the user's current risk score a sequence of risk events and filters to assist in the investigation the activity Explorer equips risk investigators with an in-depth Analytics tool shedding light on activity details it allows for a swift review of a timeline showcasing detected risky behaviors and helps pinpoint and filter activities linked with alerts finally forensic evidence provides more information especially especially in the activity Explorer segment of the report here you can view captured clips and Associated information that are displayed in a list the information includes the date and time of the capture username and activity types now that you have a good idea of user activity reports let's move on to the alerts dashboard the alerts dashboard is a tool designed to manage Insider risk through alerts generated by risk indicators that are defined in Insider risk management policy these alerts offer compliance analysts and investigators a comprehensive view of the current risk status enabling organizations to address and act upon identified potential risks while policies by default produce a mix of low medium and high severity alerts organizations have the flexibility to adjust the volume of these alerts based on their requirements The Insider risk alerts dashboard is a platform that allows users to Monitor and respond to alerts alerts triggered by Insider risk policies the information displayed on the dashboard is based on data from the last 30 days it also includes total alerts needing review section which provides account of all alerts that require review and triage further broken down by their severity levels it's categorized by their high medium and low severity levels the average time to resolve alert segment offers valuable statistics on alert resolutions detailed in hours days or months such as the average duration to address High severity alerts the average time taken to resolve medium severity alerts and the typical resolution time for low severity alerts however having tools and Technologies in place is not enough the importance of having a clear incident response plan is imperative an incident response plan outlines the procedures to follow when an alert is triggered it ensures that the organization can quickly and effectively address the threat minimizing potential damage Microsoft emphasizes the importance of incident response and defines it as the detection management and recovery from cyber attacks security breaches or it incidents further more an effective incident response plan should include protocols for investigating and responding to Insider threats it's essential to have a dedicated team responsible for incident response who are trained to handle Insider threat specifically this team must be equipped with the necessary tools and Technologies to detect and mitigate threats in real time in this video you learn that Insider threats present a unique and often underestimated challenge to organizations while tools like user activity reports and the alerts dashboard provide valuable insights into potential risks they are only as effective as the strategies and protocols in place to utilize them a comprehensive incident response plan emphasizing Swift detection management and Recovery is crucial organizations must not only invest in Advanced Technologies but also in training dedicated teams to handle these threats Insider risks are one of the top concerns of security and compliance professionals protecting your organization against these risks can be challenging to identify and difficult to mitigate Insider risks include vulnerabilities in various areas and may cause major problems ranging from the loss of intellectual property to confidential data and many others that are quite common in this video you'll learn to identify and mitigate Insider threats by specifically exploring Microsoft 365 risk prevention features you'll also be introduced to communication compliance information barriers and unpack privileged access management let's move on to Microsoft 365 risk prevention features which are designed and built in to Insider risk products and solutions these Solutions work together and use Advanced service and thirdparty indicators to help you quickly identify triage and act on risk activity most solutions offer a comprehensive detection alert and Remediation workflow for data analysts and investigators to use quickly to minimize these risks communication compliance policies play a pivotal role in ensuring that messages within an organization adhere to various compliance areas these areas include corporate policies risk management and Regulatory Compliance let's expand upon these further corporate policies relates to all business related Communications by users that must align with the organization's acceptable use ethical standards and other corporate guidelines communication compliance policies can identify any deviations from these standards and facilitate corrective measures for example these policies can monitor communication for potential human resource issues like harassment or the use of inappropriate language for risk management organizations must oversee all Communications across their infrastructure and corporate networks implementing communication compliance policies helps pinpoint and manage potential legal risks thereby preventing adverse organizational impact an example would be monitoring messages for unauthorized discussions or conflicts of interest related to confidential projects such as mergers Acquisitions or leadership changes communication compliance policies can assist organizations in fulfilling these regulatory requirements by offering a systematic approach to analyze and report on corporate Communications lastly Regulatory Compliance binds many organizations to Regulatory Compliance standards such regulations often necessitate a monitoring or oversite mechanism for messaging which is tailored to the specific industry for those in the financial sector there are specific guidelines on compliance and security considerations communication compliance offers several important features to help address compliance concerns on your messaging platforms intelligent customizable templates flexible remediation workflows and actionable insights with an understanding of communication compliance let's move on to learn about information barriers information barriers enforce data access controls and restrictions to maintain compliance and security it protects confidential information avoiding conflicts of interest during two-way communication Microsoft perview information barriers or IB is a specialized compliance tool designed to regulate two-way communication and collaboration among groups and users within Microsoft teams SharePoint and one drive once IB policies are activated they ensure that certain users are restricted from communicating or sharing files with designated others specifically these users won't have the capability to locate sell select chat with or call restricted individuals these policies are meticulously designed to identify any unauthorized interactions among specified groups and users and stop them it's important to note that IB policies operate separately from compliance boundaries set for ecovery investigations which dictate the content locations that eisc Discovery managers are permitted to explore IB policies can be tailored to a variety of scenarios to control communication and collaboration some examples include restricting Finance staff working on confidential data from sharing documents with specific organizational groups an internal team possessing Trade Secrets is barred from external online chats or calls and a dedicated SharePoint site is inacessible to anyone outside of that group so essentially information barriers protect sensitive information in a two-way communication exchange equally important is granular access management for privileged users Microsoft perview privileged access management or Pam offers detailed control over privileged administrative tasks in Office 365 its primary function is to safeguard organizations from potential breaches that might exploit privileged admin accounts with ongoing access to sensitive data or essential configuration settings Pam mandates users to seek just in time access for elevated tasks via a strictly defined Tim limited approval process this setup ensures users have just enough access to execute a task minimizing the risk of exposing sensitive information or vital configurations by activating Pam organizations can function with zero standing privileges bolstering their defense against vulnerabilities Pam enhances the existing data and access protection features within the Microsoft 365 security framework incorporating Pam into a holistic security strategy ensures maximum protection of sensitive data and Microsoft 365 configuration settings Pam builds upon Microsoft 365's native data encryption and its role-based Access Control model when it's integrated with Azure ad privilege identity management both features offer just in time Access Control at varying Scopes Pam is for task level operations in contrast Azure ad privileged identity management or Pim offers protection at the role level allowing the execution of multiple tasks while Azure ad privileged identity management manages access for active directory roles Microsoft perview Pam is Task oriented for organizations using Azure ad privileged identity management alongside Pam introduces an additional detailed layer of protection and auditing capabilities for privileged access within Microsoft 365 and then using Microsoft perview Pam and then enabling Azure ad privileged identity management extends privileged access Beyond Microsoft 365 focusing on user roles or identities in this video you learn that Insider risks necessitate robust security and compliance measures Microsoft Suite of compliance tools offers a multi-layered approach to mitigate these risks communication compliance policies ensure that internal messaging aligns with corporate legal and Regulatory standards while information barriers restrict unauthorized interactions among specific groups and users then privileged access management adds another layer of security by controlling access to sensitive data and configurations through just in time and just enough access protocols data has emerged as the Cornerstone of all operations and Endeavors and Microsoft has identified four principles to guide how organizations should engage with it know protect prevent and govern together they offer a comprehensive approach to data man management especially when it comes to understanding the life cycle of data in this video you'll dig into these principles and how they apply to different stages of the data life cycle let's explore each one in detail starting with no before devising strategies to protect and govern data organizations must first grapple with the extent and nature of the data they hold comprehensive insight into the location and magnitude of sensitive data is pivotal for assessing risks and enables a strategic approach to data protection and governance as organizations embark on this journey they should ask several questions who is the owner of the data what categories of data are in their possession where is this data located what inherent risks does the data pose What mechanisms can be adopted for data classification and how can the entire life cycle of the data be tracked there are also several data classification Concepts that help in comprehending an organization's data layout one would be sensitive information types which include patterns such as credit card numbers identified via regular Expressions Microsoft offers around 100 standard types but custom patterns can be made another is trainable classifiers these use Ai and machine learning rather than just pattern recognition to identify and categorize data especially unique organizational content then there are labels which serve as data indicators for instance a confidential label restricts data sharing Microsoft uses two label types sensitivity labels provide content protection with features like encryption labels range from personal to highly confidential and can be applied broadly across data held by the organization retention labels specify how long data should be stored and range from 30 days up to permanent storage these labels are specific to Microsoft 3 365 one more data classification concept is policies which dictate data Behavior after classification this includes mandatory labeling default labels and where they can be applied policies protect data by ensuring that it isn't shared wrongly and by setting storage durations when it comes to keeping data safe Microsoft offers a solution for information protection that aims to detect classify and secure vital data within a company this system gives flexibility allowing both simple and advanced protective measures key technical aspects include integration of protection across Microsoft products like word SharePoint online Microsoft teams and powerbi extending protection to include physical devices internal data storage and thirdparty cloud services and customizable data labeling with choices such as automated manual or recommended options this flexibility ensures security without interrupting user workflows Microsoft's data loss prevention or DLP tool helps organizations detect and prevent undecided distribution of sensitive content several factors influence how this is handled for one the data source impacts decisions for instance it might be acceptable for a finance team to share taxpayer IDs but not for a marketing team the data destination also matters as sharing sensitive data within an organ ization differs from sharing externally responses can be adjusted based on the recipient's nature the volume of sensitive information being shared affects reactions sharing a single credit card number is less concerning than sharing thousands and lastly the potential consequences of data exposure determine the action low-risk data might result in user prompts moderate risk might notify it while high risk scenarios could lead to data blocking or encryption Microsoft's data governance concentrates on retaining vital data and eliminating the unnecessary through two primary tools one is data life cycle management which AIDS businesses in importing storing and categorizing crucial data ensuring essential information is retained while discarding superflu content the other is records management this is designed for data that must remain unaltered it employs SM classification to automate retention schedules ensuring data meeting regulatory or business standards is appropriately kept core features of these Solutions include streamlined Administration that allows uniform application of policies across both internal and external data related to Microsoft 365 automation for governance policies at Large Scale such as autod deltion of outdated data ensuring minimal manual intervention and customizable workflows that support adjustable retention policies custom events can trigger retention processes and the disposition review feature allows nominated individuals to manage content nearing its retention end ensuring proper review and action in this video you became familiar with the four principles that inform Microsoft's holistic approach to data management know protect prevent and govern these enable detailed insight into Data ownership type location risks classification and its entire life cycle they also result in data protection solutions that are versatile integrated and customizable encompassing tools for data classification loss prevention and wide- ranging protection across various platforms Microsoft's use of centralized Administration Automation and tailored workflows helps Safeguard data ensuring correct use and adherence to Regulatory and business standards data life cycle management or dlm is a fundamental aspect of data governance that entails a systematic management of data from its creation to disposal in this video you'll identify the major steps involved in dlm along with best practices for handling assets throughout the process you'll then find out how Microsoft purview can help organizations accomplish these tasks more effectively perview is a solution that offers robust features to manage this life cycle effectively but first let's find out what data life cycle management entails in the initial stage data gets created or captured in various forms such as PDFs Word documents or SQL database data the next step is to process the data which entails cleaning enriching and organizing it for easier use after that the data is accessed and used for various operational and analytical purposes data that is not currently in use but may be needed later is archived for long-term storage and finally obsolete or redundant data is deleted or purged purview helps organizations not only in archiving but also in managing data across these stages seamlessly as with data Assets in the Microsoft perview data catalog also require active management these assets Encompass technical metadata detailing collection lineage and scan information there are also glossaries classifications and ownership which delineate the business structure of data for successful Asset Management individuals accountable in the organization should be well versed with data governance processes and know how and when to execute these workflows utilizing Microsoft purview for data governance mandates organizations to establish specific processes and designate roles to manage asset life cycles the this ensures that the cataloged data remains valuable for its users it's pivotal to keep the metadata in the catalog updated to efficiently manage data on a large scale concerning Discovery quality security and privacy there are also several benefits of using purview for data governance for one the Microsoft purview data catalog Demands a concrete definition and structure of data to facilitate efficient data search and protection across an organization s data repositories a structured asset life cycle management process ensures the Precision of asset metadata this boosts the catalog usability and the capability to safeguard pertinent data and business professionals are more inclined to use the catalog for data searches if it is upheld by robust data governance procedures to get the most out of purview there are a few guidelines you should follow when it comes to creating and managing cataloges it's important to follow a consistent procedure when categorizing and logging Assets in the catalog you should also acquaint yourself with managing the essential metadata for the Assets in the catalog this includes maintaining a business glossery and bespoke classifications and knowing how to transfer assets between collections or remove asset metadata from Microsoft perview is useful knowledge a significant role in Microsoft perview is that of a data curator who has the authority to control read write permissions for assets in a collection group to bolster data governance processes this role is designated to specific data governance personas a data owner is a high ranking business Authority responsible for ensuring data quality and protection in a particular area they decide on data access and usage rights on the other hand a data expert possesses comprehensive knowledge about the business process data creation or consumption Trends a data steward oversees the definition quality and administration of specific data sectors these individuals are domain experts who collaborate with their counterparts to decide on data management facets meanwhile a data custodian is tasked with overseeing one or more data controls in this video you became familiar with the core steps and best practices for data life cycle management which is pivotal in streamlining data governance processes you also find found that Microsoft purview offers a seamless method to oversee the entirety of data's Journey from creation to disposal with a clear framework for data management encompassing technical metadata business structures and established data governance personas like data curators owners and stewards perview ensures Clarity precision and Security in managing asset metadata tools like perview complemented by rigorous governance procedures have become indispensable in fostering efficient data utilization ensuring data protection and maximizing organizational productivity for most modern businesses Gathering customer data has become a top priority but have you considered what happens with it once it has been acquired due to the potentially sensitive nature of this data laws and regulations dictate how it must be handled and operating outside of these mandates can bring consequences both legal and reputational for a better IDE idea of what can happen when things go wrong let's get familiar with Kendall's experience Kendall has just started a job as a data engineer for aista a producer of designer headphones her primary role involves organizing and preparing data for analysis the data in question consists of everything from birthdays to bestselling headphone colors the company values this data as it can lead to a deeper understanding of customer wants and behavior but customers also value it for a different reason much of it contains personally identifiable information that they would not want to fall into the wrong hands Kendall is excited about the job but with her awareness of data management regulations she also carries anxiety about doing the wrong thing she finds the company's way of working a bit unstructured but chalks it up to a laid-back culture and doesn't think too much of it after all aista handles a relatively low volume of data and she feels comfortable taking it on as it comes sometime later the company runs a highly successful marketing campaign and sales go through the roof the CEO is ecstatic however this also means that Kendall's team is inundated with much more data than they've ever dealt with before yet the company stubbornly believes that the team can manage and Kendall does her best to keep up despite her efforts the madness catches up to her and things start slipping through the cracks data is left unprotected access is unrestricted and assets that should have been disposed of remain in storage one day Kendall attends a team meeting and senses a grim atmosphere pervading the room she soon discovers a reason why a review of the company's data management practices conducted by an external auditor revealed it to be in violation of several major data handling regulations aista is hit with fines and restrictions but even then the worst is yet to come as news of the company's transgressions spreads its image takes a beating it is berated in the media sales plumet and revenue Falls well below projections perhaps most impactful of all is the breach of trust between business and customer Shoppers no longer feel safe sharing their information with aista and begin looking elsewhere for their audio needs even partners and suppliers begin distancing themselves and just like that a one promising player in the headphone Market suddenly finds itself clinging to relevancy suddenly Kendall comes to her senses and realizes that the audit and its aftermath were all in her head nonetheless she sees it as a wakeup call and States her case to the team imploring them to make changes before it's too late so what should aista do to get on the right track for one it can act on Kendall's intuition about the lack of process which placed customer data at risk a the starting point would be a structured approach to data management based on four principles knowing the data by identifying the most sensitive assets protect it with measures like encryption and access restrictions prevent data loss with sharing limitations and govern data with stringent guidelines for retention and Disposal it seems like a lot to take on but making this happen is easier than the company might think data Management Solutions like Microsoft perview offer such features as as AI powered identification and policy-based workflows that help businesses make informed decisions about what to do with data assets each step of the way aista may also want to establish roles fully dedicated to data protection and compliance such as an information security officer to regularly access the company's adherence to laws and regulations better enabling it to protect its reputation thanks to Kendall aista is paired from a potentially devastating fate an improved data management strategy keeps the company in good standing with the law and maintains customer trust with a good plan and capable tools like Microsoft perview the team can get back to creating the hottest new headphones on the market in the age of digital transformation the way organizations handle and classify their data has profound implications for governance security and operational efficiency Microsoft perview stands at the Forefront of this revolution offering an intuitive platform that not only classifies but also governs the entire life cycle of data from creation to disposal the perview system integrates data classification automated mapping and comprehensive review processes to Ure organizations maintain optimal data health and compliance in this video you'll explore the features in perview that assist with two core steps of information governance which are data classification and disposition review as you discovered earlier Microsoft perview allows users to categorize data assets by affixing distinct logical tags or classes based on the data's business context this could range from classification tags like passport number and driver's license number to credit card number Swift Code and even person's name benefits of classifying data assets include simplifying their understanding searching and governance furthermore classification assists in recognizing in the potential risks linked to these assets this prompts the necessary measures to safeguard essential or sensitive data from unregulated distribution and unauthorized access throughout the data estate the Microsoft perview data map offers an automated classification feature when scanning data sources with this users can Avail of over 200 buil-in system classifications or formulate custom classifications tailored to their data assets can either be autoc classified during ingestion in a configured scan or manually edited post scan within the Microsoft perview governance portal classification essentially organizes data into logical categories facilitating easier retrieval sorting and future referencing this is Paramount for data governance specifically classifying data assets serves to narrow down the search for data assets that you're interested in organize data classes that are important in your organization and where they're stored and highlight the risks associated with your most important data assets and then take appropriate measures to mitigate them the Microsoft purview governance portal acknowledges both system and custom classifications there are over 200 system classifications available which are indicated with Thunderbolt icons hovering over a classification offers insights into its nature and its application specifics for more tailored needs cust system classifications can be created these can cater to unique patterns or specific column names not covered under system classifications for instance if an employee ID column refers to a globally unique identifier or gu ID with a specific pattern a custom classification can be crafted using a relevant regular expression when content approaches the end of its retention duration multiple considerations come into play that might necessitate a re-evaluation before disposing of it for instance you may be legally obligated to hold on to relevant content a different retention period might be required if the original setting was merely provisional and historical or research importance might dictate relocating the content to an archive Upon triggering A disposition review at retentions end designated reviewers are notified via email reviewers can be individual users or mail enabled security groups the content of this email can can be customized even to include multilingual instructions however for multil language support users need to manually input translations and these are displayed to all reviewers regardless of their language setting after the retention period of an item concludes reviewers get an initial email notification followed by weekly reminders detailing the disposition reviews allocated to them reviewers can then access the content through the link in the email or by navigating to the disposition page in the Microsoft perview compliance portal on the disposition page reviewers will only encounter reviews designated to them however administrators in the selected Security Group for records management will see all reviews reviewers possess the capability to include new users within the same disposition review although it doesn't bestow these users with necessary permissions automatically a mini review pane appears for each content item during the review process here here if reviewers have the right permissions they can preview the content if not they can request access by selecting the content link this pane also features a details tab showcasing indexed properties content location creation and modification data and the responsible parties and a history tab that logs any previous disposition review actions potentially accompanied by comments from past reviewers disposition reviews can include content from sources like exchange mailboxes SharePoint sites and one drive accounts notably this content only faces permanent deletion once the final stage reviewer decides to do so in this video you learned about the benefits of using Microsoft perview as an endtoend information governance tool solution from classifying data to reviewing it at the end of retention purviews dual focus on Automation and user control ensures data assets are managed with precision and adaptability as organizations grapple with ever expanding volumes of data tools like perview enable them to harness its power while staying compliant and secure these days data is not only a crucial asset for businesses but also a liability if not handled appropriately its Protection Organization and compliance should lie at the Forefront of an organization's priorities in this video you'll go deeper into labeling and classification and understand the value of these practices for achieving these goals you'll then explore the tools in Microsoft perview and Microsoft 365 that can Aid in this process recall that labeling means tagging of data with meaningful identifiers making it easily discernable and retrievable classification is the step that follows systematically arranging labeled data into categories based on its attributes type or sensitivity think of labeling as naming a book and classification as placing that book on the correct shelf in a library on top of making it easier to locate labeling and classification also play large roles in Regulatory Compliance and data protection regulations are rules or directives that dictate how data especially sensitive or personal data should be handled preventative measures are proactive actions taken to prevent unauthorized access you use disclosure disruption modification or destruction of information both are integral for businesses to ensure data safety and remain compliant with global standards and local laws Microsoft perview offers a wide range of tools designed to facilitate and streamline the data labeling and classification processes the perview data map for instance provides a visual representation of how data is labeled giving Clarity on data's nature and its Associated risks through the Microsoft data classification dashboard businesses can glean actionable insights on data distribution and setup triggers for any anomalies ensuring they are always a step ahead in data protection another feature is sensitivity labels these are markers that can be attached to data indicating how sensitive it is and prescribing who can access it and under what circumstances coupled with the default lab labels and policies provided by perview organizations can ensure a comprehensive data Protection cover when it comes to Regulatory Compliance Microsoft perview stands out its data classification dashboard AIDS businesses categorizing data as per regulatory standards so that information is handled stored and transmitted in a legally compliant manner further perview information protection helps businesses adhere to both local and Global regulations thus reducing potential legal liabilities data classification Solutions aren't just limited to perview as Microsoft 365 has a few tricks of its own responsibilities of a Microsoft 365 administrator include monitoring evaluating and categorizing the content within the organization this ensures its appropriate control protection and management in alignment with the organization's requirements these tasks are done with tools like sensitiv it labels retention labels and classifications for sensitive information types there are multiple methodologies to discover assess and label the content often this results in many documents and emails being labeled signifying their importance or sensitivity once the labels are applied administrators typically need an overview of how these labels function across the tenant and how labeled items are being managed this is where the data classification page comes into play it offers insights into the quantity and types of items identified as sensitive the most frequently used sensitivity labels across Microsoft 365 and Azure information protection and the most applied retention labels it also features a summarized report of user activities related to sensitive content and locations where sensitive and retained data is stored furthermore the data classification page serves as a hub for managing various features these include trainable classifiers sensitive information type categories specialized sensitive information types based on exact data matches content Explorer and activity Explorer a key feature of data classification is its ability to scan and identify sensitive and labeled content even before the initiation of any specific policies a feature termed as zero change management this preemptive scan provides administrators a firsthand look at the implications of the applied labels within their ecosystem thus facilitating informed decisions regarding protection and governance policies in this video you've examined how data is methodically identified categorized and protected through the processes of labeling and classification Microsoft's comprehensive Suite encapsulating Microsoft perview and Microsoft 365 plays an indispensable role in this landscape these tools ensure that data is not only labeled and classified with Precision but is also managed and protected in compliance with global standards the blend of visualization sensitivity labeling retention management and preemptive scanning ensures that organizations can maintain a robust data protection regimen aligning with both their operational needs and Regulatory obligations you've reached the end of the second week in cyber security management and compliance during this time you've come to realize that securing data doesn't only prevent sensitive information from reaching the wrong people but also ensures that organizations follow data handling regulations and standards before moving on let's review the key Concepts that you have covered to start things off you were introduced to the concept of compliance which is adherence to regulatory legal and Company standards and policies where data management is concerned Microsoft adheres to many common Universal and Industry specific standards as informed by the benchmarks of the center for Internet Security or CIS these are reflected in several Microsoft tools and solutions including Azure Blueprints and the Microsoft compliance Center you discovered that a key process in Cloud migration is risk assessment which involves evaluating the risk level presented by apps with access to sensitive information the steps include identifying risks by pinpointing apps that are potentially problematic and determining their impact establishing risk levels and determining where the cloud service provider and customer are responsible and mitigating risks with measures such as credential management and aligning to standardized risk and control Frameworks next you explor the features and benefits of Microsoft perview a comprehensive data management solution core services include data use management which allows data access policies to be applied information protection which is used to discover classify and Safeguard sensitive data data life cycle management which relates to governing data throughout its life cycle and data loss prevention which aims to stop unintentional disclosure of sensitive data there are numerous tools in the purview portal that enable these tasks but among the most important are records management for organizing legal and business critical records automated data classification with pattern-based sensitive information types and AI powered trainable classifiers Microsoft perview data map for better understanding the where who and how of an organizations data and Microsoft perview policy for specifying actions effects data resources and subjects with policy statements moving on you shifted to Insider risk which refers to the potential threats posed by individuals within an organization you learned about the two types of Insider threats specifically accidental data breaches which are unintentional incidents of data compromise and malicious Insider attacks which are done with the goal of causing harm addressing Insider risk is important because the impact can range from Financial loss to reputational damage operational disruption and legal consequences Insider risk management is an approach for identifying and dealing with these threats and consists of five phases policy or defining the conditions for identifying risks alerts which send pertinent details to reviewers triage to determine risk severity and how to respond to them investigate which involves examining user activities and action or putting a plan into motion you then explored the tools available in Microsoft perview for implementing an Insider risk management strategy strategy such as user activity reports that facilitate investigation of a user's history of potential risky behaviors and the alert dashboard which compiles alerts generated by risk indicators that are defined in Insider risk management policies Microsoft 365 also has risk prevention Solutions like communication compliance to detect risks in organization Communications information barriers to enforce access restrictions and maintain compliance and security and privileged access management to limit access to the minimum needed to perform a task you wrapped up with an exercise that had you set up a simulated inside a threat then configure Azure security features to detect it and apply preventive measures you concluded by familiarizing yourself with the stages of the data life cycle which consists of the creation or capture of data processing data to prepare it for use or analysis accessing and making use of the the data archiving data that may be useful later and deleting or purging data that is not needed you also became aware of Microsoft's four guiding principles for engaging with data throughout its life cycle these are knowing the data by identifying which assets require greater security protecting data by such means as encryption and access restrictions preventing data loss by limiting sharing privileges and governing data to ensure proper retention storage or deletion as needed finally you delved into the features of perview that help organizations tie the data life cycle to these principles such as data catalog for a more structured data browsing experience data classification for categorizing data assets with built-in or custom classifications and disposition review for reviewing content at the end of its retention period and deciding next steps by completing compliance management you have increased your awareness of how to integrate strong data security practices with a strategy that takes compliance into account well done by now you understand the importance of organizations needing to be compliant to safeguard their assets intellectual property and people when it comes to organizations accessing government information certain compliance regulations must be adhered to for information protection and to reduce the risk of cyber breaches occurring in this video you'll learn about the federal information security management act or fsma you'll unpack what fsma is and the implications for federal agencies if they don't adhere to its requirements so what is fsma fsma is a US legislation that was introduced to bolster the security framework around federal information systems born out of the necessity to protect critical data from potential threats and cyber attacks fsma mandates Federal organ organizations to implement maintain and continuously update an information security program Federal organizations must ensure that their information security measures align with the potential risks and severity of damage arising from unauthorized interactions this includes accessing utilizing disclosing disturbing altering or eradicating data gathered or upheld by an agency or on its behalf or did digital systems managed by the agency contractor or a different entity representing the agency so fsma encompasses several areas but the main focus lies on the system inventory risk categorization and security controls implementation fsma has six primary categories that form the foundation of its guidelines these include risk categorization minimum Baseline controls document the controls in the system security plan refine controls using a risk assessment procedure annual Security review and monitoring the security controls on a continuous basis now let's expand upon these categories risk categorization involves understanding the risks before implementing security measures under fsma agencies categorize their information systems based on the potential impact of a security breach minimum Baseline controls involve setting a foundational security standard that all federal information systems must meet by adhering to this Baseline agencies ensure that their systems have robust defenses in place the document the controls in the system security plan category describes established security measures and protocols therefore supplying a blueprint for securing the information system with refined controls using a risk assessment procedure it's not enough to Simply Implement controls agencies must refine these controls based on a systematic risk assessment process as preparation for emerging threats security isn't a one-time process so annual Security reviews program officials and agency heads need to conduct yearly reviews that ascertain the effectiveness of the security measures this is also essential for obtaining fsma certification finally monitor the security controls on a continuous basis involves continuous monitoring to ensure that security Protocols are always updated adaptable and relevant fsma brings a more stringent and structured approach to Federal cyber security agencies must now be proactive not just in implementing security measures but in ensuring these measures evolve with the changing cyber environment this means that Beyond meeting fsma standards agencies are compelled to foster a culture of cyber security awareness and vigilance there's a standardized approach to security assessment authorization and continuous monitoring for cloud products and services it's a us government-wide program known as the federal risk and authorization Management program or fed ramp fed ramp was introduced in December 2011 with the objective of creating a standardized procedure to assess Monitor and authorize cloud computing services and products this was in line with fsma and aimed at promoting the use of secure Cloud solutions by US federal agencies fed ramp ensures that cloud services and products used by federal agencies meet consistent security requirements these requirements not only reduce duplicative efforts among agencies but save time and money it also helps in ensuring that the information held by the federal government in the cloud remains secure and is managed according to established standards for cloud service providers or csps interested in offering their services to a federal agency there are three distinct routes to prove their fed Ram compliance these include securing a provisional authoriz ization to operate or PTO from The fedr Joint authorization board or jab for short acquiring an authorization to operate or atto directly from a federal agency and independently crafting a CSP supplied package that aligns with program stipulations regardless of the chosen route it's mandatory for the csps to undergo an assessment this evaluation is carried out by an independent third party assessment organization also known as 3pao that is recognized by the program subsequently there's an intensive technical review conducted by the FED ramp program management office or pmo the foundation of fed ramp lies in the standards set by the National Institute of Standards and technology or n SP 853 and further enhanced by specific fed ramp controls the FED ramp authorizations are segmented into three distinct impact levels as outlined by nist federal information processing standard or fips 199 low impact is where the loss of confidentiality Integrity or availability would have a limited effect on the organization moderate impact is where a loss leads to a serious adverse effect and high impact results in severe or catastrophic consequences notably as the impact level rises the number of controls in the Baseline also increases for instance while the FED ramp moderate Baseline comprises 325 count controls the FED ramp High Baseline encompasses 421 controls in this video you learned about fsma and fedramp Frameworks within us Federal cyber security these Frameworks emphasize the criticality of safeguarding federal information systems against contemporary and emerging threats you learn that fsma through its structured approach and comprehensive categories forces federal agencies to not only Implement robust security measures but to refine and adapt them in in the face of a continually evolving digital landscape you discovered that with the increasing Reliance on cloud computing fed ramp offers a standardized approach to assess Monitor and authorize cloud services ensuring their alignment with the vital security prerequisites previously you learned that the federal information security management act or fsma forces federal agencies to not only Implement robust security measures but to refine and adapt them continuously you also learn that with the increasing Reliance on cloud computing fed ramp offers a standardized approach to assess Monitor and authorized cloud services ensuring their alignment with the vital security prerequisites in this video you'll move on to explore what the National Institute of Standards and technology or Nest framework is and how this framework helps organizations systematically manage cyber security risk you'll also discover Microsoft is associated with nist let's define what Nest is the National Institute of Standards and Technology framework provides a comprehensive structure for organizations to manage and mitigate cyber security risks this globally recognized framework is both flexible and adaptable and is therefore suitable for various sectors and organizational sizes the nist framework emphasizes the importance of aligning cyber security activities with business objectives and integrating cyber security risks into an organization's overall risk management strategy it is composed of three main components framework core contains common cyber security activities outcomes and references that apply broadly across various sectors and critical infrastructures it offers detailed guidance for crafting specific organizational profiles then using framework profiles allows organizations to synchronize and prioritize their cyber security Endeavors according to their specific business goals risk talk tolerance and available resources implementation tiers enable organizations to assess and comprehend the nature of their cybercity risk management approach aiding in setting priorities and attaining cyber security goals the framework is effective in fostering technical Innovation due to its technology neutral stance and reference to a range of evolving standards guidelines and practices by leveraging global standards updated by the industry it ensures tools and methods are adaptable across borders recognizing Global cyber security risks and technological progression using these standards boosts economies of scale and Spurs the creation of efficient products and services aligned with Market demands Market competition further accelerates the spread of these Technologies and benefits stakeholders the framework establishes a universal taxonomy for organizations to describe their current cyber security posture outline their cyber security goals identify and prioritize opportunities for improvement within the context of a continuous and repeatable process track progress to the desired State and share information about cyber security risk with both internal and external parties so you realize that risk management is a continuous process it's where organizations identify assess and respond to risks by understanding the probability of an event's occurrence and its potential impacts by comprehending their risk tolerance organizations can prioritize cyber security measures and make informed decisions about their investments in cyber security this approach AIDS organizations in adjusting and communicating changes to their cyber security strategies they can address risks by mitigating transferring avoiding or accepting them based on the implications for their essential Services the nist framework assists in regularly evaluating risks and ensuring organizations cyber security measures aligned with desire ired outcomes it is designed to be adaptive and flexible suitable for various cyber security risk management approaches including those by the International Organization for standardization or ISO but how do you use the nist framework well while it serves as a comprehensive tool for organizations to systematically manage cyber security risk it's not intended to replace existing processes instead it's there to Overlay onto processes identify gaps and provide a road map for improvement the framework can be applied across various phases of A System's life cycle these phases are plan design build or buy deploy operate and decommission organizations can use the framework in several ways such as basic review of cyber security practices establishing or improving a cyber security program and communicating cyber security requirements with stakeholders with basic review of cyber security practices organizations can use the framework core to compare current activities and outcomes against five high level functions such as identify protect detect respond and recover this can help in identifying areas for improvement or overinvestment establishing or improving a cyber security program is a seven-step process step one prioritizes and scope by identifying business objectives and determining the scope of systems step two is where you align by identifying related systems assets regulations and risks step three involves creating a current profile outlining which outcomes are currently achieved in step four you need to conduct a risk assessment to understand the likelihood and impact of cyber security events step five creates a Target profile focusing on desired cyber security outcomes comes step six involves determining analyzing and prioritizing gaps between the current and Target profiles followed by action plan creation the last step is the implementation of the action plan by adjusting current practices to reach the target profile organizations can also use the framework through communicating cyber security requirements with stakeholders the framework provides a common language for expressing cyber security requirements especially useful for complex and interconnected Supply chains it can be used to convey required categories and subcategories to external Partners report results through a current profile or align the organization's cyber security approach with broader sector specific or critical infrastructure requirements nist facilitates continuous Improvement and enables the prioritization of cyber security Investments it considers privacy and civil liberties implications and allows for the alignment and customization based on business needs risk tolerances and resources Microsoft actively engages with the nist framework to ensure its products and services remain compliant and secure for instance Microsoft provides guidance on nist sp800 171 and details how its services align with these standards Microsoft's commitment to n standards reflects its dedication to maintaining robust security measures protecting both its internal processes and its vast customer base Microsoft purview compliance manager is a feature in the Microsoft purview compliance portal to help you understand your organization's compliance posture and take actions to help reduce risks compliance manager offers a premium template for building an assessment for this regulation in this video you learned what the National Institute of Standards and Technology framework is you now know that it offers a globally recognized flexible and adaptive and comprehend ensive structure for addressing cyber security risks across diverse sectors and organization sizes by emphasizing the alignment of cyber security initiatives with business objectives and encapsulating them within an overall risk management strategy the framework offers a nuanced approach to cyber defense and resilience it also promotes technological innovation and adaptability to Global standards by integrating principles of continuous risk management the framework facilitates informed decision-making regarding cyber security Investments and strategies by now you have covered the federal information security management act or fsma as well as the National Institute of Standards and technology or nist framework in this video you'll learn about another important legislative act called surveyance Oxley act commonly known as socks understanding the importance of socks and its implications is crucial for finance accounting or business business administration socks is a United States federal law enacted in 2002 to protect investors from fraudulent accounting activities by corporations it was a direct response to the financial scandals involving companies like Enron Tao and Worldcom these events shook investor confidence and emphasized the need for regulatory oversight socks is important for many reasons it facilitates investor protection ensures the accuracy of fincial statements improves corporate governance and minimizes human error let's unpack this in more detail when it comes to investor protection sock's primary objective is to protect investors by enhancing the accuracy and reliability of corporate financial statements and disclosures these changes include strict auditing requirements increased internal controls and a requirement for chief executive officers or CEOs and Chief Financial officers or c CFOs to personally certify the accuracy of their company's financial information the ACT requires companies to maintain Financial records for seven years Implement internal controls and undergo external audits this enhanced transparency ensures that investors can make informed decisions based on accurate financial information socks ensures the accuracy of financial statements by imposing stringent auditing requirements on companies to present accurate and complete financial information section 404 one of the most notable sections of the ACT mandates that companies evaluate their internal Financial controls and report on their effectiveness Auditors must validate these reports thus ensuring that financial statements are free from manipulation socks has substantially improved corporate governance by implementing new layers of control and Reporting thereby enhancing accountability among Executives and Boards of director directors ultimately transforming how companies operate internally there's a few ways in which socks minimizes human error let's unpack this further Auditors often cite manual processes as the weakest link in internal control because humans are prone to fatigue distraction stress and errors automated controls are generally more reliable they require fewer tests and according to the public Company accounting oversight board or pcaob which oversees the AUD of public companies some may only need testing every 3 years if unchanged however some situations require human judgment for instance Manpower uses a system that Flags sales adjustments over $10,000 but allows human oversight to decide if the adjustment is reasonable or requires further investigation despite the urgency for internal Improvement especially following regulations like surve Oxley many companies have not implemented Improvement ments the lack of progress is due to various reasons including audit committees not pressing for changes Beyond asset protection CEOs not allocating enough resources CFOs not finding valuable ways to utilize socks and a lack of collaboration among CEOs CFOs and internal audit departments there are implications for companies that are non-compliant with socks these implications result in financial penalties legal penalties legal consequences a loss of investor trust and operational challenges Financial penalties may occur when organizations and their Executives fail to comply with socks regulations these penalties aren't limited to monetary fines they also Encompass the loss of particular benefits that the company or its Executives may have previously enjoyed such punitive measures serve to deter organizations from engaging in deceptive Financial practices and encourage transparent financial reporting the legal consequences of not complying with socks are severe company Executives can face jail time for fraudulent financial reporting the purpose behind these stringent consequences is to introduce a sense of responsibility and accountability at the organization's controls ensuring that the top ranked employees of a company are committed to maintaining Financial Integrity another implication of non-compliance with socks is the loss of investor Trust it's Paramount to any publicly traded company socks aims to protect these investors by ensuring that financial statements are transparent and accurate companies that fail to adhere to socks regulations risk damaging this trust which can subsequently lead to plummeting stock prices it presents challenges with raising capital for future projects or expansions thereby hindering growth potential while the direct financial and legal repercussions are tangible and immediately recognized iable there are other indirect consequences of socks non-compliance operational challenges can result in increased audit fees denting company's finances simultaneously the burden of undergoing legal proceedings responding to investigations and addressing shareholder concerns can take away time and resources from the core business functions thereby impacting productivity and by extension profitability in this video you learned what the surveyance Oxley Act is and that its establishment arose From the Ashes of financial scandals aiming to restore investor confidence by demanding transparency accuracy and accountability from corporations non-compliance with socks not only brings about severe Financial penalties and legal ramifications but also risks the erosion of investor trust and potential operational disruptions for corporations to thrive in today's competitive environment adherence to socks is not merely a legal mandate but a testament to their commitment to integrity and good governance the general data protection regulation or gdpr has revolutionized the way organizations manage and Safeguard personal data especially for EU residents in this video you'll gain insight into achieving gdpr compliance by leveraging Microsoft products and services and clarifying key terms rights and responsibilities you'll begin understanding data subject requests GD PR breach notifications or conducting data protection impact assessments these facets are crucial for any organization aiming to be compliant particularly if they're integrating Microsoft tools first let's define gdpr gdpr establishes regulations for organizations interacting with or analyzing data of European union or EU residents regardless of the organization's location this is to ensure gdpr compliance when utilizing Microsoft products and Services key gdpr terms include data controller which is the entity deciding the purpose and method of processing personal data personal data and data subject is information about an identifiable individual a processor is the entity processing data for the controller and customer data encompasses data generated and stored during business operations gdpr allows individuals to manage their personal data with organizations via data subject requ quests or DSR organizations must timely address dsrs data breaches and conduct data protection impact assessments or dpas you'll unpack these facets in just a bit but first some essential steps for gdpr compliance include creating or reviewing your data privacy policy accessing data security identifying your data controller and understanding necessary data security processes now there's what's known as the recommend Ed action plan for gdpr and accountability Readiness checklists that assist in assessing and implementing gdpr compliance especially for those using Microsoft tools so gdpr serves people in the EU and requires them to manage and Safeguard the personal data of individuals regardless of the organization's location the California consumer Privacy Act or CCPA offers similar rights for California consumers these rights are to delete access and port their personal information and include additional Provisions like opt out or optin for certain data sales both gdpr and CCPA necessitate completing dsrs When using Microsoft products and services like Office 365 Microsoft Azure and Microsoft in tune now it's time to explore data subject requests data breaches and conduct data protection impact Assessments in more detail a DSR grants individual who are termed data subjects the authority to manage their collected personal data from organizations otherwise known as data controllers under gdpr these rights Encompass obtaining personal data copies requesting alterations restricting processing deleting and receiving it electronically for transfer to another controller CCPA endorses similar rights controllers must swiftly address dsrs by executing the asked action or giving a justification for non-compliance to complete a DSR several procedures may be essential depending on the organization's gdpr compliance standards Discovery involves determining the required data for a DSR access is a retrieval and possibly sending the discovered data to the individual Rectify involves changes made to the personal data upon request restrict means modifying access or processing of data possibly by limiting access or removing it from Microsoft's cloud export involves supplying the personal data to the individual in a standard electronic format and delete is erasing personal data permanently from the Microsoft cloud next is a personal data breach under the general data protection regulation it's defined as a security breach resulting in the unintentional or illegal destruction loss alteration unauthorized disclosure or access to personal data whether it's transmitted stored or processed in other ways so what is Microsoft's relationship to gdpr well Microsoft is committed to the gdpr and defines a security incident or data breach as unauthorized or illegal access to customer data stored within its facilities or equipment Microsoft acts as a data processor to help service customers or data controllers fulfill the gdpr's breach notification obligations customers are notified of data breaches unless the breached data is proven to be unintelligent eligible like encrypted data where key Integrity remains uncompromised data controllers have the duty to assess privacy risks and determine if a breach mandates notifying the customer's data protection authority or DPA Microsoft provides the necessary information to assist in these evaluations initial breach notifications from Microsoft include the breach nature estimated user impact and any mitigation measures additional communication is actioned if the initi investigation remains incomplete under the gdpr controllers must conduct a data protection impact assessment for operations that could lead to risking the rights and freedoms of individuals although Microsoft's products and services don't inherently require a dpia due to their customizability one might be necessary depending on a user's specific configuration the responsibility to determine the need for a dpia lies with the data controller given that Microsoft doesn't have control control or significant insight into user configurations in this video you learned about gdpr and that ensuring gdpr compliance is an ongoing process for organizations Microsoft takes data protection seriously offering tools and mechanisms to Aid this endeavor whether it's the intricacies of dsrs the rigorous measures to handle data breaches or the nuances of dpas it's evident that both gdpr and Microsoft prioritize user data protection organizations must remain Vigilant informed and always prepared to adapt to maintain the trust and safety of their stakeholders in today's digitally connected world the importance of data security cannot be overstated organizations invest substantial resources into ensuring that their data remains confidential and integrity is maintained one of the most globally recognized Frameworks for this endeavor is the security standards set by the international National Organization for standardization otherwise known as ISO in this video you will build your knowledge of iso 2701 which serves as a benchmark for Information Security Management the iso is an independent non-governmental entity that develops standards to ensure the quality safety and efficiency of products services and systems globally an ISO standard is essentially a set of universally accepted guidelines practices or requirements in a specific domain by conforming to these standards businesses demonstrate their commitment to delivering high quality goods and services to their stakeholders these standards not only serve as a quality assurance mechanism but also as a universally accepted system of best practices the iso has published various standards but one that stands out when it comes to information security is ISO 2701 this standard is part of the larger ISO C 27,000 family which focuses on various aspects of information security or infosec including risk management and compliance ISO 2701 establishes guidelines for an information security management system or isms this is an organized approach consisting of processes technology and people to protect and manage an organizations information using risk management procedures the iso 2701 standard provides a framework for establishing implementing operating monitoring reviewing maintaining and improving an isms its broad applicability ensures that it can be tailored to any organization irrespective of its size or the nature of its business ISO 2701 is often seen as a benchmark in the realm of information security it's an internationally recognized standard which means achieving certification can provide provide an organization with a valuable Badge of trust this standard is comprehensive touching upon all the necessary components required for a robust isms to comprehend its importance consider the vast array of cyber threats that organizations face daily from data breaches to ransomware attacks the Cyber landscape is fraught with dangers that can inflict severe financial and reputational damage ISO 2701 offers a structured approach to address these challenges allowing businesses to identify potential threats assess Associated risks and Implement suitable controls to mitigate them ISO 2701 revolves around a risk assessment process organizations need to identify risks related to the confidentiality integrity and availability of information after identifying these risks they then evaluate and prioritize them based on their potential impacts and vulnerabilities business businesses then decide on risk treatment options whether to mitigate avoid transfer or accept these risks furthermore ISO 2701 emphasizes the need for continuous Improvement this means that businesses should periodically review and refine their isms to stay ahead of the ever evolving threat landscape the standard has a set of controls outlined in Annex a which are designed to address specific security risks these controls serve as recommendations for organizations to ensure the confidentiality integrity and availability of information let's explore some of the key controls in ISO 2701 when it comes to determining policies and responsibilities you have information security policies which establishes a framework for Information Security Management ensuring appropriate policies are in place and reviewed regularly organization of information security for defining roles responsibilities and Reporting Lines within the organization human resource security to ensure that employees and contractors are aware of and comply with their security responsibilities and asset management for identifying and classifying organizational assets and defining appropriate protection responsibilities there are also controls that relate to data security measures namely access control for restricting access to information and systems to authorized users only cryptography which calls for encryption and other methods to secure sensitive data physical and environmental security to protect physical facilities equipment and information from threats Operations Security for ensuring secure operations of information processing facilities communication security for protecting information during transmission and system acquisition development and maintenance ensuring that security is built into it systems from the out outset finally some controls can ensure safety in relation to factors outside of your immediate control such as supplier relationships for managing risks associated with thirdparty access to organizational assets information security Incident Management to prepare for and responding to security breaches information security aspects of business continuity management which ensures continuity of Information Security Management in adverse situations and compliance for ensuring adherence to Legal Regulatory and contractual requirements related to information security implementing these controls requires a risk-based approach considering the specific needs and context of each organization achieving ISO 2701 certification indicates that an organization has a comprehensive approach to information security built around these core controls in this video you discovered how the iso 27,000 one standard serves as an invaluable Benchmark for organizations aiming to safeguard their data and information systems this comprehensive framework underpinned by its extensive set of controls outlined in Alexa provides a robust and adaptable approach for establishing an information security management system by adopting ISO 2701 organizations not only demonstrate their commitment to high quality information security practices but also arm themselves against the array of cyber threats that pose significant financial and reputational risks an emphasis on risk assessment coupled with A continuous Improvement model makes ISO 270001 a dynamic tool for organizations to stay ahead in the ever evolving landscape of information security challenges you might be aware that as a part of compliance all Cloud resources need to be set up in a particular way such as having access restrictions in place but wouldn't it require a large amount of time and effort to manually configure different types of resources individually fortunately Microsoft Azure offers a solution for getting around this task in this video you learn about Azure Blueprints and how you can use it to facilitate a move to the cloud Azure blueprints as its name suggests is like a blueprint for building and setting up Azure services and resources in a consistent and compliant manner it aids organiz ations in defining a repeatable set of azure resources that adhere to requirements and standards These Blueprints are effectively templates that can be used to quickly spin up fully governed environments think of them as a design pattern for cloud environments the power of azure blueprints lies in its ability to enforce standards across multiple projects or teams this ensures consistent policy implementation and resource conventions promoting both efficiency and compliance Azure blueprint is essentially a template that encompasses Azure resources policy assignments role assignments and more once defined a blueprint can be applied to different Scopes such as a subscription Resource Group or Management Group offering varying levels of granularity one interesting aspect of azure blueprint is its scope of application the scope in this context refers to the level of granularity at which you can enforce behaviors it means that organizations can Define different standards for various levels or units thereby offering a balance between centralized governance and flexibility for teams another fundamental concept associated with Azure blueprints is resource locking which prevents any unwanted changes to the resources defined in the blueprint when a blueprint is assigned the defined resources and configurations are locked ensuring compliance with the organizational standards this feature is pivotal in maintaining the Integrity of deployments especially in environments where adherence to strict guidelines is Paramount Additionally the sequence in which resources are deployed via a blueprint is not arbitrary there is a defined order to ensure dependencies are handled correctly and the desired end state is achieved by understanding this deployment sequence organizations can better predict and plan their infrastructure deployments ensuring a smoother roll out out of resources as organizations shift to the cloud the lines between development and operations are fading agile practices have accelerated team deployments making reliable and consistent Cloud infrastructure essential consequently infrastructure is now seamlessly integrated into the development process demanding a unified management approach for both infrastructure and application code to address these challenges the concept of infrastructure as code or IAC is adopted in this approach the infrastructure needed for an application is defined in code which is then versioned and stored in a source repository similar to application code this enables team members to easily deploy consistent and similar environments by executing this code for Azure based Solutions Azure resource manager or arm templates are recommended for implementing IAC these templates are Json files that Define the infrastructure and its configurations they employ a declarative syntax allowing you to outline what resources are to be deployed and their properties without having to specify the sequence of commands to create them this makes the infrastructure easily replicable and reliable for Agile development teams Azure Blueprints and arm templates serve different yet complimentary roles in Azure deployment and management Azure blueprints is a service designed for environment setup encompassing resource groups policies role assignments and arm template deployments think of a blueprint as a comprehensive package that combines these artifact types allowing for composition versioning and integration into continuous integration and continuous deployment or cicd pipelines once a blueprint is assigned to a subscription it provides an auditable and trackable process on the other hand arm templates primarily facilitate Azure deployments they don't natively exist in Azure and are stored either locally in Source control or in templates preview once resources are deployed using an arm template there's no lingering connection between the deployed resources and the template the standout feature of azure blueprint is its ability to preserve the relationship between the blueprint definition and its assignment this ensures enhanced tracking and auditing moreover Azure blueprints can simultaneously update multiple subscriptions governed by a single blueprint however it's essential to understand that arm templates and Azure blueprints aren't mutually exclusive each blueprint can incorporate multiple arm template artifacts ensuring that prior investments in developing a library of arm templates can be seamlessly integrated into Azure blueprints Azure blueprints by their very nature are designed to enforce specific behaviors and configurations when an organization needs to maintain compliance with standards like ISO they can craft blueprints that align with these standards once applied These Blueprints ensure that every deployment within their scope adheres to the defined guidelines this not only helps in achieving compliance but also significantly eases the burden of maintaining it over time in this video you discovered that Azure Blueprints and arm templates are instrumental tools for organizations transitioning to the cloud striving for consistent and compliant infrastructure deployment while arm templates offer a code Centric approach to defining infrastructure Azure blueprints serve as a holistic package for setting up governed environments ensuring consistency and tracking deployments Azure blueprints unique feature of preserving relationships between definitions and assignments facilitates enhanced tracking while its capability for resource locking safeguards deployment Integrity significantly when organizations aim to adhere to rigorous standards like ISO Azure blueprints emerged as a pivotal asset by aligning blueprints with these standards organizations can seamlessly achieve and maintain compliance making the process both efficient and reliable previously you learned how Azure blueprints can help you set up Azure resources and services in effect facilitating a move to the cloud in this video you'll be guided through the process for creating a blueprint this includes setting a role assignment policy assignment Resource Group and Azure resource manager template the first step is to access the Microsoft Azure portal by visiting the URL portal. azure.com on the homepage select blueprints within the Azure Services section to open the blueprints page here select the create button found beneath the create a blueprint section on this page you'll be given the option to choose from a selection of predefined blueprint samples but let's select start with blank blueprint to build one from scratch provide a blueprint name such as my blueprint note that you can use up to 48 letters and numbers but no spaces or special characters leave the blueprint description blank for now you'll next set a definition location select the ellipses button beside the definition location box in the window on the right open the drop- down menu and select the management group or subscription where you want to save the blueprint in this case I will select Azure subscription one and then choose select before you continue verify that the information is correct the blueprint name and definition location Fields can't be changed later then select next artifacts at the bottom of the page so that you can begin in adding artifacts to the blueprint let's first add a role assignment at the subscription level to do so under subscription select add artifact the add artifact window opens on the right side of the browser for the artifact type select role assignment uncheck the Box beside this value should be specified when the blueprint is assigned in the add user app or group menu select a user which in this case will be Joe from Sam's scoop for the role select contributor finally select add to add this artifact to the blueprint next you'll need to add a policy assignment at the subscription Level under the role assignment artifact select add artifact for the artifact type select policy assignment change the type to built-in and then in the search box enter tag within the search results scroll down as needed and select a pent tag and its value to Resource groups select add to add this artifact to the blueprint the next step is to add a resource Group at the subscription level so once again under subscription select add artifact for the artifact type select Resource Group leave the artifact display name Resource Group name and location boxes blank make sure that the checkbox is checked for each parameter property to make make them Dynamic parameters then select add to add this artifact to the blueprint you now have several artifacts in place but you're not done just yet now it's time to add a template under the resource Group under Resource Group select add artifact for the artifact type select Azure resource manager template set the artifact display name to storage account and leave the description blank in the editor box beneath the template tab you'll need to add the code for an arm template you can find a text file containing this code by selecting download beneath this video and then selecting the arm template file or by opening the link in the additional resources if you're following along go ahead and copy the code and paste it into the editor select add to add this artifact to the blueprint your completed blueprint should appear similar to what I have on screen in the par parameters column notice that each artifact has X Out of Y parameters populated the dynamic parameters are set during each assignment of the blueprint now that you've added all planned artifacts select save draft at the bottom of the page to save your blueprint this will return you to the blueprints definitions page and you'll find my blueprint in the list in this video you found out what goes into defining a custom blueprint specifically you added a role assignment policy assignment Resource Group and Azure resource manager template recently you were LED through the steps for creating an Azure blueprint but perhaps you're wondering how blueprints differ from policies in this video you'll learn how to differentiate between the two and better understand the relationship between them a blueprint is a package or container for composing Focus specific sets of Standards patterns and requirements related to the Imp implementation of azure cloud services security and design that can be reused to maintain consistency and compliance a policy is a default allow and explicit deny system focused on resourced properties during deployment and for already existing resources it supports Cloud governance by validating that resources within a subscription adhere to requirements and standards now let's explore a few of the built-in policies that are avail aailable in Azure to view all the policy definitions you need to visit Azure policy you can do this by entering policy into the search bar at the top of the Azure portal and then selecting policy next select definitions in the left pane in the search field enter nist and select nist SP 853 rev 4 from the resulting list on this page you'll find a list of policies associated with this stand standard this covers topics as wide ranging as auditing and role-based access control but let's pick a specific policy to zero in on select develop Access Control policies and procedures to review it inside of this policy definition you'll find a template available artifacts and several other details now return to the main definitions page and search for separation this produces a list of policies related to separation of Duties then select nist SP 853 rev4 once more and conduct the same search and you'll get a list of only the policies connected to this standard select Define access authorizations to support separation of Duties to review this policy in Greater detail in this video you learned about the differences between Blueprints and policies in Azure as well as the relationship between them previously you were introduced used to some laws and standards such as the information security management act or isma and International Organization for standardization or ISO standards in this video you'll continue by exploring control objectives for information and related Technologies otherwise known as Coit you'll also explore the Azure audit program with the information systems audit and Control Association or isaka let's first Define what cobit is cobit is a framework for information technology or it governance and management it was created by isaka in 1996 and is a global professional association that focuses on information and cyber security governance Assurance risk and privacy Coit helps organizations align their it goals with their business objectives optimize their it resources and processes and manage it risks and compliance kobit started as a set of control objectives for it audits but has evolved into a comprehensive framework that addresses aspects like planning delivery support monitoring and evaluation it provides guidance on implementing and assessing it controls best practices maturity models performance indicators and benchmarks Coit operates on the following five key principles address stakeholder needs involves identifying and prioritizing the needs of stakeholders such as customers employees and regulators it helps balance the benefits risks and resources of it Investments the next principle is cover the Enterprise end to endend where all it related activities and processes are covered comprehensively it integrates seamlessly with other Frameworks and standards like information technology infrastructure library or iil ISO the committee of sponsoring organizations or coo and the National Institute of Standards and technology or nist thirdly apply a single single integrated framework offers a structured approach to it governance and management that guides organizations to customize the framework to their specific needs the enable a holistic approach principle considers all factors that influence its's performance and outcomes such as people processes technology and organizational structures it provides Dimensions like stakeholders goals life cycle and good practices to enhance it enablers finally with separate governance from management Coit distinguishes between governance and management roles and responsibilities governance aligns it objectives with business objectives and directs it management while management executes it activities and processes following the governance Direction so essentially copit is a holistic framework for achieving strategic alignment managing risks and optimizing resources in the it domain based on clear principles and customizable guidelines Coit consists of four main components namely the Coit core model the kobit performance management system the kobit design and implementation guides and the kobit assessment program the kobit core model defines essential elements of it governance and management across five domains evaluate direct and monitor or EDM align plan and organize or APO build acquire and implement or ba I deliver service and support or abbreviated as DSS and monitor evaluate and assess or MAA each domain encompasses several processes with specific goals practices activities inputs outputs roles responsibilities and metrics the covid performance management system measures and monitors it performance and outcomes using a balanced scorecard approach it defines t targets including Enterprise it related enabler and process goals and employes performance indicators to track and Report achievement then Coit design and implementation guides inform design and implementation of an IT governance and management system based on the two previous components it covers topics like business case development stakeholder analysis Gap analysis road map development change management and continuous Improvement lastly the Coit Assessment program evaluates the maturity and capability of it processes using the kobit process assessment model or Pam and the iso 15504 standard it provides self assessments facilitated assessments and formal assessments to accomplish this each component plays a crucial role in helping organizations align their it goals with business objectives this ensures optimal it performance and establishes a well-governed and Managed IT environment now that you understand what Coit is let's move on to the Azure audit program the Azure audit program is a guide created by isaka for Auditors to evaluate the adequacy and effectiveness of cloud services provided by Microsoft Azure this ensures that its implementation supports the organizations's operational and compliance objectives the Azure audit program evaluates the following domains governance network configuration and management identity and access management resource security logging and monitoring security and incident response and data encryption controls let's explore each of these one at a time governance assesses The Establishment and implementation of a governance framework the alignment with business objectives and risk management for Azure network configuration and management evaluates the secure and efficient configuration and management of network resources and security controls to protect Network traffic and data identity and access management then reviews The implementation and maintenance of identity and access management systems and assesses the enforcement of security principles for Azure users and roles one useful tool here is Microsoft entra ID protection which helps organizations detect investigate and remediate identity based risks these risks can be passed on to conditional access to make access decisions or fed back to a security information and event management or Sim tool for further investigation resource security assesses the security of azure resources and leverages Azure Security Services to enhance the security posture and visibility of its resources logging and monitoring analyzes whether Azure logging and monitoring Services have been enabled and configured properly to collect and analyze operational and security data the security incident response domain evaluates The Establishment and implementation of a security incident response plan for Azure and data encryption controls examines the encryption strategies deployed for data whether it's at rest in transit or being processed the program is aligned with the nist cyber security framework it Maps the audit areas and objectives to the framework's core functions which are identify protect detect respond and recover recall that these functions assist Auditors and organizations in evaluating and enhancing their Azure cyber security practices this framework also provides a collection of Standards guidelines and best practices for managing cyber security risk in this video you learn that kobit is a comprehensive framework for it governance and management it assists organiz ganizations in aligning it objectives with business goals optimizing resources and managing risks the four principle components of cobit are the cobit core model Performance Management System design and implementation guides and the assessment program Additionally you know that the Azure audit program is a guide for appraising the compliance of azure service implementations the program is mapped to the nist cyber security framework and strengthens an organization cyber security stance cloud computing is a rapidly growing and evolving technology that offers many benefits for Enterprises such as scalability flexibility cost efficiency and Innovation however cloud computing also introduces new challenges and risks such as data privacy security compliance and governance therefore Enterprises need to adopt appropriate Frameworks and standards to ensure that their cloud services are aligned with their business objectives stakeholder needs and regulatory requirements the National Institute of Standards and technology or nist control objectives for information and related Technologies or cobit and the Microsoft Azure audit program are three examples of such Frameworks and standards that help Enterprises manage and audit their cloud services effectively and efficiently in this video you'll discover the steps to define the Privacy requirements for cl cloud services using these Frameworks and standards there are resources that first prepare you to Define cloud service privacy requirements organizing these Preparatory resources involves Gathering Vital Information this consists of business objectives which relate to an Enterprise's guiding principles like vision mission values goals and strategies stakeholder needs which include expectations and requirements from all parties with an interest in cloud services including customers employees regulators and more legal and Regulatory obligations are the laws and standards that dictate how sensitive data is handled in the cloud including General data protection regulation or gdpr health insurance portability and accountability act or Hippa and the payment card industry data security standards known as PCI DSS another Preparatory resource is gathering cloud service provider details contracts and policies from the cloud provider that outline the terms of service privacy policies and data handling practices an Enterprises privacy framework involves existing privacy policies and procedures that guide the organization's privacy management this includes risk assessment processes privacy training and incident response plans then privacy risk assessment is an evaluation of potential risks associated with cloud services like unauthorized data access legal non-compliance and reputational damage and privacy impact assessment is an analysis of how cloud services might impact privacy detailing necessary controls and measures to ensure data protection and compliance it's important that you know how to determine privacy capabilities which includes assessing both the current and desired privacy abilities of an Enterprise and its cloud service provider it is structured around the nist Privacy framework comprised of the core profiles and implementation tiers the core outlines the fundamental privacy functions categories and subcategories it details relevant outcomes and activities for cloud services and includes the following five functions identify govern control communicate and protect recall that these functions assist Auditors and organiz izations in evaluating and enhancing their Azure cyber security practices each function expands into categories and subcategories in the nist Privacy framework document which you can read later in additional resources next are the profiles that represent the existing and desired privacy outcomes based on Enterprise objectives stakeholder needs and risk appetite pinpointing the Privacy capability gaps and Improvement opportunities Prof files are formulated by selecting and prioritizing relevant subcategories from the core based on the urgency and importance of the Privacy outcomes then implementation tiers denote the degree of privacy risk management practices in place ranging from partial to Adaptive these tiers are determined by evaluating various factors like current and Target risk postures threat environment legal requirements and resource constraints it assists in assessing and conveying the maturity and efficacy of privacy risk management in place for both the Enterprise and the cloud service provider another pivotal step is defining privacy requirements this involves establishing specific privacy stipulations for cloud services and utilizing the Coit framework and the Azure audit program recall that the Coit framework supplies a comprehensive set of goals practices roles responsibilities and metrics across the following five domains evaluate direct and monitor or EDM align plan and organize or APO build acquire and implement or Bai deliver service and support or abbreviated as DSS and monitor evaluate and SS or mea these domains contain varied processes detailed within the Coit framework document you can access this in additional resources the Azure audit program offers evaluative control statements and meticulous testing procedures across different areas of azure deployment such as governance network configuration and management identity and access management resource security logging and monitoring security incident response and data encryption controls each area includes specific objectives and controls that are in the Azure audit program document feel free to access this doc doent in additional resources a bit later next is privacy requirements derivation privacy requirements for cloud services are derived by aligning and integrating the Coit framework with the Azure audit program adapting to the Enterprises specific context and needs these requirements are expressed as statements that specify the expected outcomes and activities such as establishing and implementing privacy governance Frameworks configuring and managing Azure Network resources securely implementing and maintaining identity and access management systems securing Azure Resources with appropriate controls enabling and configuring logging and monitoring Services establishing and implementing security incident response plans and encrypting personal and sensitive information both in transit and address in compliance with relevant domains of Coit areas of the Azure audit program and the nist Privacy framework in this video you learned that within cloud computing where Enterprises benefit from scalability flexibility and cost efficiency but they also grapple with challenges such as data privacy security compliance and governance properly organizing Preparatory resources understanding privacy capabilities and clearly defining privacy requirements become Paramount by leveraging robust Frameworks and standards like nist cobit and the Microsoft Azure audit program ENT Enterprises can adaptly navigate the complexities of cloud services through a systematic approach and the integration of these guiding resources organizations can align their Cloud strategies with business objectives stakeholder expectations and Regulatory mandates ensuring a secure and compliant Cloud environment previously you learned that the National Institute of Standards and technology or Nest control objectives for information and related Technologies or cobit and the Microsoft aure audit program are three Frameworks that help Enterprises achieve effective governance and management of their information and technology in the cloud however implementing these Frameworks is not a one-time activity but a continuous process that requires monitoring and adapting to changes in the cloud environment the business objectives the stakeholder needs and the legal and regulatory requirements in this video you'll start learning about the Privacy risk assessment how to create privacy and conclude with with the steps and best practices for monitoring change in the context of these Frameworks the first step is to conduct a privacy risk assessment or P for cloud services that enterprises use or intend to use but what is it a p is a systematic process of identifying analyzing evaluating and treating the Privacy risks associated with the collection processing storage transfer and disclosure of personal data and other sensitive information in the cloud a p can help an Enterprise to determine the Privacy impact and benefits of cloud services privacy controls and measures that are needed to mitigate the Privacy risks it enhances the Privacy benefits as well as the Privacy roles and responsibilities of the Enterprise and the cloud service provider or CSP it also helps an Enterprise to comply with the legal and Regulatory obligations such as the general data protection regulation gdpr the health health insurance portability and accountability act or Hippa and the payment card industry data security standard abbreviated as PCI DSS the second step is to create a privacy requirements traceability Matrix or prtm for cloud services a prtm is a document that Maps the Privacy requirements derived from the P to the Privacy controls and measures implemented by the Enterprise and the CSP a PRM can help the Enterprise to ensure that the Privacy requirements are adequately and effectively addressed by the cloud services and AIDS in verifying and validating the Privacy controls and measures it assists the Enterprise in communicating and coordinating with the CSP on privacy expectations and obligations and monitors and measures the Privacy performance and compliance of the cloud services the third step is to monitor change in the cloud environment business objectives stakeholder needs and the legal and Regulatory requirements change can occur due to various factors such as the introduction of new cloud services or features the modification or termination of existing cloud services or contracts the emergence of new privacy threats or incidents the evolution of the business strategy or goals the feedback or complaints from the data subjects or other stakeholders and the updates or changes in the privacy laws or regulations change can affect the Privacy risk profile the Privacy impact and benefits privacy requirements privacy controls and measures and the Privacy roles and responsibilities of the Enterprise and the CSP therefore the Enterprise should establish a change management process that can identify assess approve Implement document and communicate the changes in a timely and consistent manner the change management process should also involve updating the p and the PRM accordingly and conducting periodic review RWS and audits of the cloud services to ensure that they remain aligned with the Privacy requirements and expectations the nist Coit and the Microsoft Azure audit program Frameworks can provide guidance and tools for the Enterprise to conduct the pr create the prtm and monitor change in the cloud for example the nist Privacy framework provides a set of privacy outcomes and activities that can help the Enterprise to identify and manage the Privacy risks and opportunities in the cloud then kobit provides a set of governance and management objectives and practices that can help the Enterprise to align the cloud services with the business objectives and stakeholder needs and to Monitor and evaluate the cloud performance and compliance the Microsoft Azure audit program provides a set of audit objectives and procedures that can help the Enterprise to assess the adequacy and effectiveness of the Azure deployment and to ensure that the Azure implementation securely supports the operation and compliance objectives in this video you learn that it's imperative to ensure privacy and compliance in Cloud environments nist cobit and the Microsoft Azure audit program benefit Enterprises by strategically navigating the dynamic landscape of cloud governance essential steps such as conducting a privacy risk assessment creating a privacy requirements traceability matrics and instituting robust change management processes are Paramount these not only help in identifying and mitigating risks but also ensure that cloud services continuously align with evolving business objectives stakeholder expectations and Regulatory demands by adhering to these best practices Enterprises can foster a cloud environment that is both secure and compliant bolstering stakeholder trust and operational resilience nice work completing laws and standards by getting to this point you should now have a stronger grasp of the major regulations and guidelines that every organization should adhere to when it comes to data management you also became aware of the tools and features in Microsoft Azure that make compliance an easier goal to achieve before you move on let's review the key Concepts that you covered this week you first became familiar with the federal information security management act or fsma a legislation in the US that established a framework for federal organizations to handle data securely you found that fsma is based on six primary Cate categories which are risk categorization minimum Baseline controls document the controls in the system security plan refined controls using a risk assessment procedure annual Security review and monitoring the security controls on a continuous basis the US government also has the federal risk and authorization Management program or fed ramp which is a standardized approach for cloud services to be assessed monitored and authorized next you learned about the National Institute of Standards and technology or nist the agency behind a universal framework that aligns sound cyber security practices with business objectives the nist framework enables organizations to describe their current cyber security posture outline their cyber security goals identify and prioritize opportunities for improvement within the context of a continuous and repeatable process track progress to the desired State and share information about cyber security risk with both internal and external parties following nist you were introduced to the surveyance Oxley act or socks a US federal law intended to protect investors from fraudulent accounting activities by corporations to do so it protects investors through a transparent approach to financial information enforces regular audits to ensure accuracy of financial statements enhances accountability in corporate governance and implements automated controls to to minimize human error you then became familiar with the general data protection regulation or gdpr this is a law that mandates how organizations must handle the data of residents of the European Union in short gdpr allows individuals greater control over their information such as having the rights to delete access or Port their data upon request later you shifted your attention to the standards set by the International Organization for standardization or o you focused on ISO 2701 in particular which relates to Information Security Management aspects such as risk management and compliance this standard establishes guidelines for an information security management system or isms by providing a framework for establishing implementing operating monitoring reviewing maintaining and improving an isms you then explored some features of Microsoft Azure that assist with compliance to this standard first there was Azure blueprints a service for creating compliant templates known as blueprints to facilitate a move to the cloud a blueprint encompasses Azure resources policy assignments role assignments and more blueprints can be applied to different Scopes such as subscriptions resource groups or management groups you compared blueprints against asual resource manager or arm templates these are used to define and store Cloud infrastructure as code which enables easy deployment of similar environments blueprints can incorporate arm template artifacts ensuring easy integration you were guided through the steps for creating a blueprint including how to add role assignments policy assignments resource groups and arm templates you next moved on to learning about control objectives for information and related Technologies otherwise known as Coit this is a framework for information technology or it govern governance and management it helps organizations align their it goals with their business objectives optimize their it resources and processes and manage it risks and compliance Coit consists of four main components the cobit core model which defines essential elements of it governance and management the Coit Performance Management System to measure and monitor it performance and outcomes the Coit design and implementation guides which help with design and implement ation of an IT governance and management system and the Coit Assessment program for evaluating it processes against the iso 15504 standard finally you discovered the Azure audit program a guide for Auditors to appraise the adequacy of Microsoft azures cloud services across several domains these are governance network configuration and management identity and access management resource security logging and monitoring security incident response and data encryption controls you learned that information security Frameworks can best serve organizations when a few key practices are followed namely determining privacy capabilities defining privacy requirements conducting privacy risk assessments creating a privacy requirements traceability Matrix and monitoring changes in the cloud environment business objectives stakeholder needs and the legal and regulatory requirements by completing laws and standards you better understand the regulations and guidelines that mandate how organizations manage data and you know how to use Microsoft Azure solutions to ensure compliance with these requirements well done you're almost at the end of cyber security management and compliance during this phase of your journey you've greatly increased your understanding of what it takes to set up a cloud environment in a secure and compliant manner you've taken in new ideas you've Tak taken in new ideas through videos and readings and you applied what you learned in quizzes and exercises next you'll synthesize all this knowledge to complete a final project and a comprehensive assessment but before you do let's revisit the most important Concepts that you became familiar with over the past several weeks in Cloud security planning you became aware of the key security considerations for planning a cloud-based system such as preparing for service disruptions using tools like Azure site recovery and Azure backup and best practices for data storage and Disposal securing network access and safeguarding physical infrastructure you also discovered Enterprise application integration for securely sharing data across applications to create a more streamlined workflow and collecting storing and analyzing security Logs with Azure monitor Azure Sentinel and log analytics you then learned about the Azure Cloud adoption framework or calf an approach which combines best practices documentation tools and assessments to facilitate a move to the cloud CF is Guided by Five Points of security to prioritize data safety which are zero trust Access Control security operations focusing on detection including response and Recovery asset protection strategies security governance for maintaining a consistent security posture and innovative secur practices that align with operational practices you were then introduced to Microsoft's six privacy principles that guide data management and administration and inform many Microsoft tools and services these are user control transparency security legal protections no content-based targeting and benefits for the customer you concluded this week by learning about steps to achieve availability and continuity availability refers ref to the accessibility and functionality of systems and services whereas continuity involves maintaining critical business functions or quickly recovering after a disaster or failure next you learned about compliance management or ensuring organizational adherence to regulatory legal and Company standards and policies Microsoft perview a comprehensive data management solution AIDS this process with tools such as records management for organizing legal and business critical records automated data classification with pattern-based sensitive information types and AI powered trainable classifiers Microsoft perview data map for better understanding the where who and how of an organization's data and Microsoft purview policy for specifying actions effects data resources and subjects with policy statements you found that on top of external threats organizations must be mindful of Insider risk which concerns the potential of sensitive dat data being compromised by authorized users either by accident or intentionally Microsoft tools for mitigating these risks include user activity reports and the alerts dashboard in perview and communication compliance information barriers and privileged access management in Microsoft 365 you then continue to information protection and data life cycle this life cycle consists of the creation or capture of data processing data to prepare it for use or analysis accessing and making use of the data archiving data that may be useful later and deleting or purging data that is not needed Microsoft has identified four guiding principles for engaging with data throughout the life cycle which are to know your data such as the categories and risks that are present protect it to prevent unwanted access prevent data loss by limiting sharing and govern data to ensure proper retention and Disposal proposal you explored the features of Microsoft perview that help organizations align with these principles such as labels and classes for categorizing data and specifying sensitivity policies to set conditional access and Privileges and disposition review for informed decision making on data retention or disposal moving on you became aware of major regulations and guidelines that concern data management these include the federal information security management Act or fsma a US legislation that bolsters the security framework for federal information systems and the National Institute of Standards and technology or nist a globally recognized framework that helps organizations systematically manage cyber security risk there is also the surban Oxley act or socks a US law that protects investors from fraudulent accounting activities and the general data protection regulation or gdpr which sets regulations for organizations that handle the data of European union or EU residents you next examined the security standards defined by the International Organization for standardization or ISO the iso 2701 standard in particular features guidelines for an information security management system or isms it provides a framework for establishing implementing operating monitoring reviewing maintaining and improving an isms to align with these standards Microsoft offers Azure blueprints a tool for setting up Azure services and resources in a consistent and compliant manner a blueprint is essentially a template that encompasses Azure resources policy assignments role assignments and more blueprints combine well with Azure resource manager or arm templates which Define and store Cloud infrastructure as code for easy deployment of similar environments you closed out the week with control objectives for information and related technology Tech Oles or Coit this Frame helps organizations align their information technology or it goals with their business objectives optimize their it resources and processes and manage it risks and compliance Microsoft's Azure audit program is informed by covid standards and guides Auditors to assess implementation of cloud services across several domains which are governance network configuration and management identity and access management resource security logging and monitoring security incident response and data encryption controls and that wraps up this review of what you learned in cyber security management and compliance now that you've built a strong base of knowledge on cloud security planning compliance management using Microsoft Solutions and laws and standards concerning the handling of data you're ready to prove yourself by completing the final project and the final course assessment good luck congratul ulations on reaching the end of the cyber security management and compliance course you now know that in the absence of any organization lacking a robust security posture security vulnerabilities can be leveraged to gain access to confidential and sensitive information cyber criminals are always on the plow for loopholes or vulnerabilities that can be exploited therefore every organization must comply with changing laws and Industry standards to maintain security control and avoid any breaches it's imperative that they are proactive in their approach by continuously monitoring and assessing devices networks and Systems Failing to do so can lead to financial or legal penalties mistrust between customers and stakeholders or reputational damage which is difficult to recover from however you can avoid consequences such as these because you have covered data and record management information security implementing standards and policies Cloud adoption Frameworks and Regulatory Compliance Frameworks by getting to this point you should have a solid high level understanding of how to better manage your cyber security increase your security posture to avoid breaches and ensure that you adhere to laws and standards to become compliant you examined areas in Security Administration where you specifically addressed security planning and Disaster Recovery as well as data management and availability in comp sence Solutions you realize why data and Records management as well as Insider risk threat detection and mitigation are important this included dealing with data mapping and the data life cycle you then concluded with laws and standards where you zoned in on industry and geopolitical specific regulations you know what the trust portal is and how to use it to adhere to these laws for organizational compliance so essentially you learned about the the principles of cloud security planning what the identity security requirements for cloud architecture are Microsoft's privacy principles and the available tools you have at your disposal for compliance management remember that completing this course contributes towards gaining the cyber security analyst professional certificate from corsera this professional certificate is designed to equip you with the necessary skills to become job ready for an in demand career in cyber sec security all the courses in this program including the one you just completed prepare you for the exam sc900 Microsoft security compliance and identity fundamentals this globally recognized certification is industry endorsed evidence of your technical skills and knowledge the sc900 exam measures your ability to describe the following concepts of security compliance and identity capabilities of Microsoft Azure active directory which is part of Microsoft entra capabilities of Microsoft Security Solutions and capabilities of Microsoft compliance solutions to complete the exam you should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and identity strategies provides an endtoend solution across these platforms visit the Microsoft certifications page at www.learn.cashtracking.com to learn more about the security compliance and identity fundamental certification and exam so you've now established how compliance tools can help your organization in adhering to the various laws and standards but what comes next there's still so much to learn so a good move would be to dig deeper into cloud-based security you can do so by registering for the next course in the program doing so will only enhance your cyber security analyst portfolio and help help you gain the appropriate skills that you need to demonstrate your abilities in the workplace completing all the courses in the Microsoft cyber security analyst program will signal to potential employers that you are a willing motivated and capable individual through such significant progress you've demonstrated that you have grit and perseverance bringing you thus far well done I'm excited for the rest of your journey ahead so keep up the good work welcome to this advanced cyber security Concepts and Capstone project course by now you have completed several cyber security courses well done on your progress so far now it's time to bring all that Knowledge and Skills together the course invites you to unravel the mysteries of the ever evolving cyber security landscape Cutting Edge defense and mitigation mechanisms and common attacks whether you're a seasoned professional or an aspiring security Guru this course will Challenge and inspire you to think like a true cyber security expert and in this video you will go through a quick overview of what you will cover in this course let's go through the content to make sure you're ready the course starts off with the topics of threat modeling and common mitigation steps you will learn about how you can manage and reduce the risk of threats to an organization or system and you will learn about threat threat modeling strategies and how threat modeling Works in Azure you will then move on to Advanced threats and mitigation where you will learn about what kinds of infrastructure is susceptible to attack and what kind of attacks might occur this part of the course covers threat vectors ransomware defense in-depth security Cloud security network and data security and monitoring Security in azure specifically you will learn about the internet of things or iot and common attacks launched on such infrastructure next is security conscious modeling here you will learn about entry points and their Associated risks secure network design with a defense in-depth security approach and mitigation strategies throughout this course you will get the opportunity to apply your newly gained skills in exercises and self-reviews before going through an Exemplar as a possible solution to the cyber security challenge you're presented with the final part of the course is all about producing a focused security mitigation strategy plan for a business this Capstone project consolidates the knowledge you've acquired from previous courses culminating in a standalone portfolio piece that showcases your newly developed s cyber security skills after this Hands-On learning you will complete a final graded assessment but be assured that everything you need to complete the assessment will be covered during your learning with each lesson made up of video content readings and quizzes when you complete all of the courses in the program you'll earn a corsera certificate to share with your Professional Network and you will have tangible examples to talk about in your job interviews you'll also be prepared to take the Microsoft sc900 exam and earn your Microsoft certification this certification is globally recognized evidence of Real World skills it shows your commitment to keeping Pace with rapidly changing technology by expanding your skill set in your professional roles in summary this course not only provides you with a detailed overview of advanced cyber security Concepts it also gives you several opportunities to practically apply the skills you have learned now that you've reached the end of this course introduction it's time to continue your cyber security Journey with the constant threat of cyber attacks it's critical for security teams to stay one step ahead of attackers the old saying prevention is better than cure is especially relevant in the world of cyber security and threat modeling is one of the best preventive ways to protect organizations from cyber attacks threat modeling is a process for identifying and addressing security threats to your applications by following the three steps of threat modeling you can improve the security of your applications and protect your organization from cyber attacks in this video you will discover the three steps of threat modeling these are decompose the application determine and rank threats and determine counter measures and mitigation let's start with step one which is decomposing the application when decomposing an application it is essential to consider all its different components and how attackers could interact with the application through these components components of an application include the user interface this is the part of the application that users interact with directly it is important to consider how an attacker could exploit vulnerabilities in the user interface such as input validation errors to gain access to the application or to steal data another component is the database where the application stores its data think of how an attacker could gain access to the database such as through SQL injection attacks or how they could corrupt the data next is the backend code ask yourself how attackers could exploit vulnerabilities in the code that runs the application for instance attackers could use buffer overflows to enter an application and extract data the networked infrastructure is another component this includes the network that the application is connected to as well as the servers and routers that are used to Route traffic to and from the application How could an attacker exploit weaknesses in the network infrastructure an example is a man in the middle attack which enables unauthorized access or operational disruption of an application and then you should also consider the operating system the software that runs the computer that the application is hosted on think about the strategies an attacker could employ to leverage flaws in the operating system for example attackers might execute a privileged escalation attack to infiltrate an application and tamper with its functionality lastly you should consider the hardware or physical components of the computer that the application is hosted on such as the CPU memory and storage devices examine how an attacker could take advantage of Hardware security weaknesses a concrete example involves a physical access attack granting attackers entry to the application are enabling operational interference once you understand the appc a components and how they interact you can begin to identify potential threats which brings you to step two of the threat modeling process determining and ranking threats in this step you should consider the following factors first the likelihood of the threat occurring you can determine this Factor by considering the attacker's required skill level and the availability of tools and resources to perform the ATT attack also take into account the presence or absence of security controls aimed at preventing or halting attacks for example an attack that can only be executed by highly skilled attackers with specialized tools is less likely to occur and therefore poses a less prominent threat than commonly executed attacks second is the impact of the threat if it occurs here you should consider the loss of data the financial impact and the damage to reputation that an attack could cause for example a threat that could lead to the loss of sensitive data will have a larger impact than one that only causes a minor inconvenience and lastly is the ease with which a threat can be executed consider the complexity of the attack the availability of information about the attack and the visibility of the vulnerability for example the effects of a vulnerability that is easy to exploit will likely be more severe than that of a difficult one once you have considered all of these factors you can rank the threats in terms of severity there are models for doing this which you will learn more about later let's move to the third and final step of threat modeling determining counter measures and mitigation counter measures are measures you can take to prevent aat threat from occurring while mitigations are measures you can take to reduce the impact of a threat if it occurs some examples of counter measures and mitigations include implementing security controls like firewalls intrusion detection systems and access control lists next is training users on security best practices around password security fishing awareness and social engineering conducting penetration testing is also a useful countermeasure used as a probing exercise to discover any vulnerabilities another example is patching vulnerabilities the process of applying software updates that fix security vulnerabilities and finally red teeming is used to simulate an attack on organizations by a team of Security Professionals the specific counter measures and mitigations you choose will depend on the identified threats in conclusion threat modeling is a proactive process for identifying and addressing security threats to your applications to prevent possible attacks it places security teams in the attackers seat forcing them to critically examine an application security shortcomings by following the three steps outlined in this video you can preempt cyber assaults by improving the security of your applications thereby staying ahead of potential attackers earlier you learned about the three steps of threat modeling decomposing the application determining and ranking threats and determining countermeasures and mitigation in this video you will focus specifically on the first step decomposing the application you've touched on this process of breaking down an applications components and analyzing their interactions to to identify potential vulnerabilities and security risks but there is a lot more to it it requires putting your critical mind into gear and thinking about an application's essential elements but also about the aspects surrounding it decomposing an application is also unpacking its purpose architecture security controls vulnerabilities external dependencies entry and exit points assets and Trust levels let's Del into these technical aspects starting with understanding the purpose of the application this is crucial because it helps in recognizing the potential motives behind attacks you can imagine that applications dealing with sensitive data Financial transactions or personal information are more attractive to attackers due to the potential gains to gain a technical perspective you need to categorize the types of data the application handles you also need to consider their sensitivity levels and the regulatory requirements surrounding protecting these various types of data next is the application's architecture which defines its structure and the interactions between components certain architectural choices can unintentionally introduce vulnerabilities for instance a monolithic architecture might be susceptible to single point failures while a microservices architecture might have security concerns around interservice communication a deep technical understanding of the architecture allows for pinpointing potential weak points this involves analyzing how data flows between components how apis are exposed and whether security boundaries are adequately established an application security controls are another essential aspect to evaluate these are the mechanisms that Safeguard the application from threats in a technical sense this involves assessing the effectiveness of controls like firewalls encryption access controls and intrusion detection systems examining their configurations and ensuring they align with best practices is crucial for instance this could involve analyzing firewall rules to prevent unauthorized access reviewing encryption protocols to prevent data breaches and validating Access Control lists to prevent unauthorized data manipulation identifying an application's vulnerabilities is also pivotal this requires technical methods like conducting vulnerability scans and code reviews vulnerabilities can result from coding errors misconfigurations or the usage of outdated libraries a detailed examination of the code base and its dependencies is essential in fact regular vulnerability assessments help to catch and address known vulnerabilities before attackers exploit them techniques like static analysis of the code base can uncover coding mistakes that might lead to security breaches decomposing the external dependencies of an application is also in valuable these are components that are outside the application but critical to its functionality from a technical standpoint these could be third-party libraries apis or Services vulnerabilities in the security posture of dependencies can indirectly impact the application's security it's important to check for security updates and understand the dependencies threat landscape when interacting with with dependencies it is essential to implement proper security controls furthermore the entry and exit points of an application are critical aspects to examine too entry points are Avenues through which attackers can interact with the application while exit points are the routes through which attackers can extract data on a technical level entry points could Encompass various attack surfaces like the user interface network interface es apis and input Fields exit points on the other hand could involve data retrieval via API unauthorized data transfers through network interfaces or extraction through weekly secured database connections identifying these points is crucial for devising security measures that protect against unauthorized access and data leakage next is an applications assets which refer to valuable resources within the organization like data intellectual property or financial records from a technical perspective this involves classifying assets data into different categories based on their value and sensitivity this helps in focusing security efforts on protecting the most critical assets implementing data classification ation and access controls as well as encryption mechanisms for sensitive data is essential and lastly an application's trust levels should be examined they denote the level of trust associated with different components of the application in technical terms this entails assessing the security posture of each component for instance considering the user interface as a lower Trust component implies implementing strong input validation and output encoding mechanisms to prevent injection attacks regarding the database as a high trust component means prioritizing robust authentication encryption and access control mechanisms to protect sensitive data in summary decomposing an application involves an indepth technical analysis of its components interactions and vulnerabilities in this video you learn that understanding the technical nuances of each aspect enables you to devise comprehensive security measures that Safeguard against a wide range of potential threats and attacks at the heart of effective cyber security lies the skill of identifying and categorizing potential threats picture a cyber security team flooded with alerts from various systems amidst this digital chaos the team's skill in categorizing threats based on severity and potential impact becomes a Guiding Light to focus on the most pressing dangers but wait let's rewind a bit to prevent this dreaded scenario threat modeling categorizes threats before they happen enabling teams to proactively implement the most effective defense strategies in this video you'll explore the second step of threat modeling determining and ranking threats in this exploration you'll delve into the widely used stride model a tool that aids in identifying and ranking potential threats you will discover what stride stands for how to apply it and its importance but first let's stop for a moment and question the overarching goal of threat categorization it is to develop a sound understanding of the threat landscape of a particular application this clear understanding empowers organizations to allocate their resources with precision and prioritize their security efforts threat categorization entails organizing a multitude of threats into distinct groups based on their unique attributes possible consequences and the techniques employed to breach systems Microsoft developed the stride model to facil facilitate this systematic analysis and categorization of threats it enables organizations to address vulnerabilities proactively thwarting potential exploitation and ultimately reducing the Peril of security breaches stride stands for spoofing tampering repudiation information disclosure denial of service and elevation of privilege you might be familiar with these attack types so let's run through a quick overview of what they entail spoofing revolves around the art of masquerading as a legitimate entity with the intention of acquiring unauthorized access this manipulation could entail falsifying crucial identifiers such as IP addresses or email addresses to deceive individuals or systems into granting unauthorized access tampering is centered on unauthorized alteration of of data or systems this threat can potentially instigate data corruption unauthorized modifications or even the syruptitious injection of malicious code into systems repudiation pertains to the ability to disavow a specific event or action a classic example involves a user denying their involvement in a particular transaction this accentuates the significance of maintaining accurate and comprehensive logs for accountability information disclosure also termed a privacy breach or data leak involves the unauthorized exposure of sensitive data the ramifications can be Dire spanning from identity theft and the loss of Trade Secrets to compromising user privacy denial of service attacks are geared towards disrupting service availability by inundating systems with an overwhelming influx of traffic such as assault can incapacitate Services resulting in financial losses and considerable damage to reputation elevation of privilege unfolds when a malicious actor attains elevated access to a system granting them authorization to execute actions that are otherwise prohibited this threat Harbors the potential to compromise sensitive data and to wield unauthorized control over critical functions so why why does the stride model hold such Paramount importance well it provides a structured methodology for thread analysis by methodically contemplating each facet of the stride model organizations can gather profound insights into their vulnerabilities and potential Avenues of cyber attacks for instance imagine a financial institution that employs online banking services through the lens of stride analysis the institution can unearth potential threats like fraudulent emails tampered transactional data and unauthorized elevation of user privileges with a firm grasp of the stride model let's dive into its practical application to use this model you need to follow a series of pivotal steps first identify the assets start by listing the assets that warrant safeguarding be it databases user accounts or sensitive data next analyze the threats for each asset meticulously consider how each part of the stride model could be harnessed to compromise its security then assess the impact gauge the conceivable impact of each identified threat which threats wield the potential to inflict the most damage or disrupt operations profoundly lastly rank the threats prioritize threats based on their potential impact and the probability of occurrence this stratification facilitates the effective allocation of resources after threats have been Unearthed and ranked using the stride model the subsequent course of action involves mitigation this encompasses implementing security measures to mitigate the risks posed by each identified threat but more on this later in this video you learn that threat categorization coupled with the stride model provides an authoritative framework for understanding scrutinizing and countering cyber security threats later in this lesson you will delve even deeper into the intricacies of the stride model not all threats are created equal they can vary in their potential to disrupt damage and destabilize business resources and operations and this is why step two of threat modeling is so significant it's not only about identifying risks but also about determining their severity and likelihood this process transforms the Sea of potential threats into a structured hierarchy enabling organizations to allocate their resources ources time and efforts effectively in this video you will hone in on the process of ranking threats earlier you learned how to use the stride model can you recall the steps you need to follow to apply the stride model identify assets analyze the threats assess the impact and rank the threats cyber security analysts don't only use stride when they are ranking threats they also employ The Dread model over the next few minutes you will learn about this model and how to use it in conjunction with stride in step two of threat modeling to determine the rank of a threat two essential factors come into play impact and probability impact gauges the extent of damage that could result if a threat materializes while probability assesses the likelihood of the threat occurring The Dread model provides a way to assign numerical values to these factors this quantitative score paints a vivid picture of each threat's potential consequence this score-based ranking system enables informed decision-making ensuring defenses are fortified where it matters most dread stands for five evaluation ative Dimensions damage reproducibility exploitability affected users and discoverability when applying the dread model you assess each dimension on a scale from 1 to 10 with higher scores indicating greater risk let's explore these Dimensions starting with damage this Dimension delves into the potential harm a threat could inflict on an organ ization it considers data loss Financial impact and reputational damage the reproducibility dimension focuses on how easily a threat can be replicated or exploited repeatedly next is the exploitability dimension which explores how easily an attacker can take advantage of a vulnerability to perpetuate an attack the affected users's dimension assesses es the scope of impact gauging the number of users are systems that could be compromised and finally the discoverability dimension measures the ease with which an attacker could find and exploit the vulnerability by evaluating each threat against these dimensions a comprehensive risk profile emerges making it easier to prioritize and allocate resources for mitigation efforts since the scoring system of the dread model relies on subjective judgment it's considered a qualitative risk model threat modeling involves plenty of uncertainty in this realm where absolutes are elusive qualitative risk models like the dread model offer valuable Insight the effective use of the dread model relies heavily on Expert judgment experience and Collective wisdom let's use what you now know about The Dread and stride models by applying them to Sam Scoops notably the company gathers personal information and consumer insights derived from user behaviors using the stride model you identify a major threat information disclosure via unauthorized access to the customer database to evaluate this threat you use the dread model damage is assigned a rating of nine due to high high potential Financial loss and reputation damage reproducibility scores six for moderate effort needed to exploit database vulnerabilities exploitability is rated as seven because the attack will only require moderate technical skill what about affected users this one scores a 10 because all customers private data could be exposed and lastly discoverability is ranked five because the database vulnerability may not be immediately evident to attackers finally you add up the scores and divide it by five in this case that would give you a score of 7.4 this high score means the threat of unauthorized access is severe merging stride and Dread converts abstract threats into actionable insights allowing the company to Prior PR ize robust defense strategies but the culmination of analysis isn't the final note it's the Prelude to action armed with insights organizations embark on a journey of mitigation orchestrating strategies to fortify their defenses and deter potential attackers mitigation entails multifaceted efforts which you will learn about later in this lesson the best cyber security analysts know that weighing the impact and probability of threats is not just a necessity but a mission of utmost importance it's likely that the more you use the stride and Dread models the better you will get at judging the severity of threats in this video you started sharpening this skill by learning how to rank threats in terms of the five dimensions of dread damage reprodu abbility exploitability affected users and discoverability you also covered how to use the stride and Dread models in conjunction to perfect the second step of threat modeling determining and ranking threats previously you learned about the concept of threat modeling and its steps you now know that it is not merely a theoretical exercise but a crucial component in any cyber security framework threat modeling allows organizations to anticipate and address potential security threats before they manifest rather than reacting to them post incident by identifying potential threats organizations can prioritize their security efforts focusing on the most critical vulnerabilities first building on your foundational understanding of threat modeling this video covers its advantages highlighting how it empowers organizations to enhance their security posture and make informed decisions proactively so let's Jump Right In and uncover what benefits it offers the First Advantage is threat modeling's ability to reduce the attack surface of a system or application attack surface refers to all potential points of Entry that a malicious actor could exploit to compromise a system threat modeling helps you to identify and analyze these entry points allowing you to take proactive measures to close them off by pinpointing vulnerabilities and weak points early in the development process organizations can Implement security controls to mitigate risks effectively this strengthens the overall security posture and saves resources and time that would otherwise be spent on dealing with security breach es now let's talk about how threat modeling AIDS in prioritizing mitigation efforts and determining budget allocation in today's Dynamic threat landscape making the most of limited resources is essential understanding potential risks and their impacts enables organizations to allocate resources to address vulnerabilities with the highest potential to cause damage as a result security teams can optimize their efforts and budget to effectively Target the most critical threats achieving a better return on investment or Roi in terms of security outcomes threat modeling not only helps with budgeting it can also reduce long-term costs by catching potential vulnerabilities early on organizations can avoid the higher costs associated with fixing issues after an application is deployed or in responding to a security breach if a breach does occur having a thorough threat model can Aid incident response teams in quickly identifying and addressing the source of the breach another significant advantage of threat modeling is its ability to identify and eliminate single points of failure a single point of failure or spof refers to a component in a system that if compromised could bring the entire system down it's like a city's main bridge if it closes all traffic stops causing congestion in digital terms if multiple servers rely on one network switch and it fails all connected servers get cut off disrupting Services by mapping out the different components and interactions within a system threat modeling helps identify such critical points this information empowers organizations to implement redundancy and failover mechanisms ensuring that if one component fails others can take its place to maintain system functionality and the proactive approach to system resilience minimizes downtime and enhances overall reliability moving on let's discuss how threat modeling facilitates the alignment of security with business goals in any organization security should not be a standalone objective instead it should be integrated with the broader business objectives threat modeling helps bridge the gap between technical security considerations and business requirements organizations can make informed decisions on risk acceptance risk transfer and risk mitigation by identifying potential threats and vulner durabilities that could impact the achievement of business goals this alignment ensures that security efforts are effective and in line with the organization's strategic Direction next is the issue of compliance and regulations compliance with industry regulations and standards is crucial for many businesses especially those dealing with sensitive data threat modeling offers substantial benefits in meeting compliance requirements by identifying and addressing security risks early in the development life cycle organizations can demonstrate a proactive commitment to security and Regulatory Compliance this not only helps avoid potential fines or legal complications but also builds trust with customers and partners who value data protection and security measures another benefit of threat modeling is that it serves as a common language anguage that connects developers Security Professionals and other stakeholders communication and collaboration between different teams within an organization are vital for effective security implementation through threat modeling everyone gains a shared understanding of the potential risks and security measures required this shared understanding streamlines communication Fosters collaboration and ultimately leads to more secure and robust systems lastly by regularly revisiting and updating threat models organizations can adapt to the evolving threat landscape ensuring their defenses remain robust and relevant in conclusion while you already grasp the steps involved in threat modeling it's equally important to recognize the wide array of benefits it brings to the table threat modeling is an essential tool in an organization's cyber security Arsenal from reducing attack surfaces and prioritizing mitigation efforts and budgeting to identifying and eliminating single points of failure its ability to align security with business goals Support Compliance efforts and enhance communication further solidifies its value continuous Improvement through threat modeling fortifies an organizations defense mechanisms and fosters a culture of proactive security and strategic alignment Paving the way for sustainable success in a digitally dependent landscape in today's world applications are seamlessly integrated into people's daily lives however as their complexity grows so do the potential threats and vulnerabilities that may compromise digital security this video addresses a topic of utmost importance the Assurance of application security using the Sans approach Sans stands for CIS admin audit network security and it's a widely recognized organization in the field of cyber security the Sans Institute provides extensive training certifications and resources to Professionals in the information security industry there are approach encompasses a holistic view of security covering system administration Network management security Audits and more in this video you will investigate the sans's approach how it aids in identifying and exploring threats establishing an application security Paradigm and the rationale behind incorporating security features furthermore you will be introduced to pivotal application security Frameworks such such as pasta which stands for process for attack simulation and threat analysis CVSs the common vulnerability scoring system PNG the process for National Security risk management and vast which stands for visual agile and simple threat modeling each of these plays a pivotal role in fortifying application security without further Ado let's begin the exploration first what exactly is the sans's approach well it's a comprehensive framework to identify assess and mitigate security threats and vulnerabilities within software applications safeguarding an application requires meticulous identification and investigation of potential threats and vulnerabilities this undertaking involves a methodical dis section of the application's architecture design and code to unveil the chinks in its digital armor and this is where the sans's approach a systematic and comprehensive framework for threat identification and exploration shines it orchestrates a multifaceted application analysis dissecting it at both the software and Hardware level building on this meticulous analysis it becomes evident how crucial the right defensive strategies are in cyber security here the importance of security features cannot be overstated when vulnerabilities rear their heads within an application it's essential that security measures are not only adopted but that their implementation is substantiated by sound reasoning the Sand's approach serves as a compass in this regard ensuring that the chosen security features are effective and seamlessly aligned with the threats and the risks that have been Unearthed the repository of effective security measures is diverse ranging from meticulous code reviews and incisive penetration testing to robust encryption protocols and well-defined access controls through careful validation of these features organizations optimize the allocation of resources and the prioritization of their security efforts with a solid grasp of the s's approach as a Cornerstone of security you're now ready to explore application security Frameworks by understanding the foundational concepts of Frameworks like pasta CVSs PNG and vast you'll be well equipped to delve into their details in upcoming videos the first framework pasta or process for attack simulation and threat analysis is a sentinel of risk Centric threat modeling methodology it lays out a structured blueprint for identifying latent threats a rigorous dissection of their potential impact and a prudent determination of countermeasures embracing pasta empowers organizations to understand their unique threat terrain enabling them to make informed decisions concerning security measures next is CVSs the common vulnerability scoring system a standardized tool set used to gauge the severity of security vulnerabilities this system assigns scores to vulnerabilities based on their potential impact and exploitability it equips security teams with the insight to prioritize their patching Endeavors thus allocating resources becomes a measured and targeted process aligning with how critical each vulnerability is there is also PNG or the process for National Security risk management it is not to be confused with the portable Network Graphics image format acronym PNG is a comprehensive apparatus for risk assessment it surveys the technical operational and managerial facets of security delivering a panoramic representation of an application's security risk profile through PNG organizations can unravel potential vulnerabilities across the entire life cycle of an application armed with this understanding they can develop strategies to mitigate these risks last is vast or visual agile and simple threat modeling a modern and accessible threat modeling framework vast emphasizes collaboration visualization and agility transcending the confines of technicality and rendering threat identification and countermeasure design accessible to both Technical and non-technical stakeholders in summary applying security is imperative in today's digital realm the sans's approach involves comprehensive cyber security training and research providing resources to enhance Global Security awareness it stands steadfast as a Cornerstone scaffolding efforts to identify investigate and verify security measures that protect applications from lurking threats and vulnerabilities the application security Frameworks pasta CVSs PNG and vast complement this approach collectively these tools boost the application security Arsenal in this video You're diving into the world of threat analysis and attack hack simulation by focusing on the robust pasta framework understanding this seven-step process can significantly enhance your ability to identify and prioritize potential threats and vulnerabilities so let's get started so far you've explored the benefits of threat modeling and you now know how it aids in identifying potential risks and vulnerabilities as technology advances so do the techniques of malicious actors seeking to exploit vulnerabilities without a comprehensive understanding of potential threats organizations are left vulnerable to cyber attacks resulting in data breaches Financial losses and reputational damage the comprehensive Pastor framework brings threat modeling to a new level to address these issues the pasta framework which stands for process for attack simulation and threat analysis is a methodical approach that guides security teams through a comprehensive analysis let's break down these steps one by one the initial step involves outlining the business compliance and security objectives and performing a preliminary business impact analysis or Bia the input documents include business requirement documents and information security policies the output of this stage includes the definition of application security and compliance requirements and a Bia report step two identifies what needs protection including Technologies dependencies and components for example defining technical scope and identifying software and network dependencies this identification is done using highlevel design docu doents and network diagrams and it yields outputs such as a highlevel view of application architecture and a list of protocols and data types now that you have the first two steps well in hand let's move on to the next one step three is application decomposition this step involves identifying users and actors this is done to understand component interactions implicit Trust models and data flow using inputs like architecture diagrams and use cases the outputs include data flow diagrams and a list of assets with their trust levels this brings us to step four threat analysis here the impact of threats on the application is assessed this assessment inails inputs like threat agents and security incident reports and it involves analyzing scenarios incidents and application and system logs outputs include attack scenario reports and a list of threat agents and vectors The Next Step Builds on the threat analysis by analyzing vulnerabilities step five correlates vulnerabilities with assets and manages risks by integrating various tools and practices it utilizes inputs like threat trees and attack scenarios these are used to map threats to vulnerabilities and score vulnerabilities this leads to outputs like vulnerability mapping and enumeration the second last step is about validating vulnerabilities by creating attack trees and mapping vulnerabilities to nodes inputs like application technical scope and attack libraries are used this is to conduct activities like identifying attack surfaces and deriving attack trees the resulting outputs are attack surface identification and a list of attack paths and that brings us to the final step risk and impact analysis it encompasses reducing risks by building counter measures based on insights from the previous steps inputs like preliminary Bia and Technical scope lead to activ activities such as assessing business impact and identifying security control gaps the outputs of this stage include an application risk profile and a list of mitigation strategies now let's discuss some of the benefits the past of framework brings to the table first and foremost the methodology encourages a holistic understanding of the system by breaking it down into its individual components data flow and potential areas of vulnerability while many other methodologies May focus narrowly on specific aspects of security pasta offers a holistic view taking into account the entire ecosystem in which an application or system operates second pasta encourages collaboration among various departments within an organization the framework ensures a well-rounded understanding of potential risks by involving stakeholders from it development and business units third pasta promotes a proactive approach to cyber security organizations can anticipate threats and vulnerabilities rather than waiting for an attack allowing for timely mitigation fourth pass the AIDS in resource allocation limited resources can be directed towards addressing the most critical threats maximizing the effectiveness of the organization's cyber security efforts finally pasta provides a structured methodology for documenting the threat analysis process this documentation is a valuable resource for future reference and maintaining a consistent threat analysis approach in conclusion the pasta framework Fosters holistic understanding collaboration practice AC ity resource allocation and a structured methodology so how can the pasta framework be executed practically you'd start by assembling a cross functional team that brings together individuals from different departments this diversity of perspectives is critical to a comprehensive threat analysis next you'd follow each step of the pasta framework meticulously the team should collaborate brainstorm and analyze threats and vulnerabilities to ensure a thorough evaluation they should also utilize tools and technologies that Aid in the threat analysis process there are various software Solutions available that can streamline data collection analysis and risk ranking and remember threat Landscapes evolve so it's crucial to perform regular reviews and updates of threat an analysis to stay ahead of emerging risks by following the seven steps of the pasta framework security teams not only enhance their organization's cyber security posture they also contribute to a safer Digital World while many other methodologies May focus narrowly on specific aspects of security pasta offers a holistic view taking into account the entire ecosystem in which an application or system operates earlier you were introduced to the common vulnerability scoring system or CVSs now it's time to explore it in some more depth this video covers its significance components scoring process real world applications challenges and the pivotal role it plays in the world of cyber security let's start by delving into the essence of CVSs and its Origins the common vulnerability scoring system is a standardized threat scoring framework created to assess known computer systems and software vulnerabilities this robust framework was developed and is continually maintained by two authoritative bodies the National Institute of Standards and technology or n and the Forum of instant response and security teams or first the difference between CVSs and the previously discussed pasta framework is that pasta is used for threat modeling and risk assessment CVSs on the other hand is used to assess the severity of specific vulnerabilities in software or systems it provides a numerical score to help organizations prioritize and understand the impact of a particular vulnerability to better understand CVSs let's dive into its three primary components first are the base metrics which lie at the core of CVSs these metrics provide a comprehensive view of a vulnerability inherent characteristics they include details like the attack Vector attack complexity privileges required and the potential impact on confidentiality integrity and availability second are temporal metrics which offer insights into how a vulnerability may change over time for example the availability of exploits and the prevalence of the vulnerability in the wild this category evaluates Dynamic factors such as exploit code maturity remediation level and Report confidence last are environmental metrics which place vulnerabilities Within in a specific context they consider environmental aspects specific to an organization's environment such as the assets that are exposed by the vulnerability and the organization's security posture environmental metrics measure collateral damage potential Target distribution exploitation difficulty and impact modifiers you may ask how these metrics are scored and the answer is the CVSs version 3.1 calculator it is a valuable tool for Security Professionals and anyone who wants to learn more about the severity of computer vulnerabilities the calculator determines three numerical value scores a base temporal and environmental one derived from the metrics that were just discussed to calculate a CVSs score you must first select the appropriate base score metrics these metrics are attack vector or AV a metric that describes how an attacker can exploit the vulnerability second is attack complexity or AC which describes how difficult it is for an attacker to exploit the vulnerability third is privileges required or PR this metric describes the Privileges that an attacker needs to exploit the vulnerability fourth is user interaction or UI which describes whether an attacker needs user interaction to exploit the vulnerability fifth is scope or s a metric that describes the impact of the vulnerability on the confidentiality integrity and availability of data and systems sixth is confidentiality impact or C this metric describes the impact of the vulnerability on the confidentiality of data seventh is integrity impact or I a metric that describes the vulnerability's impact on data integrity and last is availability impact or a this metric describes the impact of the vulnerability on the availability of data and systems once you have selected the base score metrics the calculator will automatically calculate the base score you can then choose whether you also want to select and calculate the temporal score and environmental score metrics to refine the CVSs score you will learn more about these in the CVSs cheat sheet reading that follows now let's explore examples of how to use CVSs practically in Industry organizations rely on CVSs to prioritize their response to vulnerabilities by focusing on vulnerabilities with higher scores they can allocate resources more efficiently and tackle the most critical issues first CVSs is also a Cornerstone for risk assessment it empowers organizations to evaluate the potential impact of a vulnerability on their specific environment and make informed decisions regarding risk acceptance mitigation or transfer and system administrators rely on CVSs score to determine the urgency of applying patches this AIDS in promptly addressing vulnerabilities and enhancing the overall security posture however CVSs does present its own set of challenges one notable challenge is subjectivity different assessors May interpret the metrics differently leading to variations and scores to mitigate this organizations must establish standardized assessment processes another challenge is the lack of context while environmental metrics help contextualize vulnerabilities they may not capture every unique factor in an organization's environment additional context may be needed for a comprehensive assessment and lastly there are zerod day vulnerabilities zero day vulnerabilities are un disclosed software or Hardware weaknesses unknown to developers lacking official patches the term zero day signifies zero days of protection between Discovery and Patch release assessing them using the common vulnerability scoring system is challenging due to limited information absence of official fixes their Dynamic nature and limited context to summarize CVSs is a fundamental tool in the cyber security realm it offers a structured and standardized approach to evaluate the severity of known vulnerabilities organizations can better prioritize assess and manage their security efforts by understanding its components and scoring process ultimately fortifying their defenses against cyber threats in the rapidly evolving landscape of cyber security vast or visual agile and simple threat management has emerged as a cuttingedge methodology it is gaining momentum across large and small organizations and aims to revolutionize how organizations identify assess and respond to cyber threats in this comprehensive video you will delve deeper into vast exploring its fundamental principles its wide array of benefits and practical real world examples to illustrate its Effectiveness vasts Foundation rests upon three fundamental principles that collectively enhance cyber security these are visualizing threats agile response to threats and simplified management let's examine these and their benefits first the vast methodology introduces a visual Dimension to cyber security through userfriendly dashboards and graphical representations it can simplify the often daunting task of threat identification the benefit of this visual approach is that it facilitates swifter detection and incident response providing a real-time view of network and system vulnerabilities using the vast approach and appropriate tools like Microsoft Sentinel to implement it enables organizations to expedite identifying and responding to threats ultimately this helps mitigate potential damage as an example this Microsoft Sentinel dashboard screenshot shows a world map indicating security events across regions in the past week the dashboard also displays metrics like total events alerts and incidents it provides an at a glance view of an organization's security status aiding in trend tracking and control assessment second the ever evolving nature of cyber threats demands agility in response following the vast methodology empowers security teams to adapt their strategies and tactics swiftly to combat emerging threats by doing so organizations can stay one step ahead of adversaries minimizing potential damage for example this is a screenshot of the incident page of the the Microsoft Sentinel portal it highlights initial access incident involving one user and it has been assigned a high severity level the vast approach facilitated by tools like Microsoft Sentinel helps organizations bolster their overall security posture it aids in identifying and remedying vulnerabilities ensuring a proactive approach to cyber security third a vast approach simplifies management by promoting the automation of routine tasks and a centralized view of security data the benefit of this simplified management is streamlined operations that free security teams to concentrate on more strategic and Mission critical tasks the vast approach can deliver cost savings by enhancing operational efficiency again Microsoft sent can Aid in these tasks this is a screenshot of the automation page of the Microsoft Sentinel portal it shows enabled playbooks and rules as well as other features for managing and monitoring security tasks these are the fundamental principles and some of the benefits of vast but what about its implementation as you might have been able to tell from preceding examples one way to implement it is by deploying Microsoft Sentinel if you've gone through the earlier courses in this program you should already be familiar with Microsoft Sentinel it's an ideal partner for the vast methodology because it excels at collecting and analyzing the data the vast approach relies on to identify cyber threats together they form a powerful team that ensures safety in the digital world let's examine some example scenarios demonstrating how vast implementation can enhance cyber security particularly when paired with Microsoft Sentinel imagine an organization deploys Microsoft Sentinel to monitor Network traffic one evening The Sentinel dashboard detects an unusual spike in traffic during non- business hours the security team promptly investigates and identifies a malicious actor attempting unauthorized AC access in the context of Microsoft Sentinel the correct response would involve swiftly blocking the attackers IP address Microsoft Sentinel can also assist in identifying any other potential compromised systems this rapid and precise response prevents further intrusion and damage showcasing Microsoft Sentinels efficiency in real world situations another example is an organization that integrates its patch management system with Microsoft Sentinel for automated patch management this integration enables Microsoft Sentinel to continuously monitor for vulnerabilities and promptly alert for patches when they are available the benefit of this proactive approach is that it minimizes the window of opportunity for attackers to exploit vulnerabilities it also reduces the workload on the security team ensuring that critical syst systems remain upto-date and secure let's move on to another scenario during a workday Microsoft Sentinel detects unusual file activity on several employee computers these files exhibit characteristics of malware the appropriate response using Microsoft Sentinel is to quarantine the suspicious files on affected devices immediately and Trigger alerts to the security team the team swiftly investigate isolate the compromised devices and commence malware removal thereby adhering to Microsoft Sentinels agile supervision these examples demonstrate that cyber security teams that follow the vast approach when using tools like Microsoft Sentinel can handle threats more efficiently and effectively in conclusion vast stands as a powerful and dynamic cyber security methodology it equips organizations with the tools needed to enhance their security posture and reduce the risk of cyber attacks vast is especially well suited for organizations seeking to fortify their threat detection and response capabilities optimize resource allocation and Achieve cost efficiency in cyber security operations as the digital landscape continues to evolve vast provides a critical iCal advantage in the ongoing battle against cyber threats ensuring organizations remain resilient and secure in the face of everchanging challenges to perform any job properly you need the right tools the Microsoft threat modeling tool 2018 is a pivotal resource in threat modeling cyber Security Professionals use it to safeguard software and systems by pinpointing and mitigating potential security threats in this video you'll learn how to use the Microsoft threat modeling tool 2018 to develop robust threat models for your software and systems this tool is a core element of the Microsoft security development life cycle or sdl you will also learn more about the sdl process Microsoft unveiled the Microsoft threat modeling tool in September 2018 making it widely available as a free download you can find a link to download it in the additional resources at the end of this lesson before you explore the features of this tool it's essential to understand the security development life cycle or stdl process which is crucial for Effective threat modeling to commence the sdl process you start by crafting a comprehensive of diagram or representation of your software or system this diagram serves as the Cornerstone for identifying potential security threats think of it as creating a blueprint before constructing a building a clear plan is necessary to guarantee structural Integrity in threat modeling this diagram helps you gain insights into the various components and their interactions in the next phase the identify phase your objective is pinpointing potential security threats and vulnerabilities this entails thoroughly analyzing the previously created diagram to identify areas where security risks May emerge you search for weak points in your system's design implementation or architecture this step is pivotal as it provides an understanding of where vulnerabilities might exist our Med with the knowledge of identified threats the third phase is the mitigation phase it involves devising strategies and implementing security controls to counter these threats this step is indispensable for reducing the risks associated with potential vulnerabilities continuing our building analogy once you identify weak points you'd install reinforced steel doors security cameras and alarm arms similarly in threat modeling you'll Implement security measures to mitigate identified risks the validation phase assesses the effectiveness of the security measures and controls that have been implemented this often entails testing and verification to ensure that the security of the software or system meets the desired standards if we revisit our building example you will simulate Breakin attempts to ensure that your security measures can withstand real world attacks in threat modeling validation assures your security controls are robust and effective now that you grasp the four phases of sdl let's unpack how to use the Microsoft threat modeling tool when you launch the tool you'll find a starter page with several options first is the feedback suggestions and issues button this button provides access to the msdn Forum dedicated to the security development life cycle here you can connect with other users gain valuable insights and access recommendations from the community next is the create a model option this feature opens a blank canvas where you can initiate the creation of your threat model on the lower section of the page you will find the template selection interface here you have the flexibility to choose from various templates based on your Project's requirements streamlining the threat modeling process selecting the appropriate template that aligns with your specific model is crucial the tool also provides the option to view recently open models a list of the models you saved earlier displays providing a convenient way to retrieve your most recent files next let's explore the key features of this tool starting with how to build a model after selecting create a model from the main page it's time to start building it the threat modeling tool enables users to Define trust boundaries and illustrate where different entities have control like drawing a data flow diagram now let's move on to analyzing threats the threat modeling tool helps you identify potential vulnerabilities systematically it categorizes threats using the stride model helping you understand the diverse range of vulnerabilities your software May face each threat description is accompanied by supplementary information that explains the issues and provides recommendations for improving security you can also categorize threats based on their status such as not applicable not started needs investigation and mitigation at there are many benefits to the threat modeling tool It empowers software Architects to identify and address potential security issues early in the development process when they are more manageable and coste effective to resolve consequently it significantly reduces the overall development costs designed with both Security Experts and non-experts in mind this tool simplifies threat model for developers by offering clear guidance on creating and analyzing threat models the tool enables anyone to communicate about the security design of their systems analyze those designs for potential security issues using appr proven methodology and suggest and manage mitigations for security issues key capabilities and Innovations of the tool include automation functionalities which provide guidance and feed feedback during model creation it also lists stride per element guiding the analysis of threats and their mitigations next it includes reporting functionalities facilitating security activities and testing during the verification phase it also offers a unique methodology enhancing users ability to visualize and comprehend threats what's more the tool is developer centered it's focused on software activities familiar to all developers and Architects and lastly its focus is on design analysis prioritizing design analysis is a crucial aspect of threat modeling within the sdl approach in conclusion the Microsoft threat modeling tool in combination with the sdl approach offers a structured and effective way to to create threat models and enhance the security of software systems by following the steps outlined in this video software development teams can build more resilient and secure applications ultimately reducing the risk of security breaches and vulnerabilities can you recall the four phases of the security development life cycle or sdl process you covered earlier they are diagram creation identifying mitigating ating and validation sdl is tailored explicitly for fortifying Azure virtual networks in this video you'll learn about the advanced application of the sdl process you'll explore how each phase equips you to secure virtual Network environments within azure's Dynamic Cloud infrastructure let's get started in the initial phase of crafting your Azure virtual Network diagram it's essential to include these key components first is subnets they are the foundation for traffic isolation because they divide the network into manageable segments next is virtual machines or VMS VMS are core computational units hosting various applications and services and require robust security you should also include network security groups or nsgs in your diagram nsgs are virtual firewalls that meticulously control inbound and outbound traffic enforcing security policies you should also include application security groups or asgs asgs are logically grouped VMS and they apply consistent security rules for streamlined policy management Azure firewall is another crucial diagram component it's a cloud-based firewall service with Advanced security features including application and network level filtering and threat intelligence and lastly you should add virtual Network gateways these enable secure connectivity Bridging the virtual network with on premises and internet networks extending the protective reach of your network following the creation of your Azure architecture diagram the subsequent phase involves the identification of potential security threats and vulnerabilities this involves exploring the following areas of concern first is unauthorized access the aim here is to detect attempts by hostile actors to gain unauthorized access to Azure resources through various vectors including vulnerability exploitation and credential theft next is data exfiltration here the focus falls on vulnerabilities that can cause the unauthorized extraction of sensitive data from Azure resources you should also explore misconfigurations misconfigured Azure resources like nsgs can inadvertently allow unauthorized traffic into virtual network resources last you should explore any Azure virtual Network specific threats where adversaries May Target your network gateways in pursuit of unof authorized access or network connectivity disruption now that you've identified potential threats it's imperative to put the concept of never trust always verify into practice by implementing critical Azure virtual network security controls this includes Azure role-based access control or rback rback enables granular Access Control allowing you to precisely Define user access to Azure resources the principle of least privilege holds this means minimizing permissions to reduce the attack surface essentially you should create custom roles tailor to your organization's needs and auditing and monitoring form an important part of arback in Azure this is done with detailed audit logs another mitigation strategy is creating network security groups or nsgs nsgs are all about traffic filtering they control traffic based on Source destination and protocols also use application security groups or asgs for precise control nsgs facilitate logging and monitoring traffic for suspicious activity next is azure firewall with threat detection intrusion prevention and content filtering as your firewall offers comprehensive security and fqdn filtering controls outbound traffic based on domain names integration is also a crucial feature of azure firewall it works seamlessly with Azure Monitor and Microsoft Sentinel furthermore Azure firewall ensures the management of multiple firewall instances centrally let's move on to mitigation via virtual ual Network gateways first virtual Network gateways secure connectivity they Bridge the Azure network with on premises and the internet virtual Network gateways also ensure secure data transfer through vpns and express route furthermore virtual Network gateways offer flexible connections to multiple locations lastly you can use Azure monitor for performance and health tracking next let's explore monitoring components as mitigation Solutions you can start with Microsoft Sentinel which provides Advanced threat detection and analytics next is Defender for cloud a tool for continuous security monitoring another tool is Defender for endpoint which offers endpoint protection against Advanced threats and lastly Azure monitor monitors Azure resources including virtual networks and finally there are data availability and Recovery mitigation solutions for instance Azure backup offers backup as a service a scalable managed backup solution data redundancy to secure redundant storage Geo redundancy involving secondary region replication for data availability as your backup also offers granular backup policies including customizable schedules and retention policies lastly application aware backups provides support for consistent backups by implementing these controls and best practices you can effectively mitigate threats for comprehensive protection remember to follow General Security practices like robust password policies multiactor authentication and regular policy updates the Final Phase of sdl is about validating the effectiveness of the mitigation strategies implemented in phase three this comprises the following key approaches first is security control testing simulated attacks or vulnerability assessments are the Cornerstone for assessing the resiliency of your Azure network security controls next is azure virtual Network log monitoring Vigilant monitoring of network logs is an indispensable means of detecting and thwarting suspicious activities Azure offers Advanced log analysis techniques and tools to heighten your awareness and response capabilities and last but not least is regular security policy reviews effective Azure security policies hinge on consistent and meticulous reviews Azure offers guidance for a robust review process to ensure your security posture stays relevant and effective in conclusion the steps outlined in this video form the basis of an impregnable sdl process one that fortifies your Azure virtual networks and secures your resources against the tide of evolving threats in this video you learned that the stdl process offers an all-encompassing methodical approach to constructing and upholding as secure as your environment the process of solving problems starts at a place of curiosity and exploration any scientist or engineer will tell you that asking questions is an effective way to find problems and suitable Solutions in a system in this video you will explore threat modeling from another angle using four basic questions you can direct the threat modeling process to effectively identify assess and mitigate threats to your organization challenging a threat model team with these questions can guide critical thinking and innovative solutions let's start with the first question which is what is the team working on this initial question involves precisely defining the scope of your analysis it is critical to understand what aspects of your organization need protection the scope can range from a narrow Focus such as a single software application to a broader perspective encompassing an entire organizational ecosystem question one is also about boundaries identifying the scope sets the boundaries for your threat modeling exercise it guides you in determining which assets processes and data are within the scope of your analysis defining these boundaries is crucial to avoid wasting resources on unrelated or less critical elements the second question is what can go wrong once the scope is established the next step is identifying potential threats these threats can take various forms including software vulnerabilities human errors or malicious attacks and they all have the potential to disrupt or compromise your system's Integrity there are various methods of threat identification one method to identify threats is through brainstorming sessions encouraging creative thinking and considering all possible scenarios on the other hand structured methods like stride kill chains and attack trees offer a systematic way to identify threats let's briefly expand on each The Stride framework categorizes threats into six main categories spoofing tampering repudiation information disclosure denial of service an elevation of privilege it helps in systematically considering different types of threats next are kill chains which help map out potential attack scenarios considering the steps an attacker might take to compromise your system attack trees visually represent potential threats illustrating how they could exploit vulnerabilities in your system now let's move on to the third question what is the team going to do about it after identifying potential threats the next step is to develop strategies to counter them this involves implementing counter measures or adopting risk management approaches to mitigate the risks counter measures can Encompass technical controls such as firewalls and intrusion detection systems it can also involve process improvements like code reviews and access control policies moreover policy Chang changes such as data handling procedures also serve as counter measures the most suitable countermeasure depends on the nature of the threat let's focus on four riskmanagement approaches these include mitigation or taking actions to reduce the likelihood or impact of a threat and acceptance is acknowledging the risk and deciding not to take any specific action to mitigate it this is often the approach when the the cost of mitigation outweighs the potential impact next is transfer which shifts the risk to a third party such as through insurance or Outsourcing the last approach to risk management is elimination which is removing the threat or vulnerability from the system altogether finally the fourth question is did the team do a good job this final question involves evaluating the effectiveness of your threat modeling efforts determining whether the measures you've put in place align with your organization's risk tolerance and security objectives is crucial regularly assessing and reassessing your threat modeling and security measures are essential for continuous Improvement this ensures that your security measures remain effective and adaptable to evolving threats as the landscape constantly changes period itic audits penetration testing and incident response exercises can help this assessment in this video you've explored threat modeling from the Viewpoint of four essential questions one what are the team working on two what can go wrong three what are they going to do about it and four did the team do a good job to summarize the four question framework is a unique approach to threat modeling by finding the answers to these four basic questions you can identify and Implement suitable solutions to protect your organization's systems and data from potential threats well done you've made it to the end of the first module in the course let's take a moment to review what you've learned about threat modeling before you take the quiz in the first part of the module you were introduced to the course reflected on what what you hope to learn and how to be successful in the course and familiarized yourself with the course syllabus in the next part of the module you were introduced to threat modeling a process for identifying and addressing security threats to your applications you explored the three steps of threat modeling which are decomposing the application determining and ranking threats and determining counter measures and mitigation in the following video decompose the application you learned more about step one of threat modeling for example you learned that you shouldn't only consider the components of an application you must also consider unpacking its purpose architecture security controls vulnerabilities external dependencies entry and exit points assets and Trust levels following this you've further explored step two of threat modeling determine Mining and ranking threats specifically you learned about the stride model which can help identify and rank potential threats remember stride stands for spoofing tampering repudiation information disclosure denial of service and elevation of privilege the model provides a structured methodology to help you analyze threats next you learned about how you can use the dread model in conjunct f with stride in step two of threat modeling The Dread model provides a way to assign numerical values to two essential threat ranking factors impact and probability dread stands for five evaluative Dimensions damage reproducibility exploitability affected users and discoverability when applying the dread model you assess each dimension on a scale from 1 to 10 with higher scores indicating greater risk the final step of threat modeling is determining counter measures and mitigation strategies these strategies translate insights into action to fight threats effectively as part of learning about this step you explored the application security framework or ASF and stride threats and their counter measures this part of the course also included some practical application of what you learned learned for example you examined the critical role of threat modeling in ensuring a secure and reliable environment for a social media platform and finally in the exercise you had to create a threat model for a web application that's impressive continuing your journey of learning about threat modeling you explored its advantages like how it reduces the attack surface of a system and how it supports adherence to compliance requirements ments and Industry regulations and standards in this part of the course you learned about the Sans approach a comprehensive framework to identify assess and mitigate security threats and vulnerabilities within software applications you were also introduced to other essential security Frameworks like pasta CVSs PNG and vast next you learned how cyber threat modeling is about more more than just application security but also the security of entire systems here you explored realworld applications of cyber threat modeling like the Equifax data breach of 2017 you also learned more about the Frameworks introduced in this part of the course in particular pasta CVSs and vast for example pasta or process for attack simulation and threat an analysis is a seven-step risk Centric threat model that helps identify and prioritize potential threats and vulnerabilities pasta is very useful because it provides a structured methodology for documenting the threat analysis process this documentation is a valuable resource for future reference and maintaining a consistent threat analysis approach while pasta is used for threat modeling and risk assessment CVSs is used to assess the severity of specific vulnerabilities in software or systems it provides a numerical score to help organizations prioritize and understand the impact of a particular vulnerability here you also learned about the CVSs version 3.1 calculator that automatically calculates the numerical score based on base temporal and environmental meth metrics you also learned more about vast or visual agile simple threat management a cuttingedge methodology using tools like Microsoft Sentinel to implement a vast approach you can easily assess cyber threats through userfriendly dashboards and graphical representations this simplifies the often daunting task of threat identification in this part of the course you further explored three Enterprise security methodologies and how they can strengthen an organization's security posture these approaches are PNG security cards and the stride threat modeling framework as a practical application of what you learned in this portion of the course you evaluated a firewall breach vulnerability using the CVSs calculator in the final part of the module you learned more about how threat modeling integrates with Azure for example you learned how to use the Microsoft threat modeling tool 2018 to develop robust threat models for software and systems this tool is a core element of Microsoft's security development life cycle or stdl which you also learned about this life cycle has four phases which are diagram creation identification mitigation and validation you delved into each phase of the sdl process with technical explanations to enhance your understanding of its importance in effective threat modeling in this part of the course you also learned about the four question framework that allows a cyber security team to find problems and suitable Solutions in a system these questions are what is the team working on what can go wrong what is the team going to do about it and did the team do a good job finally you applied what you learned by creating a threat model for a web application using the Microsoft threat modeling tool and that's the end of this summary if there's anything that you feel unsure about after watching this video make sure to revisit the relevant items before you tackle the quiz good luck infrastructure provides the essential services and systems that we rely on daily however not all infrastructures are created some are more susceptible to vulnerabilities than others susceptible infrastructure can lead to catastrophic consequences affecting not just businesses but society and the environment at large by understanding the types vulnerabilities and impact of susceptible infrastructure you can better prepare and defend against potential threats let's start with the definition of susceptible infrastructure the term refers to physical structures or system systems that are vulnerable to disruptions or failures due to various factors such as natural disasters cyber attacks or human error examples of physical susceptible infrastructure include a wide range of facilities and services such as Transportation networks power plants water supply systems communication networks and more now let's move on to the different it related types of susceptible infrastructure first there's Cloud infrastructure while it provides numerous advantages in terms of scalability flexibility and cost Effectiveness it also comes with its own set of vulnerabilities Cloud infrastructures vulnerabilities stem from its shared resource model which can lead to potential misconfigurations and unintended data exposure additionally its accessibility from anywhere increases the attack surface making it susceptible to breaches if not properly secured second are web browsers which serve as the primary gateways through which users access the internet they can become Prime targets for cyber attacks due to their widespread use and the immense amount of data they process another type of infrastructure is package repositories Central repositories where scripts modules and other software components are stored and shared play a pivotal role in software development however their centralized nature can make them susceptible to various security threats last are communication software tools such as email clients and messaging apps they are enticing targets for cyber criminals because of their widespread use and the sensitive information they handle these types of infrastructure are all susceptible to different vulnerabilities first there is serers side request forgery or ssrf this kind of vulnerability arises when an attacker can make requests to the internal resources of a system intrusions can be accomplished through spoofing or manipulating URLs that the applications use to read data supplying new URLs to allow access when exploited ssrf can lead to unauthorized access to data further attacks on internal systems or even a complete system Takeover in some cases second is type confusion vulnerability which stems from A System's inability to discern or handle different object types properly it can lead to memory corruption when an attacker exploits the system's confusion potentially leading to unauthorized system access or data leaks third is typo squatting a cyber tactic where malicious actors register domain names similar to authentic ones in hopes of trapping users who inadvertently type the wrong URL victims May download malware have their data stolen or be duped into providing personal or financial details last are zero day vulnerabilities which are unknown to software developers or vendors making them particularly dangerous as there's no immediate remedy since a fix our patch isn't available at the time of Discovery it gives attackers a window to exploit the vulnerability freely you know about the types of infrastructure and vulnerabilities now it's time to consider the potential impact of susceptible infrastructure any security breach in vital infrastructure can have massive Financial consequences affected businesses May face a decline in stock value loss of consumer confidence legal liabilities or penalties from regulatory bodies and the cost of damage control cyber attacks on infrastructural services like energy and water can have immediate environmental consequences consider a Cyber attack that incapacitates the cooling systems of a nuclear power plant the resultant overheating could lead to radiation leaks on a social level breaches can expose personal data this can culminate in identity theft financial fraud and an overarching mistrust of digital platforms for example a major Health Service provider's data breach might expose patient records leading not just to privacy concerns but also to doubts about adopting digital health records in the future several measures can be taken to identify susceptible infrastructure regular audits can highlight vulnerabilities and business risks this proactive approach can help mitigate potential threats before they can be exploited setting up infrastructure monitoring and alerts can identify potential threats in real time platforms like Microsoft Azure offer tools to Monitor and send alerts on infrastructure components to identify security threats Azure monitor log analytics and application insights provide powerful entend monitoring of your applications and the components they rely on regularly update software and systems can prevent many vulnerabilities for example zero day vulnerabilities although initially unknown become known threats once identified prompt updates can then protect the infrastructure and educating employees and stakeholders on the signs of vulnerabilities and potential threats can add an additional layer of Defense awareness can be the first line of defense against fishing attempts or other user targeted attacks tax in conclusion by identifying vulnerabilities and implementing appropriate mitigation strategies you can minimize the potential risks posed by susceptible infrastructure to both society and the environment given the everchanging nature of cyber threats Security Professionals need reliable and comprehensive tools to keep organizations safe miter a not for-profit organization has developed such a tool called the attack Matrix this framework is a knowledge base detailing adversarial behaviors observed in realworld cyber attacks you can access the tool in the additional resources of this lesson in this video you will learn about the attack matrix's comprehensive approach to proactive security and some of its benefits but first let's clearly Define what the attack Matrix is attack stands for adversarial tactics techniques and common knowledge the framework is visualized as a matrix which is essentially a large table illustrating the relationship between attacker tactics and techniques in this context tactics refer to the specific objectives or goals adversaries aim to achieve during their cyber operations for example gaining initial access or maintaining precis assistance in a system on the other hand techniques describe the specific methods or procedures they use to reach those objectives for example spear fishing or exploiting software vulnerabilities by presenting this information in an organized manner The Matrix serves as an essential repository for cyber Security Professionals offering a clear picture of the diverse Strategies employed by cyber attackers this empowers security teams with valuable insights enabling them to predict recognize and counter potential threats effectively the fundamental purpose of the miter attack Matrix is to give Security Professionals a granular and informed perspective on the diverse tactics and techniques cyber adversaries adopt traditional defense strategies predominantly address po incident scenarios which is the aftermath of an attack however the attack Matrix transcends this limitation by offering a comprehensive overview that spans both pre- and post attack phases for instance there is the pre-attack Matrix a specific subf framework within attack it delves deeply into the Preparatory activities and reconnaissance techniques that attackers undertake before launching their offensive these preliminary actions often elude an organization's security radar by highlighting these covert Maneuvers The Matrix empowers security teams to adopt a proactive pre- breach stance by anticipating and preemptively countering potential threats Additionally the Matrix isn't Tethered to a single platform or environment take the Enterprise Matrix It encompasses data pertinent to a myriad of platforms including but not limited to to Windows Mac OS and Linux this holistic and cross-platform understanding of the multifaceted threat landscape can help strengthen an organization's cyber security posture the attack Matrix offers several benefits let's explore those now first is the comprehensive knowledge base it offers miter attack is a globally accessible database that's founded on realworld observations this ensures that the data is not just theoretical but is rooted in actual events making it an invaluable resource for security teams worldwide next is enhanced threat detection The Matrix categorizes and describes adversarial behavior in cyber attacks this AIDS in more accurate threat detection by enabling security teams to recognize common patterns and tactics in cyber breaches third is the proactive security measures it enables with the inclusion of the pre-attack Matrix organizations can identify potential threats even before they materialize this shifts the security stance from reactive to proactive allowing for improved defenses and reduced risks The Matrix also allows for tailored Security Solutions it includes customized variations for different sectors enabling organizations to adopt Security Solutions specific to their operational environment for instance businesses can leverage the industrial control system or IC matrices to enhance their security measures the attack Matrix enables improved incident response armed with detailed insights into attacker Behavior incident response teams can devise more effective Strate iies to counteract threats this allows them to limit potential damage and expedite recovery The Matrix can also improve mobile security the mobile matrices within the attack framework offer insights to bolster an organization's mobile security securing mobile devices has become more important as they have become more integrated into organizational operations and lastly continuous updates mean the framework is regularly updated to include new tactics and techniques threat actors use ensuring that it remains relevant the miter attack Matrix a pioneering initiative by the not for-profit organization miter is an indispensable knowledge base for cyber Security Professionals globally grounded in real world observations The Matrix offers a comprehensive view of adversary behaviors across various platforms enabling security teams to shift from reactive to proactive its detailed categorization AIDS in precise threat detection proactive defense measures tailored Security Solutions and enhanced incident response with continuous updates reflecting the ever evolving cyber threat landscape the attack Matrix underscores the significance of staying informed and prepared in an increasing digitalized world in the Cyber landscape the Dynamics of attack and defense constantly evolve amidst these Dynamics one tool has gained a claim for shedding light on adversarial Maneuvers the miter attack Matrix you now know that this Matrix offers an in-depth understanding of adversarial tactics and techniques serving as a procedural guide for cyber Security Professionals let's delve into its intricacies miter attack documents observed adversary tactics and techniques used against operational networks The Matrix serves several purposes first it's an educational resource it provides a structured categorization of various cyber threat behaviors enabling professionals to understand and recognize them second it's a tool for red teams ethical hackers use the Matrix to simulate realworld attack scenarios testing defenses against known tactics and techniques it can also function as a reference for blue teams Defenders can Leverage The Matrix to improve their detection and response strategies and lastly it can Aid an incident response the attack Matrix covers tactics techniques and sub techniques let's examine the differences between these terms when a breach occurs The Matrix can guide response teams in understanding the attacker's likely next moves streamlining mitigation efforts tactics denote the why of an attack in other words the adversary's objective in a particular Cyber attack life cycle stage for instance initial access and execution are tactics denoting the attacker's goal goals gaining access to a system and executing malicious code respectively on the other hand techniques explain how the attacker achieves their tactical objective under the initial access tactic a technique might be fishing indicating that the attacker uses targeted fishing emails with malicious attachments to gain access sub techniques offer a more granular view describing specific variations or method within a broader technique using the previous example of fishing different types of spear fishing attachments like Word documents with macros or PDFs with embedded scripts would be sub techniques under the fishing technique let's delve into some tactics and Associated techniques the first tactic is persistence which ensures that the adversary maintains their foothold on the target environment even even after the system reboots our logs off techniques include setting up scheduled tasks or jobs which allow adversaries to execute malicious programs at system startup or specific intervals there's also the boot or log on auto start execution where malicious scripts or executables run automatically during boot or user login additionally adversaries can achieve persistence through Reg registry run keys or startup folders by adding program references to specific registry keys or startup folders the second tactic credential access involves accessing system credentials enabling adversaries to Traverse the environment with elevated permissions techniques include input capture where adversaries use key loggers to harvest credentials there's also credential dump in used to extract Account Details like hashes or clear text passwords and using Brute Force as a technique involves repeatedly trying various password combinations to gain unauthorized access the third tactic is defense evasion attackers might employ obusca files or information which involves encrypting or disguising scripts to hide their malicious intent conversely adversaries might de oisc or decode files or information on the target system and a technique like disabling security tools is when adversaries turn off or tamper with security software to evade detection the fourth tactic exfiltration concerns transmitting data from the target system to an external location typically controlled by the adversary to execute Ute this adversaries might compress sensitive data using the data compressed technique making it less detectable during transmission they could also transfer data to Cloud accounts blending stolen data with legitimate traffic another method is exfiltration over alternative protocol where adversaries use non-standard protocols to transfer data making detection challenging the fifth tactic is privilege escalation which involves elevating one's permissions typically from a regular user to an administrative level techniques include bypassing user account control to access data which circumvents built-in Windows mechanisms that prevent unauthorized changes adversaries might also exploit software vulnerabilities for privileged escalation granting them higher system privileges additionally they can modify or create access tokens to operate with higher or different privileges the sixth tactic Discovery is all about adversaries gaining a better understanding of the system and its internal Network techniques include system network configuration Discovery where adversaries retrieve Network configurations to understand the environment they might also focus on system owner or user Discovery to identify users or system owners for potential targeting lastly adversaries detect software applications installed on systems through software Discovery the miter attack Matrix is an indispensable tool in cyber security cataloging a vast array of adversarial tactics techniques and sub techniques The Matrix empowers cyber Security Professionals to understand and anticipate threat behaviors by offering a meticulous breakdown of an attacker's operating methods from initial access to data exfiltration whether utilized as an educational resource a testing blueprint for red teams a reference for blue teams or a guide for incident response the attack Matrix is a beacon of clarity in the ever shifting landscape of cyber warfare meet Sai like most of us Sai has a significant digital footprint with various online accounts in her name because it's difficult to keep track of all her passwords she's been reusing a basic one that's easy to remember her Story begins with a seemingly innocuous notification a warning of multiple failed login attempts targeting one of her online accounts she initially dismisses it as a glitch but but the stream of notifications that follow reveals a root cause a Brute Force attack a Brute Force attack is like a Relentless adversary systematically guessing passwords until the correct one is revealed the attacker employing specialized software was waging a calculated campaign to gain unauthorized access to sachi's online account their Arsenal includes a password dictionary in other words the attack start Ed with a predefined list of commonly used passwords and dictionary words these serve as the initial targets beyond the dictionary the attacker explores alpha numeric combinations exploiting the power of uppercase and lowercase letters digits and special characters the computational force behind these attempts is formidable to accelerate the attack the attacker employs automated soft software capable of executing thousands of password guesses per second this Relentless efficiency poses a significant challenge Sachi decides to fight back and does an online search to find information about how to protect your accounts against cyber attackers one well-known security organization has a step-by-step guide on what to do when someone is trying to get access to your accounts in response to her adversary Sachi decides to follow the multifaceted defense strategy the guide outlines first she changes her passwords from simplistic easily guessable passwords to intricate combinations incorporating a blend of alpha numeric characters and symbols making passwords more random makes them harder to guess through Brute Force attacks Sachi also decides to change her passwords more frequently in the future disrupting any progress the attack has made where available she activates two Factor authentication on her accounts this secondary layer of authentication acts as an impenetrable barrier even if the attacker manages to crack the password recognizing the need to manage the ever expanding complexity of passwords Sachi decides to use a password manager this sophisticated tool generated and securely stored cryptographically strong unique passwords for each account mitigating the risk of reused passwords sachi's response to the Brute Force attack was quick enough that she was able to stop the attacker in their tracks her multi-prong defense had succeeded in the face of a Relentless Cyber attack sachi's proactive approach demonstrates the power of knowledge and Swift action in cyber security by embracing best practices she effectively countered her digital adversary her experience underscores the importance of being vigilant and proactive in protecting your digital identity in the ever evolving online landscape malicious software commonly called malware is an umbrella term for programs and codes specifically designed to disrupt damage or gain unauthorized access to computer systems the rise of malware has coincided with a digital ages expansion posing increasingly sophisticated threats to both individual users and large organizations this video explores the various types of malware their purposes and the potential harm they can cause let's explore the different types of malicious software in more detail first there are viruses a type of malicious code or program written to alter how our computer operates a virus inserts or attaches itself to a legitimate program or document supporting macros to execute its code they are designed to spread from one computer to another and often also entail data theft system disruption or other destructive actions next are worms a unique category of malware that can operate independently without being attached to any specific software program prog their primary characteristic is the ability to replicate themselves allowing them to spread across networks rapidly worms don't require human intervention like opening a file or running a program to propagate they leverage vulnerabilities in software to automatically transmit themselves to other computers there are also Trojan horses malicious pieces of software that appear genuine or harmless to the user they deceive users into thinking they are installing or running a beneficial program a common characteristic of Trojans is their ability to act as a back door creating a secret pathway for hackers to enter and control a system without the user's knowledge or consent a bot short for robot is an automated software program that performs online tasks malicious Bots are programmed to carry out harmful activities including stealing Data infecting Systems with malware or exploiting vulnerabilities in network security botn Nets on the other hand are a collection of interconnected Bots they are usually comprised of computers or other devices that are controlled as a group without the owner's knowledge next are rootkits a type of malicious software designed to infiltrate a computer computer system without detection their primary objective is to provide stealthy access to unauthorized users what sets rootkits apart from other forms of malware is their ability to hide deep within a computer's operating system or firmware making them especially challenging to detect and remove spyware is a category of malware that operates covertly on devices monitoring users activities without their awareness this software can track web browsing habits access sensitive information and even record keystrokes its primary purpose is to gather personal and confidential data often for advertising purposes or more malicious activities like identity theft fishing attacks are deceptive tactics deployed primarily through electronic communication like emails or fake websites the perpetrators craft convincing messages often mimicking reputable entities to deceive individuals into providing sensitive data such data can include login credentials credit card numbers or social security numbers the repercussions of falling for a fishing scam can be severe ranging from Financial loss to identity theft then there is ransomware a particularly malicious form of malware that encrypts a user's files rendering them inaccessible the victim is presented with a ransom note demanding payment in exchange for the decryption key payment is typically in cryptocurrency due to its anonymity the encrypted data may be permanently lost or released publicly if the ransom isn't paid within the specified time frame next is adware which stands at the intersection of software and adver advertising while some adwar programs are legitimate and upfront about their advertising activities others can be intrusive they flood users with popup ads banners and redirects deteriorating the browsing experience even more concerning some adware can open gateways for other malicious software to be installed on the device posing further risks and last our key loggers stealthy software designed to record every keystroke made on a device they can capture everything from casual messages to sensitive login details and personal data while some key loggers are used for legitimate purposes like parental controls others are deployed maliciously to harvest confidential data as technology continually evolves so does the complexity and severity of malicious software threats however with a robust understanding in of these threats their operating methods and their potential harm you can be better prepared in the next video you will learn how to defend against these types of malicious software in this interconnected digital age malicious software poses an everpresent threat from ransomware that holds your data Hostage to key loggers that discreetly record every keystroke the variety and complexity of these threats are vast however equipped with the right knowledge and tools you can fortify your defenses against them this video explores the prevention and detection methods for various types of malicious software offering actionable advice to ensure the integrity and safety of your digital assets first let's examine methods for preventing and detecting malicious software regular security related sof software updates will keep all operating systems and software protected you should also install reputable antivirus and anti-malware software ensure that they are regularly updated and perform routine scans and enabling a firewall on your computer and network will filter out malicious traffic furthermore you should be wary of unexpected email attachments and links fishing emails often appear legit imate but can carry malware and lastly only download software and files from trusted sources and avoid pirated software next are counter measures and response strategies you can undertake to maintain good security for viruses you should use real-time antivirus software in case of detection you should quarantine the infected file and run a full system scan when it comes to worms you should isolate affected devices from the network to prevent them from spreading you can use a specialized removal tool with Trojan horses you should avoid downloading files from untrustworthy sources you can use anti-malware software for detection and removal to combat Bots and botn Nets you should regularly update all devices and employ network monitoring tools to detect unusual traffic for rootkits you can use rootkit detection Tools in severe cases a complete system reinstallation may be necessary when it comes to spyware regular scans with anti-spyware tools should be performed you should also be cautious with software installations to avoid bundled spyware next to combat fishing you can use email filters and be skeptical of unsolicited emails users should be trained to recognize fishing attempts to enhance security against ransomware it's crucial to back up vital data consistently if you fall victim to an attack resist the urge to pay the ransom and instead seek expert assistance when dealing with adware employing ad blockers and anti- adware tools can be highly beneficial and whenever installing software choose custom installations to avoid inadvertently adding bundled applications lastly when it comes to key loggers ensure your software is regularly updated and scanned with reliable anti-malware tools for added protection during sensitive data entry consider using onscreen keyboards in conclusion the threats individuals and organizations face are manifold malicious actors continually devise novel ways to breach defenses however proactive measures and well-informed strategies can make all the difference by constantly updating software employing robust antivirus Solutions and staying Vigilant you can significantly mitigate these threats remember the first line of defense against any cyber threat is awareness equipping yourself with relevant knowledge is a pivotal step towards a safe for digital future The Internet of Things or iot is a concept that has gained significant traction over the past decade it refers to the network of physical objects embedded with sensors software and other Technologies to connect and exchange data with other devices and systems over the Internet these objects range from ordinary household items to sophisticated industrial tools with billions of devices connected globally iot is a significant technology creating a more connected World an iot device is typically made up of a circuit board with sensors attached that uses Wi-Fi to connect to the internet these devices connect and transmit data allowing you to Monitor and control them remotely this data can then be analyzed to optimize processes make informed decisions and un cover patterns and Trends iot device Hardware can be broadly categorized into two types microcontrollers are MCU and microprocessors are mpus microcontrollers are less expensive and simpler to operate than mpus an MCU contains many functions like input and output CPU Ram ROM and serial communication within the chip itself they often use a real-time operating system or rtos or they run bare metal with operating system and provide real-time response and highly deterministic reactions to external events microprocessors on the other hand draw functionality from components in supporting chips they usually run a general purpose OS such as Windows or Linux providing a nondeterministic real-time response iot devices can also be categorized based on their functionality and use cases here are some of the common types first are consumer iot devices like smart TVs speakers toys wearables and smart appliances for example a smart fridge can keep track of its contents suggest recipes and even order groceries in the commercial sector iot devices can be used in construction agriculture health care and other Industries for example in healthcare wearable devices can monitor a patient's Health in real time there are also industrial iot devices used in Industries like manufacturing Logistics Transportation energy and other industrial sectors for example in manufacturing iot devices can monitor equipment and performance and then predict potential failures infrastructure iot devices are used to Monitor and control operations in public spaces and communities they include devices for smart cities like traffic and weather monitoring systems last are military and defense iot devices used for surveillance reconnaissance and Battlefield Health monitoring each of these categories has its own set of requirements and challenges when it comes to implementing M ation and security iot devices are diverse spanning from lighting to Agriculture and transportation here are some examples sensors are one of the oldest and most common types of iot devices both individuals and businesses use them some of the most common types include Optical sensors for automatic street lights temperature sensors for thermostats and internal sensors embedded in industrial Machinery iot motion sensors are often included as part of more advanced security systems such as smart home security cameras and audio recording devices in residential commercial and Industrial spaces smart home devices include speakers intelligent light bulbs connected smoke detectors and smart door locks intelligent appliances include smart home devices like smart thermostats intelligent refrigerators and connected televisions that rely on iot devices to gather environmental information and make the appropriate adjustments you are probably familiar with smart wearables one of the most recognizable iot devices right now the most common wearables are fitness trackers watches and earbuds there are also personal medical devices like pacemakers remote medical devices can help Monitor and share a patient's vital signs or detect early signs of health issues for fast intervention and last are autonomous vehicles self-driving cars and other connected Vehicles rely on the internet to share realtime information sensors throughout the vehicle help map its surroundings transmit camera footage and respond to traffic signals iot devices offer numerous benefits across various Industries including manufacturing Transportation energy agriculture retail and government they enable organizations to analyze and act on data in real time leading to smart decisionmaking one key benefit is efficiency iot devices can streamline operational and mechanical processes reducing wasted materials and lowering costs the data collected by iot devices can provide valuable insights into business operations and customer Behavior with reliable real-time data businesses can innovate and expand into new lines of business that were previously not possible and businesses can use iot to turn their data into insights and those insights into action creating a real competitive advantage in conclusion iot devic business play a crucial role in our hyperconnected world they help businesses operate more efficiently make informed decisions and even open up new possibilities for Innovation as technology advances we can expect the impact of iot devices to grow even further The Internet of Things or iot has revolutionized how we interact with devices however with this interconnectivity comes new challenges es particularly in cyber security this video provides an overview of an iot attack how it works and the various types of attacks that can be used against iot devices first let's explore what an iot attack is an iot attack is a compromise of an iot system a cyber criminal can launch an iot attack to steal information or take over an automated or iot system now that you are aware of what an iot attack is let's examine how it works iot attacks work by exploiting vulnerabilities in the devices or networks these vulnerabilities can be due to various factors once these vulnerabilities are exploited cyber criminals can infect devices with malware or use loopholes like unoptimized user permissions to break into systems the process of an iot attack generally involves the following steps once a vulnerability is identified the attacker exploits it to gain control over the device this can be done by using default passwords exploiting firmware vulnerabilities or leveraging unsecured communication channels several types of attacks can be used against iot devices let's explore some common ones physical attacks occur when anyone can physically access as iot devices some cyber security attacks occur from the inside of a company so it's essential that iot devices are in a protected area most businesses deliver gadgets with default passwords and don't even advise you to change them this often happens with security cameras home routers and light control systems a denial of service or Doss attack occurs when a service such as a website becomes unavailable due to a flood of internet traffic numerous systems coordinated via aotn net simultaneously direct service requests to a single Target overwhelming it this causes the system to be overloaded with requests preventing some or all legitimate requests from being fulfilled Doss attacks exploit the often limited security features and processing power of some iot devices connected cameras smart home appliances and sensors are particularly vulnerable to this kind of attack iot devices are also particularly vulnerable to network attacks such as data theft iot devices are often designed to be always connected to the internet which can leave them exposed to network attacks if they don't use security communication protocols many iot devices also have limited processing capabilities which may prevent them from using Advanced encryption methods to protect the data they transmit and receive next is spoofing which involves disguising communication from an unknown source as being from a known trusted Source by masquerading as a legitimate device attackers can steal sensitive data from the network or other devices connected to it once an iot device is spoofed it may Grant aack access to the wider Network allowing them to move laterally and Target more secured nodes or data centers spoofing can lead to man-in-the-middle attacks these happen when attackers secretly relay and possibly alter the communication between two iot devices or between an iot device and another party the two parties believe they are directly communicating with each other attackers can also use botn Nets these are networks of compromised iot devices that an attacker can control remotely one of the most infamous examples is the marai botnet which used thousands of vulnerable devices to launch devastating denial of service attacks and last are ransomware attacks ransomware is malicious software designed to block access to a computer system until a sum of money is paid iot devices can be be targeted by ransomware leading to Serious data breaches in summary while the Internet of Things has numerous benefits it also opens up new avenues for cyber attacks therefore understanding the potential risks and taking appropriate measures to secure iot devices and networks is crucial for businesses and individuals manufacturers developers and end users alike must prioritize security to ensure that conveni ience does not come at the cost of security The Internet of Things has fundamentally changed how we use and interact with devices but as you learned in the previous video the interconnectivity it offers comes with risks this video explores the risks associated with iot attacks and identifies security measures that can be taken to protect against such attacks let's explore the risks associated with iot attacks in more more detail iot attacks pose significant risks including data theft system compromise and malware infection let's examine some of these risks first is Data Theft iot devices often store sensitive data making them attractive targets for cyber criminals once an attacker gains access to an iot device they can steal this data for various malicious purposes Beyond just state of theft there's also the danger of system compromise this can lead to more widespread damage as the attacker moves laterally through the network another significant concern is malware infection infected iot devices can be used to carry out further attacks for example a compromised iot device could be used as part of a botn net and a denial of service attack next convergence can increase the attack surface the term refers to the combination of multiple application systems into one system that delivers the core functionalities of all the systems the stealthy nature of iot devices operating in the background without human interaction makes it difficult to detect when they have been compromised furthermore many iot devices do not encrypt their data making it easy for attackers to intercept and read it additionally they often lack basic security protections making them easy targets for attackers another risk is legacy and Rogue devices Legacy devices are no longer supported by the manufacturer this means they have unpatched vulnerabilities that make them susceptible to attacks similarly Rogue devices that are added to the network without proper Security checks can also pose a risk unsec cured cloud storage may allow hackers to easily manipulate or steal confidential data unpatched software or firmware in iot devices is another lurking threat outdated iot software or firmware contains known vulnerabilities providing threat actors a loophole to exploit weaknesses adding to the list of risks is insufficient data protection when data measures fall short it can lead to breaches and result in the loss of sensitive information luckily there are several security measures that can be taken to protect against iot attacks zero trust practices should be implemented Network segmentation can be applied to prevent an attacker from moving laterally and compromising assets after intrusion you should also ensure that devices are securely provisioned and that security measures are in place from the moment a device is powered on there should also be secure connectivity between devices and the cloud to prevent attackers from intercepting data during transmission and data stored and processed in the cloud should be secured by implementing robust security measures lastly you should regularly update device firmware to patch any known vulnerabilities that attackers could exploit in an age where the Internet of Things seamlessly integrates into our daily lives it becomes Paramount to understand the associated risks and actively Implement measures to counteract them the vast benefits of iot are countered by vulnerabilities ranging from data theft and system compromise to malware infections by reducing attack surfaces implementing zero trust practices ensuring secure device provisioning and maintaining regular software up updates you can pave the way to a safer iot landscape where Innovation is matched with security security is Paramount when it comes to the internet of things especially when dealing with foundational architecture layers this video delves into the intricacies of iot security highlighting the significance of the device and Gateway layer and emphasizing the importance of robust protective measures the foundational architecture layers face various threats often classified using the stride model remember that stride stands for spoofing tampering repudiation information disclosure denial of service and elevation of privilege it's also crucial to adhere to the Microsoft security development life cycle or sdl practices to ensure a secure design and construction of iot architectures let's quickly revisit what the device and Gateway layer is if you can remember it's a devic's immediate physical and digital vicinity this encompasses physical access and peer-to-peer digital access industrial firms commonly utilize the Purdue model from the ISA 95 standard to safeguard Network bandwidth while ensuring realtime determinism the Purdue model adds an extra layer of security through the defense in depth approach now it's time to explore some iot attack prevention strategies iot devices and services benefit from having a robust device identity this identity can be established using strong authentication via certificates MFA or passwordless methods renewable credentials an organized iot device registry and a hardware route of trust a hardware route of trust uniquely ensures safe credential storage in a tamper resistant Hardware unalterable onboarding identity associated with the physical device and unique per device renewable credentials to minimize the Fallout of compromised identities or unauthorized workloads iot systems should Implement least privileged Access Control this involves scoped work load access controls for devices just in time access strong authentication methods and conditional access based on several contextual parameters of a device furthermore Network micro segmentation in network design allows for in-depth defense by segmenting iot devices according to traffic patterns and risk exposure this tactic reduces the threat posed by compromised devices and prevents them from accessing valuable assets usually such segmentation is implemented using Next Generation firewalls next let's examine device health and zero trust criteria two other vital components of an attack prevention strategy under the zero trust Paradigm device health becomes pivotal in determining its risk profile and trustworthiness devices that are deemed healthy are granted access to iot applications and services while those with questionable Health should be marked for remediation for iot devices to truly align with zero trust they should have a hardware route of trust use renewable access credentials apply least privileged access controls and send accurate device health signals they should also regularly receive security updates possess device management features for automated configuration and response Run Security agents that align with security monitoring and response systems limit physical vulnerability by deactivating unnecessary features and secure any data stored on them using recognized encryption methods key to any defense strategy is a comprehensive iot and OT security solution like Microsoft Defender for iot it is a unified security solution built specific Al to identify iot and operation technology or OT devices vulnerabilities and threats you can use Defender for iot to secure your entire iot OT environment including existing devices that may not have built-in security agents it provides visibility threat detection response and integration with Sim sore and xdr platforms an important feature of Defender for iot is agentless device monitoring it is used to secure iot and OT devices that lack embedded security agents if not secured these devices can be susceptible to misconfigurations remain unpatched and be invisible to it and security teams Defender for iot's agentless device monitoring provides visibility into the network it does so by identifying devices their specifics and their communication patterns using data from Network sensors Microsoft Defender for endpoint and third-party sources the system employs machine learning threat intelligence and behavioral analytics to assess risks and manage vulnerabilities it is capable of identifying various security risks such as unpatched devices open ports unauthorized applications and unexpected changes in device configurations PLC code or firmware ultimately securing The Internet of Things requires a multifaceted strategy that encompasses everything from the device and Gateway layer to the application of zero trust principles tools like Microsoft Defender for iot can be used to prevent attacks as it offers Advanced agentless monitoring and a holistic view of device health and network activity using comprehensive Solutions like Defender for iot paired with regular vulnerability assessments minimizes risk and ensures the security of both devices and the data they handle as we venture further into the iot era it's Paramount to prioritize security integrate Advanced protective measures and consistently refine defenses against emerging threats the Azure Internet of Things is a collection of Microsoft managed cloud services Edge components and sdks that let you connect Monitor and control your iot assets at scale in simpler terms an iot solution is made up of iot devices that communicate with cloud services in this video you will focus on the critical components of iot solutions devices iot CL CL services and solution wide concerns other items in this lesson provide more detail on each of these components first let's focus on solution options there are two primary approaches to developing an iot solution for your business using a managed app platform or employing platform Services managed app platforms like Azure iot Central simplify the evaluation process of your iot solution this approach offers a straightforward pricing structure and takes care of the security and management of your iot applications and devices however it limits the customization of aspects like branding dashboards user roles devices and Telemetry on the other hand platform Services provide a comprehensive set of building blocks for tailored and flexible iot applications essential Azure iot platform Services include Azure iot Hub device provisioning service Azure digital twins Azure data Explorer Azure storage platform and Azure functions these allow for full customization and control over your iot solution enabling you to scale and secure Services as per your needs they also enable you to leverage in-house or partner expertise for device onboarding and service provisioning while this method gives you greater control over your solution it requires a more detailed approach to cost control as you are fine-tuning Services yourself let's now explore the components of iot solutions starting with iot devices iot devices are essentially circuit boards with sensors that use Wi-Fi for internet connectivity examples include include pressure sensors on oil pumps temperature and humidity sensors in AC units accelerometers in elevators and presence sensors in rooms many manufacturers offer a diverse range of devices suitable for Solutions Azure has a catalog of devices certified for iot hub for Prototype creation a Raspberry Pi can be used for microprocessor devices allowing the addition of various sensors ensors these often come with built-in sensors like temperature and accelerometer sensors Microsoft supplies op Source device software development kits or sdks for app development on these devices now let's discuss connectivity iot devices usually send sensor data to cloud services various communication types are feasible such as Cloud to device commands examples of these communications include Refrigeration trucks that send temperature data to an iot Hub cloud services that instruct devices to modify Telemetry frequency devices that send alerts to the iot hub when certain thresholds are exceeded like temperature in a chemical reactor thermostats reporting maximum temperatures post reboot and cloud services that dictate Target temperatures for devices supported communication protocols by iot device sdks and iot hub include HTTP mqtt and amqp in some situations iot devices might require a gateway to connect to cloud services now let's explore the distinct characteristics of iot devices unlike standard clients like browsers or apps iot devices function as embedded systems without human interaction device sdks can assist in securely and dependably connecting these devices to cloud services next let's examine cloud services in iot cloud services in iot typically perform the following tasks collect large-scale Telemetry from devices deciding on its processing and storage analyze Telemetry for insights both in real time and postevent dispatch commands from the cloud to specific devices regulate device provisioning and access to infrastructure oversee device States and activities and administer device firmware for example in remote monitoring of an oil pumping station Telemetry from the pumps is used to identify any anomalies if a cloud service identifies an anomaly it can instruct a device to rectify it thus optimizing solution efficiency while services like iot Hub and device provisioning service are tailored for iot others like storage and visualization offer generalized Services now that you have a good understanding of the role of iot cloud services let's discuss concerns that affect all components of an iot solution every iot solution must consider security this encompasses physical security authentication authorization and encryption solution management which covers deployment and monitoring should also be considered and it must Ensure High availability and a disaster recovery plan for all components lastly scalability for every service involved should be considered Azure iot offers a comprehensive s of cloud services Edge components and sdks managed by Microsoft this Suite facilitates seamless connectivity monitoring and control of iot devices on a vast scale integral to these Solutions iot devices range from sensors on oil pumps to thermostats and have unique characteristics differing from standard Tech clients in essence azure iot provides a robust framework for businesses to harness the power of iot ensuring efficiency flexibility and scalability Defender for iot allows for a comprehensive view of operational technology or OT and information technology or it assets and network zones in doing so it offers a single interface for operational and security teams to Monitor and protect network devices systems and interconnections remember OT is the hardware and software systems that manage Monitor and control industrial operations with a focus on the physical devices and processes they use OT is commonly used when systems require Direct Control and monitoring of physical devices Microsoft Defender for iot is a security solution tailored for OT networks in business critical infrastructures it facilitates a unified asset management and security monitoring approach by integrating OT and it governance tools and Technology let's examine the key features of Microsoft Defender for iot first it offers non-intrusive passive and agentless monitoring it does so by monitoring Network environments to discover and secure OT and iot devices this monitoring is possible without requiring agents to be installed on devices thereby preserving system stability and performance second it performs automatic asset Discovery Defender automatically identifies unmanaged assets their connections and vulnerabilities this identification provides comprehensive visibility in into all devices on the network third it provides security monitoring Defender can detect complex threats by leveraging OT and iot aware behavioral analytics and advanced threat intelligence these include zerod day malware and sophisticated attack tactics that traditional signature-based defenses might miss fourth and last it has advanced Network Discovery tools for instance its device inventory offers detailed information on each device such as the device ID type class and protocols and a device map illustrates the connections between OT devices Network topologies and segmentation according to the Purdue model for IC security this feature is particularly useful for implementing zero trust policies and enabling detailed understanding and management of device interconnectivity for Network segmentation it also allows granular Access Control moving on from key features let's explore how Defender for iot allows you to manage Network risks and vulnerabilities after mapping out devices on a network it is essential to monitor them for potential risks and vulnerabilities Microsoft Defender for iot provides risk assessment reports from each sensor console thereby identifying issues such as unauthorized devices unpatched systems unauthorized internet connections and devices with open ports that are not in use the data from the reports can be used to prioritize mitigation efforts on the most sensitive and critical OT iot assets these are devices whose compromise could lead to significant organizational impact such as Revenue loss on-site safety incidents or the theft of sensitive intellectual property the OT iot security landscape consistently evolves presenting new threats and vulnerabilities Defender for iot offers threat intelligence updates its dedicated security research group known as section 52 specializes in OT iot security this team consists of experts in threat hunting malware reverse engineering incident response and data analysis section 52 also regularly develops threat intelligence packages tailored for OT iot environments these packages provide updates on incidents of concern such as new malware signatures malicious DNS queries and IP addresses associated with threats these packages also provide updates on common vulnerabilities and exposures to enhance the vulnerability management capabilities of Defender for iot and asset profiles to improve the asset Discovery features within Defender for iot organizations should ensure that their Defender for iot deployment is consistently updated with the latest threat intelligence packages provided by section 52 to maintain robust Security in OT iot environments this practice helps in promptly addressing new and emerging security challenges in conclusion Microsoft Defender for iot provides a robust and sophisticated defense mechanism tailored to OT and iot networks unique and complex ecosystems by offering passive monitoring asset Discovery security monitoring and Advanced Network mapping tools it ensures comprehensive visibility and security for industrial environments Defender for iot's integration with existing it and OT infrastructures coupled with the expertise of section 52's continuous threat intelligence updates equips organizations to tackle emerging cyber threats preemptively a dynamic intelligent and Integrated Security approach like Microsoft Defender for iot has become increasingly essential for protecting the critical infrastructures that underpin modern Enterprises Microsoft Defender for iot is an agile and sophisticated security platform that adapts to diverse operational needs and offers deployment flexibility in this video you will learn about its deployment and how it assures a streamlined onboarding process process through the Azure portal first let's examine how it centrally manages sites and sensors with minimal fuss its deployment flexibility means it can be implemented in an air gapped on premises environment or integrated with cloud services on premises device sensors can be registered and managed via the Azure portal this streamlines operational and maintenance efforts especially for organizations already using Microsoft and Azure Services the Azure portal allows sensors to be easily registered to a specific Azure subscription and resource using the getting started page this allows for centralized management of sensors and sites from the cloud once sensors are onboarded they appear on the defender for iot sites and sensors page within the Azure portal this interface provides Azure user users with detailed information about each site and sensor including sensor Zone assignment connection status and threat intelligence update status this page also allows for the addition of more sensors to the network as needed lastly Defender for iot offers operational alerts to monitor Network events this is particularly useful for identifying and rectifying issues with with equipment that is malfunctioning or misconfigured these alerts enable timely intervention ensuring that problems like a misconfigured engineering workspace can be detected and their root causes addressed promptly this is a screenshot of the alerts page on a sensor console it shows the alerts triggered by the devices attached to the sensor Microsoft Defender for iot is a testament to the power of integration in a enhancing cyber security for example its integration capabilities offers seamless security monitoring integrating Defender for iot with existing security and governance systems streamlines operations across different teams this integration supports a cohesive experience for teams by combining OT and iot security with other systems Microsoft Defender for iot also directly integrates with thirdparty services like Splunk IBM Q radar and service now such Integrations help break down communication barriers between iot and OT teams and establish a common operational language furthermore Defender for iot offers efficient Incident Management through integration integration supports quick resolution of complex attacks that may affect both it and OT domains exemplified by sophisticated threats like Triton integration allows you to leverage existing workflows training and tools developed for security operations center or S so teams for iot OT security next let's discuss advantages of integrating Microsoft Defender for iot with Microsoft Sentinel first it enhances s so operations Integrations with Microsoft Sentinel accelerates detection and response times during the entire attack life cycle Sentinel provides workbooks analytics rules and playbooks designed to improve monitoring and response to OT threats identified by Defender for iot furthermore when installing the defender for iot data connector in Microsoft Sentinel users gain access to built-in content including workbooks that visualize and monitor Defender for iot data within Sentinel in doing so it facilitates guided investigations based on incidents alerts and OT asset activities the built-in content also includes analytics rule templates these rules use alerts generated by Defender for iot related to OT Network traffic to configure incidents in Sentinel lastly integration with Sentinel enhances Automation and orchestration you can use sentinel playbooks to configure automatic remediation actions in response to alerts or incidents these can be triggered by analytics or automation rules streamlining the threat response process in summary Microsoft Defender for iot seamlessly integrates with both on premises and Cloud infrastructures it also allows easy onboarding and centralized management of iot devices through the Azure portal and these functionalities ensure a streamlined operational experience what's more the platform's capability to integrate with existing security services such as Microsoft Sentinel enhances Incident Management efficiency and strengthens the overall security posture through operational alerts and integration with various Microsoft and partner Services Defender for iot empowers organizations to maintain a Vigilant and proactive stance congratulations on reaching the end of this module before you move on to the quiz let's recap the key insights and Concepts about Advanced threats and mitigation that were covered you started off by learning about susceptible infrastructure for example cloud infrastructures while beneficial carry risks of misconfigurations and data exposure by understanding the types vulnerabilities and impact of susceptible infrastructure you can better prepare and defend against potential threats among some of the important questions you should ask when assessing an infastructure or what is the potential damage if a vulnerability is exploited and how easy can it be exploited you also specifically learned about how to identify and assess vulnerabilities in susceptible infrastructure so that you can prioritize and Implement effective security measures one way in which you can proactively identify and address threats is by using the miter attack Matrix it is a framework that provides a comprehensive overview of the relationship between attacker tactics techniques and sub techniques a tactic is a specific objective or goal while a technique is the specific method or procedure cyber attackers use to reach their objective for example if an attacker's objective is to gain credential access they could use brute force remember Sachi she had to implement a multifaceted defense strategy to outwit an attacker trying to gain access to her accounts she changed her passwords to more complex ones enabled two-factor authentication on her accounts and started using a password manager to manage the complexity of her new passwords you also learned about different types of malicious software like viruses worms Trojan horses and more but just knowing that there are different types of malware isn't enough which is why you also learned how to prevent detect and counteract malware for example one key way you can protect operating systems and software is to implement frequent security related updates regular updates ensure that discovered vulnerabilities are patched and updating malware definitions ensures that your protective tools can recognize and counteract even new forms of malicious software in the second part of the module you learned about the internet of things one of the most well-known consumer iot devices is a smartwatch that gathers realtime health related data about the person wearing it there are also commercial industrial infrastructure and Military and defense iot devices sensors are one of the oldest and most common types of iot devices that individuals businesses and governments use for example example there are Optical sensors for automatic street lights temperature sensors for thermostats and internal sensors embedded in industrial Machinery The Internet of Things has opened up a whole new world of possibilities but it comes with its own challenges cyber attackers can compromise an iot system by targeting devices networks data and users they can steal information or even take over an iot system some of the most common types of attacks include physical attacks device impersonation and spoofing there are also several types of risks associated with the internet of things for example system compromise malware infection and unsecured cloud storage some of the security measures you can take is to eliminate unnecessary internet connections to reduce the attack surface you should also Implement zero trust practices to prevent lateral movement attack prevention strategies are critical when it comes to iot devices these strategies include emphasizing strong device identity applying least privileged access principles implementing Network micro segmentation and ensuring device health by following zero trust principles in this part of the module you also learn learn about iot Solutions you have two options when it comes to iot Solutions use a managed app platform like Azure iot Central or employee platform Services these platform Services include Azure iot Hub Azure digital Twins and Azure storage platform they allow for full customization and control over your iot solution enabling you to scale and secure Services as per your need a vital iot security solution is Microsoft Defender for iot it facilitates a unified asset management and security monitoring approach by integrating OT and it governance tools and Technology a key feature offered by Defender for iot is non-intrusive passive and agentless monitoring agentless monitoring identifies devices their specifics and their communication patterns using data from Network sensors Microsoft Defender for endpoint and third-party sources this monitoring is possible without requiring embedded agents to be installed on devices thereby preserving system stability and performance Defender for iot has risk and vulnerability tracking prioritization and mitigation functionalities it provides risk assessment reports from each sensor cons console thereby identifying issues such as unauthorized devices unpatched systems unauthorized internet connections and devices with open ports that are not in use the data from the reports can be used to prioritize mitigation efforts on the most sensitive and critical OT iot assets you also learned about the Azure well architectured framework a blueprint that ensures an iot Solutions components are efficient reliable secure and cost effective this framework has five pillars cost optimization security reliability performance efficiency and operational excellence together they serve as a solid foundation for iot Solutions there are also five security designed principles that are informed by the well architectured framework these are strong identity least privilege device health device update and monitoring an incident response by embedding these design principles into an iot architecture you can help ensure that the system is secure by Design with proactive measures in place to mitigate and respond to potential security threats finally you completed an exercise about creating a secure iot device and that wraps up the module summary you've broadened your knowledge on the nuances of advanced threats and the critical strategies to mitigate them effectively should you find yourself needing a refresher the material is always there for you to review good luck with the module quiz in today's hyperconnected world the cyber security threat landscape is in a Perpetual state of evolution new threats emerge constantly and staying ahead of the curve is critical to safeguarding an organization against cyber attacks in this video you will explore the concepts of changing threat Landscapes attack surfaces and threat vectors in cyber security let's start by dissecting the term threat landscape the threat landscape encompasses all potential risks and Hazards to an organization's information security it's a vast and ever shifting Terrain that includes internal and external threats within this landscape there are attack surfaces which you are already familiar with if an attack surface is exploited it becomes a potential entry point for malicious actors to breach an organization's systems or data here are some common and Enterprise relevant attack surfaces first there's email this is a primary attack surface where where cyber criminals can leverage fishing malware and ransomware next is social media these platforms are fertile ground for social engineering attacks including fishing and malware distribution you also have to consider removable devices like USBS malware infection via removable devices can lead to Data Theft and breaches another potential attack surface is browser browsers can be exploited through vulnerabilities malicious websites and fishing attacks servers also comprise an attack surface critical server components can be targeted by cyber attacks potentially leading to data breaches or service disruptions when it comes to storage databases are vulnerable because they store vast amounts of sensitive information making them attractive targets and don't forget about firewalls while they serve as a defense mechanism attackers can exploit misconfigurations or vulnerabilities and last but not least is the internet the broader Network itself can pose security risks with threats like dos attacks and network intrusions certainly it's essential to highlight that each of these common and Enterprise relevant attack surfaces can serve as entry points for attackers to infiltrate an organization's Network and systems these entry points are often targeted due to their vulnerabilities or the potential for social engineering attacks now that you have delved into attack surfaces in more detail let's move on to threat vectors A Threat Vector is an Avenue or method attackers use to exploit an organization's threat landscape and gain unauthorized access to systems or data threat vectors Encompass a range of attack techniques including fishing which involves tricking individuals into revealing sensitive information or installing malware through deceptive emails malware is another technique that uses viruses Trojans and ransomware designed to infiltrate steel data or cause damage without consent there are also Insider threats that must be considered these arise from individuals within an organization who misuse their access or share sensitive data intentionally or accidentally and don't forget about zerod day exploits zero day exploits Target unknown software vulnerabilities making them challenging to defend against let's explore two other Advanced threat vectors first are supply chain attacks these attacks Target third-party vendors or suppliers to gain access to an organization's systems or data second are advanced persistent threats or apts APS are highly sophisticated long-term attacks designed to evade detection and persist within an organization's Network guarding against Advanced threat vectors Demands a multi-layered security approach let's examine some tools and methods that can support such an approach you should be familiar with these so think of this as a refresher Next Generation firewalls can be used to effectively detect and block malicious traffic including zero day attacks intrusion detection and prevention systems or ids/ips can be leveraged to identify and block malicious activity within a network PR promptly you can use Advanced endpoint Security Solutions to secure devices from malware and other threats and another solution you know well is security information and event management or Sim Sim systems collect and analyze logs to identify suspicious activities while understanding the tools and strategies to guard against Advanced threat vectors is crucial it's equally vital to consider holistic approach to cyber security Beyond just tools protecting against cyber attacks requires an organization-wide commitment and proactive strategies let's examine some of the broader measures that can be adopted to enhance an organizations cyber resilience organizations should deploy robust security controls including firewalls intrusion detection systems and data encryption these measures fortify an organization's defenses against a wide range of threats they should also educate their Workforce on cyber security best practices employees are the first line of defense against threats and they should be equipped with the knowledge and skills needed to identify and respond to potential risks effectively continuous monitoring is just as important regularly monitoring systems and data for SCI of suspicious activity enables Swift action upon detection lastly organizations should have incident response plans it is vital to develop and maintain an incident response plan to respond effectively in the event of a Cyber attack in conclusion the cyber security landscape is an Ever evolving Battlefield that demands constant vigilance understanding the shifting threat landscape recognizing attack surfaces and vectors and implementing robust security measures Empower organizations to mitigate risks and protect valuable Assets in this video you will explore the world of access Brokers and ransomware as a service in an age where data is more valuable than ever understanding these Concepts is crucial to safeguarding digital assets you'll learn what access services and brokers are review what you know about ransomware learn how to distinguish between locker and crypto ransomware and understand how ransomware as a service or Raz Works to kick things off let's talk about access services in the realm of cyber security access Services refer to how individuals or entities gain unauthorized access to computer systems networks or data access Services can come in various forms but this video specifically focuses on access Brokers access Brokers are individuals are groups that specialize in acquiring and selling unauthorized access to compromised systems these Brokers play a significant role in the dark web economy serving as intermediaries between hackers and potential buyers the access they auction off can pave the way for various cyber attacks one such threat is ransomware by now you know that ransomware is malicious software designed to deny access to a computer system encrypt data are both until a ransom is paid it's crucial to distinguish between two primary types of ransomware locker and crypto ransomware as the name suggests locker ransomware locks you out of your system your you'll find yourself staring at a screen demanding a payment to regain access to your computer while frustrating Locker ransomware usually doesn't encrypt your data on the other hand crypto ransomware takes a more Insidious approach it encrypts your data using complex encryption algorithms rendering it inaccessible until you pay the ransom this type of ransomware can be devastating for individuals and organizations like now let's delve into the concept of ransomware as a service or Raz this is where the cyber crime business model takes a page from the software as a service SAS Playbook ransomware as a service is a cybercriminal service that allows individuals with little to no technical expertise to launch ransomware attacks in essence it turns ransomware into a commodity that anyone can access much like how SAS platforms provide software tools to businesses Raz providers offer a package that includes ransomware software a dashboard for monitoring and managing attacks and sometimes even customer support this lowers the barrier to entry for aspiring cyber criminals enabling them to carry out attacks without the need for extensive technical knowledge but where did these budding cyber criminals go to purchase these services enter the dark web Marketplace the dark web is a hidden part of the internet that you can't access using regular search engines like Google you can think of the dark web Marketplace like an underground online store it's often used for illegal activities because it offers a high level of anonymity cyber criminals can buy and sell while hacking services in this dark web Marketplace including ransomware as a service in this Marketplace cyber criminals can find different Raz options each with its own prices and features and some of these Services even let the Cyber criminals share the money they get from the victims with the Raz providers the proliferation of ransomware as a service poses significant risks to individuals and organizations how easy it is to access means that more and more cyber criminals can participate in ransomware attacks leading to a surge in such incidents the consequences of ransomware attacks can be devastating victims may lose access to critical data suffer Financial losses and face reputational damage furthermore paying the ransom doesn't guarantee that you'll regain access to your data as cyber criminals may not provide decryption keys or may demand additional payments now that you understand the threats posed by access Brokers and ransomware as a service it's crucial to discuss how individuals and organizations can protect themselves it's essential to adopt a multifaceted approach to safeguard against ransomware attacks first you should maintain regular up-to-date data backups either on offline storage or the cloud this ensures that even if your data is encrypted you can restore it without paying a ransom second investing in robust antivirus and anti-malware Solutions can help you detect and block ransomware attacks equally crucial is the education of employees employees should be educated about fishing scams and the importance of not clicking on suspicious links or downloading unknown attachments fourth software and operating systems should be kept up todate to patch known vulnerabilities that cyber criminals May exploit and lastly you should always have a comprehensive incident response plan in place not only does this minimize the repercussions of an attack but it also ensures a more streamlined recovery process in summary access Brokers and ransomware as a service have changed the cyber crime landscape by understanding both Concepts and taking proactive measures you can better protect your digital assets and maintain the Integrity of your data in today's world identity theft Hardware vulnerabilities and email related threats are prominent concerns for individuals and organizations alike in this video you will explore various mitigation strategies for these security challenges some holistic mitigation strategies for General Security concerns will also be discussed let's start with identity theft mitigation identity theft poses a significant risk and mitigating this threat requires a well-rounded approach such an approach could be comprised of the following measures first you should Implement multifactor Authentication or MFA for added security MFA requires multiple forms of identification like a password token or fingerprint for access second you need to have robust password management strong unique passwords should be used and changed regularly you can use a password manager to keep track of passwords which will also help with Secure Storage and password generation third you should employ access restriction using role-based access control or arbac reduces the risk of unauthorized access fourth is biometric authentication biometric methods like fingerprint or facial recognition can be used for heightened Security in critical systems while securing personal identity is important it's also critical to ensure the physical devices used every day are free from vulnerabilities to address Hardware vulnerabilities effectively you can consider the following measures keep an updated list of all company Hardware including device details operating systems and software use tools to track Hardware performance and Report anomalies in real time employ reliable antivirus software update definitions and consider consider endpoint detection and response EDR for advanced threat detection and stay alert to Firmware updates for all Hardware components including routers switches and Internet of Things devices to prevent vulnerability exploitation email is another frequent Vector of cyber threats that requires attention here's how to mitigate email related threats comprehensively block known malicious email sources like addresses domains and IP addresses you should also prioritize trusted email sources for inbox delivery and use Advanced filters to spot and quarantine suspicious emails you can also deploy sender policy framework or SPF records to verify sender domain authenticity and you can Implement domain-based message authentication reporting and conformance or DeMark for added email sender authentication and domain spoofing prevention like with most cyber security issues user training is also important employees should continuously be educated on email security emphasizing caution with links and attachments and sensitive emails should be secured for authorized recipient access with encryption you can do this with protocols like secure multi purpose internet mail extensions or esime or the pretty good privacy or pgp encryption program lastly simulations should regularly be used to assess employee response to fishing attempts but cyber security is about more than just securing email Communications and mitigating Associated threats the digital landscape is vast and attackers use a variety of entry points and tactics in addition to the mitigation approaches already discussed consider these comprehensive mitigation strategies first encryption techniques such as TLS for data in transit and full disk encryption for data at rest or vital they ensure data remains unreadable especially in instances of unauthorized access second regular software and firmware updates facilitated by a Rob robust patch management system are necessary patches should be tested before deployment to head off potential issues next employees should be educated on security best practices social engineering tactics and cyber security awareness organizations can conduct security training sessions fishing simulations and provide resources for ongoing learning additionally an incident response plan should be in place to swiftly and effectively address security breaches such plans should outline identification containment mitigation and Recovery procedures it's also necessary to assess the security practices of third-party vendors and partners to ensure alignment with an organization's standards organizations can conduct due diligence reviews establish security focused contractual agreements and monitor compliance furthermore ensuring data longevity and integrity often hinges on regular data backup protocols complemented by thorough testing of recovery processes this minimizes data loss risks during potential incidents and emphasizes Secure off-site Storage as a countermeasure against physical disasters it's also crucial to implement Network segment mation to isolate sensitive data which in turn prevents lateral Movement by potential hackers such segmentation uses firewalls and access controls to enforce segmentation limiting access to critical areas endpoint detection and response or EDR Solutions should also be used to continuously Monitor and analyze endpoint activities for signs of malicious behavior EDR and enables rapid threat detection and response including isolating compromised end points another measure is web application firewalls are wafts which should be deployed to protect web applications from online threats such as SQL injection and cross site scripting attacks they should be configured to filter and block malicious traffic behavioral analysis tools can also be used to identify abnormal user behavior and potential security breaches for example machine learning and analytics can detect deviations from standard patterns aiding in identifying Insider threats and sophisticated attacks and Red Team exercises can be used to simulate real world attacks and uncover vulnerabilities before malicious actors can exploit them lastly you should ensure secure network communications with VP VNS particularly for remote workforces vpns offer secure and private access to corporate resources over untrusted networks by implementing these holistic strategies you can substantially reduce the risks associated with identity theft Hardware vulnerabilities email related threats and more General Security concerns it's essential to remember that cyber security is an ongoing endeavor necessitating continuous vigilance and adaptation to emerging threats you need to stay informed and proactive to safeguard your organization's valuable assets effectively data security is pivotal for the growth and success of organizations neglecting security can lead to data breaches and loss of reputation while prioritizing it instills customer trust and satisfaction this video is about defense in depth a concept that informs Azure Cloud security much like the zero trust model defense in depth assumes that not all threats can be prevented for this reason it has multiple layers of Defense if one layer is breached other layers are there to provide protection defense in depth relies on three fundamental principles the first principle is confidentiality to ensure authorized access security teams must verify that only those explicitly granted permission can access the protected surface and the potentially sensitive data it contains the second principle is integrity this involves creating a unique data fingerprint using one-way hashing algorithms during transmission recipients can use this hash to verify data consistency ensuring data Integrity throughout the process the third principle is availability data must be accessible to authorized users at all times preventing denial of service attacks is a critical aspect of this principle now let's explore the seven critical layers of the defense in depth approach in the context of azure Cloud Security First the the outermost layer regulates physical access to azure's data centers it incorporates stringent access controls biometric authentication and continuous surveillance to deter unauthorized access the second layer focuses on protecting data applications and software through identity and access Management Solutions features like multiactor authen ication and event auditing play a vital role in safeguarding user credentials the third layer often called the perimeter guards against network based attacks it deploys dos protection and firewalls to identify and mitigate threats the fourth layer restricts network connectivity it allows only essential communication between resources for example Azure virtual networks provide isolation and security controls preventing malware transmission the fifth layer is about the security of computing resources and offers confidential Computing Services users should minimize security risks maintain Regulatory Compliance and prevent untrustworthy collaborations in the sixth layer the focus is on reducing risks and vulner abilities associated with the development life cycle of applications for example security features are integrated into application development and confidential information must be securely stored the innermost layer safeguards data stored in various forms these seven layers serve as the building blocks for safeguarding networks so let's examine how they apply in the cont context of azure virtual networks and other techniques for Network segmentation Azure virtual networks enable you to segment a network into subnets and enforce network security policies there are also several Advanced Techniques that you can use to segment a network in Azure these include using network security groups nsgs to filter traffic between subnets and resources and implementing the Azure firewall a cloud native firewall that provides centralized protection for Azure resources the Azure application Gateway can also be used it's a load balancer that can also perform web application firewall functions and last is the Azure virtual Wan a networking service that enables you to connect and manage your on premises Azure and other Cloud networks these Network segmentation techniques pave the way for improved threat detection strategies to identify and respond to potential security breaches Microsoft Defender for cloud and Microsoft Sentinel provide some features for threat detection these include security alerts that notify you of potential threats and vulnerabilities once threats are identified you have to consider ways to fortify your defenses and mitigate risks effectively for example just in time VM access which allows you to restrict access to VMS to specific times and users an Adaptive application controls which use machine learning to Monitor and block malicious applications you can also use network security appliances such as firewalls and intrusion detection systems to protect your Azure Network however it is important to note that Microsoft Defender for cloud provides many of the same features as network security appliances maintaining high security standards is an ongoing commitment best practices include implementing the zero trust model and defense in-depth approach training employees on security best practices and keeping software up toate in conclusion your exploration of Defense in-depth principles its layered approach and its practical application has revealed the importance of a comprehensive security strategy by combining the principles of confidentiality integrity and availability with the seven layers of Defense organizations can fortify their defenses and maintain high security standards Cloud platforms like Azure have become integral to Modern business operations making security a top priority in this video you will explore the steps of the defense in-depth approach to protect your Cloud infrastructure you will specifically learn how you can do so by using various components of azure network security let's start with the defense steps the first step is to comprehensively assess your assets so you have a clear understanding of what you're protecting this is an essential step in establishing an effective defense strategy assets Encompass a wide range of digital resources including sensitive data critical applications and virtual machines by identifying and cataloging your assets you can clearly understand what you need to protect this foundational step helps you prioritize your security efforts ensuring that your most valuable assets receive the highest level of protection once you've identified your assets the next step is to identify potential threats and vulnerabilities knowing what you're up against is essential threats in the digital landscape can range from sophisticated cyber attacks to Accidental data breaches vulnerabilities may stem from factors like unpatched software misconfigured security settings are human errors recognizing the full spectrum of threats and vulnerabilities allows you to address them in your defense strategy proactively lastly establishing security policies is a Cornerstone of effective defense measures security policies serve as a set of clear guidelines and practices that all stakeholders within an organization must adhere to these policies help ensure consistency in your security measures reducing the risk of oversight in safeguarding assets well-defined policies cover aspects such as Access Control Data encryption incident response and employee training all of which contribute to a robust security posture to defend your Cloud infrastructure effectively you must develop a layered approach to security let's explore how to create these layers using Azure components network security groups firewalls and other tools form the outermost layers of an in-depth defense strategy you can establish strong perimeter security by configuring security groups and firewalls within Azure these tools are critical in controlling inbound and outbound traffic ensuring only authorized access this means you can prevent unauthorized access and potential threats from reaching critical assets next Azure virtual networks provide a solid foundation for implementing in-depth defense within the Azure ecosystem they enable you to segment your network into subnets and enforce network security policies at a granular level this segmentation helps isolate different parts of a network limiting lateral movement for potential hackers Additionally you can use Microsoft Defender for cloud to monitor a network for threats and vulnerabilities it provides real-time Protection security alerts and threat intelligence to enhance an organization's security posture to enhan security layers further you can employ Advanced Network segmentation techniques Azure offers a suite of tools including network security groups Azure firewall Azure application Gateway and Azure virtual Wan these tools provide granular control over Network traffic and security policies allowing you to tailor your defenses to specific needs and threats you shouldn't forget about threat detection as it is integral to a layered approach Azure provides robust threat detection capabilities through services like Microsoft Defender for cloud and Microsoft Sentinel these services offer a range of features like security alerts just in time VM access and adaptive application controls lastly to add an extra layer of protection to your Azure Network you should consider using network security appliances like firewalls and intrusion detection systems these appliances are specifically designed to Monitor and Safeguard Network traffic by detecting anomalies and blocking potential threats it's important to note that Microsoft Defender for cloud provides many of the same features offering a comprehensive security solution for any Azure Network in addition to the aformentioned defense measures regular security Audits and penetration testing are ESS ential components of a proactive security strategy you can use Microsoft Defender for cloud and Microsoft Sentinel to help you implement them conducting periodic security audits helps identify vulnerabilities and weaknesses in your systems and processes penetration testing on the other hand involves simulating real world attacks to evaluate the effectiveness of your security controls by routinely performing these assessments ments you can proactively address emerging threats and continuously improve your security posture in conclusion Defending Your Cloud infrastructure requires a combination of defined defense steps and a layered approach to security by implementing the defense in depth strategy using Azure components you can ensure the confidentiality integrity and availability of your data like consistently assessing assets identifying threats and vulnerabilities and establishing security policies you can lay the foundation for a robust security posture and utilizing azure's powerful security tools further enhances the protection of your organization's digital assets by now you have a good understanding of the defense in depth strategy now it's time to explore how it informs the process of securing an Azure EnV environment this includes understanding potential threats implementing security controls and effectively monitoring and responding to security incidents conducting an extensive risk assessment to identify potential vulnerabilities and risks in your Azure environment is crucial as discussed in previous courses Azure offers a vast array of services and capabilities to help you do this but what are some of the common risks in aure let's investigate some of them first up our data security risks data security is not just about encryption it extends to Access Control Data classification and compliance data breaches can lead to severe consequences and Azure provides tools to prevent unauthorized access to sensitive information there are Advanced Data protection strategies to handle these risks such as Azure confidential Computing and Azure information protection these strategies go beyond basic encryption to protect data in transit and at rest next are identity and access risks Advanced identity and access management in Azure involves using identity governance privileged identity management or Pim and Azure conditional access to fine-tune user access controls you also have options like identity Federation and single sign on or SSO configurations to safeguard against unauthorized access and identity related threats last are compliance risks achieving and maintaining compliance in Azure is an intricate process you can use Azure policy initiatives and custom policies to enforce specific compliance requirements unique to the relevant industry you're working in compliance is not just a legal requirement but also a critical aspect of maintaining trust with customers and partners with a good understanding of risks let's turn to potential threats to your Azure environment first are two threats you are very familiar with malware and viruses in-depth threat protection strategies involve implementing Microsoft Defender for point you can also integrate Microsoft Defender for internet of things to protect against vulnerabilities in Connected devices within your Azure environment these Services provide Advanced threat intelligent feeds and realtime threat detection mechanisms another type of threat to keep in mind are fishing attacks fishing attacks often Target user identities making robust ID identity protection crucial for advanced protection against these you should use Azure identity protection and Implement multiactor authentication with conditional access policies and anomaly detection and machine learning techniques can help identify unusual user Behavior last are DOs attacks dos attacks can disrupt Azure services and having mitigation strategy IES in place is vital for maintaining service availability Advanced dos protection includes configuring custom protection policies by implementing Azure front door and Azure content delivery Network or CDN for traffic management you should also use Azure application Gateway for advanced application Level dos attack mitigation now let's examine how to implement a Advanced security controls in Azure first you can use Azure firewalls in addition to basic firewall configurations you can also apply threat intelligence-based rules like application rules for layer 7 filtering and you can use the Azure firewall manager to manage multiple Azure firewall instances secondly you can use Advanced network security groups or NSG configurations to implement outbound security rules and service tags thirdly using application security groups or asgs can help simplify Network Security Management for complex architectures fourth is Microsoft Defender for cloud a central component of azure security Arsenal it offers Advanced threat protection strategies like customizing threat detection policies and leveraging Advanced analytics and machine learning you can also incorporate the Sim and sore functions of Microsoft Sentinel with Defender for cloud this integration provides comprehensive security monitoring and incident response capabilities sixth are threat detection Solutions detecting threats early and effectively is essential for minimizing potential damage and responding proactively these Solutions include using the aformentioned Sim integration as well as Behavior analytics and threat intelligence platforms for enhanced security insights however implementing security controls is only part of an in-depth defense strategy continuous monitoring rapid response to security incidents and automation are also necessary first Advanced monitoring involves creating custom log queries at and alert rules as well as using Azure monitor workbooks for Advanced Data visualization and integrating Microsoft Defender for cloud with log analytics for a holistic view of security threats second Advanced incident response planning emphasizes threat hunting automated incident response workflows using Azure logic apps and orchestrating advanced playbooks with Microsoft Sentinel third at Advanced automation with azzure functions includes developing custom scripts and workflows to automate complex security tasks it also involves orchestrating incident response across multiple services and utilizing Azure devops for automated security policy enforcement in summary securing your Azure environment is a multifaceted process that involves identifying risks implementing security controls and monitoring and responding to security incidents following these best practices can fortify your Azure Network against evolving security threats in today's digital landscape identity and access management are vital in securing an organization's resources and data Azure active directory plays a central role in modern authentication offering robust features and capabilities to ensure that only authorized users gain access to a system you have a good understanding of azure ad by this point in the program so this video will go beyond the basics the focus will be on authentication from a design and Architectural perspective let's get started by exploring modern approaches to authentication and the pivotal role Azure ad plays in this domain in modern authentication identity verification is at the heart of system design it determines who has access to your organization's resources and data one of the key players in this process is the identity provider or IDP an entity responsible for managing and verifying the identity of users as a cloud-based IDP Azure ad plays a central role in modern authentication it acts as a trust broker enabling secure interactions between your applications and the users or devices trying to access them Beyond merely verifying the identity of users the identity provider has additional responsibilities Central to Modern authentication these include not only authentication but also authorization and auditing which you learned about earlier in the lesson from an architectural perspective you should consider how authentication methods integrate with applications ensure that authorization aligns with your organization's specific requirements and reflect on how you can structure your auditing framework to capture and use information for compliance security and troubleshooting now let's focus on Federation and single signon or SSO two essential components that streamline user access to resources across domains Federation is a fundamental Concept in modern authentication enabling a single set of credentials to access multiple services and systems from an architectural perspective you have to consider Federation principles like trust security tokens and relying parties to ensure secure trust establishment and token Exchange in a system you should consider integrating external identity providers with Azure ad using token handling mechanisms and implementing user and group synchronization single signon offers a seamless user experience which you've previously explored Azure ad serves as a robust SSO solution you have to ensure you understand how to structure application integration user experience and security and compliance aspects when implementing SSO using Azure ad architecture Al it's also essential to be aware that there are different SSO design patterns your architectural decisions should align with the specific needs of your applications and services you can use web-based SSO mobile app SSO and integration with on premises applications to achieve this alignment when structuring your SSO solution you should pay particular attention to token management session control and security protocols to balance security and usability effectively to understand the Practical implications of SSO and Federation let's explore a real world scenario you may encounter imagine you work for an organization with diverse applications these include cloud-based SAS applications on premises Legacy applications and applications that need to be accessed by external Partners users demand a seamless SSO experience and security remains a top priority in this scenario you have to consider the various SSO options and Architectural decisions you need to make to provide a robust and secure authentication solution for example you should enable SSO for cloud applications using Azure ad integrate SSO with on premises applications by leveraging Azure ad and Federation and support external collaboration by using Azure ad B2B and b2c to provide secure and userfriendly access now let's move on to consider the architectural aspects of three other critical components of an organization's identity and access management strategy within Azure ad when it comes to conditional access you should ensure that your policies align with your organization's security and compliance requirements with multifactor authentication you should consider the factors verification methods and application integration to ensure a secure and userfriendly MFA experience Additionally you should structure a comprehensive identity production strategy it could combine features like conditional access MFA and identity risk policy to safeguard your organization's resources and data as the field of authentication evolves you have to keep up with new developments for example you should consider the architectural implications of emerging Technologies like passwordless authentication and zero trust architecture you should also structure your authentication Solutions with Azure ad B2B and b2c ensuring that you cater to diverse user bases in conclusion this video focused on the architectural aspects of modern authentication with Azure active directory when designing and architecting authentication Solutions you should remember that security and user experience go hand inand the knowledge and best practices shared in this video will help you build secure userfriendly authentication systems that stand the test of time in recent Rec years the security landscape has undergone a seismic shift perimeter-based security models once the Cornerstone of Enterprise security have become obsolete with the proliferation of digital devices and an increasingly remote Workforce traditional security measures have proven ineffective modern identity security recognizes that the perimeter has expanded far beyond the confines of a physical office employees are connecting to corporate resources from a multitude of devices and locations presenting a complex challenge how to ensure that the right people have secure access to the right data regardless of their physical location in this video you will explore the complex world of identity mitigation strategy building on your foundation in security fundamentals you will discover how modern identity security measures move Beyond traditional perimeter models and you will learn how identity infrastructure mitigates the risks associated with the proliferation of devices and log on locations at its core Modern identity security is about verifying and managing the identities of users devices and applications within an organization it transcends the simplistic dichotomy of inside versus outside the network in the modern context every user and every device is potentially both inside and outside depending on the circumstances before moving on let's discuss what drove the transition away from traditional perimeter-based security models traditional security models relied on strong perimeter defenses such as firewalls IDs and IPS to protect corporate resources from external threats however these models are ill equipped to defend against today's sophisticated adversaries attackers are constantly evolving their tactics and the perimeter models rigid boundaries are insufficient to protect against Insider threats fishing attacks and other emerging threats the Paradigm Shift towards identity Centric security emphasizes that security should revolve around the users and devices themselves elves not just the network perimeter this approach enables more granular control and adaptive security measures to address this new reality identity infrastructure is Paramount identity infrastructure is the backbone of modern security providing the foundation for managing access rights authentication and authorization this infrastructure extends Beyond user identities to encompass devices applications and even iot devices of course identity Centric security comes with its own risks let's now focus on the risks associated with the proliferation of devices and login locations first the number and diversity of devices used to access corporate resources have skyrocketed employees use smartphones tablets laptops and even iot devices to connect to corporate networks introducing a myriad of potential vulnerabilities second users are no longer Tethered to a single physical location they may log in from their office home a coffee shop or even a foreign country securing these login locations is a complex task that requires adaptive authentication and authorization mechanisms having outlined the challenges let's move on to the the security measures required to mitigate these identity related risks first is MFA a fundamental security measure that requires users to provide multiple forms of verification such as a password fingerprint or smart card to authenticate themselves MFA significantly enhances the security of user identities by making it more difficult for attackers to compromise accounts next is arbac which allows organizations to assign permissions based on job roles ensuring that users have access only to the resources necessary for their work and lastly adaptive security is all about continuous monitoring and behavioral analytics by detecting anomalies and user behavior and reacting in real time adaptive security can escalate security measures or prompt additional verification to mitigate risk risks in conclusion modern identity security has become an imperative in the face of evolving threats resulting from proliferation of devices and log on locations by moving away from traditional perimeter models and embracing an identity Centric approach organizations can effectively mitigate risks and secure access to data and resources it's more than likely that you are familiar with the ship shared responsibility model it is the cloud computing security framework where providers and clients collaborate to secure data and infrastructure with each having distinct responsibilities Azure security is based on this model where Microsoft safeguards the underlying infrastructure while you secure your applications and data within Azure in this video you will cover azure's comprehensive set of tools and services that help protect your applications data and infrastructure in the cloud you will also cover the benefits of and best practices for mitigating security threats on Azure but first let's cover the three critical aspects that shape how Microsoft meets its security responsibilities first is physical security this involves measures like biometric access controls and surveillance systems to protect data centers from unauthorized physical access second is data center access controls Microsoft enforces strict authentication and authorization mechanisms to control who can access data centers and their resources and last is hypervisor security Microsoft continuously monitors and patches hypervisors to maintain the Integrity of the virtualization layer next let's delve into Microsoft Defender for cloud one of Microsoft's most prominent services that addresses these security aspects Microsoft Defender for cloud is an advanced Cloud native security service that provides continuous monitoring and threat protection for your Azure resources starting with Advanced security analytics Defender for cloud employ sophisticated algorithms to analyze vast amounts of telemetry data identifying anomalies and patterns that might indicate security issues this allows for early detection of potential threats before they escalate next is machine learning driven threat detection with machine learning models it can recognize unusual behavior in your Azure environment and distinguish between legitimate and malicious activi this reduces false positives and increases the accuracy of threat detection Defender for cloud also provides detailed security recommendations tailored to your specific Azure environment these recommendations are aimed at identifying potential issues and include actionable guidance and how to remediate them effectively let's explore three more functionalities of Defender for cloud first is Advanced compliance assessments Defender conducts rigorous assessments of your Azure Resources with various security standards and regulations such as gdpr Hippa and Industry specific compliance Frameworks in mind it goes beyond mere checkboxes providing detailed insights into your compliance posture and suggesting specific actions for alignment next is customizable security policies Defender for cloud allows you to Define and enforce your security policies providing the flexibility to adapt to specific compliance requirements within your organization or industry and last is diverse security reports Defender offers a wide range of security reports that provide detailed insights into your security posture Regulatory Compliance and threat activities these reports serve as a record of your security history and Aid in making informed decisions to improve your security Azure security encompasses various other tools and services proactively mitigating security threats with these Azure tools yields numerous advantages including Azure information protection or AIP ensures comprehensive classification and data labeling ensuring that sensitive information is handled appropriately Azure dis encryption provides full disk encryption thus safeguarding data even in the event of physical disk theft Azure policy Azure Blueprints and Defender for cloud provide a robust framework for compliance they offer predefined policies and recommendations to assist organizations in aligning with various regulatory standards such as gdpr and Hippa and lastly Azure key vault is an essential tool for managing and safeguarding cryptographic keys and secrets thereby ensuring the confidentiality and integrity of sensitive information by now it should be clear that Azure provides a powerful arsenal of tools and services however it is your responsibility to harness them effectively to fortify your Cloud environment next let's explore best practices for mitigating security threats on Azure first it's essential to implement a robust identity and access management or IM am strategy within Azure active directory this includes fine-tuning conditional access policies to limit access to Azure resources based on user identity device and location you should also leverage privileged identity management or Pim for privileged roles furthermore you should embrace role-based Access Control are are back to Grant permissions exclusively to authorized users and roles best practices specifically for network security include employing network security groups or nsgs to manage inbound and outbound traffic for your Azure resources second you should Implement Azure firewall to protect Azure virtual networks from unauthorized access and third you should utilize secure connections via virtual Network gateways to link Azure virtual networks with on premises networks and other Cloud providers there are also best practices for protecting data such as ensuring encryption for all data at rest and in transit you can do this through Azure disk encryption Azure storage service encryption and Azure SQL database transparent data encryption or TDE safeguarding cryp ctog graphic keys and secrets with Azure key vault is also Paramount lastly let's talk about best practices for threat detection and monitoring you should use Advanced threat detection tools like Defender for cloud as your monitor and Microsoft Sentinel to identify and respond to realtime threats promptly it's also essential to configure these tools to generate alerts for suspicious activity in conclusion Azure security is multifaceted and dynamic it is crucial for ensuring the protection and integrity of your applications data and infrastructure in the cloud by embracing the shared responsibility model and implementing these Advanced security practices you can bolster your organization's defenses in the Azure environment in Azure there are two essential aspects of securing your Cloud environment and resources Network protection and data protection these two aspects serve different purposes and focus on different areas of security network protection focuses on securing the infrastructure and communication channels within Azure while data protection focuses on safeguarding the data stored and processed by your Azure resources both aspects are critical components of a comprehensive Azure security strategy and and they work together to provide a strong defense against various security threats and vulnerabilities in this video you will learn about the various network security features available in Azure get ready for a journey that will take you beyond your foundational understanding of features covered in earlier courses such as Azure virtual networks nsgs and firewalls you'll now discover how these components work together to provide Advan aned network security within the Azure ecosystem but before exploring the tools let's talk about the golden rule that should guide all implementation of network security features in Azure the principle of least privilege in other words when configuring these network security features only Grant the minimum necessary access to resources now let's examine the Myriad of tools and services Azure offers to safeguarding your network infrastructure first is the built-in dos protection that safeguards your applications and resources from distributed denial of service attacks you can fine-tune dos protection plans customize alert thresholds and monitor traffic patterns to adapt defenses dynamically next is azure Bastion which offers secure and seamless RDP and S H access to your virtual machines in the Azure portal you can configure multiactor authentication and customize policies for Bastion to ensure even higher security another network security feature is the Azure application Gateway which provides layer 7 load balancing and web application firewall capabilities moreover you can create custom WAFF policies integrate with azure your Sentinel for advanced threat detection and optimized traffic management there is also Azure private link which allows you to access Azure Services privately over a private network connection you can also Implement private end points which ensure that data never traverses the public internet and remains within the Microsoft network next up you can use network security groups to control control inbound and outbound traffic to your Azure resources more specifically you should prioritize rule order leverage service tags and use application security groups for more granular control another essential tool to implement is azure firewall for a centralized fully stateful and highly available firewall service you can fine-tune threat intelligence configure custom DN s settings and integrate with Azure monitor for extensive logging moving on you have Microsoft Defender for cloud at your disposal which offers Advanced threat protection for all your Azure resources it allows you to configure adaptive application controls and just in time access to enhance your security posture and then there is azure policy a powerful tool for enforcing compliance requirements and security configur ations across your Azure resources you can create custom policy definitions and initiatives ensuring that resources remain continuously aligned with organizational standards this is crucial for maintaining a consistent and secure environment especially in complex and dynamic Cloud infrastructures let's move on to two more Azure services that offer protection for your network Azure express route is establishes a dedicated private connection between your on premises Network and Azure data centers it significantly enhances Network performance reduces latency and strengthens security by bypassing the public internet express route is an ideal choice for organizations with highspeed low latency and secure connectivity requirements the other service is azure VPN Gateway a critical component for creating secure VPN tunnels between your on premises Network and Azure you can fine-tune VPN configurations Implement High availability designs and leverage Advanced encryption options this will ensure the confidentiality and integrity of data transmitted between on premises and Azure resources but these defenses are not enough you can't Implement effective network security security without Vigilant monitoring Azure Monitor and log analytics play a crucial role in collecting and analyzing network security logs to identify potential threats and anomalies Advanced users can create custom alerts set up intelligent log queries and utilize Advanced features like log analytics workbooks for in-depth analysis this proactive approach is essential for identify Ing and responding to potential security incidents in real time Azure Network Watcher is another valuable tool for monitoring and troubleshooting Network traffic in your Azure environment you can take advantage of features such as next hop analysis to determine the next Network hop for a given packet packet capture for in-depth Network traffic analysis and network performance monitoring to ensure optimal Network performance and reliability and lastly Microsoft Sentinel is a Sim and sore solution that you can leverage to detect investigate and respond to threats swiftly this robust tool integrates with Azure services and external Security Solutions providing a holistic view of security across your Azure environment custom playbooks and Automation in Sentinel help streamline instant response enhancing overall security in this video you learned that Azure provides a comprehensive Suite of tools and services designed to fortify your network infrastructure Guided by the principle of least privilege you can employ a combination of azure features and Microsoft solutions to create a secure resilient and optimized environment so far you've learned Azure offers Advanced Network protection with various services and tools but what about protecting the actual data in a cloud environment remember Network protection focuses on securing the infrastructure and traffic flow within a cloud environment on the other hand data protection involves safeguarding the data stored and transmitted in this video you'll discover how Azure safeguards the confidentiality and integrity of the data itself you will also cover how to implement best practices and develop effective data protection strategies let's start by establishing a solid foundation in the world of cloud computing data security is not merely an option it's a necessity data security is primarily about making sure customers trust that you will safeguard their data think about it a data breach can lead to catastrophic consequences including the erosion of trust legal repercussions and substantial Financial losses weak data security can open the gateway to unauthorized access and violations of regulatory requirements such lapses can tarnish an organization's reputation disrupt critical business operations and result in Hefty Financial penalties Azure offers a sophisticated arsenal of data security features each designed to serve a specific purpose to build a secure Azure environment it's imperative to acquaint yourself with these features let's start with encryption the Lynch pin of data security transforming data into an impenetrable Fortress against unauthorized access aure provides a spectrum of encryption methods including transparent data encryption or TDE bit locker and Azure disk encryption next is authentication which Acts as a gatekeeper ensuring that only authorized users and systems gain access to your data aure active directory or Azure ad plays a pivotal role in this process authenticating users and services with Precision the third element of data security is authorization which defines the boundaries of what users or systems can do with your data arbac and Azure policy are your trusted allies in establishing these boundaries and the last element of data security is access control which enforces gatekeeping Access Control mechanisms such as Azure key Vault enforce gatekeeping by managing access to Secrets keys and certificates it forms an indispensable part of fortifying sensitive data by now you covered the importance of data security and the four ways in which Azure ensure it but configuring data security on azzure requires a disciplined approach grounded in best practices and guided by effective strategies in other words what can organizations do to safeguard data in Azure let's start with data classification and labeling a best practice is to start by meticulously classifying data based on its sensitivity and then applying suitable labels this foundational step allows you to tailor your security measures to the specific requirements of each data category the next crucial strategy is effective identity and access management enforcing unyielding authentication methods such as MFA build a formidable first line of defense against unauthorized access you shouldn't underestimate the power of strong identity and access management policies you can harness policies to dictate who can access your your data and prescribe their allowable actions moreover arbac forms the boundaries of configuring access rules based on job roles you should Grant permissions judiciously adhering to the principle of least privilege and then there is the crucial practice of regular auditing and monitoring continuous vigilance is the key to preempting threats regular auditing and monitoring operations are your Vigilant Guardians helping identify anomalies and potential security breaches and don't forget about a threat detection and response strategy with Defender for cloud Azure Monitor and Microsoft Sentinel you can Implement Advanced threat detection and response mechanisms these tools employ cuttingedge analytics and machine learning to identify suspicious activities and respond in real time but what about encryption you can leverage azure's integrated encryption mechanisms to protect your data whether at rest or in transit for instance to construct a comprehensive encryption strategy incorporate Azure key Vault you can use it to manage keys and certificates efficiently simplifying the process of key rotation another key practice is patch management you should keep your Azure resources and virtual machines fortified with the latest security patches because staying current is an important practice that guards against vulnerabilities and last but not least is the issue of disaster recovery and backup It's always important to prepare robust disaster recovery and backup strategies you should Champion a robust data backup and Recovery strategy including regular backups and off-site storage to ensure resiliency against data loss in closing securing data on Azure transcends compliance check boxes it's the Bedrock of trust and the Cornerstone of safeguarding an organization's reputation and customer trust knowing the diverse data security features at your disposal and the meticulous implementation of best practices and strategies are the cornerstones to effective data security on Azure imagine the digital landscape as a sprawling Metropolis teaming with businesses government offices and individuals amidst the hustle and bustle network security stands as the guardian of our Digital World our superhero is on a mission to protect the cloud infrastructure in an era where data breaches can spell Doom for organizations a secure infrastructure is the impenetrable Vault that keeps communication channels and the traffic that flows in the network under lock and key a secure network is also like a shield protecting organizations from compliance violations using tools such as Azure policy and ensuring that they are able to navigate the Labyrinth of regulations now picture the digital Metropolis without power Network downtime caused by cyber attacks can be catastrophic a secure network is like a digital generator that keeps the lights on it also acts as a reputation guard protecting organizations from cyber attacks in a fierce competition for customers organizations with robust network security gain a Competitive Edge but how does network security do all of this first there is threat extermination the Azure firewall dos protection and Microsoft Defender for cloud stand strong to fend off an array of digital adversaries malware fishing attacks dos threats and ransomware these villains don't stand a chance our hero also wields specialized tools to safeguard connections to resources in the cloud with its different Gateway tools such as VPN Gateway express route and application Gateway it Shields communication channels there's also Access Control ensuring that only authorized individuals can access access the network nsgs Bastion and private link provides even more ways to securely connect over the network network security is always ready to LEAP into action when threats Loom large they are detected and counter measures are deployed instantly incidents are contained and pieces restored which brings us to threat detection through monitoring while network security is the super hero who secures the city monitoring is like the sidekick keeping watch here's how this Dynamic dual operates threat detection uses its monitoring tools such as Azure Monitor and log analytics to scan the digital landscape ever watchful for suspicious activity threat detection monitoring also helps organizations promptly identify and neutralize threats it's like disarming attackers before they can strike when trouble Bru our sidekick doesn't hesitate to sound the alarm alerting our network security superhero of approaching trouble allows for Swift action before it escalates into chaos and finally monitoring provides invaluable insights into Network behavior and vulnerabilities this information empowers organizations to fortify their defenses making future attacks less likely to succeed in the vast digital City where information flows like electricity it's not just about building taller skyscrapers or brighter Billboards but about securing the very foundation on which these structures stand network security with its intricate mechanisms serves as the Guardian superhero and monitoring acts as its watchful sidekick together they not only protect the city but also ensure its inhabitants can go about their digital lives with confidence just as a city thrives when its residents feel safe so does the digital Metropolis when fortified by robust security measures ultimately our digital protectors ensured that progress never comes at the cost of protection well done on completing this module about security conscious modeling you've covered a lot of ground by following along you should now be able to identify ify threat vectors entry points and prevention methods in cyber security discuss defense in depth Azure security and network security you should also be able to discuss data security and security monitoring this video will provide a recap of what you've covered this way you can identify what concepts you feel confident about and which ones you might want to revisit before attempting the module quiz in the first part of the module you explored the threat landscape different attack surfaces and threat vectors if an attack surface such as email or social media is exploited it becomes a potential entry point for a breach a Threat Vector is an Avenue or method attackers use to exploit an organization's vulnerabilities and gain unauthorized access to systems or data examples include fishing malware Insider threats zero day exploits supply chain attacks and advanced persistent threats next you learned about access Brokers ransomware as a service or Raz and the dark web where cyber criminals buy and sell hacking Services after this you learned how organizations can fight against these cyber threats by implementing holistic strategies organizations can reduce the risks associated with identity theft Hardware vulnerabilities email related threats and more General Security concerns next you learned about antivirus and antimalware you discovered the difference between signature-based and behavior-based detection and other anti-malware software techniques such as sandboxing signature-based detection involves removing files or software that matches malware signatures stored in a database behavior-based detection monitors the behavior of programs and processes for suspicious activities you went even further and covered Advanced antivirus and antimalware techniques for example predictive analysis zero trust security and threat hunting the next part was about designing secure networks with defense in depth or did the did concept informs Azure Cloud security and constitutes seven layers physical security identity and access perimeter Network compute application and data can you recall did's three fundamental principles it is confidentiality integrity and availability by combining these principles with the seven layers of Defense organizations can fortify their defenses and maintain high security standards after this you explored a defense in-depth strategy in the context of four types of threat modeling strategic operational Technical and tactical you went on to explore how to implement the defense in depth model using various components of azure network security you learned that a layered security approach includes Azure components such as security groups firewalls virtual Networks and threat detection next you worked through the risks and threats associated with data identity and access and compliance you explored potential threats to your Azure environment such as malware viruses and dods attacks and how to counter them recall for instance Advanced ways to combat identity and access risks include identity governance Pim and conditional access knowing the risks sets you up to optimize a multifaceted defense strategy after this you covered identity infrastructure with a focus on the technical aspects of its four fundamental pillars Administration authentication authorization and auditing you moved on to learn how identity verification is at the heart of modern authentication and system design and the pivotal role Azure a plays in establishing this you concluded this section by exploring focused defense in the context of azure security and the miter attack Matrix you learned how organizations can strengthen their security posture by focusing on the system assets and attackers the last part of this module focused on mitigation strategies in Azure you learned about the evolving threats resulting from the proliferation of devices and log on locations and different security measures for identity mitigation at its core Modern identity security is about verifying and managing the identities of users devices and applications within an organization you went on to explore the benefits of and best practices for mitigating security threats on Azure and azure's comprehensive set of tools and services that help protect your applic ations data and infrastructure in the cloud Remember by embracing the shared responsibility model and implementing Advanced security practices you can bolster your organization's defenses in the Azure environment you now know that in Azure there are two essential aspects of securing your Cloud environment and resources Network protection and data protection Azure provides a comprehensive Suite of two tools and services to fortify your network infrastructure can you recall the golden rule that should guide all implementation of network security features in Azure that's right the principle of least privilege in other words only Grant the minimum necessary access to resources moving on you also discovered how Azure safeguards the confidentiality and integrity of the data itself in a cloud environment for instance Azure a plays a pivotal role in authentication processes and tools such as TDE bit locker and Azure disk encryption are examples of azure encryption methods you further covered best practices and data protection strategies for adequate data security on Azure and finally you learned that regular auditing and monitoring Security in Azure is essential for protecting data and applications from evolving threats Microsoft Defender for cloud Azure Monitor and Microsoft Sentinel provide comprehensive tools for monitoring and responding to security threats in Azure and by working through various real world applications of these monitoring services in Azure you should now have a solid understanding of the role and best practices of security monitoring in Azure and that concludes this summary video of what you've covered about security conscious modeling and the various ways to protect your Azure environment against Network and data threats and remember don't hesitate to revisit any material if you feel unsure about anything good luck with the module quiz well done on reaching the last module in this Advanced cyber security and Capstone course during the course you explored threat modeling security conscious design and threat mitigation strategies you are now well positioned to complete the Capstone project which consists of five stages but before moving on to that let's take a few minutes to recap what you've learned so far you began with an introduction to threat modeling and its three phases threat modeling is a process for identifying and addressing security threats to your applications step one of threat modeling is decomposing the application here you learned how to define The System Scope by breaking down an application components and analyzing their interactions and vulnerabilities you discovered that decomposing an application is also about unpacking its purpose architecture security controls vulnerabilities external dependencies entry and exit points assets and Trust levels step two is determining and ranking threats based on two essential factors factors impact and probability you learned how to use the stride and Dread models to perform this step by using stride one can systematically identify different types of threats while dread provides a quantitative approach to assess and prioritize these threats based on specific criteria integrating both Frameworks enhances the overall effectiveness of threat modeling by offering a comprehensive analysis of potential security risks and in step three determining counter measures and mitigation you learned how to devise mitigation strategies for prioritized threats and Implement countermeasures considering controls like access management and encryption you also got some practical experience by completing an exercise where you created a threat model for a simple web application you then explored the comprehensive sans's approach and how it aids in identifying and assessing threats establishing an application security Paradigm and the rationale behind incorporating security features with a solid grasp of the sans's approach as a Cornerstone of security you then went further and explored various application security Frameworks these approaches contribute to the broader field of cyber security by providing systematic Frameworks and tools for understanding assessing and addressing security threats and vulnerabilities let's briefly review these Frameworks first is pasta or process for attack simulation and thread analysis a sentinel of risk Centric threat modeling methodology pasta encompasses a seven-step process offering a holistic view by taking into account the entire ecosystem in which an application or system operates next is CVSs the common vulnerability scoring system a standardized tool set used to gauge the severity of security vulnerabilities it provides a quantitative way to evaluate the impact of vulnerabilities based on its three components base temporal and environmental metric there is also PNG or the process for National Security risk management PNG is a comprehensive standard of guidelines and best practices for planning conducting and Reporting penetration tests last is vast or visual agile and simple threat modeling a modern and accessible threat modeling framework the fundamental principles of vast are visualizing threats agile response to threats and simplified management you also gained practical experience in threat analysis recall how you evaluated threats using the CVSs calculator now these are great skills for a cyber security analyst to have moving deeper into the realm of threat modeling you explored how it is done for Azure virtual networks you learned about the four phases of the security development life cycle or sdl and how to use it in combination with the Microsoft threat modeling tool the next section of the course was focused on Advanced threats and mitigation you discovered different kinds of susceptible infrastructure such as Cloud infrastructure web browsers package repositories and communication software you also learned about the miter attack Matrix this tool offers an in-depth understanding of adversarial tactics and techniques serving as a procedural guide for cyber Security Professionals following this you explored various types of malicious software let's see if you can recall what you've covered viruses worms Trojan horses Bots botn Nets and root kits you also learned about spyware fishing ransomware adwar and finally key loggers moving on you covered iot devices and the risks associated with them this involved understanding iot attack prevention strategies and the iot device architecture and you use this new found knowledge to complete and exercise the last section of the course was all about security conscious modeling you started by getting to grips with the threat landscape attack surfaces and threat vectors you learned about access Brokers and the dark web and then covered the various mitigation strategies and tools for example antivirus and antimalware used to combat these adversaries after this you learned about the seven layers of Defense in depth or did and how it informs Azure Cloud security the layers of did are physical security identity and access perimeter Network compute application and data you learned that the new security perimeter is identity security and that modern identity security is all about verifying and managing the identities of users devices and applications within an organization at this point you learned about the vast array of azure tools and services focused on network security and those focused on data security and don't forget about monitoring in aure you delved into advanced threat detection and monitoring tools such as Microsoft moft Defender for cloud Azure Monitor and Microsoft Sentinel through a mix of videos readings and exercises you have learned about different approaches to threat modeling and threat analysis developed in-depth knowledge about the cyber security threat landscape and gained Advanced knowledge about Azure services and tools for threat mitigation you've now reached the end of this recap in the next video you will get an overview of what the Capstone entails it will require you to integrate the Knowledge and Skills you've gained from this and other courses after completing the Capstone project you will complete a final graded quiz good luck reaching this point in the cyber security analyst program demonstrates that you possess the skills and determination required to successfully finish the final Capstone project this video will give you an overview of what to to expect you will cover the project brief key requirements for the proposal and the five stages of project execution this project tests the key skills covered throughout this course and the preceding ones and it is designed to challenge you to apply your cyber security Knowledge and Skills to a real world scenario moreover you will need to demonstrate your understanding of technology and its uses you are tasked with producing a cyber security proposal for the network and infrastructure of a small catering and food equipment Leasing Company the name of this fictitious company is VIP events and because it is expanding its operations it requires a secure it system to support its growth as a cyber security expert you will be tasked with analyzing the security needs of VIP events and designing a comprehensive solution that incorporates defense in-depth principles the zero trust model and Azure active directory your proposal should also address testing and compliance considerations VIP events is expanding its operations to a new three-story building and has grown its Workforce to 21 employees including equipment handlers chefs office workers and management the company also employs transient event Personnel on an as needed BAS basis your cyber security proposal must address the access and identity management needs of all employee groups ensuring that each user has isolated access to job related activities you will also need to take the hardware requirements into account that will allow various areas within the physical premises to connect to the company Network these include the loading dock storage areas kitchens Office Space and conference rooms and don't forget about devices VIP events infrastructure includes several fixed and mobile Business Machines such as desktops laptops and tablets now that you have an overview of what to expect let's inspect the five stages of the project the first stage focuses on company requirements in this stage you will gather information about business Operations Security requirements and user roles of VIP events the next stage is aad setup in this stage you will specify the Azure ad tenant structure advise how to configure user accounts and the implementation of group-based access control stage three is about roles and access this stage focuses on defining granular access permissions for all user groups ensuring that users have the right level of access to perform their job duties stage four revolves around aad connections here you will advise how to integrate Azure ad with other possible business applications and services to streamline user authentication and authorization in stage five is policy implementation in this final stage you will detail the development and implementation of security policies to govern user Behavior data access and device management you will be guided through each stage with a reading and a reflective self-review after completing all the stages of the Capstone project you will work through an Exemplar of a possible solution this video gave you a bird's eyee view of the final Capstone project it's time to move on to the project which will require you to integrate the Knowledge and Skills you've gained during your journey journey in the cyber security analyst program good luck you've got this congratulations on reaching the end of the advanced cyber security Concepts and Capstone project course this course has helped you develop the advanced skill set you need to excel as a cyber security analyst for example as an analyst your responsibilities would involve performing all the phases of threat modeling designing infrastructure with a security cont focus and planning and implementing threat mitigation strategies through a mix of videos readings and exercises you have learned about different approaches to threat modeling and threat analysis got practical experience in developing threat models and gained Advanced knowledge about Azure services and tools for threat mitigation most importantly you completed the Capstone project by developing a cyber security proposal for for a business by integrating the knowledge you have gained from this and previous courses into a standalone portfolio piece you have demonstrated your Advanced cyber security skills the Capstone project also prepared you for the scenario based approach you may encounter in the sc900 exam completing this course contributes towards gaining the cyber security analyst professional certificate from corsera this certificate not not only helps you enhance your skills but also gain a qualification that can lay the groundwork for a career as a cyber security analyst it serves as proof of your job Readiness and can be shared with your Professional Network and it will help you prepare for the exam sc900 Microsoft security compliance and identity fundamentals the program has been uniquely mapped to key job skills required in cyber security analyst roles in each course you are able to consolidate what you have learned by completing a course project that simulates realworld cyber security scenarios to round off your learning you'll take a mock exam in the final course that has been set up in a similar style to the industry recognized sc900 exam the exam sc900 measures your ability to describe the following concepts of security compliance and identity capabilities of Microsoft entra capabilities of Microsoft Security Solutions and capabilities of Microsoft compliance solutions to complete the exam you should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and identity strategies provides an endtoend solution across these platforms visit the Microsoft certifications page at www.learn.cashtracking.com all the key Concepts covered in the sc900 proctored exam it also includes a mock exam mapped to all the main exam topics as well as an additional Microsoft practice exam that will bolster your preparation doing so will enhance your cyber security analyst portfolio and help you gain the appropriate skills that you need to demonstrate your abilities in the workplace completing all the courses in the Microsoft cyber security analyst program will signal to potential employers that you are motivated capable and not afraid to learn new things your journey of Discovery has required a great deal of perseverance and you should take pride in how far you've come well done on your achievement and Newfound knowledge it has been a pleasure to accompany you on this path of exploration welcome to the Microsoft sc900 exam preparation and practice course by now you have completed all of the other cyber security courses in this program that's impressive now it's time to make sure you're ready to take the Microsoft sc900 exam to this end you will revisit the key topics and Concepts covered in the program after you have successfully completed this professional certificate you will be ready to schedule the exam sc900 Microsoft security compliance and identity fundamentals through Pearson view this video will give you a quick overview of what this course covers let's explore The Learning Journey you will be undertaking you will start with information about the sc900 exam including how to prepare for the proctored exam you will discover what topics will be covered in the exam how the exam is administered and what studying strategies are effective then you will move on to the concepts of security compliance and identity this includes reviewing important topics like the zero trust model and authentication and authorization venturing onward you will revisit the capabilities of azure active directory or Azure ad which is part of Microsoft entra this includes the identity services and identity types in Azure ad for example you will cover hybrid identity and external identity types following this you will review what you learned about the authentication features of azure ad like self-service password recess multiactor authentication and the password protection and management capabilities available in Azure ad moving on to the next part of the course you will evaluate what you learned about the access management features of azure ad for example you will revisit the topic of conditional access the benefits of azure ad roles and role-based access control the subsequent part of the course is about the identity protection and governance capabilities of azure ad here you will cover Concepts like entitlement management and access reviews as well as the features of azure ad privileged identity management or Pim and Azure ad protection after that you will revisit Microsoft Security Solutions for example you will review what you learned in previous courses about Azure dos protection Azure firewall Azure Bastion and just in time access you will also cover Network segmentation in Azure virtual networks Azure network security groups and Azure data encryption continuing on you will investigate Azure security management this includes consolidating your knowledge of cloud security posture management or cspm Microsoft cloud Defender and its enhanced security features as well as the security baselines for Azure you will then review how Microsoft Sentinel provides integrated threat management through security information and event management or Sim and security orchestration Automation and response or SAR the section after this focuses on Microsoft services like Microsoft 365 Defender Defender for Office 365 Defender for endpoint Defender for cloud apps Defender for identity and the Microsoft Defender portal following this you will revisit Microsoft's service trust portal and privacy principles the next lesson is about the compliance management features of Microsoft purview for example you will review what you learned about the compliance portal manager and score you will then move on to the information protection and data life cycle management features of Microsoft purview this includes data classification capabilities and the benefits of the content Explorer and sensitivity label policies this part of the course also covers data loss prevention or DLP records management retention policies labels and retention label policies the second last part of the course starts off with risk and resource governance you will review what you know about Insider risk management commun iation compliance and information barriers after this you will focus on azure's resource governance capabilities where you will revisit Azure Blueprints and Microsoft purviews UniFi data governance Solutions the final part of the course is focused on making sure that you are prepared for the Microsoft exam sc900 security compliance and identity fundamentals you will complete a series of practice exams specifically designed to assess your Readiness to take the exam you will also have the opportunity to take the Microsoft practice assessment the course culminates in a graded mock exam that have questions similar to the real sc900 exam but be assured that everything you need to complete the assessment will be covered during your learning with each lesson made up of video content readings and quizzes when you complete the course you'll have earned a course era certificate to share with your Professional Network and you will have tangible examples to talk about in a job inter you'll also be prepared to take the Microsoft sc900 certification exam and earn your Microsoft certification this certification is globally recognized evidence of Real World skills it shows your commitment to keeping Pace with rapidly changing technology by expanding your skill set in your professional roles in summary after completing this course you will be able to describe concepts of security compliance and identity capabilities of azure active directory part of of Microsoft entra Microsoft Security Solutions capabilities and Microsoft compliance Solutions capabilities this course not only provides you with an in-depth overview of what the Microsoft sc900 exam will be about it also gives you the opportunity to put your knowledge to the test to prepare for the exam this preparation is key to making sure that you are ready to take the exam now that you've reached the end of this course introduction it's time to continue on your cyber security learning path this is the final course in the Microsoft cyber security analyst professional certificate and it will guide you through your first steps towards taking the sc900 exam and earning Microsoft certification by obtaining Microsoft certification and security compliance and identity fundamentals you unlock various career opportunities enhance your Knowledge and Skills and build a Competitive Edge in the job market exams are nothing new it's likely that you've encountered many similar challenges earlier in your career just like before it takes preparation to make the most of it and the more effective your preparation the more benefits you will reap from all your effort this video will provide a compact overview of what you can expect from the exam sc900 the logistics around taking it and the steps you need to take to prepare for Success you can take the sc900 exam online through Pearson view at your home or office you can also take your exam with Pearson View at one of the worldwide test centers Pearson view is a global leader in computer-based testing and Assessment Services and their on viw platform employs several security measures to ensure a fair and secure testing experience and maintains the Integrity of the exam you can schedule your exam for a specific date and time from the Pearson view website there are a few important things to do before the day of the exam these include a system check making sure your governmen issued photo ID meets the requirements and choosing the appropriate space to take the exam the sc900 exam is a proctored exam this means that during the exam you are monitored by a live Proctor through your webcam the Proctor ensures that you follow the exam guidelines and don't engage in any prohibited activities during the check-in process on the day of your exam the Proctor will also give you certain instructions there are very strict rules about what items and actions are allowed while taking the exam and you will learn more about them later in the lesson make sure you understand these policies because failing to adhere to them will result in the termination of the exam session let's move on to the topics covered in the exam to succeed in the sc900 exam you should be familiar with Microsoft Azure and Microsoft 365 you should be able to describe the concepts of security compliance and identity describe the capabilities of Microsoft Azure active directory part of Microsoft entra describe the capabilities of Microsoft Security Solutions and describe the capabilities of Microsoft compliance Solutions there are certain percentages of exam questions relating to each of these categories knowing these percentages can help you focus your study schedule on the categories that carry the most weight and help you prepare in the most effective way later in this lesson you will also get a breakdown of the specific ways in which the skills related to each of these categories might be assessed effective exam preparation will require a lot of dedication but you also need to consider effective strategies during the exam for instance the type of questions you might get and how to approach them reading every option before choosing a final answer and following a process of elimination when you're unsure are some helpful strategies you will learn more about these and other strategies later in the lesson one of the best preparations that you can make is to take a practice test before the exam this way you can monitor your progress and identify the topics you might have to revisit later in this course you will take two mock exams each one will focus on the topics and key Concepts covered in the previous courses and the skills measured in the sc900 exam this video gave you a bird's eye view on how the sc900 exam Works what it tests and some core elements of an effective exam preparation strategy you've already put in a lot of hard work by engaging Ing and course material exercises and assessments during this program you are in a good position for the final stretch before taking the exam the information and materials in this lesson will help you focus your preparation during this final stage towards earning Microsoft certification in security compliance and identity fundamentals in today's datadriven world information flows freely across geographical and political boundaries and it should be treated like Precious carg go with a focus on privacy and protection like a seat belt reduces the risk of harm in a car crash security compliance measures dramatically mitigate the chances of data breaches and their severe consequences but preventing car crashes altogether is even better and that's why drivers need to follow Road Rules in the same way companies should adhere to standards and regulations to proactively safeguard the data entrusted to them this video delves into the importance of security compliance exploring key Concepts regulations and Industry standards that drive it and its impact on Modern business practices security compliance refers to the process of adhering to specific laws regulations and guidelines designed to safeguard data and information systems by understanding and implementing security compliance organizations can ensure that data is handled responsibly and securely this comprehensive approach to security compliance encompasses data protection access control responsible storage and sharing practices Microsoft places a big emphasis on how data is stored and shared throughout all of their products there are six key privacy principles that they enforce and recommend as best practices for their customers first is control this principle maintains that the customer should be in control of their data second is transparency a customer should be made aware of what data is being gathered and why third is security any data that has been entrusted to Microsoft is always maintained in a secure fashion for example implementing an identity and access management platform such as Azure ad represents a commitment to protect customer data fourth is strong legal protection Microsoft will act as an advocate for the privacy of an individual if a legal request has been made for personal data fifth is a no content-based targeting this entails avoiding the use of private content to push a service for example reading messages or using collected email addresses the sixth and last principle is benefits to the customer in other words any data collection such as through cookies should only be done to enhance the experience of the customer compliance is more than just following principles or rules it is a commitment to protect sensitive data and maintain customer trust failure to comply with established security standards can lead to Hefty fines legal actions and significant damage to a company's reputation the key to managing data compliance lies in understanding two key Concepts First Data residency which relates to where data is housed and second data sovereignty which is about who owns data and what can be done with it first let's explore data residency data is housed in centers which can be found all over the world the location of the center storing a piece of data governs the laws that apply to this data since different cont countries have different data handling laws the same data might be stored differently in different regions this means that if you move data from a data center in one country to another you need to check if the regulations differ and might have to make some adjustments to it moving on to data sovereignty which is about ownership and use of data but isn't only about the data itself it's also about the metadata gathered from the original user this can include cookies that collect additional information associated with an owner of data two major laws are worth considering when it comes to data sovereignty the general data protection regulation or gdpr and the California consumer Privacy Act or CCPA gdpr relates to European law while CCPA is American specific regulation there have been several high-profile fines levied on large corporations for violating these regulations these violations generally relate to only one of these laws not necessarily both this is because the governing body bodies have different views on how data related to an individual should be handled differences between the regulations are also why understanding data residency and sovereignty is so important actions taken regarding the transportation use and storage of data in one political State can be at odds with the regulatory requirements there but these same practices might be considered perfectly acceptable in another country another point to consider is that company data in the cloud no longer necessarily resides on premises in the same country as the company one must take care regarding the local data requirements for the data center in use in conclusion security compliance is not just a legal obligation but a fundamental Cornerstone of a company's reputation and customer trust it is an ongoing Journey that involves understanding applicable laws implementing necessary controls and conducting regular audits by embracing this commitment to data protection and continuously improving security efforts organizations can establish themselves as secure and trustworthy entities in today's datadriven landscape remember every step taken towards compliance is a step towards a more resilient and respected organization you now know about shared responsibility and how it relates to different Microsoft Services the shared responsibility model provides a framework to set out duties and responsibilities between businesses and providers but what happens when a crisis occurs there must be a plan and process in place to leverage those responsibilities to maintain recover and secure the resilience of business operations and this is where business continuity management or BCM comes in in this video you will review the basics of BCM and the Microsoft tools that are available to help businesses navigate unforeseen challenges and ensure organizational resilience first let's Define business continuity management it is the the process of planning and implementing strategies to ensure the continuous operation of critical business functions during an unforeseen incident and the rapid recovery post event ultimately BCM is concerned with reducing the impact of unexpected incidents by building fail safes that avoid downtime and improve recovery time there are two objectives when it comes to BCM recovery time objective or RTO and Recovery Point objective or RPO RTO was measured in hours minutes or days and it's a metric for the permissible level of downtime for a business process consider a forward- facing help desk that goes offline because of a loss of connectivity in a region if the RTO is 6 hours then there is a window of a maximum of 6 hours during which the help desk can be offline without compromising operations RPO relates to the amount of data loss the organization can incur in an incident This concerns backups and redundancies that a compan has built into its business process consider a company that actively gathers and shares data on weather events its RPO relates to how long the service can be without data before it is damaging to the company if the RPO is 2 hours it means that data must be backed up every 2 hours so that when recovery happens the data can be recovered within a window of 2 hours who is responsible for the RTO and RPO is dependent on whether iaz Pas or SAS is commissioned for from Microsoft consider a scenario where a company has commissioned an iaz in the event of a crisis the cloud provider must ensure that the data centers and processing power are operational before the predetermined RTO the data and applications RPO would be the customers responsibility however if Microsoft Is providing a SAS such as teams then both the RTO and RPO would be their responsibility Microsoft has several means to ensure that they meet their obligations let's examine these first are Regional data centers by providing a diverse range of locations for their data centers Microsoft can mitigate certain unforeseen events such as damage due to earthquake having data centers on different continents ensures that such a disaster will not impact the service this is further reinforced through a Geo redundant Service as well as having dispersed data centers Microsoft creates backups of the data or service which can be spun up in times of trouble the there is also Azure traffic management a traffic balancing infrastructure that disperses requests across several regions it ensures continuity of service by making sure that a specific region isn't disrupted through excessive traffic recovery is supported as requests can be redirected to functioning end points this traffic balancing infrastructure ensures High availability and low offline events while Microsoft as cloud provider can fulfill its responsibilities through the means outlined the client should also engage some measures customer continuity measures might include business impact analysis it is the business's responsibility to be aware of their own weak points by analyzing where business dependencies and vulnerabilities are after identifying these there needs to be an effective Disaster Recovery plan that will mitigate these weak points if a crisis occurs next is application resilience it is the customer's responsibility to create robust applications that are resilient to issues this can include embedding features like redundancy so that there are fallback measures in the event of an issue application resilience also includes regular testing and training a company should employ the Mantra of ever Vigilant ever ready by constantly testing their systems and training their staff to deal with issues a company can help mitigate incidents before they occur in conclusion business continuity management relies on an understanding of shared responsibility while different levels of responsibility exist depending on which servic is employed both parties will have responsibility to some degree both shared responsibility and business continuity management are essential to a business's risk management security and resilience earlier you were introduced to the topic of zero trust in this video you will build on what you know about the zero trust model by exploring the six founding pillars identity device monitoring application monitoring data infrastructure and configuration and how they work together to create a robust and comprehensive security framework the first pillar is identity effective identity management is at the core of zero trust every entity that tries to access a network resource must have a verifiable identity this can include people devices services and applications organizations use authentication methods like multiactor authentication or MFA to ensure that a user's identity is verified before granting access role-based access controls or arbac also help Define access privileges based on users's job functions the second pillar is device monitoring data passes through many devices between storage and retrieval and constant vigilance helps identify signs of compromise devices like users are given their own role or identity to access a system they are treated with the same autonomy as a human user and are equally seg M mented to avoid lateral movement in case of a hack additionally there are enforced requirements for updated software security patches and compliance with security policies a failure to remain up to-date means that system access will be revoked next is application monitoring it is critical to also monitor applications that interact with the network this involves identifying all applications and strictly managing their permissions and access role-based Access Control extends to Applications ensuring that users can only access applications necessary for their tasks the fourth pillar is data this is a precious commodity hackers may want to exploit the information in data when a serious breach occurs and data leaks a company's reputation can be damaged alternatively a hacker may try and remove access to data to disrupt the company's day-to-day operations ideally data should be classified labeled and encrypted so that a company knows what information is being retained how sensitive it is and where to access it if required in the future additionally data in transit and at rest should be encrypted to secure it even in the event of a breach the fifth pillar is infrastructure this is a concern for on premises businesses rather than cloud-based businesses because the cloud provider is responsible for cloud infrastructure there are several elements that need to be considered first is versioning is your software current and updated ated next is configuration have your systems been set up correctly and optimally and there's also access what strategies have you implemented to limit and control access to your system strategies such as just in time access and just enough access can be particularly effective the sixth and last pillar is configuration ideally networks should be segmented into sub networks with limited organizational Mobility the focus here is to create walls between different areas of the business this prevents lateral movement which allows a hacker to cause more harm after initial access the zero trust ethos prescribes that the system is probably already breached so you should ensure that no sensitive areas can be reached implementing the zero trust model comes with its share of challenges particularly for organizations with existing it infrastructures proper planning and adherence to best practices are essential some key considerations include gradual implement impementation adopting zero trust may not be feasible overnight especially for large Enterprises organizations can begin with a pilot project focusing on specific critical assets and gradually expand the model one policy that can Aid this process is conditional access it analyzes user behaviors to detect suspicious activities if detected it prompts the user to take added security measures such as updating software changing passwords or reauth I ating you should also consider collaboration and training successful implementation requires collaboration between it teams Security Experts and various stakeholders this includes adequately training all employees to understand the zero trust models principles and their roles in maintaining security Microsoft provide a helpful resource called the trust Center where interested parties can go and learn more about Microsoft security measures another best practice is Contin ous monitoring and Analysis this proactive approach is vital when following the zero trust model continuous monitoring and analyzing Network traffic and behavior are crucial to identify and respond to potential threats promptly one service that can help with this is Microsoft Sentinel it ingests information from logs and Telemetry generated from the network resources to provide realtime monitoring on activities to determine if any abnormal activities have occurred to summarize the zero trust model represents a paradigm shift in cyber security no entity is presumed trustworthy and everything should be continually verified by adopting this approach and integrating its key components organizations can significantly enhance their security posture protect critical assets and mitigate the risk of data breaches the words cryptography and encryption May conjure visions of spies and covert operations or of hackers sitting in windowless rooms yet much of today's modern online World wouldn't be possible without these two concepts they are the backbone of secure communication ensuring that exchanged information remains hidden from prying eyes this video is about encryption the related concepts of symmetric and asymmetric keys and encryption in Azure active directory part of Microsoft entra let's get started in the realm of encryption readable data is known as plain text after applying an encryption technique it is referred to as Cipher text in other words encryption is the process of changing plain text to Cipher text through the use of a reversible process to ensure confidentiality this can be done by applying a formula or Cipher to the text to alter it from one form to another decryption on the other hand is the reverse of this process where Cipher text is converted into plain text through a cipher typically the cipher is referred to as the key because it can lock or unlock data Keys come in two forms symmet keys and asymmetric Keys a symmetric key is a cipher that can encrypt and decrypt data this means that the key has to be known by both parties the challenge is to share this Cipher with the appropriate parties without allowing a third party to intercept it consider a scenario where three colleagues Lydia Saran and Sven want to share messages using symmetric encryption Lydia would need a key for encrypting the data between herself and San but she would need a different key to communicate with Sven and a third key would be necessary for secure communication between San and Sven of course the more parties involved the more keys needed because symmetric encryption is computationally less expensive it's typically used when a large amount of data needs to be encrypted for instance a hard drive or if many individuals like employees are given the ability to decrypt The Source data a symmetric encryption differs from symmetric encryption in that it uses only two keys a public key key and a private key that form a key pair this setup enhances secure Communication in distributed systems by offering a safer method for key exchange the private key reads the cipher text of a message encrypted with a public key and the private key is never shared consider the previous scenario but the colleagues use asymmetric encryption this time Lydia would have a public key that anyone including San and Sven could use to encrypt messages meant for her however only Lydia's private key can decrypt those messages similarly Saran and Sven would each have their own unique public and private key pairs for secure communication for every individual only two keys are required this means that there are fewer Keys created as compared to symmetric encryption this more secure form of data encryption is typically used in both social and financial exchanges on the internet let's move on from keys to a broader understanding of how data exists and is safeguarded data can be said to be at rest or in transit typically data is stored in a database on a hard drive or in a data storage center this data is said to be at rest and can be encrypted so even if a hacker has gained access to the data they still can't use it remember the principles of zero trust and assuming breach this is a prime example even though the data is stored securely behind a firewall it is still rendered unreadable to an unauthorized individual data moving from one device to another is said to be in transit this data is often encrypted at the application layer before it is downloaded onto the network when it is received it is then decrypted and rendered for the recipient the need to encrypt data in transit is due to a popular hacking exploit known as a manin the-middle attack hackers position their devices between the sender and the receiver the data is copied and then passed on to the intended party a less commonly known encryption is when when data is encrypted while in use this encryption form is used for sensitive data that needs to be treated with greater care data is siloed on non-persistent storage and then encrypted as the CPU processes it applying various levels of encryption requires more processing time so like with any form of security there is a trade-off between ease of accessibility and security now let's examine how encryption Works in Azure encryption keys are securely stored within azure measure key Vault when transferring data to and from the Vault the data is protected using the transport layer security or TLS protocol Additionally the connection is fortified with perfect forward secrecy or PFS which is a cryptographic approach that employs symmetric encryption to generate a unique session key for each connection before any data is stored this session key is Thoroughly scrutinized to ensure the Integrity of the session and to prevent potential compromises by malicious actors this approach of encrypting the data in transit and using the session key before data is stored is an example of azure ad's defense in depth in summary encryption serves as the Bedrock for secure Communications in the digital age understanding its intricacies is vital with symmetric and asymmetric Keys offering unique approaches to safeguarding data as cyber threats evolve these tools will remain at the Forefront ensuring digital interactions remain confidential and protected every time you log into your email social media or any online account you're benefiting from the behindth scenes use of hashing to protect your password you might recall that hashing works like this when you create an account on a website or platform the website doesn't store your actual password in its database instead the website server applies a hashing algorithm to your password and stores the resulting hash in its database when you log in the webs s ite hashes the password you enter and Compares it to the stored hash in its database if the hashes match your granted access if not you can't log in this process enhances security because even if a malicious actor gains access to the website's database they won't obtain your actual password instead they'll get the hash which is incredibly difficult to reverse engineer to obtain the original password this video will take you through the evolution of hashing from its rudimentary stages to the more sophisticated hashing used today a hashing algorithm takes an input like plain text and applies a hashing function that generates a fixed length output the hashing function is deterministic meaning the result is always the same and it is primarily used for authenticity checks that is to say the recipient of a message can verify that the message has not been corrupted in transit message digest algorithm 5 or md5 was one of the earliest and most common hashes regarding regardless of the length of data inputed it always outputed a 128bit hash value typically an algorithm will use padding to extend the input length to ensure it is the same as the output length inversely the folding method is applied when an input is longer than the output folding involves repeatedly processing or adjusting the characters to fit the desired output length this is similar conceptually to wrapping text in an Excel column md5 was most commonly used in password storage from the start of the '90s as an early cyber security innovation this approach is now considered redundant due to excessive amounts of collisions a collision is when two different inputs generate the same output consider a simplistic hashing function using modulo five this refers to the remainder left over after the target number is divided by the modulo in this case five if you examine this table it is clear that the algorithm works for numbers 1 to 5 as the approach gener generates a unique output on each turn however from number six the issues with the algorithm become apparent the output of one and six and seven and two create collisions because they are the same there are a few interesting properties to note firstly the algorithm's output retains no reference to the input this means you can't tell from the result if the original number was one or six this reflects the information loss that occurred in the process the issue with collisions is that if the output is not unique it cannot be used to verify authenticity collisions open the door for hackers to generate a false hash with some malicious code and trick your computer into accepting it secure hash algorithm or sha is the more secure successor to the now redundant md5 it generates a fixed output of 160 bit hash values but as computing power grew the original sha now called sha1 became redundant now there is a family of sha algorithms that generate different fixed length outputs for instance sha224 generates a fixed length output of 224 bits or 28 bytes sha256 generates fixed length 256 bits output and so on the complexity of the Sha algorithm changes but the characteristics of the hashing method are the same the first characteristic is that the method needs to be quick but not too quick too quick means it can be reproduced posing a security risk and second it needs to have an avalanche event in other words if one element in the input changes the output changes consider you Hash a document if you open this document and change one slight thing like a space it must cause the generation of a completely different hash and third the Sha algorithm needs to avoid collisions in this video you've unraveled the significance of hashing algorithms in cyber security from m d5s early days to the diverse sha family these algorithms have played a vital role in safeguarding data Integrity remember a good hashing method must strike a balance between speed Avalanche effects and collision avoidance up to this point you've explored the power of hashing which efficiently converts input to a fixed hash used for verifying the original data however it's crucial to understand that a hash is a one-way process meant so f for data verification this is where encryption steps in it offers reversibility in this video you will explore encryption techniques another critical facet of data security and how it allows you to scramble data in a way that can be decrypted an encryption algorithm takes an input applies an algorithm and generates an output that hides the semantics of the original content the generated output is in a state where the process can be reversed to Output the original content there are several wellestablished methods for doing this take the simple transformation process Illustrated in this example it demonstrates a simple algorithmic approach that replaces each Alphabet letter with a number for example each letter in the word Fox is respectively represented by the Numbers 6 15 and 24 this is a proper encryption because the key can regenerate the original text this is also an example of Ono one mapping one to one mapping refers to a relationship where each element from one set corresponds to exactly one unique element in another set but one to one mapping is a security risk because it simplifies the challenge of identifying the cipher this shortcoming was addressed in modern encryption approaches like Advanced encryption standard or AES AES avoids this through substitutions permutations and mixing operations AES is a symmetric key encryption it is a prevalent encryption approach in e-commerce file encryption and online banking let's examine how it works AES Works in iteration so several rounds are performed to generate the final encrypted output first the plain text is converted into a matrix with X rows and columns the original key can be 128 192 or 256 bits long the keys length dictates the encryption's complexity and the number of rounds performed which can be 10 12 or 14 respectively then a bitwise XO combines the key with the plain text in the initial round this is similar to salting when hashing is applied it adds a level of diffusion thereby adding a further layer of security after this each subsequent round consists of four subprocesses these are sub bites where plain text is switched with a representation from the substitution table shift rows which is when rows and the Matrix are shifted mix columns where Matrix multiplication is applied to the columns to alter them and finally add round key which is when the key is further integrated with the plain text using the bitwise xor operation by completing these steps the algorithm obscures the original content by altering the original plain text through permutation substitution and transformation methods this process is 100% reversible but requires the original key other examples of contemporary encryption approaches include chaa 20 a symmetric stream Cipher designed to encrypt large data sets efficiently it creates a stream of pseudo random bits that are then combined with the plain text using xor to form the cipher text RSA which stands for rivest Shamir Adelman it's an asymmetric encryption algorithm based on the mathematical properties of large prime numbers it uses a public key for encryption and a private key for decryption providing secure key exchange and digital signatures and elliptic curve cryptography or ECC is an asymmetric encryption method that relies on the mathematical properties of elliptic curves over finite Fields ECC offers equivalent security to traditional RSA but with smaller key sizes making it suitable for resource constrained environments in this video you did a deep dive into how encryption Works while different algorithms employ different approaches understanding the underlying mechanisms can help you gain a greater intuition of how the processes generally work technology is constantly shifting how people engage with one another and conduct business powerful computers and devices high-speed internet and social and business collaborative platforms have led to a fundamental shift in how individuals work working from home is now more possible than ever this has led to a change in how organizations secure their assets once favoring an on-premises security perimeter security methods now hold identity as King in this video you will learn how this shift has led to a radical change in security methodology let's start off by exploring how the need for alternative and secure login methods manifested with the changing times before one employee used one workstation to access a network today many employees use all means of devices to access company networks globally the global pandemic in 2020 accelerated this trend because it caused a shutdown of many Industries and restricted the movement of people access to work environments from different locations was suddenly a critical need to continue business operations the pandemic massively increased the work from home phenomenon enhanced collaboration among both internal and external organizational resources was another push for remote access for company resources thus the traditional approach to maintaining a company's on premises based security perimeter is no longer viable other factors that contribute to its shortcomings include a growth in SAS applications nowadays companies Outsource many crucial functions to external third parties these specialized services like call centers bookkeeping and financial transaction Services need to integrate securely with company's internal networks and devices bring your own device or BYOD is also a contributing factor and a spin-off resulting from the work from home phenomenon an employee May communicate with a client from a personal telephone or access company files from home using devices registered with the system but not belonging to the company deems an on-premises security perimeter obsolete another factor is unmanaged devices from thirdparty Network users for instance an individual within a SAS company May access company resources through personal devices unfamiliar to the system unlike BYOD employee access these unmanaged devices access company networks sporadically and since they are not associated with a particular individual this makes them even harder to track and control furthermore The Internet of Things is becoming more autonomous on company networks this creates a need for a security perimeter that can manage requests from iot devices to access internal information and services by now it should be clear that identity relates to more than just people it relates to all sorts of devices that request company information the SAS applications a company uses partner companies and their employees and so on and that is why identity is the new security perimeter in the modern business world to use identity as a security device you must assign an identity to every entity that interacts with the system this includes People Partners devices and applications this way you can track all requests made from the system back to a given entity therefore each entity has a set of logs and permissions that are associated with it the concept of identity as a security stands on two principles first record all means of access before giving access to a resourc or system and second only give limited access appropriate to an entity's function within the company but what is the basis for ensuring secure identities earlier you learned about the Seven Pillars of zero trust there are also four pillars for the identity structure that tie in with it the the first pillar is the administration of the creation management and maintenance of identities there are various guidelines and best practices for creating deleting and updating identities shared in this and earlier courses it's essential to stay current on these guidelines because they will continue to evolve along with rapidly changing business environments next is authentication the focus here is on the information a system requires to determine if a legitimate identity requests access a a myriad of signals can direct the request to an appropriate access channel for instance information on the identity itself and its behavioral pattern signals also include other metadata such as time stamps and geolocation stamps to name a few the third pillar of the identity structure is authorization if a system successfully determines that it is a legitimate entity requesting access the next step is to determine what access to Grant here the focus is to minimize access access to only what is essential for an entity to perform its function and last is auditing having allowed an entity onto the system auditing is about monitoring the activities of this entity the questions related to this are who what where and how alerts reports and access governance all form part of auditing in this video you've explored the shift from traditional security perimeters to an identity Centric approach to meet today's access needs identity now encompasses people devices applications and external entities the four pillars of the identity structure Administration authentication authorization and auditing are crucial in this evolving landscape these Concepts form a fundamental backbone of azure ad and are some of the major topics covered in the exam sc900 in the rest of this lesson you will unpack them in more detail incorporating pertinent building blocks to for C ify your cyber security foundation for the modern era by now you know that authentication and authorization are two methods by which companies create flexible and secure access to company resources you also learned that Azure ad is a centralized way to provide this safe access but what does centralized really mean in this video you will explore the various ways Azure ad provides centralized Access Control Azure ad acts as an umbrella system providing centralized access to various services and applications of a company there are various advantages to such a centralized approach in addition to having to verify users identities only once they can access company files and communicate with co-workers centrally and everyone can collaborate on the same version of the document today many businesses rely on various devices applications Services users collaborators and customers to meet operational business needs these Services could include Microsoft 365 SharePoint Ms teams PowerPoint and Azure resources to name a few the access and integration of these different Services gave rise to the need for a centralized management system and Azure ad met that challenge Azure ad is an identity as a service or idas it maintains credentials on all users devices applications and services that need to interact with your organization resources it incorporates a means of successfully verifying the right of the user to engage with the system to work an idas requires an access policy essentially an access policy defines the barriers of authorization as explained earlier it determines to what extent an identity can interact with the system another essential component that makes this umbrella system work is the authorization engine this is a complex set of services that execute the access policy but also perform risk analysis the authorization engine creates an identity which is used to ensure the right person is accessing files it also monitors usage and adds further obstacles to prevent a system breach the authorization engine has the power to request an entity to provide further identity verification additionally it can also notify managers when an entity's activity is unusual or follows a suspicious pattern a centralized authorization and authen ication service serves multiple roles this includes limiting access to your applications verifying and storing user details analyzing activity generating reports and actively triaging breaches additionally it offers time-saving measures by automating tasks such as resetting passwords creating identities and verifying users whats more it is configurable so that you can incorporate all of your services into one umbrella system that provides this uniform functionality for all aspects of your business the complexity of the task is evident in this diagram let's examine the main components closer first is credential management this step controls authentication which includes verifying the identity of users and devices attempting to access resources authentication typically involves username and password combinations Biometrics or multiactor authentication next is provisioning and and entitlement Management in this step Azure Define access packages assign users to specific resources and push access data for attestation access packages typically outline what permissions and resources a user or device should have following this the authorization engine evaluates the access policy to determine whether a user or device should be granted access it takes into account access policies risk detections including user and entity behavioral analytics or UEA data and device compliance for endpoint management this step ensures that access is granted based on specific conditions and security policies then access is granted or denied based on the evaluation by the authorization engine if authorized the user or device gains access according to conditional access policies and controls if not authorized access is denied Azure also offers real-time remedi ation if access is denied users may have the opportunity for real-time remediation to address the issues causing the denial this could include actions like updating software changing permissions password reset MFA or taking other corrective actions to unblock themselves as mentioned earlier all session data is logged for analysis and Reporting this step ensures that a record of all access attempts and actions taken during the session is maintained for auditing and security analysis purposes and lastly the security information and event management or Sim system receives logs risk detection information and ubaa data from both cloud and on premises entities this integration allows for centralized monitoring analysis and reporting of security related events and incidents this video provided an overview of the benefits of having a centralized access and management system and the various functions it can perform you also learned about the access policy and the authorization engine which forms the backbone of an idz such as Azure ad later in the lesson you will explore ID and active directory in Greater depth many companies today have employees scattered across different regions each needing access to a variety of applications and resources keeping track of user accounts managing access permissions and ensuring security across multiple platforms can become a logistical nightmare these companies need a way to manage identities centrally Azure active directory answers this call by streamlining Access Control ensuring that the right people have the right level of access to the right resources in this video you will discover what led to the development of azure active directory or Azure ad as an extension to the initial Act of directory also referred to as ad you will also explore the different additions of azure ad to understand exactly what an active directory is it can help to first break down the terms a directory is a hierarchical structure that houses information about objects in active directory the directory stores information about the objects on a network so a directory service stores directory data and makes it available to network users administrators applications and other services active directory was initially developed by Microsoft in 2000 it was an on-premises Direct of all the services available to the users of a network it helped organizations manage the various directories and services available to them the best known service of this kind is active directory domain services or adds adds utilizes domain Services as a form of verification by maintaining a record of all users and devices linked with the domain but as organizational structures got more sophisticated more and more business operations moved to the cloud this grew in tandem with the use of mobile devices and SAS neither of which were supported by adds in addition adds did not support modern authentication methods as outlined earlier in this lesson Microsoft subsequently launched Azure active directory or Azure ad a cloud-based active directory that supports both SAS applications and mobile devices it provides the same authentication and verification features used in adds as well as more sophisticated verification access procedures such as MFA conditional access and identity protection thus Azure active directory is a successor to active directory domain Services one could extend the functionality of azure ad and say that it provides identity as a service or idas for cloud-based and on-premises setups but what if an organization already uses an on-premises ad for that reason Azure active directory is designed to augment existing active directory Services an organization can increase efficiency by creating a cloud-based ad providing seamless integration with online functionalities this impacts many aspects of both on premises and cloud-based identity management Azure ad has many built-in features that enable quick initialization this includes easyto use device management and registration to accommodate distributed working but active directory and Azure ad also differ in terms of security features Azure ad Advocates using multiactor authentication or MFA because of its proven ability to restrict the hacking of existing identities while this is not a feature of on premises active directory it's built into Azure ad however implementing this additional security feature requires additional configuration and it knowledge MFA can further be incorporated into business to customer or b2c enabling customers to secure access to a product the two offerings also differ in terms of accessibility because aure ad is cloud-based redundancy Geographic dispersion and backups can be created whereas an on-premises ad only supports access while users are on site finally Azure ad offers the ability to scale up or down depending on demand on the other hand ad is restricted by Hardware limitations Azure ad can be described as a distributed scalable updated variation of its predecessor active directory domain Services however maintaining existing on-premises adds systems in tandem with an Azure ad account is advisable as it can act as a backup in the event of azure ad being inaccessible Microsoft provides a host of tools to facilitate a hybrid implementation such as Azure ad connect which amongst other services offers seamless integration next let's explore the different Azure ad additions a Azure ad comes in four additions each differently priced and offering access to various Services first is azure free edition this has A's core identity and access features in addition it has access to Azure Dynamics 365 in tune and power platforms office 365's apps is another edition of azure ad and includes all features available in the free edition in addition it has some more capabilities for managing identities and access for instance it comes with other Microsoft products such as Office 365 next is premium P1 which has all the office 365's apps Edition features it includes additional password and group management capabilities hybrid identities and conditional access policy configurations it is available from other Microsoft products such as Microsoft 365 E3 E5 and so on and last is premium P2 this is the most comprehensive edition if it encompasses all the features of P1 but also includes identity protection and governance features it is included with some Microsoft packages or can be acquired as a separate license in this video you explored the origins of active directory and mapped how it has transformed into Azure ad the modern implementation you explored the differences between these two identity management variations focusing on the additional features Azure ad brings lastly you insights into the different Azure ad editions available you've learned that identity in cyber security refers to a digital profile applied to any entity that accesses a system it's called a digital profile because it extends Beyond people to include the applications devices and services that interact with a network an identity might refer to a sensor monitoring the physical access to a building in this video however you will focus specifically on different human identities that may be accessing a company's system and the management of these identities identity management refers to creating and overseeing entity profiles in a system as an identity and access management system Azure ad first allows the creation of identities then helps govern their activities in a system conceptually an entity has a definite path you create it provision it to a specific role and eventually destroy it this is called The Entity life cycle but notice that a second job role is added to the cycle any HR manager will agree that careers are Dynamic naturally people tend to move to different roles in a company Azure ad makes provision for identities that might transition from one role to another over the course of its life cycle to maintain a strong security posture you should actively monitor the current stage of an identity for instance a company should revoke access to corporate files for employees who have left the company similarly when employees transition to other sections in a company they should not retain their initial access rights unless it pertains to their new roles as an access management tool Azure specifically helps with these transitions furthermore Azure ad can directly integrate with HR functions through SAS applications such as success factors or workday these applications streamline hiring and employee Management in this way the system automatically updates an employee stand St as they transition roles and contracts since Azure ad is a centralized identity and access provider it also supports the creation of customer identities a business that wants to create identities for its customers on Azure ADB Toc can use standards-based authentication protocols these include open ID connect ooth 2.0 and security assertion markup language or saml just like with any identity that is associated ated with the organization Network a customer identity has access to use certain Company products as per the licensing agreement Azure ADB Toc manages these various licenses and simplifies access rights using the same identity mechanisms as Azure ad this specialized Microsoft service is structured similarly to Azure ad though with a more specialized Focus while Azure ad is concerned with managing access for employees and collaborators to network resources to create line of business or lob products Azure ADB Toc is designed to manage customer access to these products additionally Azure ADB Toc offers customers the benefit of single sign on or SSO SSO means that once users authenticate with one identity provider they do not need to reauthenticate using another service configured SSO in the same ecosystem you should be familiar with SSO have you ever accessed another web service or app by using your preferred social media credentials in the same way when customers access a service hosted on Azure ADB Toc after the initial authentication to an Azure b2c account there is no need to reauthenticate as the session will propagate forward this seamless access to a company service encourages interaction through ease of access while maintaining a strong security posture another advantage of the use of b2c is third-party identification verification and proofing you can think about third party identity proofing like this when you apply for a job you use references from past employers that confirms your good character in the same way third-party identifications can provide a reference for your authenticity this can have the long-term effect of reducing fraud and risk as you can have greater confidence in the authentication of your users moreover thirdparty identity proofing makes spoofing identities more challenging for hackers this additional authentic ation feature can be a money saver for some Industries like banking finance and Healthcare it can prevent penalties that might arise due to Industry specific authentication requirements finally this authentication feature can be used in continuous monitoring recall that Azure ad has built in pattern recognition capabilities with the correct configurations it raises any event where a user acts contrary to the expected pattern this additional service can help detect suspicious activity this video introduced the identity life cycle and rooted it in good security practices you also discovered how Azure governs access to Company products finally you learned how single sign on can be a useful customer benefit managing any project can be a challenging task and as a project grows so does its management requirements this is particularly true when dealing with large organizations with many moving Parts new roles resource staff and projects must align with company policy and because these are ever shifting components policy must remain flexible identity management is at the heart of this issue throughout this course you've learned about identity management measures that can ensure the safety of company resources but without proper implementation these measures will be ineffective one example of this is the management of user rights across the identity life cycle of employees the provisioning of adequate per to access resources and complete tasks is important but removing these permissions as they become outdated is just as important multiply this management function by hundreds or thousands of employees and you run into a logistical nightmare fortunately Group Policy offers a solution to this identity management problem in this video you will learn more about group policy and how it provides an easy way to configure the many components of a network Microsoft initially introduced group policy in the 90s to manage distributed Windows machines on a network with the introduction of the Active Directory Group Policy was further developed as a tool for administering policy centrally other enhanced functionalities include streamlining software installation and configuring settings uniformly to adhere to company policy through the use of Group Policy administrators can ensure a standard password complexity software deployment system updates Network configurations firewall settings and auditing and Patch management what's more Group Policy enables an administrator to maintain these standards throughout domain services this is important because maintaining Security in a large organization depends on consistency consider a scenario where each domain within an organization configures its own conditional and access policies these varying security requirements open many doors for a determined hacker to gain access to the organization in a world of specialized roles it is Paramount that all cyber security Specialists across an organization follow the same working parameters and guidelines Group Policy enables an administrator to configure and enforce such rules for all Associated group members so far you've learned that by using group policies an organization can standardize its security posture but another benefit is the potential for a streamlined pipeline by creating group policies you can enforce a more streamlined pipeline for tasks like compiling packaging and deploying software applications for instance a security policy can mandate conducting specific tests in a consistent manner thereby promoting increased uptime and reducing bug uploads to the working Branch moving on from the benefits of a streamlined pipeline let's focus on how you can Implement group policies in cloud and hybrid environments you can configure group policy for your Azure active directory but in a hybrid environment adds will not take on the group policy configurations uniformly to apply it to adds you need Azure ad connect this creates a virtualization of the traditional on-premises domain services but what about the mechanics of Group Policy within an organization administrators can leverage Group Policy to enforce Collective group objects named Group Policy objects or gpos which represent the administrative policies of a company common company gpos include a registry which prevents users below a certain role level from accessing the registry software prevention which limits the software that can run on company Hardware folder redirection that allows Network share to enable group interactivity running scripts that automatically run log on or log off procedures and security which ensures that some certificates are required before accessing a resource in conclusion Group Policy benefits organizations by enabling the enforcement of standardized security measures and streamlined software deployment processes it ensures compliance reduces errors and enhances efficiency by allowing centralized control over user and device configurations within the organization's digital environment by now you know that identity is the new security perimeter in the world of cloud computing the mechanism by which identity protects company resources is by controlling the scope of identities there are many real life examples that are similar to this concept for instance a company grants access to an employee to specific areas in the building in this video you will gain an understanding of identity scope through the context of security within an organization firstly you will explore what an identity is and how you can assign roles to different entities you will also examine the four role levels of azure and how you can use identity scope in different ways to enforce security by reducing access first let's gain some insight into what an identity is earlier you learned that identity is the Cornerstone of how companies organize a security perimeter it is the key to which we access various devices and is a digital Persona that represents an entity an entity can be a device application person or service Azure active directory is the authenticator that determines the validity of an entity after an identity has been sanctioned you must determine the level of access to Grant it for example least privilege zero trust and conditional access Additionally you must determine which resources these actions can be performed on this is the scope of an identity now that you are aware of what an identity is let's examine assigning roles one way that you can scope an entity is by assigning it a role previously you learned how the identity life cycle demonstrates that the scope of an identity changes constantly depending on the role Azure active directory has a range of about 60 built-in roles with fixed permissions that cannot be changed these templated roles fill repeating common requirements that Microsoft has identified Azure active directory also enables you to create custom roles with your own permissions when a user's role is granted with a specified scope it is known as a role assignment the scope relates to the resources the rule can apply its permissions to a rues scope scope can be as broad as the entire resources of the organization or limited to a single object like a virtual machine now that you are familiar with the concept of roles let's explore the relevant section on the Azure portal to get a better insight into roles let's navigate to the Azure portal and select roles and administrators this displays an alphabetical list of built-in roles that are available in this example the user has the role of global administrator and a summary of what this role entails is provided each role has a section titled protected actions which are permissions assigned to the role that have conditional access protected actions act independently of roles and are an example of Defense in depth or D if an organization considers a specific action or asset requires further protection it can add this extra security measure regardless of the role assignment of the user you can use a built-in role as template from which to create your custom roles however before you create custom roles that deviate from the prescribed permissions it is worth taking the time exploring different roles and what they can achieve next let's gain some insight into the four role levels in Azure each level reflects the scope and helps to structure and manage resources access control and billing these levels are management subscriptions resource groups and resources the scope is structured in a hierarchical fashion where permissions trickle down from the top to the bottom an identity in the management group has all permissions while a role assigned to a resource only impacts that resource this example is a simplified branch of a hierarchy management members can also span different branches a Management Group can have multiple subscriptions and oversee other management groups the organization of the resources follows a logical pattern in this way you can group each related resource by association these associations then form groups that combined will acheve AI a certain goal you can then create a subscription with a specific goal for example the maintenance of a certain application or development to achieve this goal you can make multiple resource groups accessible finally you can create a Management Group to oversee this process there are many ways to assign scope including through the Azure command line interface or CLI the Azure portal Azure Powershell and Azure resource manager or arm templates in this video you learned about scope how it relates to an entity and the structure of access in Azure active directory you also examined roles and their Associated responsibilities how Azure not only provides built-in roles but also enables you to create custom roles finally you learned about the four role levels of azure namely management subscriptions resource groups and Resources by examining these topics you have gained an understanding of how the structure of azure is designed to limit identity access based on the assigned level of a resource or group this week you embarked on a journey through Network and asset security exploring their Concepts in Greater depth Additionally you learned the value of upholding compliance in business and deepened your knowledge of identity Concepts let's take a moment in this video to reflect on the key takeaways from this week's learning you began your week with an overview of how the sc900 exam works you explored the logistics around taking the the sc900 exam specifically regarding the exam space proctoring and allowed actions you discovered what happens on the day of the exam and you should now be able to identify key skills that the exam measures you now have the knowledge of how to allocate study time and prepare for Success after learning the significance of security compliance you studied several key Concepts regulations and Industry standards that underpin it you discovered that security compliance is not just a legal obl ation but fundamental to a company's reputation and Trust in an ongoing Journey that involves understanding the law implementing necessary controls and conducting regular audits you then explored Microsoft's comprehensive approach to compliance and learned how it lies within the trust Center which you discovered is part of azure and serves a range of Microsoft products you learned about responsibility models and who carries what responsibilities for different Services which can vary based on where the workload is hosted next you reviewed the basics of business continuity management or BCM and explored the available Microsoft tools to help businesses navigate challenges and ensure resilience following that you continued your journey by learning more about zero trust models six founding pillars identity device monitoring application monitoring data infrastructure and configuration after you explored zero trust you inspected encryption in Greater detail by EXP exploring symmetric and asymmetric Keys you discovered how encryption Works within the Azure active directory encryption takes plain text applies a cipher which can be read on the other side to send information privately encryption plays a pivotal role in safeguarding digital information and can be tailored for specific needs and scenarios you then buil on this knowledge by exploring hashing while very similar to encryption these algorithms use different approaches you should know the underlying mechanics as they can help you better grasp how the processes function using hashing you can verify that what you send was received but encryption hides information so that it can only be seen by the intended recipient on the surface they may appear similar in nature however their intent and underlying mechanics are actually very different for example a hashing algorithm outputs a fixed length hash that reflects everything that was in a document if a single item is changed it will impact the hash this ensures that data cannot be tampered with however an encryption algorithm applies a cipher to a text so that the meaning is not easily decipherable this can be reversed by the recipient to reveal the text this makes it a two-way process that allows for sending information privately while a hash cannot be reversed and is instead to ensure data Integrity you then explored the shift from traditional security perimeters to an identity Centric approach you learned how identity now encompasses people devices applications and functions you then studied authentication and authorization which form integral parts of the identity Centric security approaches you discovered that authentication is about establishing who you are and proving it at the same time authorization refers to what you can do on the system when you have successfully entered your credentials you also reviewed the core concepts related to authorization such as conditional access least privilege and zero trust following this you gained an understanding of the benefits of having a centralized access and management system you learned about the access policy and the authorization engine which forms the backbone of an idas such as Azure ad after that you investigated the history of Active Directory which is a means of managing identity and access to an on premises Network and discovered how it evolved into Azure ad by comparing both you discovered the extra functionality that asure ad offers as you progressed you explored the identity life cycle and learned about its solid security practices you expanded this further by examining external identities external identities enable access to a company's resources for people who are external to the organization this may be required when collaborating with Partners or clients Microsoft has developed two SAS apps for this purpose that provide appropriate ways for accessing resources or products aure ADB Tob and Azure ADB Toc next you learned how Federation is a mechanism that enables access to different domains using one set of credentials You Now understand identity identity providers and single sign on through the lens of federation the final section this week explored how Group Policy benefits organizations by enabling the enforcement of standardized security measures you now know that group policy ensures compliance reduces errors and enhances efficiency you also gained an understanding of identity scope learning how you can use identity scope in different ways to enforce security by reducing access finally you explored hybrid identity and examined the three methods it uses to authenticate namely Azure ad password hash synchronization Azure ad pass through authentication and Federated access with the knowledge you gained this week you are now ready to move on to the study checkpoint remember keeping up with evolving cyber attacks will continue to be challenging but by continuing to learn about the tools available and evolving to current cyber security Trends you can remain at the Forefront of cyber security by now you are well aware that authentication is taking information from a user to determine if they have a legitimate clearance to access a domain or resource recall that initial attempts to create safe environments began with passwords combined with a username however as time progressed and more sophisticated hacks were increasingly successfully executed the shortcomings of this form of authentication became more apparent leading to the growth of Alternative forms of authentication in this video you will explore the authentication methods in Azure active directory or ad including more secure forms of traditional password authentication methods when it comes to the drawbacks of using passwords often a simple easy-to-remember password is an easily hackable one Microsoft has introduced many alternative authentication methods along with best practices for password use and creation a common device that most people possess is a phone this can be used as an excellent alternative to a password a user wishing to gain access to a resource requires an active phone number as part of their registration process the user then receives a text message to that number when attempting to gain access this verification code is then used in place of the password equally instead of an SMS a user can respond to a phone call and enter the hashtag symbol when prompted to verify their login another approach is the use of open authentication or oath this open standard protocol directs the creation of a one-off code that expires after a short period this code can be generated through Hardware or software software oath tokens are created using an application that accepts a secret key or seed from Azure ad that generates the access code A variation on this is the use of Hardware tokens these small devices often resembling a key fob or memory stick are designed to generate time-based passwords or codes at regular intervals typically every 30 to 60 seconds the hardware tokens are pre-loaded with a secret key or seed which serves as the basis for generating the one-time passwords during the user regist ation process the token is associated with the user's account thereby creating a link between the token and the authentication process when a user attempts to log in they must provide both the regular password and the current one-time password displayed on their hardware token this code is synchronized with Azure ad allowing the server to verify its validity and match it with the user's account by generating new passwords every few seconds the hardware tokens enhance security as these time-based codes are difficult for attackers to intercept and reuse it's important to note that while Hardware tokens offer robust security their setup and management may involve additional administrative tasks the secret keys and other specific token information must be securely input into Azure ad and activated for individual end users despite this initial setup overhead the enhanced security provided by Hardware tokens makes them an attractive op option for organizations seeking stronger authentication measures particularly when users need access to sensitive data or critical systems it is worth noting that oath tokens are not used as primary authentication instead they are paired with other forms of authentication as a secondary means of authentication used in multiactor authentication called MFA or self-service password resets also called sspr for short as a result of the shortcomings of using traditional authentication approaches Security Experts are moving away from password and username authentication types to more complex Solutions such as Windows hello for business and fast identity online or PH2 security key these methods are currently considered as state-of-the-art and offers serious challenges for a hacker Windows hello for business requires two forms of authentication to gain access first access is only allowed through a pre-registered device because the unique ID number of the device is required second a biometric feature or pin is required to access this device for example consider this implementation in a smartphone the phone is locked and only grants access after some biometric of the user is provided like a facial scan a fingerprint or Iris scan therefore a potential hacker requires both the device and the means of accessing the device before gaining authorization to engage with the company resource the Microsoft authenticator app is downloaded from the Microsoft store and registered to an account for authentication the user receives an authentication code to this device used during authentication to access the application they must first provide a biometric pin or specific swipe pattern on each attempt a notification is sent to the user's phone to confirm the valid verification attempt in this video you discovered that traditional password and usernames have setbacks as a result Security Experts are moving away from this to use more robust alternative authentication methods in Azure specifically you covered oath and passwordless authentication such as Windows hello for business V2 security key and Microsoft authenticator app Azure provides several authentication methods to verify the identity of entities attempting to access the system previously you learned that password less authentication is gaining traction due to the recognized limitations of traditional passwords and usernames in this video you'll unpack the various security features within Microsoft Azure active directory offers a relevant service called active directory Federation services or adfs this service enables the authentication of various systems using a single password it does this by configuring a single sign on also known as SSO once once this Central identity provider or IDP confirms the identity of the user then it serves as authentication for all other Associated systems the protocol used in this exchange is security assertion markup language or saml this approach offers the Dual benefits of user convenience and the reduction of the temptation to rely on easily remembered insecure passwords Azure ad additionally offers Azure ad identity protection to safeguard users and maintain vigilance for malicious activities a cyber specialist can choose from the following three categories user risk responds when a user's credentials are determined as lost the dark web is continually monitored for instances of hacker credential drops signin risk responds to suspicious login attempts this might be a user repeatedly making failed attempts to log in which might be indicative of a Brute Force attack and MFA registration policy occurs in the event of a risky signin attempt Azure ad can request the execution of an MFA authentication request Azure ad identity protection has a buil-in flexibility that allows you to configure three standards of vigilance when monitoring these are low and above medium and above or high these three factors are also referred to as risk-based authentication if signals relating to a user's use or authentication are found to be deviant then the method of access becomes more restrictive examples of signals that are analyzed may include the user's location the time of day and the user's Behavior patterns let's take this one step further by examining Azure ad features for additional security these include sms-based authentication where users can access their accounts without using usernames or passwords this is achieved when an identity administrator configures the account to the user's phone number at the signin prompt then open authentication time-based onetime password or oath top implements an open standard onetime password or OTP for short that relies on Hardware or software to generate onetime codes at the end of a given time span this is evident when opening the Microsoft authenticator app that's downloaded to your phone to add greater security when accessing network resources typically the app generates a new code that is valid for a minute and finally fast identity online or Pho authentication is an overarching term encompassing a variety of authentication methods such as Biometrics voo represents a standard that harnesses public key cryptography to establish a foundation of robust authentication to recap cryptography involves the art of transmitting information securely allowing only the authorized parties the sender and the receiver to access the content of the message this process ensures that any interception during Transit would reveal a distorted version of the original message thus upholding its confidentiality in pho's implementation Hardware devices such as USB or Bluetooth enable devices serve as the authentication instruments for users this distinctive characteristic augments the security of Pho authentication compared to traditional methods because it eliminates the Reliance on shared Secrets like passwords or tokens although the potential exists for a device to be stolen documented instances of hacking attempts are fewer when compared to traditional threats like fishing or virtual Endeavors aimed at compromising systems notably pho's robustness is exemplified through Solutions such as Azure ad password lists an Azure ad service that empowers users to gain access without traditional passwords in this video you learned about Azure security measures specifically you realized how a centralized identity provider can retain authentication information for a user which can be used on different sites additionally as your identity protection reacts using signals which can cause an MFA to trigger you also covered various authentication methods including Pho which is an initiative that aims to replace passwords in a secure and flexible logon approach by now you realize that multiactor authentication or MFA is a strong means of providing additional security by acting as a secondary security measure you may have a few interesting questions about it such as what triggers it and who should be subject to it MFA is a powerful tool and when coupled with risk-based access or arbac and conditional access it can be quite versatile in this video you will learn about how MFA is used during account access recovery you'll discover how MFA is triggered and who it pertains to recall that MFA is based on something you know such as a password or pin something you have such as a phone or ID card or something you are such as fingerprint recognition or facial recognition MFA is configurable depending on the version of azure you subscribe to in the free version of azure ad MFA is automatically configured for every initial sign on but can be integrated with finer detail with different Azure editions for example the P1 or P2 license allows you to combine MFA with conditional policies Azure offers a range of methods such as text the authenticator app or phone calls what then happens when an individual loses a device through which the authenticator app is used for MFA well in this instance installing the authentication app on a new device is possible all app related settings get stored in the cloud it is possible to have multiple accounts stored for example a a work and a personal account Microsoft retains meta information about your login including your username and the account verification code to prove your identity it does not store any additional information such as email addresses or files note that to back up your account you will need either a Microsoft or iCloud account you may be wondering if you can combine MFA configuration when setting up self-service password reset also commonly referred to as SSP the good news is that this is indeed possible remember that sspr is a means for the user to reset passwords without having to consult with the IT department while configuring sspr you can use various means to authenticate here are some of the methods available to you you can use any authenticator app including Microsoft's or an alternative one use your office or mobile phone then there's the hardware token or PH2 security key Keys lastly you can use a security question which only applies to sspr this is not available with MFA but administrators have this option when performing sspr Azure ad gives you the option to make the process a single authentication method MFA can also be required in the event of a lost password an administrator can manually reset the MFA password in addition the administrator can cause a re-registration for MFA revoke MFA sessions or delete the user's current password so any user who is blocked from using MFA can be released through an administrator causing a re-registration a user can increase the security of an account by adding the requirement of an additional authentication step to do this you must be an authentication administrator when signing into the Azure portal next you navigate to the users and all users then select authentication methods under authentication contact info you can then select from either one of two verification methods phone or email you are then presented with a range of additional authentication methods such as phone alternate phone or email now you can store these changes by selecting save it is important to note that while using an email as permissible for sspr it cannot be used as the second authentication factor to log in this is due to the factor part in MFA recall that if one factor is something you know such as your login details then adding a second Factor needs to be something you have or something you are for sspr this is not an issue because when it's triggered a link is sent to the email address in this video you learned that Microsoft emphasizes MFA to keep organization safe when MFA is integrated with rbac and conditional access it provides security and versatility MFA and sspr can be integrated and configured as one administrators are responsible to manage user settings and authentication methods and in the event of an issue they have measures to prompt resets finally MFA with the authenticator app can be backed up in the event of losing a device which saves on having to create a new account or triggering a reset when a user attempts to access an application it checks a series of company policies to determine what action to take a user can be accepted blocked or allowed in with partial access this process is known as conditional access and in this video you will examine how Azure active directory allows for granular access based on the criteria configured by the user access administrator first let's explore the components of a conditional access policy conditional access is a feature of azure ad that improves security by providing additional authentication measures before accessing certain resources based on configurable signals conditional access is triggered by if then rules configured within the Azure ad environment this set of rules is referred to as a policy a policy is tuned to detect various signals let's examine these signals in more detail Azure ad collects information about users attempting to sign in such as their username group membership and assigned roles with user location the geographical location from which the user is attempting to sign in from is considered unusual or unexpected sign-in locations can be used to trigger additional security measures such as multiactor authentication or account verifications Azure ad collects information about the user's device such as device type operating system and whether the device is managed or compliant and uses it to assess the security posture it also uses risk detection algorithms to analyze signin patterns historical data and behavioral anomalies to assess the likelihood of a signin being compromised or risky with network location information about the network from which the user is signing in such as the IP address or range is used to evaluate the network security when evaluating conditional access Azure ad considers information about the application or resource the user is trying to access including the sensitivity level of the app it also analyzes the frequency and patterns of user signin to detect suspicious activities or Brute Force attack attempts Azure ad assesses the health and compliance status of the user's device including whether the device is upto-date and has security measures in place finally Azure ad evaluates the risk associated with the user's identity based on their behavior activity and potential exposure in previous security breaches now that you understand the components of a conditional access policy let's explore exp how conditional access Works after receiving a signal that triggers a policy Azure ad prompts multiactor authentication or MFA before it allows access to a resource therefore you can consider conditional access as a secondary defense against intrusion first you can create a policy that is tuned to some signal such as application or user location when the request for Access is made there are three options available allowing direct access requesting MF or blocking access the nature of the signal decides which action is taken if the user fails to provide appropriate MFA access is denied conditional access policies are not limited to preventing access you can also configure them through a policy granting only partial accessibility if some factors are identified for example a user who triggers a policy may be prevented from copying or deleting information from a document although they are still allowed to read it you can can also require more extensive changes such as requiring that the device is registered forcing a password change or requesting that a user agrees to the terms of use the requirements can be for one or all of these factors to be performed depending on the configuration this can be particularly useful when assigning roles to groups of people a conditional policy could prevent members of this group from accessing information that has been labeled sensitive or only allow them to read a document you can view conditional access policies in the Azure portal by navigating to Azure ad tenant security and selecting conditional access the example demonstrates a list of policies that have been established the insights and Reporting option provides analytics and data for policy usage signin risk user behavior and policy impact to enforce a behavior before people engage with your application select terms of use you can configure options for specific users or groups and for specific applications there are some conditional access policies such as requiring multiactor authentication on signin for all users configured as part of the default settings before creating custom policies you must turn this off however this is not possible with the free license if you availed yourself of a trial license and the time expires the policies you created will be retained however after the expiration of the trial you cannot change them in this video you took a deep dive into conditional access policies you learned what a policy is and that the signals a user creates when engaged with the network trigger these policies you also explored how to configure policies to prompt the user to make changes such as updating a password or device finally you now know how to use policies to allow deny or partially allow a user to interact with the system so so far you have learned that Azure is an identity and access management tool that aims to simplify managing who has access to a system and what they can do after they gain access a large part of this involves breaking functionalities and resources and grouping them into smaller subsets you have also learned how segmented access not only prevents lateral Movement by hackers but also provides a manageable view of related resources in this video you will delve into the concept of azure active directory roles understand understanding how they serve as an extension of this practice you will also gain insight into role-based access control or arbac Azure ad roles are a set of permissions that inform what action an identity takes on a system as with other elements of azure ad an identity can relate to a function service or a user to begin let's examine the templated roles you can use in Azure ad templated roles are a set of permissions that relate to a specific role they are predefined and can be assigned immediately using templated roles as a scaffold you can create custom roles and add or remove features as needed this makes it easier to know which department an entity is associated with and to easily manage the permissions they require let's explore some examples of templated roles in Azure ad in more detail firstly the global administrator role has full access to all administrative features and resources within the Azure ad tenant Global administrators can manage user accounts configure settings and perform administrative tasks across the entire directory the user administrator role is responsible for managing user accounts it enables you to create update and delete user accounts reset passwords and manage user properties next the application administrator role has permissions to manage application registrations in Azure ad it enables you to create and configure applications assign permissions and manage application settings the device administrator role is responsible for managing devices registered in Azure ad it enables you to join devices to Azure ad configure device settings and manage device related policies the Security administrator role focuses on managing security related features and settings in Azure ad security administrators can configure security policies review security reports and manage identity protection additionally the privileged Ro administrator role is responsible for managing privileged roles in Azure ad it enables you to assign or revoke other roles including administrative roles with high level permissions another role is compliance administrator which is tasked with managing compliance related features and settings in Azure ad it enables you to configure compliance policies and review compliance reports next is the help desk administrator role which is intended to handle password resets and other common tasks related to user accounts this role has limited administrative permissions finally the billing administrator role enables you to manage billing related settings and view billing information for the Azure ad tenant the practice of controlling access based on roles is known as arbac now that you are up to speed on the templated roles available in Azure ad let's explore arbac Azure ad provides the ability to assign roles to individuals and groups this helps manag access in broader Strokes instead of configuring a role and assigning it individually to a user you can create a group and add a user to it and they will inherit the permissions of the role in Azure ad the practice is highest privilege wins which means that whichever role has more scope that is what the user is then able to accomplish the scope of the role relates to two factors what the role can do and where it can do it for example the role may have permissions to read write delete change configuration or assign new instances scoping an arbac facilitates you with a secure simple methodology that also enables you to apply any compliance requirements mandated by the industry or country that your organization is operating in in this video you discovered how Azure ad roles are a set of permissions that inform what action an identity takes on a system you learned about the templated roles available in Azure ad and in which instances they are applicable you examined what a custom role is and why someone would consider using it you also explored the practice of controlling access based on roles and how the scope of the role determines what it can do and where it can be done if you're new to Azure you may find it a little challenging to understand all the different roles in Azure you are now equipped with a greater understanding of these roles and how you can use them in your organization in this video you will learn about the advantages of the access policy and management practices that Azure active directory or ad provides which strengthen an organization security you will focus on role based access control or arbac and conditional access policies and explore how Azure ad facilitates granular control the ability to segment access to resources and the resources themselves you will also explore privileged identity management or Pim first let's examine how you can use arbac to enforce Security in your organization you discovered that by applying roles you can enforce security with a uniform approach the goal of arbac is to enforce least privilege an identity should only have access to the minimum number of resources to achieve a goal it should also only have access to these resources for as long as they are required with so many moving Parts in an organization overseeing who is accessing what and when is challenging Azure ad presents a way of managing this by enabling you to group related identities and apply a blanket security approach to all of them when the project associated with that group is completed revoking access is a simple process and you can reassign the members to a new project this makes arbac a simple scalable tool for maintaining consistency this uniform approach to granting access is a huge Azure ad policy advantage next let's explore how Azure ad facilitates secure access by providing conditional access policies condition access policies are tuned to a host of signals to ensure that you can manage access safely however the primary Gatekeepers are strong authentication measures access controls and the security perimeter mechanism multiactor authentication or MFA is an example of strong Access Control requiring two factors before allowing access segmentation firewalls and user scope ensure that access is confined to a small area of the network finally gaining unauthorized access to your network is prevented by Microsoft Defender which guards all access points on the perimeter conditional access is the second line of defense and monitors various identity signals to ensure that no dangerous or deviant behavior is performed after an identity is authenticated as with roles Azure ad offers a selection of templated conditional statements that you can apply to view them navigate to your home directory and select security select conditional access and create new from template here you can learn more about the available templates the templated conditional access policies relate to five distinct areas secure Foundation zero trust remote work protect administrator and emerging threats some of the templated policies fall into multiple categories for example the require multiactor authentication for admin's template is available in every category bar emerging threats this means that it is considered a safety policy that addresses the majority of the themes identified by selecting view you can see summary information on the policy including the section it pertains to the targeted identity a list of individuals affected the scope of the policy and the action that it relates to you can also use conditional access policies to monitor certain parameters after you configure an access policy you can choose to have it report any signals that trigger the action with enforcing it now that you are familiar with conditional access policies let's examine privileged identity management or Pim roles can be divided into five general categories reader resource specific custom contributor and owner reader has the least number of Privileges and owner has the greatest including modifying access controls and granting permissions an owner is considered privileged as a result therefore you should take Extra Care in managing these influential roles Microsoft promotes pin principles to be enforced for these roles such as just in time access or jit and just enough access or Jaa jit and Jaa policies mandate that when an identity wants to use their privileged permissions they must first activate them and only for a limited time further checks are required such as MFA to ensure that the identity is accurately authenticated you now know that Azure ad is a comprehensive tool for protecting your organization in this video you learned how you can use arbac to take a uniform approach to enforcing security and how conditional access policies are tuned to a host of signals to ensure that you can manage access safely you also explored the pin principles of jit and Jaa in addition to providing the ability to subdivide assets and workers Azure ad also provides a host of good practices and built-in tools that can Aid you in creating a strong security posture imagine you recently started a new job within an organization as part of your onboarding to this organization the it Department issues you an email address a password and the necessary security access to specified applications and folders you need to perform Your Role but what happens if you are promoted or moved to a different role within the organization how can the organization ensure you gain the access you need and maintain it security posture at the same time that is where identity governance comes in in this video you will focus on identity security exploring how organizations manage employees as they move through various roles you will observe how within the identity life cycle an employee might move from one state to another But ultimately only occupy one state at any given time after starting work you will also learn how this connects with the access life cycle the access life cycle focuses on providing just enough access when required lastly you'll switch your focus to privileged identity management a concept applied to identities with privileged access to resources that need stricter security let's start by exploring what exactly is meant by identity governance Microsoft has endeavored to address the changing nature in which organizations operate by addressing the distributed nature of this modern corporate infrastructure you might recall from previous lessons that identity is the new corporate boundary in fact if the identity of an entity accessing the system can be authenticated and appropriately administered a secure corporate Network can be safely maintained to best manage an organization through identity there are three key areas you should focus on governing the identity life cycle governing the access life cycle and securing privileged access for administrators these three guidelines are applied to all entities in the system you may recall that an entity can be a person whether that's an employee customer or collaborator it can also relate to a device service or application that needs to access or assist the company resources breaking this down further an organization must confirm that the following questions are being addressed do you know who or what is using the system and have these entities been appropriately authenticated do you know what these entities are doing on the system if you have established that the entity is entitled to operate within the network are the actions The Entity is taking in with what is expected and are they beneficial to the business's needs next are there effective organizational controls that manage the entity's access accessing and operating organizational resources is a fluid process the goal of the active directory is to provide management options to companies so that entities operating within the system can be provided with what they need when needed this means that the nature of the access is constantly changing an effective active directory can dynamically move with what an entity needs and only for as long as needed lastly can the actions be audited a common concept already put forward is to assume a breach auditing is remaining Vigilant to the actions of all entities on the system maintaining accountability in all entities enables an organization to anticipate and mitigate the Fallout from a breach you may recall that the identity life cycle relates to an employees actions from when they join the company until the day they leave according to this line of reasoning since the employee will always be in a single distinct State at any one moment good governance requires understanding what state of the employees life cycle they are now in and if they have the appropriate permissions to reflect this state fundamentally an employee will only move in three directions join leave or move so an employee joining an organization will be assigned a certain degree of access this may be linked with a given role that adheres to a template or a custom template may be created however ever potentially on completion of a project or being promoted an employee may move to a new role this may impact their role and by association the necessary permissions of the organization finally the employee may leave which will remove their authorization you may recall that some organizations link the person's identity with a file in Human Resources through workday or success factors by integrating workday or success factors applications into the identity life cycle organizations can achieve streamlined user management improved security and enhanced compliance ensuring companies have access to the right resources at the right time throughout their employment Journey it should be noted that this is an Azure ad premium account feature which is referred to as Microsoft identity manager other human resource systems that are configurable are system analysis program development or sap HCM and Oracle people soft while the identity life cycle manages the state that the employee is in while employed at the company the access life cycle ensures that the resources appropriate to an employees role are available as the employee moves through the identity life cycle this may include expanding and resending access to some resources in alignment with their current job role maintaining and administrating employees through their life cycle is key to maintaining company security the greater the employees role the more attention needs to be focused on ensuring a good security posture Azure ad comes with a service known as privileged identity management or Pim which provides tailored features for securing access rights you may recall that Pim is a P2 feature that has many functions including privileged role assignment just in time access and time bound access this video introduced you to several important fundamentals that underpin how identity management is structured You Now understand that an employee will have a clear working State when employed at an organization this state should be linked directly to how and what they can access it's crucial to remember that when an employee gains sufficient access to influence many resources their access point should be closely monitored as a compromised privileged identity can pose a risk to an organization suppose you are a remote employee trying to access your company's resources from an unfamiliar location using your own laptop such a scenario could present challenges to the infrastructure of your company for for instance an unidentified machine or an unexpected login might be an indication of a Cyber attack so how should the company react this is where Azure ad identity protection comes into play this identity Protection Program will detect a sign in anomaly due to the login being performed at a different location from your normal workplace and will flag an infrequent device usage alert because you usually access company resources from your office laptop based on these factors it's likely asure ad ident identity protection will declare you as high risk for your signin attempt in this video you'll explore Azure ad identity protection and learn how it offers additional security to organizations in these types of scenarios you'll discover how this service ensures that the identity being authenticated by your active directory has not been compromised and how it analyzes signals and Compares them to a datab base of events that it has gathered through years of analysis furthermore to provide a full s of security safeguards these signals are also fed into other Microsoft Services let's first discover why Azure identity detection was created in the first place it was created to achieve three distinct tasks to discover and mitigate against identity-based attacks to extract data from the portal and use it to investigate potential threats and to amalgamate and Export the data to third party applications for further analysis Microsoft has a broad and diverse user base through years of analyzing signals generated from their services they have developed a sophisticated approach to identifying risk services that have generated these signals include Azure ad the identity cloud-based access management system you investigated in the last few lessons Microsoft accounts these are various personal accounts registered with Microsoft a list of such accounts would include any outlook.com one drive or Microsoft Office applications and Xbox a game platform where you can interact with other users online The Continuous analysis of over 6 trillion signals has enabled Microsoft to identify and mitigate cyber threats proactively these signals are First Fed into the identity Protection Program once analyzed the signals are categorized and can then be fed into various security tools such as Sentinel which detects General Security threats or Defender which you may recall is a comprehensive antivirus and malware tool based on the signals received identity protection users are also assigned one of the three tiers of classification low medium and high additionally signals are transmitted to conditional access policies where they go through the specific vetting needed for a particular tenant or service over the past several years Microsoft has gathered a list of clearly discernable risks first is anonymous IP addresses this could be a toor browser or an anonymized VPN using these browsers can indicate that a hacker is attempting to gain illicit entry and in the process hide the source of their attack next is atypical travel which generates a risk signal if there is a large distance between two geographical logins while this could be an employee traveling it can also indicate a hacker from another continent is attempting to gain access typically this would trigger multiactor authentication or MFA to confirm that the authentication request is legitimate next is a malware linked address this this is an accumulated list of infected IP addresses from previous hacks that have been a benefit from the years of research performed by Microsoft you also have unfamiliar signin which similar to a typical travel generates a risk signal when a login comes from a location with which the user is not normally Associated the distinction is that it does not have to be a large geographical distance from the user's typical authentication locations last is password spray which occurs when a bogus or simple password is used on several different accounts Azure ad threat intelligence is a service provided by Microsoft that will address many of these risks the occurrences outlined may result from a hack some reasonable deviation or disruption to an authentic authentication attempt however in employing identity Protection Services two outcomes can be availed of first leaked credential detection is when an organization can consult a leaked email database gathered from the dark web or paste sites and second access to Azure threat intelligence which is a machine trained model that becomes effective after training on sufficient data this model can accurately identify instances where a user's activity pattern deviates significantly indicating a potential risk this accuracy is only attained with large amounts of accurate training data identity detection is only triggered when a legitimate user credential is used for example when you enter a correct username or email address address regardless of the password the system does not process misspelled or non-existent user credentials on completion of a risk assessment the identity Protection Service will output three categories risky user which relates to users or identities within an organization their activity will be flagged as warranting further investigation risky signin this will be a list of attempt authentications it can include logins at unusual times or from unusual locations and risk detectors which amasses all identity related risk events and presents them as a comprehensive catalog of unusual or deviant Behavior this video took you on an exploration of Microsoft's identity Protection Service you learned how the service operates using signal analysis which then categorizes its users and highlights any risks to an organization you also explored several risks that Microsoft has categorized throughout the years using identity protection and discovered how Microsoft uses a threat intelligence learning model to identify users activity patterns through this week's learning you explored several beneficial characteristics of azure active directory including its various identity Services its capabilities regarding authentication and its access management capabilities to assist you in the study checks ahead let's take some time to explore the key elements you have learned during this week you began by learning about the various authentication methods and azure you discovered how Security Experts are moving to Alternative authentication methods in Azure specifically you covered oath and passwordless authentication such as Windows hello for business PH2 security key and Microsoft authenticator app you then took a closer inspection of multiactor authentication or MFA and discovered that it is an alternative authentication method to the traditional one-step password you took this a step further by learning how MFA is used used during account access recovery and how when MFA is integrated with risk-based access and conditional access it provides additional security and versatility after learning about the benefits of MFA you unpacked self-service password resets which included the various changes it allows and how different Microsoft Azure licenses allow different self-service password reset sspr functionality you also discovered different changes that sspr allows which which include changing and resetting passwords as well as unlocking blocked accounts following this you gained an understanding of why there has been a move toward passwordless authentication due to issues arising from using passwords as your sole gatekeeper you should note that Azure password protection service provides protection by monitoring password selection and analyzing the behavior of users in order to generate security reports next you examined how user access administrator configured criteria may be used by Azure ad to provide granular decision points you also explored conditional access policies gained knowledge of what these policies are and discovered how the signals you produce when interacting with the network can trigger these policies you also explored how you can configure these policies so that they prompt a user to make a change such as to a password or update a device following this you explored the benefits of azure aent roles learning about the templated roles available in Azure ad and in which instances they are applicable within this section you also learned what a custom role is and why someone would consider using it and explored the practice of controlling access based on roles you gained insights into what roles are how they fit into a larger Network and which roles are associated with which domain you now know that Azure ad is a comprehensive tool for protecting your organization you then continued your journey by focusing on role-based access control and how you can use arbac to take a uniform approach to enforcing security you may recall that conditional access policies are tuned to a host of signals to ensure that you can manage access safely remember that in addition to providing the ability to subdivide assets and workers Azure ad also provides a host of good practices and built-in tools that can Aid you in creating a strong security posture the fin final section this week introduced you to several important topics that described how identity management is structured you first focused on identity security and explored how organizations manage employees through various roles remember within the identity life cycle an employee will only exist in one state after starting work you also explored the concept of privileged identity management or Pim Pim is applied to identities with privileged access to resources that need stricter security it's crucial to remember that when an employee gains sufficient access to influence many resources their access point should be closely monitored as a compromised privileged identity can pose a risk to an organization next you investigated entitlement management learning how the mechanism of access reviews AIDS Management in overseeing the Privileges that have been granted to an employee you took a deep exploration of pin's various characteristics and discovered how it links to your earlier discoveries regarding the access life cycle you continued your week with an exploration of Microsoft's identity Protection Service you discovered how the service operates using signal analysis which then categorizes its users and highlights any risks to your organization you also discovered how Microsoft uses a threat intelligence learning model to identify users activity patterns you should note that the identity Protection Service is available to Microsoft clients through the Azure ad premium P2 license lastly you took a closer look at the many benefits and best practices for identity governance these best practices focused on using Azure ad to effectively manage access you studied how to manage user access through solid identity management and the best practices for accessing company Resources by application and devices with the knowledge gained this week you are now equipped with the tools to take on the study checkpoint keeping up with the ever Evol solving software and applications that are available will be a challenge but by continuing your Learning Journey Through the various tools available to you in this course and evolving to the current cyber security Trends you can remain at The Cutting Edge of cyber crime in recent times the frequency and complexity of denial of service or dos attacks and distributed denial of service or dos attacks has increased these attacks can cause severe damage to organizations disrupting their operations and often causing Financial losses to combat this threat Microsoft Azure offers a comprehensive DDOS protection solution in this video you will learn more about dos attacks and how dods attacks grew in response to the initial defenses against them you will also explore different types of Dos attacks which can be distinguished by the part of the network that they target finally you will gain insight into the different Azure ad based solutions to these attacks first let's examine dos and dos attacks in more detail in recent years there has been a noticeable shift in how organizations structure their architecture for example a hybrid solution consists of some on premises resources configured with a cloud hosted resource store as your on premises and cloud-based resources interact to provide a front-facing service for your customers it results in an increase in traffic this has led to an increase in the surface space from which cyber criminals can launch an attack one such attack is a Dos attack where a hacker attempts to overwhelm the resources for your application by making repeated requests from your network excessive traffic can lead to your service becoming slow or unresponsive initially organizations combed dos attacks by identifying the IP address of the requestor making the attack ineffective these attacks have since evolved into a dods where the hacker commands many IP addresses which are used to bombard your system there are three types of Dos attacks firstly volumetric attacks are achieved by flooding the network with legitimate traffic consuming all bandwidth you can measure this type of attack in bits per second next protocol attacks are aimed at the server and involve false protocol requests to Target the infrastructure this impacts how the network layer or layer three and the transport layer layer 4 communicate you can measure these attacks in packets per second finally resource layer attacks focus on web application packets disrupting data transmission between hosts it is important to be aware of the dangers posed by these attacks to mitigate potential risks you can use Azure to protect your network by analyzing incoming traffic and discarding anything that looks like it might be part of a dods attack Microsoft Azure provides various dods solutions that you you can use to protect your network infrastructure let's examine them in more detail Additionally you can use Azure to scale up resources and increase your capacity during an attack with scaling you can maintain your organization's efficacy while identifying and eliminating the risk Azure provides three services to protect against dos attacks firstly there is default dos infrastructure protection it is included with a free package at no extra cost and provides continuous monitoring and mitigation of traffic on your network next is Dos Network protection which is a more advanced service available under service level agreement or SLA it is designed to work with best practices which Microsoft can advise and direct you to enable dods Network protection offers several advantages over the default infrastructure level dos protection including additional features such as logging alerting and Telemetry this enables you to gain more comprehensive insights and monitoring capabilities to better detect and respond to Dos attack attempts finally there is Dos IP protection which is a paper protected IP model this granular feature enables you to select which end points to protect and can help to offset costs by only protecting critical resources it contains the same core capabilities associated with DOs Network protection but with some additional features such as dods rapid respon resp support a dedicated division at hand when a Dos occurs this results in a quicker turnaround than the other options another feature is cost protection which can limit The Fallout from an attack dos IP protection may offer discounts on web application firewall or Waf usage awaf helps protect web applications from various cyber threats and could provide additional layers of security when integrated with DOs IP protection in this video you learned about dos attacks and how they have evolved into dos attacks you also learned about the three types of dods attacks the various Solutions available in Azure ad to combat them and the licensing and payment models they are included with with Azure dods protection you can focus on your business and not worry about the effects of Dos attacks a well-designed firewall acts as a critical security barrier for your data and resources examining incoming and outgoing data to protect valuable assets from unauthorized access by now you've learned quite a bit about how firewalls accomplish this important task but there's more to it than simply creating rules to manage traffic flow through your network it also considers factors such as scalability high availability and other factors to ensure comprehensive security for your Azure environment over the next few minutes you'll deepen your understanding of firewalls by exploring best practices for configuration the features associated with a secure Central firewall implementation and how firewalls can contribute to strong security posture that supports segmentation first let's examine a brief overview of azure firewall Azure firewall is a cloud-based service that is centrally managed and designed to protect your Azure virtual Network in this context managed means that Azure as the cloud provider Bears the responsibility of ensuring the firewalls effec iess overseeing its day-to-day operations and maintenance so what responsibilities do you have and what control can you exert over this service well you can enhance security significantly by implementing a few best practices in the firewall configuration for instance while it's true that an Azure firewall can be deployed on any network best practices recommend creating a central Network and routing all additional networks through this principle one firewall s extend beyond regulating traffic entering and leaving an application they are also used to enforce segmentation and can be applied to each individual virtual Network this ensures that traffic is not only restricted in and out of applications but also between resources this is achieved by limiting the bandwidth of IP addresses that are allowed to access an area or application for example a network exclusively dedicated to hosting a firewall can act as a Central Gateway for filtering traffic rather than setting up a firewall for each Network all traffic passes through the Central Gateway first what's more this can include on premises traffic before engaging with cloud-based resources or the internet in general by configuring your network this way you gain several key advantages but that's not all there are several key features that further enhance the capabilities of azure firewall as with many cloud-based resources Azure firewall offers the inherent advantage of scaling up based on traffic demands the advantages of scalability depend heavily on the nature of your business for example an organization that conducts a seasonal trade or experiences traffic Peaks will place greater emphasis on scalability than an organization with a steady more measured access pattern Microsoft takes the responsibility of ensuring constant Network availability to achieve this failover safety measures are implemented that maintain red instances across various geographical locations failover means that if an issue that affects your service delivery arises Microsoft ensures that a backup takes the slack with configurability and filtering you can customize the firewall and apply filtering based on various criteria including IP addresses ports protocols and fully qualified domain names or as it's known fqdns this granular level of filtering allows for for precise traffic management which means you can exclude General domain names such as social media sites administrators can control external threat actors more effectively by choosing specific ports or protocols source and destination Network address translation capabilities or snat and dnat facilitate communication between the internal Network and the external World snat ensures that outgoing traffic from the virtual Network appears to originate from a single public IP address while datat translates incoming internet traffic to the appropriate private IP address within the virtual Network this translation and filtering process facilitates seamless and secure communication between the virtual Network and the broader internet while a destination typically has just one IP address Azure firewall allows multiple IP addresses to be associated with one destination Microsoft threat intelligence is a service that collects evidence of cyber attacks and hacking activities this can help with load balancing traffic segmentation and outbound communication this data is processed by the Microsoft intelligence team to create actionable insights these insights are then integrated into various Microsoft services like Defender and Sentinel allowing these systems to learn from a wide range of attacks even if they weren't directly targeted at a specific organization this collective learning enhan en es the security of organizations using Microsoft Services finally integration with Azure monitor AIDS in analyzing and monitoring traffic both a preventative measure and a means of sealing future vulnerabilities through the insights gained these key features of azure firewall further Elevate its capabilities by understanding the significance of a centrally managed firewall and embracing key practices such as deploying it on a central Network and leveraging segmentation you can Empower your network with a unified streamline security approach having delved into the best practices of firewall configuration and understanding the features of a secure Central firewall implementation you may be wondering what's next this video delves deeper into Microsoft azure's firewall offerings including basic standard and premium service plans to further embed your understanding of firewalls by the end of this video you'll have more insight into the practical application of firewalls and will be able to discern when a specific option is preferable a firewall is a key element in any defensive strategy like Old City walls it fortifies a network and directs traffic to a few heavily guarded access points the Azure firewall is a cloud-based implementation that allows you to protect your virtual assets it meticulously monitors and filters packets traversing your network enhancing security while simplifying traffic flow azure offers three firewall options Azure firewall basic is well suited to medium-sized businesses with few virtual machines and low data throughput typically it handles less than 250 megabits per second Azure firewall standard on the other hand is a more advanced offering designed for companies with high throughput and fluctuating traffic volumes accommodating both low and high peak times it includes scaling allowing a company to acquire more bandwidth when traffic is high and can handle traffic volumes of up to 30 gbps it offers protection from OSI layers 3 to 7 which covers the application to the network layer additional extras include threat intelligence domain name system or DNS proxy and web categories threat intelligence used for threat detection is derived from Microsoft's threat intelligence feed this feed Aggregates information from diverse sources including Microsoft's security team and under goes regular updates finally Azure firewall premium provides comprehensive cover for organizations with sensitive data such as banking information or Private health records it boasts Advanced threat detection capabilities and can handle a throughput of up to 100 gigabyt per second with various options available how can you determine the best plan for your organizational needs to help make an informed decision let's delve deeper into the features the standard and premium plans offer enabling the Azure firewall standard package provides a set of essential features to enhance your network security it lets you identify and filter malicious actors using fully qualified domain names also known as fqdns IP addresses or URLs it also provides a DNS proxy but what does this mean exactly to understand the benefits of this feature let's first understand what a DNS is DNS is short for domain name system and as the term suggests it represents a named location for a website DNS resolution is when you map the DNS to an IP address this is like converting a postal address to a post code a DNS proxy will cach the results of these requests so that subsequent requests can be read before querying the name online this speeds up DNS resolution the intermediatory can block malicious domains and the junction where cont content is filtered web categorization is another feature of the standard package which allows you to block content based on categories this can be used to enforce company policies like preventing access to social media sites so quat sets Azure premium apart from the standard edition Azure premium offers two additional features that can bolster a company's defense the first is TLS or transport layer security inspection which decrypts incoming and outgoing information inspecting it for malicious content using certificates it can verify the authenticity of communications between two applications any information found to be suspicious is not forwarded to the destination preventing potential harm the second is a robust intrusion detection and prevention system or idps that facilitates the monitoring logging reporting and blocking of malicious actions it provides rapid detection by identifying bites sequences that are known patterns for malicious agents Azure premium provides access to sequence patterns for actual malware command and control exploit kits and various forms of malicious activity setting itself apart from other firewall additions it employs over 50,000 rules associated with 50 categories in identifying these threats in addition to monitoring tls-based interactions it conducts thorough scans of all ports and protocols used to in non-encrypted traffic each signature can be configured to disable alert or deny making the idps feature flexible to your needs if a signature produces a false positive due to a known characteristic of an organization's application it can be demarcated this customization helps eliminate overly frequent false warnings which can generate a lot of noise and a log having examined the three tiers Microsoft offers you should now possess a more developed understanding of the distinct features each tier brings to the table this deeper Insight empowers you to make informed decisions based on your specific needs and preferences when a resource is accessed externally from a network you can call the public IP address and access the resource you can choose an appropriate port and use an appropriate protocol to make the request enabling this mechanism also presents a wouldbe hacker with an opening to attack your system in this this video you will learn how you can use Azure Bastion to strengthen this point of entry into your system you will also learn about just in time access a good practice metric that you can apply to your system to further strengthen your security posture first let's examine granting external access using remote desktop protocol or RDP and secure shell or SSH you can reduce accessibility to your network by configuring the firewall and creating network security groups or nsgs and introducing filtering and exclusion rules however you also need to ensure that your network is accessible to the appropriate authenticated external entities a traditional approach for granting external access to Virtual machines or VMS is to use the RDP or SSH protocols typically the reserve ports for this entry are 3389 and 22 respectively like a window or door in your home RDP and SS H are points of weakness in a system as they offer a potential hacker a point of entry to gain entry to a system hackers are known to attempt methods including fishing attacks for passwords Brute Force attacks for common passwords and man-in-the-middle attacks and other vulnerabilities that arise as the technology matures your operating system typically determines which approach you use with RDP most commonly associated with Windows and SSH with Linux operating system now that you are aware of the potential weaknesses of RDP and SSH let's explore how you can use Azure Bastion to strengthen your external access Bastion is a fully managed platform as a service or P that you can provision to communicate safely with your VMS once logged into Azure ad a user must clear some nsgs before requesting access from Bastion then they are authenticated through Azure Bastion and again through another NSG before they are granted access to a VM basan is fully managed by Azure which means that Microsoft is responsible for patching and maintenance it provides a secure means of accessing VMS hosted on the network without exposing SSH or rgp ports or creating an IP address for your vmms as well as covering all VMS on the network it also provides a secure means of accessing any peered networks next let's explore just in time access previously you examined the defense in depth by creating layers of obstacles to prevent direct access to your VMS another layer that reflects a strong security posture is enabling just in time access Defender for cloud facilitates a lockdown that always prevents all access to Ports outlined in the configuration therefore to prevent access using RDP you must configure a policy to deny access to Port 3389 when access is required to these ports you must expressly specify them with a lower priority number and apply a time constraint recall that a lower numeric value indicates a higher priority just in time access enables you to exert greater control over who can access a resource and how they can access it primarily you can configure just in time access for assets that are of high value to a hacker therefore when a user wants to gain access they must first make a request it is considered good practice that this request notifies a group of responsible employees that access is required the request must include a justification as to why the user requires access to this area of the network this provides a mechanism through which you can apply additional monitoring to various resources when you create a VM you can Implement a policy to ensure that just in time access is required and list who is notified when a request is made you can configure outbound and inbound rules to determine which Port is used how long the port remains open and an approved list of permissible IP addresses to access this resource before enabling access to a VM Defender checks the users aure ro-based access control or arbac permissions to access that given machine after the arbac is verified Defender configures the NSG and Azure firewall to enable access from a verified IP address r to a given port for a prescribed time period when this period elapses the previous no entry rules are reinstated and access to all VMS is denied in this video you expanded your knowledge of how to protect your network resources you examined the potential weaknesses of RDP and SSH and how you can use Azure Bastion to create an initial safe entry point to connect with your existing resources and strengthen your external access you have gained an understanding of how ports IP addresses and protocols connect with the resource and why they must be safeguarded understanding a company's Cloud security posture involves evaluating its strategies for detecting preventing and mitigating online threats in the past few weeks you've delved into various Microsoft services to equip yourself with the knowledge needed to confidently navigate this landscape tools like Microsoft Defender secur scores security benchmarks Bastion and Security baselines in Azure have been part of your toolkit alongside you've explored Essential Best Practices like multiactor authentication just in time access and just enough access threats to an organization and methods for combating them are always evolving some threats involve exploiting new attack vectors also known as zero day attacks While others are achieved through exploiting a known vulnerability now now let's deepen this understanding by delving into Cloud security posture management these vulnerabilities can occur because the latest patch was not implemented or due to a misconfiguration of the system Cloud security posture management or cspm for short is the suite of tools that are available for you to strengthen the management of security implemented by your company as an aspiring cyber security specialist you must be informed of the different metrics tools configurations and potential threats they defend against many of these are related to mitigation offsetting any attack as quickly as possible after it occurs this is why Microsoft has created a host of services that when configured correctly will automatically alert designated people when a vulnerability or breach has been discovered cspm is about efficiently using these tools to remain Vigilant to the potential dangers open to your system now let's explore a few key Concepts that underpin the value offered by cspm the first is implementing the key principles of the zero trust model as the name suggests zero trust means holding a healthy suspicion of all identities regardless of how they access the system while a traditional approach to network security would consider the checks on Entry sufficient the zero trust model Advocates further monitoring of identities on the system and a real-time analysis of their actions for any sign of inappropriate behavor Behavior realtime risk scoring is another crucial component that involves continuously evaluating entities and devices in the system the risk scoring is computed on properties associated with The Entity such as location device health established access patterns and user Behavior additionally it considers the nature of the information the identity is accessing if an identity starts accessing sensitive information in a manner outside of their normal access Behavior it triggers an alert this prompts designated it Specialists to investigate and determine if preventative action is required threat and vulnerability management or TVM for short relates to comprehensively understanding the systems strengths and weaknesses you're likely familiar with the common phrase knowing the attack surface which refers to vulnerable areas within the company an example of such vulnerability is the secure shell protocol specific specifically Port 22 that provides a means for external control over a virtual machine Bastion a product of TVM addresses this potential access point by wrapping it eliminating the need for an internet facing IP address that attackers might scan for using an openport scanner TVM looks beyond individual elements like this offering a holistic view of the entire system and considering how the interactions of the various components might create potential access vectors finally cspm relates to a comprehensive approach to Security Management that includes modeling the potential threats in conjunction with other tools these tools include vulnerability scanning penetration testing security risk assessments security controls implementation or compliance auditing evolving threats are constantly bombarding cyber based resources giving rise to new attack vectors and Innovations to circumnavigate defensive structures fortunately Innovative defense strategies such as cspm highlighted in this video are actively deployed and response to these challenges but cspm goes beyond the types of attacks or tools used to defend a system it emphasizes the mindset needed when constructing a defensive posture on that note it's important to remember that you must think not only of current threats but of the potential future threats and how best to prevent them through the use of its continuous monitoring capabilities Microsoft Defender can detect and underline potential threats to an organization's security posture this video will demonstrate how it provides Advanced detection capabilities continuous monitoring compliance suggestions and reviews Microsoft Defender is a prominent Cloud security posture management or cspm tool that protects Cloud on premises or hybrid environments Defenders comp prehensive defense strategy focuses on three key areas continuous assessment strengthening security and defensive capabilities a cyber analyst's job is never done once defenses are correctly configured every aspect must be continuously monitored in real time to ensure that no breach has or can occur Defender Works to strengthen the security of the organization's devices and systems it goes beyond basic security by strengthening security measures and interactions between different devices this makes it more challenging for cyber threats to infiltrate the network or infrastructure Microsoft Defender not only identifies security threats but also takes proactive actions it can actively respond to and resolve any active threats detected on protected resources this includes automated or manual actions providing organizations with timely alerts and the means to mitigate potential harm so in addition addition to being a proactive cspm tool Defender also safeguards Cloud workloads this protection extends to a range of network assets including storage Computing and communication devices so now you might be wondering how exactly does Defender work to fulfill this vital role to put it into context think of Defender as a central hub for establishing a strong security posture it provides a single unified platform where different Services can be configured for protecting workloads and adhering to regulatory requirements what more it assesses and mediates events by applying Azure policy which consists of a set of rules designed to enforce specific company priorities another important service that Defender provides is hardening let's explore what this means as you've learned a sub network security can be enhanced through the use of network security groups or nsgs an NSG will wrap a network and a Associated resources behind an additional protective shield composed of inbound and outbound rules however there are instances where exceptions may be necessary when creating these rule sets Defender examines the implemented policies and rules exceptions to identify those that are no longer required the rationale behind this is to close potential loopholes that might have been left open for convenience thereby preventing potential vulnerabilities this practice is known known as hardening as it strengthens the virtual perimeter Microsoft Defender offers different solutions including one tailored to protect Office 365 endpoints and iot devices Microsoft Defender for cloud is geared towards cspm focusing on visibility by creating an awareness of your current security posture it also offers guidance by suggesting the various elements that can improve your security posture Defender uses a sec score to achieve this assessing the risk status of your resources subscriptions and overall Network and generating a score that reflects the security level the onscreen example displays a Microsoft cloud security score identifying 60 points with 35 points achieved resulting in an overall score of 58% it provides a recommended status indicating completed control of the security best practices that have been completely implemented the example also includes completed recommendations offering a detailed breakdown of Suggestions by item furthermore it generates a py graph illustrating the overall resource Health depicting 1,500 unhealthy resources 1,300 healthy and an additional 215 resources not included in the analysis additionally it generates interactive tables that allow you to drill into each problem area these tables out line the Improvement that can be achieved and quantify the impact on company resources resulting from implementing the suggested changes another notable feature of cloud Defender is its Cloud workload protection this capability allows the cloud to detect address and resolve threats to company resources workloads and services it's important to note that the effectiveness of Defender capabilities and protections depends on the specific plan selected for a given resource and subscription this video highlights the significance of Microsoft Defender for establishing a solid security posture by now you should understand how Defender can identify underlying threats in an organization security posture through its continuous monitoring security and defensive capabilities it provides recommendations on existing policies investigates compliance and outputs a detailed analysis of network resources these insights can then strengthen the network security against future attacks you've explored the functionalities of Microsoft defender in a broader context but how does it practically apply to your resources Defender provides a comprehensive service offering with the adaptability to configure on a per resource basis to demonstrate how this works this video will walk you through how Defender can be harnessed for a specific resource to begin configuring Defender for this purpose navigate to a specific resource from the resource dashboard on selecting Defender a range of options become available for the specific resource like a virtual machine so what do these resource specific options entail let's learn more first of all Microsoft Defender may offer ongoing recommendations to enhance the security or performance of the selected resource the security alert feature lets you view any alerts or notifications related to the resource providing insight into potential security threats or breaches just in time or jit access control options may be available allowing you to control and restrict access to the resource as needed you can access detailed information about the resource including configuration details usage statistics and more the severity score indicates the criticality of any security issues or alerts associated with the resource helping you prioritize actions finally you can view a comprehensive list of security incidents and alerts related to the selected resource helping you Monitor and respond to security events it's important to note that recommendations come with additional information in addition to the severity score Defender offers insight into the issue and proposes possible solutions moreover you can select the recommendation item and decide whether to exempt the recommendation from the score drill into the policy definition or open a query one option is to exempt or disregard the specific recommendation related to the error from affecting the overall security score you might choose this if you believe the error is not critical or if you have an alternative mitigation strategy in place another option is to drill into the policy definition this means you access the detailed configuration settings and parameters of the security policy that governs vulnerability scanning this allows you to review and adjust the policy to ensure that vulnerability scanning is correctly configured you can also open a a query in this context a query typically refers to running a search or inquiry within the defender system to gather more information about the error this can help you identify the root cause of the vulnerability scanning issue and take appropriate corrective actions if you choose to drill into the policy definition you can configure the policy under several criteria the basics section typically includes fundamental settings and information related to the policy it often covers ENT details such as the policy name description and Target scope which refers to resources the policy applies to in this section you usually set up the basic framework for your policy the advanced tab contains more in-depth and fine grain settings for the policy it allows you to configure specific parameters and conditions that govern the behavior of the policy this section allows you to customize the policy to meet your organization's security or compliance requirements in the parameters section you configure specific criteria and conditions the policy should check for for example suppose the policy is about vulnerability scanning in that case you might Define the criteria for what is considered a vulnerability including severity levels common vulnerabilities and exposure identities or other attributes then in the remediation section you define actions to take when the policy detects non-compliance or security issues this is where you set up automated responses or instructions for addressing violations remediation actions might include isolating a resource triggering an alert or initiating a workflow to patch or update software you also have the option to configure non-compliance messages or notifications that should be displayed or sent when a resource is found to be non-compliant with the policy these messages often inform administrators or users about the issues and the steps they should take take to rectify them note that scope and policy management refers to the resources or assets the policy applies to this can include specific virtual machines servers databases or other resources subject to the policy's rules and checks you can specify the scope to include or exclude specific resources ensuring the policy is applied where needed in this video you delved into the various resource specific options Microsoft Defender provides from recommendations and security alerts to jit access controls and detailed information Defender equips you with a robust set of tools for enhancing the security and performance of your resources building on your exploration of Microsoft Defender and its practical applications for securing individual resources it's time to discuss another crucial aspect of fortifying your organization's cyber security posture in this video you'll focus on the instrument m al role of the Microsoft security Benchmark this Benchmark also known as mcsb serves as a Cornerstone for organizations seeking to implement microsoft-based products with a structured and secured approach a company can create policies that are tailored to their unique needs but they can also borrow from the experiences of other companies mcsb is a central source that documents every policy advancement that Microsoft develops through experience with different products this video will include a sample product with a breakdown of the various aspects of that policy you will tie this new knowledge with what you have already learned showcasing how Microsoft Defender uses these policies when evaluating a company's security posture the Microsoft security Benchmark is a comprehensive framework providing organizations with best security practices and guidelines for securing their Microsoft based products and services it covers various security domains with specific recommendations controls and configurations for each domain covered you can find a list of standard best practices to implement these are the security baselines that the administrator of that sector should Implement many organizations leverage Microsoft Azure for deploying and developing their services seeking optimal security standards Microsoft security Benchmark was developed for this purpose this comprehensive set of security best practi and guidelines for protecting systems and data ensures that Azure users are informed about the security and potential harms of the cyber world the benchmarks are primarily a cloud Centric take on security and include the fundamental Baseline configuration an organization should consider when embarking on an online cloud-based service adhering to these baselines will give an organization a sufficiently strong security posture mcsb includes a reference to to the control domain the control domain is a conceptual framework that encapsulates and categorizes various security related features settings and practices within the Microsoft ecosystem providing a structured approach for evaluating and enhancing security configurations and policies the control domains include many important topics covered in this course including network security data protection identity management privileged access incident response and endpoint security to name just a few the recommendations include reference to Industry standard recommendations such as the center for Internet Security or CIS the National Institute of Standards and technology or nist and the payment card industry data security standards or PCI DSS Frameworks these are all internationally accepted and accredited industry best practice standards in incorporating them from diverse indust Ries Microsoft creates an insightful how-to guide each control domain receives specific recommendations appropriate to that area network security has 10 recommendations beginning with establishing Network segmentation boundaries and ending with Ensure domain name system security each recommendation begins with a suggestion then expands to discuss the reasoning behind the requirements and include some concrete implementation tips the resource is further supported with links to further information this ties into what you have already learned about Microsoft's Defender with this understanding of the Microsoft security Benchmark and its role in shaping security policies Let's Zone in on how these policies can be practically applied as a reminder a policy is a set of rules governing resource interactions which reflects an organization security posture grouping these policies creates an initiative representing the method ology through which a company implements its security goals Defender encompasses all these initiatives and conducts frequent scans of company resources providing an opportunity to apply these initiatives to a manageable scope a cyber security analyst can use initiatives created for Microsoft security Benchmark or apply company specific ones designed with the company's unique interests in mind the mscb covers a broad range of areas many of which have been covered in this course including topics such as identity and access management or I am data protection Network Security application security and monitoring and logging let's move on to explore an example of an initiative that highlights the features that are included in a recommendation the control ID allows you to link it back to the mcsb and includes a control description outlining the purpose of the recommendation the feature provides insight into how you can meet the requirement IR ments the feature description gives a highlevel overview of how the feature links with the offered product in this case it discusses the storing of keys in Azure key Vault Microsoft has many features though some have to be specifically enabled configuration guidance directs you to an external Source where various configuration details are outlined in addition there is a table that outlines the policies available for that service in conclusion the Microsoft security benchmarks and security baselines serve as invaluable resources in Cloud security they Empower organizations by providing a handbook of good practices for implementing cloud-based applications providing a solid foundation for robust cyber security practices this video showcased how these Frameworks stand as functional references to Aid an organization in quickly selecting the best policies and as a reference for micros roft Defender when evaluating policy regardless of size all organizations are susceptible to security threats and attacks the core of every network security program is its ability to monitor collect data assess any threats and promptly deal with these threats over the last few weeks you have been continuing to increase your understanding of cyber security however when an organization receives data through its Network how do you think a cyber security expert handles this data by manually analyzing every data packet given the time this could take it may be too late to stop an attack this is where the Brilliance of sim and sore come into play this video will take you through the concepts of sim and sore and deepen your understanding of how these two resilient tools used by cyber Specialists are adding a vital layer of security to organization's networks let's begin with security information event management or SIM for short this system system can pull in large amounts of data points from a variety of sources it then Aggregates and sorts this data to identify any patterns a typical data input could be logs threat intelligence endpoint data Etc Sim then further links these various data points with any previous events it is important to remember that there could be a massive amount of data points fed into the system and as previously stated manual analysis takes time automating the process through through Sim leads to a more comprehensive analysis and detailed investigation when an event is detected Sim provides realtime monitoring and upon detecting an event SIM can then provide actionable intelligence for the Specialists to use sim can even be configured to offer intelligence feeds so that it gives insights into current threats by linking this information with the logs gathered Sim is kept up to date SIM can also be configured to include actions from users on the system system for a holistic view Sim is an efficient method for the detection of events but it's only half the battle once Sim raises an alert and creates a case report SAR comes into play security orchestrated automated response or sore for short is the next stage of the process sore is an incident response implementation system if the Sim system finds an identifiable pattern the sore system initiates the response this might be shutting down a system or denying access to a particular user Sour's intelligence lies in the fact that all of this takes place automatically but automation can only happen when the attack has occurred before or the pattern clearly and correctly identifies the problem and links it with a known solution however not all threats can be neatly linked or have occurred before when a zero day event is detected SAR presents the information to a cyber analyst this analyst then creates information on the case and Endeavors to guide the system to the correct solution a sore system is constantly evolving so with each new incident detected the information of the case is logged and used in later event detections together Sim and SAR comprehensively guard your network resources you can think of sim as the Monitoring Center at the heart of the building while sore is the rapid response unit sent to deal with an incident but how do these approaches work in reality let's imagine an organization who is using Microsoft Sentinel to analyze data in real time from both on premises and Cloud settings Sentinel is a perfect example of a Sim service during data analysis Sentinel detects a spike in a virtual machine and raises an alarm this alarm is sent to sore for Remediation in this instance the notice could be sent to Microsoft flow or Azure logic apps for an automated response upon receiving receiving the alert the sour system triggers A preconfigured playbook execution causing the isolation of the machine which blocks incoming and outgoing traffic upon resolution of the incident a report generates highlighting the event action taken and suggesting several lessons to be learned this video developed your understanding of two crucial cyber security Concepts SAR and Sim you have now learned how Sim monitors and alerts upon the occurrence of an incident while SAR is the system that takes action to remediate this incident with virtual environments continuing to develop new technologies and methods of engaging with the world are opening up a variety of new threat vectors for hackers but these new methods also present opportunities for cyber Specialists to create newer and safer environments for organizations to ensure effective management of an organization's network security it's essential to have tools and systems that integrate the two critical elements of cyber security that you explored earlier security information event management or Sim and security orchestrated automated response or as it's also called SAR Microsoft Sentinel is an efficient tool that provides intelligent security analytics and threat intelligence all in one place it's a cloud native Sim Source solution that delivers intelligent security analytics and threat intelligence across an organization and offers a single solution for alert detect ction threat visibility and threat response this video will guide you through Microsoft Sentinel exploring its functions and how it delivers simur Solutions let's begin by examining the fundamental tasks that Sentinel carries out by combining Sim and sore capabilities Sentinel is a centralized system that monitors various inputs such as logs endpoint activities intelligence reports it also identifies patterns raises alerts on event detection and offers potential solutions to mitigate the thresh essentially Sentinel has four main tasks that it performs first is collection as a central source of monitoring Sentinel needs to be configured to be aware of all system users devices applications and other network resources with access to logs and other system outputs that may be generated next is detection Sentinel has many detection capabilities these comprise of threat intelligence standard user Behavior anomaly detection and Uris sixs Sentinel uses a combination of approaches to detect and identify patterns associated with known hacks whilst also keeping an eye out for any abnormal behavior that could indicate an attack such as a Black Swan attack these attacks are particularly difficult to combat due to the lack of available information on them Sentinel also employs machine learning to detect malicious activities using Microsoft's labeled data this investigation consists of grouping abnormal actions based on their relevance and then marking them accordingly before applying a variety of severity levels it's a collaborative effort between a cyber security analyst and Sentinel generated intelligence reports Sentinel will also enhance data with additional enrichments derived from collected data and intelligence reports available to the system last up is respond having conducted the investigation which is usually automatic or orchestrated with a human Sentinel takes action this can be a host of responses including raising awareness or restricting access for infected users and resources as you've witnessed Microsoft Sentinel can be an enormous asset to the endtoend security of your organization but there are also some key features that you should be aware of Microsoft Sentinel comes with a large range of connectors that are configured for easy integration with Microsoft products such as Office 365 Azure ad Etc there is also a large community of support that has developed additional connectors to many non-microsoft products once you have connected your applications with Sentinel you can begin monitoring them with Azure monitor workbooks this includes functionality for data visualization and analytics while generic templates for workbooks are available you can also create custom workbooks as required next is analytics analyzing data is a collaborative task with Sentinel once Sentinel analyzes the data it then correlates any alerts into incidents if an incident is considered a Potential Threat it will require first an investigation and then mitigation incidents are learned events created from the machine learning rules based on Microsoft learning from experience there is an additional feature in Sentinel that even allows you to create your own incidents this enables Sentinel to adjust to your specific needs automation of your responses is done in the Security operation Center or sock it's integrated with Azure logic apps which enables automation of responses an automated response is added to the security Playbook which can be configured to generate a given response in the face of an incident operating in this fashion can save considerable Time by making mundane repetitive tasks the responsibility of the system which can free up the it support for other work sentinel's powerful hunting ability can be completed through search and the tools that are based in the miter framework which as you may recall is a globally accessible framework which contains a comprehensive knowledge base that cataloges the tactics techniques and procedures used by threat actors during cyber attacks it helps cyber Security Professionals understand and respond to adversaries behaviors and improve defense strategies within the miter framework you can find related attacks and insights into how these attacks might Manifest this initiative is Comm Community Based and allows you to bookmark share and contribute to the understanding of existing attacks in this video you explored the inner workings of Microsoft Sentinel discovering how it functions its capabilities and how it can enhance an organization's simor Solution by providing a comprehensive cyber security solution that detects and responds to threats it minimizes disruption to your organization as you have already discovered Microsoft oft Sentinel is a powerful tool that enhances your organization's security by providing real-time threat detection incident investigation and automated response capabilities by leveraging the capabilities of azure it can offer a comprehensive and customizable solution for security monitoring this video continues that journey by introducing you to several Sentinel functionalities including creating a workspace and configuring data connectors it will also explore some of its features including threat management content management and configurations but first have you ever wondered how to get Sentinel on your device the installation process begins by navigating to Microsoft Sentinel through your Azure portal and either searching within the search bar or selecting it from the available Services when Sentinel opens simply select the option to create Microsoft Sentinel then select create a workspace this work space stores data points and logs during the analytics process after creating the workspace the next crucial step is to configure it properly to ensure effective monitoring of the required resources the workspace you created is also a log analytics store it provides data for sentinel's insights including all security logs and signals it receives these logs and signals can come from Azure resources iot devices or other Cloud resources Sentinel accesses resources through connectors that can be configured with Microsoft and non-microsoft products connector settings are found under the configuration menu in Sentinel the main dashboard of Sentinel hosts several notable features including General threat management content management and configurations in the general section you can access an overview of Sentinel displaying General statistics and providing access to collected logs it also provides new news and guides on the latest updates available moving to the threat management section Sentinel possesses crucial capabilities for maintaining effective security these include Incident Management for tracking and resolving security incidents analytics rules machine learning models for automated threat detection playbooks for orchestrating incident responses and hunting functionality for proactive threat hunting additionally it also offers tools for monitoring the reliability and performance of The Sentinel workspace next is content management a central hub for organizing and managing security related content here you can access the content Hub a repository containing pre-built security configurations like analytics rules and playbooks it provides organized repositories to streamline content management within this section you can also access the community for sharing security content collaborating with other Azure Sentinel users and enhancing knowledge sharing another feature found within the content section is a range of pre-built security content this includes predefined analytics rules queries dashboards playbooks integration connectors and incident templates incident templates are designed to help organizations quickly set up and streamline their security operations these resources save time improve security reduce complexity and align with best practices however organizations should customize them to fit their needs and environment next is the configuration tab which offers comprehensive features for managing system settings and customizing various aspects of a workspace or application you can use the workspace manager to control a workspace and edit specific details configure data connectors to ingest data from diverse sources Define and customize analytics rules and queries in the analytics section set up monitoring for specific items via watch lists automate processes through the automation section and adjust systemwide settings to align with specific requirements this tab serves as a central hub for tailoring the system to meet individual needs and preferences in the configuration section you can also find data connectors selecting this option will direct you to a centralized Hub that contains a wide range of available connectors ready for installation once you select a connector you will be presented with detailed information about it including price quantity of analytical rules and notes about releases fixes or known issues this video brought you through the functionality and features of Microsoft Sentinel you now have a solid understanding of its features including threat management content management and configurations You Now understand how to configure and utilize Sentinel bringing an added layer of protection to your organization previously you discovered the wonderful advantages of having a centralized identity and management system in place one cited benefit is that access and protection extend to the application the company is developing as well as the suite of services applications and devices used in this video you'll unpack Microsoft 365 Defender Services to help protect your organization this includes what is in the Microsoft Defender Suite package and as well as the various services that are available to protect the different aspects of your system Microsoft Defender 365 provides various sophisticated tools to counter cyber attacks these tools extend to providing detection prevention investigation and response capabilities these defensive capabilities can be leveraged for network resources such as the application communication endpoint and the identities created this is necessary because attackers can spread attacks to all access points in the network this ability to leverage lateral attacks means that there is a need for a tool that can connect an anomaly found with an endpoint with another anomaly found with an identity or another endpoint in the system if a hacker breaches a system several indicators are left to highlight it the challenge is that the Cyber analyst can get overwhelmed by the influx of signals in an effort to present a panoramic view of the system Microsoft 365 defect vender correlates different signals together to coherently identify an alert a record and breadcrumb Trail are collected for that attack which enables tracking down the attacks documenting the effects and providing remediation the in-house cyber analysts then have the option to customize these metrics and reports to suit each instance for each specific company's need now that you have some context as to what Microsoft 365 Defender is let's examine what the defender Suite is made up of The Suite consists of identities endpoints applications and email identities relate to the digital representation of individuals or entities configured to interact with the system Defender adds to the identity protection provided by Azure active directory or specifically the Azure ad identity Protection Service this is used to analyze user Behavior as they interact with the system for unusual patterns or activities the focus here is placed on compromised identities these are genuine identities that are being used maliciously by hackers endpoints are computers or devices connected to a system they may include devices such as laptops storage or computers Defenders act as a unified platform that manages all of these elements it provides comprehensive security and intelligence that pinpoints crossover activity from various endpoints this can Aid in tracking the progress of of a breach this service provides preventative remediation and automated response capabilities next are applications that relate to services or applications these include integrated and configured software programs that interact with your system like software as a service or SAS applications Defender gives you deep insights into these applications by monitoring which ones are being used to perform which tasks specifically Defender is concerned with the data that these SAS apps engage with as you know protecting customer data and Company proprietary data is Paramount for the long-term survival of an organization finally the defender protective umbrella encompasses email along with other file sharing activities within the organization the focus on this facet of protection rests with analyzing links found within emails this protection includes collaborative tools like those used in a production pipeline such as as Microsoft teams one drive SharePoint or Outlook by now you know that there is a huge surface area of attack for hackers to access your system as your business grows so does the scope of protection required to maintain system Integrity Defender offers a suite of protection services covering all domains and risk areas you'll explore these areas in more detail a bit later Microsoft 365 Defender Services include the following branches that specialize in different aspects of your system Microsoft Defender for endpoint Microsoft Defender for Office 365 Microsoft Defender for identity Microsoft Defender for cloud apps Microsoft Defender vulnerability management Azure active directory identity protection Microsoft data loss prevention and app governance note that Microsoft Defender for endpoint Microsoft Defender for office 3 65 Microsoft Defender for identity and Microsoft Defender for cloud apps are the services most focused on at this stage of your Learning Journey in this video you covered an overview of Microsoft 365 Defender and its key features and functionalities you once again realized the importance of a centralized identity and management system and dived into the various areas that Microsoft 365 Defender can be configured to protect emphasis was placed on on protecting network resources such as applications communication endpoints and identities against cyber attacks Microsoft Defender for endpoint is a powerful cyber security platform designed to fortify Network endpoints it gives you security and visibility across your network and helps you manage and secure your assets using integrated workflows these Advanced security measures allow you to rapidly stop cyber threats scale your sec security and eliminate blind spots in this video you'll learn about four core components and how this bolsters security from real-time threat alerts to automated investigation and expert cyber security analysis you'll discover the robust protections Microsoft Defender for endpoints offers for an organization's cyber security needs but what exactly is it Microsoft Defender for endpoint is a platform designed expressly to enable organizations to strengthen their Network end points it comprises four components namely prevention detection investigation and response endpoint sensors are fed into the application which collects signals from various sources including operating systems workstations servers and mobile devices for each endpoint configured to the system Microsoft Defender for endpoint provides the following protections threat and vulnerability management attack surface reduction Next Generation protection endpoint detection and response automated investigation and Remediation and Microsoft threat experts let's expand upon these Protection Services in more detail threat and vulnerability management is a tool that applies a priority scale to end points first the risk level for a breach is assessed a score is calculated and the user is presented with a report that includes suggestions on improving the endo security this feature makes sense when considering that an organization may have thousands of end points with security levels constantly changing based on new findings system patches and software updates attack surface reduction is a comprehensive approach that includes many elements to mitigate against an external attack some elements of this feature include analyzing configuration for Optimum settings exploiting mitigating techniques such as scanning for malware signal and Consulting known malicious site databases to prevent connecting with these sites and network protection which involves filtering and scanning packets and analyzing IP addresses domains and URLs attack surface reduction reduces Cyber attack vulnerabilities by minimizing potential Avenues of attack this is achieved through measures like web protection it enhances web security by restricting access to specific websites and deflecting fishing attempts Next Generation protection refers to the inclusion of state-of-the-art cyber security measures such as machine learning that uses anomaly detection classification and pattern Discovery to identify malicious activities Big Data analysis which makes use of the results from Big Data statistical analysis from Microsoft data points in the variety of cyber experiences it has engaged with and Cloud infrastructure consisting of measures such as conditional access policies role-based access and modern authentication methods before allowing access to the system with Next Generation protection applied to your end points this increases the awareness of attack signatures already witnessed in various Fields the next service is endpoint detection and response it provides real-time alerts on sensor data for the immediate notification of an issue this can include identifying when an endpoint has stopped working or has begun to exhibit actions out of of the ordinary with regards to automated investigation and Remediation upon the detection of an alert the system is first configured to consult The Playbook which houses a set of preconfigured scenarios built from previous incidents by comparing the signature pattern the system can automatically determine if the issue has been encountered before and take similar action in such an event the appropriate people are informed following the automatic instigation of defensive means the last protective service is Microsoft threat experts this managed service provides organizations with experienced cyber security analysts to investigate systems together with Advanced tools the analysts can triage a specific incident or investigate a system to ensure it is not compromised they provide a security operations center also called sock to deploy their managing and investigative tools all endpoints are evaluated using the Microsoft secure score for devices this evaluation amalgamates state-of-the-art insights on best practices and applies them to the configuration and the running capabilities of devices included in this are recommendations on best practices to improve the security score Microsoft Defender for endpoints integrates with other Defender Suites such as Microsoft Defender for cloud and InTune giving you comprehensive security for endpoints in this video you learned that Microsoft Defender for endpoints is built to fortify Network end points you learned that there are four essential components which are prevention detection investigation and response these components offer insights into how it reinforces security from realtime threat alerts to automated investigation capabilities and the expertise of Microsoft threat experts the protective arsenal of Microsoft Defender for endpoints equips organizations to address their cyber security imperatives confidently by now you are well acquainted with Microsoft 365 Defender Services you also covered using Defender for Office 365 endpoints and Cloud apps in this video you'll continue along this path by exploring Microsoft Defender for identity specifically you'll unpack its functionality and role within cyber security furthermore you'll gain insight into how Azure active directory retains user authentication information and how Defender for identity uses signals to detect Insider risks and compromised identities then you'll learn about its capabilities in monitoring and alerting across the Cyber kill chain finally you'll get some clarity on how Defender for identity extends its protection to active directory Federation services and identifies domain dominance for now let's start at the top by First Learning how Microsoft Defender uses signals for detection Azure active directory or Azure ad for short retains all user authentication information which includes user login credentials authentication logs access tokens and security related metadata Azure ad securely stores and manages this data to support various identity and access management functionalities such as user authentication authorization and auditing of access events collect itively these data points are called signals signals are the means through which Defender for identity establishes legitimate users and user access Behavior an attack originating from a legitimate user identity may come from Insider action called Insider risk alternatively this may occur through authentication from a legitimate identity that's been compromised through modeling standard normal behavior patterns Defender for identity raises an alert when a user's actions are outside this established Norm let's examine an example consider a legitimate authenticated user who makes excessive download requests from several sensitive data sources alternatively a user might use appropriate authentication requests but exhibit other unusual characteristics such as altering the customary access time frame or changing standard geolocation stamps another reason may be that the user makes a series of authentication requests with various passwords indicating a Brute Force attack Defender investigates suspicious activity across the Cyber kill chain a killchain is a concept used in cyber security to describe the various stages or steps that an attacker typically goes through to execute a successful Cyber attack so in the event of a Fallout Defender provides a breadcrumb information report that outlines how an incident compromised the system for fast triage but how does Defender monitor for potential cyber attacks and issue alerts Defender for identity generates security reports and profile analytics to reduce the probability that a successful attack can be leveraged these reports also suggest best practices regarding identity configuration and security posture practices for example it highlights devices attempting to log on with clear text passwords and other frowned upon practices Defender for identity Prov provides comprehensive cover for identities by extending its protection to active directory Federation services or adfs for short this simply means that hybrid or on premises active directories are also protected Defender for identity is designed to prevent Hackers from infiltrating organizations by protecting all stages of the killchain to carry out such protection Microsoft Defender performs certain actions during the following stages reconnaissance is where Defender for identity deflects any attempts to gather information on a system it does this by identifying suspicious activities that suggest an attacker is attempting to gain insights into a system through signs like unusual behaviors or access patterns with compromised credentials Defender for identity protects against access being leveraged through monitoring attempts to log on an indication of compromised credentials includes repeated failed log on attempts failed authentic ations or a change in user pattern such as altering user groups a multiactor authentication or MFA request is generated when credentials have been compromised lateral movements are about gaining access through one entry point and navigating to other parts of the system Microsoft Defender for identity detects lateral movements by monitoring user and entity Behavior identifying anomalies analyzing peer group Behavior generating alerts for suspicious activities correlating data from multiple sources providing context around activities and enabling security teams to respond effectively to stop or contain threats lastly domain dominance refers to the state where an attacker gains full control and authority over a domain within a network this is often achieved through actions like remotely executing code on the domain controller or using other methods Defender for identity is designed to identify and Alert security teams to such malicious behavior to mitigate potential threats in this video you explored Microsoft Defender for identities functionality within cyber security it emphasizes the role of azure active directory in retaining user authentication data which serves as signals for detecting Insider risks and compromised identities you then learned about Defender for identities capabilities and monitoring and alerting across the Cyber kill chain including its ability to detect suspicious activities and generate security reports Additionally you now understand Defender for identities extension to adfs and its role in identifying domain dominance up until now you've been learning about the components that make up Microsoft Defender recall that the Microsoft 365 Defender Suite consists of identities endpoints applications and email you then learned about the many services offered which each Target and protect a certain area of an organization system in this video you'll learn about the capabilities of Microsoft 365 Defender portal by exploring the Portal's interface you'll discover that the defender portal provides a unified view for triaging incidents let's first establish what the purpose of this portal is the Microsoft 365 Defender portal serves as a centralized platform that combines multiple Security Services to provide comprehensive protection with prevention capabilities detection investigation and response across various aspects of an organization's digital environment this includes safeguarding against threats in areas such as email collaborative tools user identities devices and Cloud applications Microsoft offender has grown in response to various threats that are leveraged against different aspects of the Cyber side of an organization recall that Defender has the following components of which the first four are the primary Focus Microsoft Defender for endpoint Microsoft Defender for Office 365 Microsoft Defender for identity Microsoft Defender for cloud apps Microsoft Defender vulnerability management Azure active directory identity protection Microsoft data loss prevention and app governance each component of Defender protects a different domain a cyber analyst who triages an incident may have to focus on these different domains to isolate the the breadcrumbs left by an intruder by combining these services within the Microsoft 365 Defender portal organizations can establish a unified security framework that addresses a wide range of cyber security challenges this makes it easier to protect sensitive data detect threats investigate incidents and respond effectively to security breaches the Microsoft Defender 365 portal can be found by navigating to the security app in your admin Office 365 menu bar this then redirects you to the defender 365 portal there's a drop-down menu that offers a range of services to choose from any incidents or alerts arising from any of the defender components can be accessed here next you can select incidents which opens a new display that includes a descriptive incident name and unique ID number for later reference each of these incidents can be further expanded to provide details on what actions triggered the incident you are able to also Al review the level of severity ranging from low to high depending on the perceived Associated danger the detection Source refers to the service that identified the incident furthermore you can access information on which identity the incident is targeted at as well as an incident timestamp the defender portal also enables a user to triage the incident by selecting the incident it is possible to assign a user to investigate it there are also classification options to group incidents the alert section has similar functionality including an informative name ratings and extra information for each alert when selected to further investigate alerts drill into the user or device involved in it then you are able to perform actions to isolate or restrict the actions available to an entity you can also flag an identity to be compromised in this section included in the defender portal is a section on threat analytics here threat analytics provides Intelligence on emerging cyber security threats it delivers insights into active threat actors new attack techniques critical vulnerabilities common attack surfaces and prevalent malware this information equips security teams with the knowledge needed to effectively respond to evolving threats this threat intelligence is sourced from expert Microsoft security researchers to ensure that security teams have access to up-to-date and reliable information it's important to be able to differentiate that alerts are individual notifications about potential security issues whereas incidents are collections of related alerts that indicate a more significant security event or thresh incidents help security teams prioritize and manage their response to multiple alerts allowing them to focus on addressing larger security issues in this video you realized that the Microsoft 365 Defender portal emerges as a formidable solution seamlessly consolidating multiple Security Services to fortify an organization's digital landscape against a spectrum of threats with its components it adapts to the evolving cyber threat landscape safeguarding distinct domains within an organization you learned that this unified security framework simplifies the protection of sensitive data streamlines threat detection empowers efficient incident investigation and enables Swift responses to security breaches by providing a centralized view for triaging incidents it equips security teams with the tools needed to navigate the complex cyber security landscape effectively ensuring the resilience and security of the digital environment great work on reaching the end of Microsoft Security Solutions by getting to this point you should now have a better grasp of the basic security capabilities that Microsoft Azure offers you you also became aware of Microsoft Sentinel and the threat protection that Microsoft 365 Defender provides let's review the key Concepts that you covered you first learned about Azure dos protection where Microsoft Azure provides various dos solutions to protect your network infrastructure you now know that you can use Azure to protect your network by analyzing incoming traffic and discarding anything that appears to be part of a Dos attack you also learned about the three types of Dos attacks which are DOs infrastructure protection which is the free default solution dods Network protection is the advanced solution and dods IP protection which is a paper protected IP model you considered the various Solutions available in Azure active directory and the licensing and payment models next you explored dos in depth by diving deeper into its rapid response support the degree of protection and best practices next you focused on Azure firewall which is a cloud-based service that is centrally managed and designed to protect your Azure virtual Network specifically you zoned in on the best practices for configuration key enhancement features such as scalability and availability to name a few and how firewalls can contribute to a strong security posture that supports segmentation you then learned about the web application firewall or wff that examines and filters incoming web traffic and identifies and blocks potential security threats you unpack dwaf analysis and implementation its deployment and the benefits that arise from proper configuration next you learned about Network segmentation where similar workloads or network resources are gathered to reside on their own portion of the network the advantages include the Simplicity of keeping track of your various assets unrelated resources are isolated from one another therefore limiting access and that it's easier to apply blanket governance policies to similar assets you discovered virtual Network or v-net peering that establishes a direct and private connection between two v-ets in the same or different regions then VPN Gateway connection differs in that it establishes a secure and encrypted connection between an on-premises Network or an individual device and an Azure vnet you then became familiar with Azure Bastion and just in time access Azure Bastion is a fully managed platform as a service or P that you can provision to communicate safely with your virtual machines just in time access enables you to exert greater control over who can access a resource and how they can access it you also learned about granting external access using remote desktop protocol or RDP and secure shell or SSH but that they have weaknesses like maliciously being used as a point of entry therefore Azure Bastion is preferred because you can create an initial safe entry point to connect with your existing resources later you shifted your attention to Azure Security Management you focused on cloud security posture management or cspm for short which is the suite of tools available to you to strengthen the management of security you examined the cspm key Concepts which include zero trust realtime risk scoring threat and vulnerability management or TVM and threat modeling systems and architectures next you unpacked Microsoft Defender and its Advanced detection capabilities continuous monitoring compliance suggestions and reviews Defender comprehensive defense strategy focuses on three key areas continuous assessment strengthening security and defensive capabilities you learned that Defender for cloud in depth provides you with various resource specific options from recommendations and security alerts to just in time access controls and detailed information Defender equips you with tools for enhancing the security and performance of your resources security baselines for Azure provided insights into Microsoft security benchmarks and security baselines which serve as invaluable resources in Cloud security they provide good practices and are referenced as a handbook when an organization seeks the best policies you next moved on to learning about security capabilities of Microsoft Sentinel which introduced you to the concept of security information event management or Sim and security orchestrated automated response or sore for short you have now learned that Sim monitors and alerts upon the occurrence of an incident while SAR is the system that takes action to remediate this incident together Sim and Sor comprehensively guard your network resources you then learned about Microsoft Sentinel as an efficient tool that provides intelligent security analytics and threat intelligence all in one place it offers alert detection threat visibility and threat response Sentinel monitors various inputs such as logs endpoint activities intelligence reports it also identifies patterns raises alerts on event detection and offers potential solutions to mitigate the threat Sentinel and integrated threat management covered the configuration for importing intelligence threat Imaging and detection and threat visualization you can use geolocation to analyze potential threats Sentinel in-depth showed you how to set it up on a device and introduce the functionality you next moved on to threat protection with Microsoft 365 Defender you learned about Microsoft 365 Defender as centralized identity and management system which provides tools to counter cyber attacks these tools offer detection prevention investigation and response capabilities the defender Suite is made up of identities end points applications and email and offers Protection Services covering all domains and risk areas such as Microsoft Defender for endpoint Microsoft Defender for Office 365 Microsoft Defender for identity Microsoft Defender for cloud apps Microsoft Defender vulnerability management Azure active directory identity protection Microsoft data loss prevention and app governance next you examined Microsoft Defender for Office 365 which is targeted specifically for collaboration tools such as Microsoft teams SharePoint or one drive this service includes threat protection policies reports alerts and response automation you discovered that Microsoft Defender for endpoint is a powerful cyber security platform designed to fortify Network endpoints it consists of four components namely prevention detection investigation and response it gives you security and visibility across your network and helps you manage and secure your assets using integrated workflows you then moved on to Defender for identity that uses signals to establish legitimate users and user access Behavior this is achieved by Azure active directory retaining user authentication information Defender for identity has capabilities in monitoring and alerting across the Cyber kill chain detecting suspicious activities and generating security reports conclude it with the defender portal that is a centralized platform that combines multiple Security Services through a unified view for triaging incidents by completing Microsoft Security Solutions you are familiar with azure's basic security capabilities Microsoft Sentinel and the threat protection that Microsoft 365 Defender provides well done Microsoft's commitment to trust privacy and compliance stands as a foundational pillar of its services from Azure to a myriad of cloud offerings Microsoft Endeavors to not only Foster trust between clients and service providers but also simplify the complex landscape of compliance requirements that differ across Industries and Geographic locations where your data May reside in this video you'll become familiar with the steps taken by Microsoft to demonstrate this commitment you'll focus on the service trust portal a collection of resources that help organizations operate in a secure transparent and compliant manner Microsoft cloud services are built with a view to establish trust between the client and service provider as part of the functionality available from Azure and other cloud services they provide information on compliance for different Industries and geographical locations where your data may eventually be stored Microsoft employs a privacy by default policy this means that privacy concerns are built into services from the onset rather than added as an afterthought an example of this is Microsoft's priva a service for customers to label catalog and examine the various types of personal data that they are managing another example is Microsoft service trust portal or STP let's find out how the STP can Aid a business with information relating to security privacy and compliance aspects of Microsoft cloud services as a central repository for compliance and security documents it covers the following topics compliance documentation audit reports data protection resources trust documents service compliance overview and compliance manager let's go over each of these one by one compliance documentation concerns detailed information on Microsoft's compliance with various industry standards and regulations such as the general data protection regulation or gdpr the health insurance portability and accountability act or Hippa standards of the International Organization for standardizing I ation or ISO and more audit reports are about access to audit reports and certifications related to Microsoft cloud services these reports often include third-party assessments of security and compliance controls data protection resources refers to information and resources related to data protection and privacy helping organizations understand how their data is handled and protected by Microsoft Services trust documents are docu ments and white papers that provide in-depth insights into the security and privacy architecture of Microsoft cloud services service compliance overview is an overview of the compliance commitments and certifications specific to each Microsoft cloud service and compliance manager is a tool that helps organizations assess and manage their compliance with various regulations and standards When using Microsoft Services international law governing the storing and Gathering of personal data is continually changing by the nature of cloud services this data might be stored in a myriad of places around the globe in these different locations there are alternative and differing laws that need to be understood to prevent inadvertently violating them this inart explains the need for the STP as customers need to know where and how their data is being stored on the landing page of the service trust portal you'll find information organized into the following categories the certifications regulations and standards category provides information and documentation regarding the various certifications industry regulations and standards that Microsoft cloud services comply with it includes details on how Microsoft aligns its services with security and compliance requirements such as gdpr Hippa ISO standards and more within the reports white papers and artifact section you can access a we of reports white papers and Technical artifacts these documents offer deep insights into the security architecture data protection practices and compliance controls implemented by Microsoft they serve as valuable resources for organizations seeking to understand the technical aspects of Microsoft's cloud services in industry and Regional resources you'll find resources tailor to specific Industries and regions these resources are designed to address industry specific compliance and security concerns for example Healthcare organizations may find resources related to healthcare compliance while businesses in specific regions May access materials addressing local data protection laws and the resources for your organization category provides tools and materials for assisting your organization in assessing planning and managing security privacy and compliance aspects When using Microsoft cloud services it may include include templates best practices and guidelines to help you align your organization's practices with Microsoft security and compliance recommendations by selecting one of the icons on the page you will be redirected to a collection of related documents users can select various related documents and store them to a private Library called my library for later reference these categories collectively offer a structured and comprehensive approach to understanding and utilizing ing Microsoft's commitment to security compliance and trustworthiness in its Cloud offerings empowering organizations to make informed decisions and maintain compliance with regulatory requirements in this video you became aware of how Microsoft shows commitment to the trust privacy and compliance at the core of its cloud services from Azure to various Cloud offerings Microsoft aims to Foster trust between clients and service providers while simplifying compliance complexities across Industries and Geographic locations where data is stored their privacy by default policy ensures that privacy is integrated into services from the outset exemplified by tools like Microsoft's preva and the STP by offering insights into compliance documentation audit reports data protection resources trust documents service compliance overview and compliance manager the service trust portal serves as a centralized repository giving users a One-Stop location for addressing most of their compliance questions you've discovered how Microsoft incorporates fundamental privacy principles into their Technologies which manifests as different policies practices and Technologies used in gathering and storing data this approach not only safeguards data but also builds trust and privacy by extension an organization that utilizes these methods and best practices also provides these assurances to their customers Microsoft's approach to data privacy revolves around a comprehensive understanding of the data life cycle in this video you will explore how Microsoft puts these policies and Technologies into practice to ensure customer privacy and trust you'll dig into several areas which are data collection and classification data encryption Access Control Data retention policies and data transparency and consent let's start with data collection and classification Microsoft Begins by categorizing data based on sensitivity it employs technologies that automatically classify data as it's generated or received this ensures that sensitive information receives the highest level of protection to utilize this approach navigate to the Microsoft 365 Defender portal at security. microsoft.com under Cloud apps one can configure their policy settings to create a policy for detecting and labeling sensitive data organizations can leverage Advanced Data protection tools and services the first step typically involves defining the criteria for sensitive information such as credit card numbers Social Security numbers or confidential documents once these criteria are established the policy is configured to scan files emails or other data repositories for matches to these predefined patterns or categories when sensitive data is detected the policy triggers an action such as applying a sensitivity label to the file or document these labels can indicate the level of sensitivity access restrictions and encryption requirements ensuring that sensitive data is appropriately marked and handled promoting data security and compliance with privacy regulations this process helps organizations maintain control over their data and protected from unauthorized access or disclosure once data is identified as sensitive it can be encrypted Microsoft utilizes state-of-the-art encryption techniques to protect data both during Transit and while at rest this ensures that even if unauthorized access occurs the data remains unreadable the Technologies used include Advanced encryption standards or AES a robust symmetric key encryption algorithm for securing data and transport layer security or TLS a cryptographic protocol ensuring secure data transmission and storage encryption is a tried and tested solution for both sending data securely and protecting data at rest this extra layer of protection adds to privacy and increases trust in the system Microsoft also implements strict access controls so that only authorized Personnel have access to specific data based on their roles role-based access control or arbac ensures that data is accessible only to those who need it by creating roles with specific permissions and only allowing access to people assigned those roles in addition multiactor authentication or MFA requires users to provide two or more forms of authentication to verify their identity when coupled with conditional access policies they potentially create trust that data is stored securely and remains safe Microsoft promotes trust and privacy by adhering to a data handling standard policy within Microsoft 365 this policy outlines clear data retention and deletion guidelines for different scenarios including active deletion by users or administrators and passive deletion due to subscription termination data categories and classifications such as customer content enduser identifiable information and personal data are subject to specific retention periods Microsoft also ensures that after the expiration or termination of a subscription customer data is securely retained for a limited period to enable data extraction and then permanently deleted to render it commercially unrecoverable this commitment to transparent data management practices Fosters trust by safeguarding customer data throughout its life cycle Microsoft's approach to data transparency and consent is centered on categorizing data as required or optional this enhances Clarity and gives users more control over their data Microsoft is also committed to improving product documentation making it easier for users to understand why certain data is collected supported by technology like privacy dashboards and consent management tools these efforts aim to empower users by providing clear information and control over their data privacy additionally biannual reports on data collection changes will further enhance transparency ensuring users can make informed decisions about their data a user who is aware of where and how their data is to be used as well as when it is being collected will be far more likely to trust a system an example of a technology that emphasizes these practices is Microsoft priva this is a comprehensive solution for meeting regulatory requirements and building customer trust through a privacy by Design approach it offers two key Solutions priva privacy risk management provides visibility into an organization's data and policy templates for reducing risks while preva subject rights requests offers Automation and workflow tools for fulfilling data requests in this video you found that Microsoft's commitment to privacy is demonstrated through its well-defined policies cuttingedge Technologies and best practices that follow the data life cycle this comprehensive approach ensures that data is collected stored and used responsibly building trust and privacy by understanding how these policies and Technologies work together customers are reassured that their data is kept private which builds trust do you ever feel overwhelmed by the large amounts of data you receive from various sources such as emails text messages and social media platforms managing all of this information can be a daunting task now imagine being a large organization that receives vast amounts of data daily how can they manage it all and ensure they meet compliance regulations this is where Microsoft's purview comes in it's a data governance and cataloging platform developed by Microsoft that serves as a data management tool for organizations in this video you'll be taken through the purview portal to explore how it functions and its various capabilities let's start with the basics Microsoft purview is an effective method for managing and governing an organization's data assets this intelligent platform offers a wide range of features and functionalities designed to enhance data Discovery catalog data enhance security and improve compliance perview provides a central platform for managing this data by aggregating data from various sources within the organization creating a unified catalog and interface perview lets you quickly search explore and access the needed data the Microsoft purview portal is a web-based user interface that allows you to interact with and manage data assets within the pview ecosystem once you access the portal you will see several cards presented to you each card gives information on a different compliance aspect and how your organization performs you can also locate the current compliance score the compliance manager calculates the compliance score and it's possible to navigate to the suggestion by clicking on the compliance manager card additionally helpful links on Insider risk management provide information on techniques for detecting and preventing Insider risk the Adaptive policy contains a information about how to avoid data loss and communication risk organizations can use this service to monitor Communications and ensure compliance with company standards on the left is a navigation panel from which you can jump to other services to create alerts reports and set policies you can also add or remove Services you may or may not frequently use data connectors make purview a cross-platform service allowing your organization to extend the compliance functionality to non-microsoft Services you may recall that a data connector is a component that will enable two services to connect and exchange data data connectors serve as the Lynch pin for establishing connections and facilitating seamless data exchange between a data management or compliance service like Microsoft purview and an array of external data sources although Microsoft often develops these connectors for its Suite of services they are inherently versatile and designed to support an extensive spectrum of data sources transcending the confines of Microsoft Technologies this cross-platform adaptability empowers organizations to integrate data from non-microsoft Services encompassing databases cloud storage applications and other sources perview offers various essential functionalities that can enhance the quality of the services provided by your organization for example the extending compliance functionality within data Management Services encompasses an array of features related to data governance data security data classification and adherence to rigorous regulatory standards leveraging data connectors to forge connections with non-microsoft Services enables organizations to extend their compliance Endeavors to data sources that may not inherently align with Microsoft's technological landscape as a result compliance policy policies data protection measures and meticulous data governance practices can be uniformly applied across a broader spectrum of data assets irrespective of their origin or underlying infrastructure the second panel in purview introduces several crucial functionalities including audit which enables comprehensive tracking of data related activities ensuring compliance security and accountability or content search which streamlines data retrieval by facilitating targeted searches you also have communication compliance which monitors and enforces organizational communication standards promoting policy adherence and Regulatory Compliance and ecovery which empowers organizations to conduct electronic Discovery processes while identifying preserving and retrieving relevant electronic information for legal purposes these functionalities collectively expand purviews effective data management security compliance and legal read capabilities you will explore additional functionalities of purview such as Insider risk management information protection and the data life cycle in Greater detail later in this video you explored Microsoft perview and now understand the benefits it can bring to an organization from managing data to adding a layer of security Microsoft perview is a vital platform for modern data management and governance it equips organizations with the tools to affect effectively manage data assets and address security threats Microsoft pview plays a central role in navigating the complexities of data in today's landscape you previously learned that Microsoft perview is a data governance and cataloging platform developed by Microsoft that serves as a data management tool for organizations one of the most critical sections of perview relates to the compliance manager the compliance manager helps organizations maintain regulatory standards and ensures all specific legal requirements are followed in this video you will continue your exploration of Microsoft purview by focusing solely on the compliance manager exploring its features and how it can benefit your organization let's start with where you can find the compliance manager simply navigate to the left hand side of Microsoft purview and select compliance manager as mentioned the compliance manager maintains regulatory standards it does this by autom aut atically integrating with regulatory Frameworks that overlap with the company services then the compliance manager creates a task list populated with informative metadata such as severity and reasons they are required the compliance manager also provides potential Solutions and a process for assigning tasks to staff members if an organization wants to comply with data regulations they must process data in a way that aligns with geographical or industry regulations this includes preventing data breaches unauthorized Access Data loss and ensuring secure data storage for instance if an organization Works within the financial industry they must ensure that all customer transactions and Communications are encrypted whether in transit or not for an organization working in medicine the health insurance portability and accountability act or Hippa mandates that an audit Trail must exist for all customer data as you can imagine all of this fun functionality is a tremendous asset to an organization as the compliance manager will take inventory of the risk presented to the data stay relevant and inform the organization of any changes that occur in the industry that may require a subsequent adjustment by the company the compliance manager achieves all of this by providing several capabilities regulatory assessment involves determining the industry an organization as a part of Consulting an industry specific knowledge base and overlapping the organization ation measures with the requirements the compliance manager further ranks compliance issues in order of importance for enabling efficient admin risk assessment what's more you can integrate with industry specific compliance Frameworks providing a structured approach to risk assessment that aligns with regulatory requirements these step-by-step guides are also accompanied by compliance scores measuring an organization's progress in maintaining industry standards and lastly terminology the compliance manager uses specific terms for identifying issues for example control is a requirement of a regulation standard or policy action is an activity that helps Implement a rule and assessments help your organization evaluate compliance from a specific regulation standard or procedure when selected the compliance manager presents you with an overview screen from here you can view the compliance of your organization or areas which require additional work it will will also show how much work has been done automatically the Improvement action tab or to-do tasks are further broken down by a descriptive name that suggests the nature of the task impact which reflects an assessment of the consequence of taking the step it's measured in Impact points contributing to a better compliance score test status tracks the progress of the assessment indicating whether it has been appropriately tested yet group categorizes the compliance item by policies controls or risks an admin can label different action items based on how they relate to Industry requirements the compliance manager uses these to group related activities to quickly assign them to the appropriate operative to resolve action type categorizes the action required to address a compliance issue or risk it distinguishes between corrective preventive or other measures needed to ensure compliance and data protection on the right side of the task list there is a list of solutions that your organization can potentially implement this list includes a brief description of the issue and details of the potential implementation of the solution additionally it provides a link to more information on the subject within this link the compliance manager can also assign the task to a team member creating accountability and streamlining an administrator functions by providing a clear structure on who is achieving which end and giving the most suitable team member the task this video brought you through the capabilities and functionalities of the compliance manager you explored the interface and focused on how an organization can improve its Regulatory Compliance you now have a solid understanding of how this valuable tool can be a tremendous benefit for your organization recently compliance has grown to be an essential component of an organization's daily operations but what happens when a large organization has operations across multiple countries with compliance requirements varying significantly by either industry or region businesses now have to comply with and understand a wide range of laws and regulations therefore it should come as no surprise that organizations are finding it challenging to remain up to-date with these compliance requirements since they can change over time due to evolving industry changes or shifts in regulation in reality organizations now face Financial fines legal repercussions and reputational harm if they fail to meet their compliance obligations in this video you will explore these challenges organizations face and how Microsoft's purview is rising to meet them you may recall that Microsoft purview is a compliance management tool that assists organizations in monitoring tracking and ensuring compliance with various regulations and standards compliance means being able to adhere to these regulations and standards furthermore depending on the geographic location and Industry these regulations can vary dramatically from one organization to another there are three main areas of compliance that organizations typically need to address first privacy ensuring the protection of customer and employee data and complying with data privacy regulations next risk managing and mitigating various risks such as Financial operational and reputational risks while following relevant risk-rated regulations and last legal complying with various legal obligations including contract law intellectual property law and Industry specific regulations with the rise of conducting Business Online businesses are increasingly involved in the transfer storage and processing of individuals data therefore data management has become critical to ensuring that an organization maintains their compliance but many organizations are now working in different countries and industries and each of these countries could have have their own requirements and compliance standards for example General data protection regulation or gdpr primarily focuses on data protection and privacy in the European Union ensuring that individuals have control over their data while health insurance portability and accountability act or Hippa is specific to the healthc care industry in the United States and safeguards sensitive patient information and payment card industry data security standard or PCI DSS applies to organizations handling credit card data globally ensuring secure payment card transactions these diverse regulations address unique challenges and Necessities within their respective domains therefore organizations operating across different Industries and regions must navigate a complex landscape of compliance requirements to protect data and ensure adherence to the law thankfully Microsoft purview has addressed these challenges by developing an automated solution solution this automated approach can significantly reduce the effort required by manual methods using the following capabilities first is data classification and Discovery Microsoft purview provides robust data classification and Discovery capabilities it can automatically scan and classify data based on sensitivity and content aiding in identifying and tagging sensitive information this is crucial for compliance with various regulations such as gdpr CCPA and Hippa as it assists in recognizing personal data Health Care information Financial records and other regulated data types next perview enables organizations to Define and enforce data governance policies tailor to specific regulatory requirements for gdpr this means implementing procedures for data retention consent management and data subject rights similarly Hippa involves policies for safeguarding prot protected health information purviews policy management features can help automate compliance with these diverse regulations ensuring that data is handled according to their stipulations various industry regulations including those in finance and Healthcare often require robust audit trails and Reporting capabilities perview offers audit and Reporting tools to track data access usage and modifications organizations can use these features to demonstrate compli with industry specific regulations and provide Auditors with the necessary evidence data security is Paramount across Industries perview can help organizations ensure that encryption measures are correctly implemented and managed aligning with data security requirements from gdpr hipa PCI DSS for payment card data and other relevant regulations it assists in Key Management and encryption policy enforcement to protect sensitive data GDP R also mandates that individuals have the right to data portability and the right to be forgotten perview can help organizations create processes and workflows to respond to these requests efficiently in line with gdpr and similar regulations it can track data movement and assist in securely deleting data when required next Microsoft purview offers features that continuously assess an organization's adherence to various policies and regulations it provides alerts and reports on compliance violations helping organizations proactively address issues and maintain compliance across different regulatory Frameworks purview is also highly customizable allowing organizations to tailor their compliance measures to the specific requirements of gdpr HIPPA PCI DSS and other industry specific regulations custom sensitivity labels policy configurations and compliance workflows can be established lished to meet the unique demands of different compliance Frameworks lastly purview can also serve as a platform for training and documentation related to compliance with multiple regulations organizations can use it to educate their employees and partners on compliance standards and best practices fostering a culture of compliance across various regulatory landscapes in this video you continued your journey through Microsoft purview learning about the challenges organization face regarding compliance you now have a solid understanding of how Microsoft purviews automated compliance service has risen to this challenge by helping organizations adhere to the many applicable regulations and standards compliance has now become a crucial aspect of an organization's operations and staying informed about and adapting to specific requirements has become essential Solutions like pview are playing a significant role in helping businesses address these challenges and maintain compliance with their relevant laws and expectations data management capabilities are enhanced when an organization can use trained classifiers to group related data into categories for an administrator to process this video focuses on purview and explores how it provides this capability it also discusses the licensing requirements and roles needed to achieve this an organization's data management responsibilities Encompass a wide range of data from user authentication data to proprietary company information whether data is collected for in-house purposes or as a third-party service provider it is essential to meet specific data management requirements with Microsoft Azure ad this crucial task is entrusted to compliance and data administrators their primary objective is to assess and categorize data effectively ensuring its proper organization control protection and preservation a deep understanding of the dat data within an organization is a Cornerstone of maintaining compliance and Microsoft purview offers robust data classification capabilities to address this need data classification at its core is the process of automatically assigning labels or descriptive categories to various data elements these labels group related data and help organizations make sense of their data landscape within data classification three distinct types of labels come into play sensitivity labels are a critical aspect of data classification they categorize data based on its sensitivity level sensitive data includes confidential private or valuable information and requires protection against unauthorized access disclosure or misuse protection labels are applied to data or documents to specify and enforce security and access control policies examples of protection labels include designations like confidential for internal use only or public these protection labels play a crucial role in implementing encryption access control and data loss prevention measures to ensure data protection based on its classification retention labels on the other hand are employed in data management and information governance to specify the duration and conditions for retaining data or documents these labels are typically associated with records management and compliance policies retention labels Define how long data should be retained whether it requires review before deletion and whether it should be treated as a record classifying data into these labels provides a structured framework for organizations to manage their data effectively this process not only enhances data organization but also plays a pivotal role in ensuring data security compliance and efficient data governance Microsoft purviews data classification capabilities empow organizations to make informed decisions about their data enabling them to meet regulatory requirements and internal policies while safeguarding sensitive information the classification aspect of the service means that a lot of the work can be automated reading through large amounts of data to determine how it is best managed would significantly Drain Company resources the data classification is found in the perview compliance portal data classification will automatically scan your data and label it according to its nature the doing the outcome of this process enables the administrator to determine the data landscape before determining What policies should be enacted this process is deemed zero change management by first presenting a unified view of what data is considered in which category the administrator can assess what is required by the organization it is referred to as zero change because no permanent changes are yet enacted the classifiers can be adjusted or the label types can be changed from the assessment of what the retention policy is to access data classification and Microsoft purview you need one of the following licenses Microsoft 365 E3 Office 365 E3 Enterprise mobility and security E3 these licenses Grant eligibility for the purview solutions trial allowing you to explore the data classification features the trial typically includes a set of Microsoft 365 E5 compliance licenses which are active for9 days it's important to note that you will need to have the appropriate admin roles such as billing administrator compliance administrator Global administrator or compliance data administrator in this video you explored the crucial role of Microsoft purview in data classification and its significance in organization control security and preservation the classification process involves sensitivity protection and retention labels each serving distinct purposes and enhancing data organization security compliance and governance you should now have a clearer understanding of the importance of data categorization and how purview streamlines this process effectively content Explorer and activity Explorer are pivotal components within Microsoft purview for Effective data management and compliance content Explorer serves as a data curation tool ensuring compliance and optimal data utilization activity Explorer on the other hand extends functionality by highlighting actions performed on labeled data it gathers information from various activities including sensitivity and retention labeling activities from Microsoft Office applications this video delves deeper into the functionalities and significance of these components effective data curation is crucial for organizations to meet compliance requirements and extract the maximum value from their information content Explorer steps in to streamline this intricate process by providing a centralized platform for assessing categorizing and managing data accessing content Explorer requires specific roles including Global administrator compliance administrator Security administrator compliance data administrator only a global admin can manage or assign permissions to a user in the compliance portal to view assigned permissions navigate to roles and Scopes then to permission in the purview options menu here one finds a list of available roles and Scopes these pertain to various permissions and actions that a user can be allocated to within the compliance portal in the example the compliance administrator has two users assigned to this role the associated capabilities are described on the right further exploration into the compliance administrator role provides insights into its assigned users and capabilities such as configuring and managing reports in Azure ad and Office 365 roles are assigned and managed from the Azure ad portal having gained access through the appropriate role assignment administrators gain a panoramic view of summarized content in the overview pane featuring the number of classified items details relating to where these items can be found and information about user interactions this information is reserved for Content Explorer list viewers and content viewers ensuring tightly controlled access due to to its far-reaching capabilities this enables administrators to securely gain insight into the documents scanned from different locations including SharePoint exchange and one drive as the curator of labeled data activity Explorer extends the functionality by highlighting what activities have been done on this data collecting the information from Microsoft 365 logs activity Explorer provides a historical view of activities the image portrays a filtered View spotlighting actions taken on data between specific dates it demonstrates how many times the information has been transferred to a USB uploaded to a thirdparty cloud account and otherwise shared externally with over 30 filters including date range activity type location user sensitivity label retention label file path and DLP policy activity Explorer provides a granular understanding of data activities depending on the service specialized license is necessary for example to examine Microsoft 365 data you require an E5 license to access activity Explorer Microsoft offers diverse services for specific roles and role groups across perview and Microsoft 365 for instance if you are a Microsoft 365 Global admin you have highlevel administrative privileges in your Microsoft 365 environment similarly someone with the information protection admin role in purview would have significant administrative Authority related to data protection and information governance let's delve Deeper by exploring the capabilities of activity Explorer in Microsoft perview activity Explorer plays a crucial role in gathering information from various sources such as sensitivity label and retention labeling activities from Microsoft applications Azure information protection SharePoint exchange and one drive this extensive reach includes protection related activities specific to Azure information protection clients and scanners along with data loss prevention policy match events from a spectrum of sources including SharePoint exchange one drive and more for example activity Explorer tracks actions like file deletion creation copying modification and access on Windows devices understanding these actions is crucial for evaluating the effectiveness of your dat datal loss prevention policies and making necessary adjustments understanding these actions is crucial for evaluating the effectiveness of your data loss prevention policies and making necessary adjustments in summary content Explorer and activity Explorer are essential tools for data management and compliance in Microsoft purview they Empower organizations to curate data effectively ensuring regulatory adherence and optimal data utilization while providing valuable insights into Data related activities Microsoft's integrated data classification capabilities with Azure purview provide a comprehensive approach to identifying and managing sensitive data in an organization's cyber real estate this video explores how these capabilities transcend basic text scanning by detecting primary data matches to keywords and monitoring user activities this system's versatility extends to various data sources and locations facilitating ated by data sharing allowing secure data exchange the suite encompasses the data map data catalog data estate insights and the data policy component for secure access management what's more machine learning algorithms strategically enhance accuracy over time aiming to detect content aligning with an organization's data classification policies this ensures the protection of sensitive data and compliance with data security regulations sensitivity labels are instrumental in this context they play a central role in classifying data based on its sensitivity providing a clear indicator of whether it's public confidential or highly sensitive this classification guides the enforcement of protective policies ensuring that sensitive data is treated with the appropriate level of security moreover retention labels contribute significantly to effective data management these labels Define the retention and Disposal policies for for data specifying how long data should be retained and when it should be disposed of in accordance with legal and regulatory requirements combined with data classification retention labels assist in managing sensitive information throughout its life cycle ensuring compliance with retention policies the data classification capabilities in Azure purview also Encompass monitoring user activities related to sensitive data including reading altering deleting or saving data at r in transit or in use protective policies such as policy tips blocking with override blocking without override data lockdown and teams chat restrictions can be effectively enforced based on applied sensitivity and retention labels in the event of a data loss prevention incident a comprehensive record of the event is meticulously logged in Microsoft 365 these logs serve as invaluable resources for review and insights facilitating the development of further data classification protection and retention policies the insight into actions performed on confidential data enables organizations to gain visibility into Data handling practices while adhering to compliance and security mandates data scanning and classification capabilities apply to different locations including on premises cloud-based or on SAS applications furthermore data found in any services such as powerbi SQL server or Microsoft 365 is included in the classification process providing an organization with Keen insight into what data it is storing leveraging purviews capacity to organize data allows an organization to catalog its information systematically it empowers them to govern how data is shared preventing an appropriate sharing applying appropriate labels makes it clear which data has been correctly identified and treated with the necessary sensitivity ultimately this capability enables a company to establish effective data policies this introduces another key topic how does perview organizational capacity translate into effective data management to answer this question let's explore the different components of data management in more detail the data map component scans registered data sources to capture metadata and identify and classify sensitive data it supports various data source categories including databases file storage and third-party applications the data catalog facilitates efficient data Discovery with search and filtering options empowering users to find relevant data quickly data curation features and lineage tracing are available for subject matter experts data estate insights provides a holistic view of the organization's data aiding data and security officers in understanding data flow and sensitive data locations the data policy component offers centralized cloud-based experiences for secure access management enabling ATS scale access provisioning and integration with data map and catalog it includes various policy categories like data owner policies devops policies and self-service data access policies and finally data sharing enables secure data sharing within and across organizations with centralized management and monitoring this video expanded your understanding of labels to help you develop a panoramic view of how data can be managed in the Microsoft environment using perview as the central orchestrator an organization can Marshall all the data kept across a range of locations effective data management is a Cornerstone of modern organizations and Azure purview is the central hub for this critical task managing diverse data streams from user inputs applications devices and systems requires a structure Ed approach and Azure purviews data life cycle management offers a comprehensive framework to address this challenge this video delves into the core stages of data management Azure purview accommodates diverse data Origins encompassing user generated data company specific information metadata and data from various systems this extensive reach extends to the broader Microsoft ecosystem and on premises active directory allowing seamless integration with SAS applic ations data ingested into Azure purview originates from applications user inputs devices and repositories each contributing a unique data type to the ecosystem once gathered this multifaceted data undergoes careful analysis within Azure purview metadata is consistently added to provide context enhance data classification and enable effective utilization this initial phase sets the stage for the Azure purview data life cycle subsequently data moves into the processing and Analysis phase here it undergoes operations focused on extracting insights and executing specific tasks these operations can involve data transformation aggregation and advanced analytics empowering organizations to unlock valuable insights from their data assets data classification and labeling are pivotal in the later stages of the life cycle sensitivity labels including categories like public confidential highly sensitive and custom labels are employed to categorize data based on its characteristics and intended use this classification is instrumental in defining access controls and security policies ensuring structured data management and safeguarding sensitive information the data life cycle progresses into the stages of data retention and Disposal these labels Define the retention and Disposal policies for data specifying how long data should be retained and when it should be disposed of in accordance with legal and regulatory requirements these labels are integral to data management guaranteeing adherence to retention policies and the secure disposal of data when its life cycle concludes moving forward the data life cycle includes data sharing and collaboration this phase involves controlled access provision to authorized users fostering collaboration and information exchange within and across organizations concurrently data monitor Ing and security remain Paramount continuous monitoring ensures the security of sensitive information by proactively detecting unauthorized access or security breaches and addressing anomalies promptly data governance and compliance policies remain unwavering throughout the data life cycle these policies are meticulously implemented to assure data quality maintain data integrity and enforce strict adherence to legal and Regulatory standards this integrated approach reinforces data security and compliance making Azure purviews data life cycle an effective solution for managing data records and regulatory requirements the data life cycle culminates in the data analytics and Reporting stages continuous data analysis yields valuable insights and informative reports empowering organizations to make informed strategic decisions and enhancing operational efficiency and competitiveness in the context of data sharing collaboration Azure information protection or AIP plays a critical role AIP is a solution Microsoft offers to classify and protect data based on its sensitivity it helps organizations ensure that data remains secure even when shared with external parties with AIP you can apply sensitivity labels to documents and emails specifying how they should be handled for instance you can label data as confidential or highly sensitive AI IP ensures that only authorized users can access or edit such information this aligns perfectly with data security during collaboration preventing unauthorized access and ensuring compliance with data protection regulations the final stage of the data life cycle includes data retirement ensuring data is securely retired at the end of its life cycle and aligning with specific legal and business requirements this process may involve permanent deletion or transition to our archives for long-term preservation achieving a balance between data security and practicality Azure purviews data life cycle provides a detailed framework for data management covering data ingestion processing classification retention sharing monitoring and security it effectively integrates with records management governance and compliance ensuring data security compliance and informed decision- making throughout the entire life cycle this comprehensive approach reinforces Azure purviews role as a central orchestration point for data management within organizations in the past few days you've delved into Microsoft's compliance Solutions gaining valuable insights into effective data governance and Regulatory adherence let's now recap the key takeaways from this week's material you started by exploring Microsoft's commitment to trust privacy and compliance Microsoft's privacy principles are the Bedrock for managing customer data emphasizing trust building and compliance simplification tools like Microsoft's priva and service trust portal or STP exemplify this commitment offering vital insights into compliance audit reports data protection trust documents compliance overview and compliance manager integration you covered the core privacy policies and technologies that are put into practice to ensure customer privacy and trust these include data collection and classification data encryption Access Control Data retention policies and data transparency and consent automated data classification ensures sensitive data receives top protection policies are configured to scan for predefine sensitive information patterns while sensitivity labels indicate data level access and encryption requirements Microsoft utilizes Advanced encryption standards and transport layer security to ensure data remaining unreadable during Transit and at rest enhancing privacy and Trust Microsoft also implements strict access controls so that only authorized Personnel have access to specific data based on their roles role-based Access Control ensures that data is accessible only to those who need it by creating roles with specific permissions and only allowing access to people assigned those roles in addition multiactor authentication or MFA requires users to Prov provide two or more forms of authentication to verify their identity enhancing privacy and Trust when it comes to retaining data Microsoft also enforces data handling policies defining data retention and deletion guidelines for various scenarios and data categories this approach safeguards customer data throughout its life cycle fostering trust Microsoft's approach to data transparency and consent is centered on categorizing data as required or optional an approach that improves product documentation and transparency through privacy dashboards and compliance management tools you then explored Microsoft's purview compliance portal focusing on effective data governance and cataloging perview provides a central platform for managing data by aggregating data from various sources within the organization integrating features like compliance manager Insider risk management and more now let's reflect on what you learned about the compliance manager an integral part of purview it's your compliance sidekick helping organizations align with regulatory standards from regulatory assessment to compliance scores the compliance manager ensures a comprehensive approach to compliance management data compliance aligns with geographical or industry specifications covering data breaches unauthorized Access Data loss and data storage ever wondered how your organization is doing in terms of compliance the compliance score is your answer it provides a holistic view of your compliance status reflecting progress and risk levels compliance manager offers detailed insights and potential solutions to improve your score you also learned about the diversity of compliance requirements across different regions and industries each presenting its own set of unique challenges Microsoft perview steps into automate compliance efforts offering a range of capabilities in including data classification governance and policies now let's delve into what you covered on data classification data classification at its core is the process of automatically assigning labels or descriptive categories to various data elements essential to this is purviews robust capabilities that enable effective data organization security and compliance content Explorer and activity Explorer are key components of Microsoft perview content Explorer ensures effective data curation and compliance while activity Explorer provides a historical view of activities accessible through specific roles these tools play a vital role in managing and understanding data related activities sensitivity labels act as your data bodyguards categorizing data based on whether it's public confidential or highly sensitive these labels are crucial for addressing cyber security threats access control and compliance requirements ensuring a structured approach to managing sensitive data you also learned that the decisions around data retention and deletion are critical for organizational Integrity perview introduces retention labels and policies to manage this specifying how long data should be retained and when it should be disposed of in accordance with legal and regulatory requirements you wrapped up your learning this week by discovering how Microsoft's data classification capabilities in azure purview facilitate the management of the data life cycle managing diverse data streams from user inputs applications devices and systems requires a structured approach and Azure purviews data life cycle management offers a comprehensive framework to address this challenge the suite encompasses the data map data catalog data estate insights and the data policy component providing a comprehensive solution the data map component scans registered data sources to capture metadata and identify and classify sensitive data the data catalog facilitates efficient data Discovery with search and filtering options empowering users to find relevant data quickly data estate insights provides a holistic view of the organization's data aiding data and security officers in understanding data flow and sensitive data locations the data policy component offers centralized cloud-based experiences for secure access management enabling ATS scale access provisioning and integration with data map and catalog and finally data sharing enables secure data sharing within and across organizations with centralized management and monitoring this week has been a journey through Microsoft's commitment to trust and privacy understanding data collection and classification and exploring the powerful tools and purview for Effective data governance and compliance you've gained valuable insights into to building trust ensuring privacy and navigating the complexities of compliance and should now be able to demonstrate this learning in the study checkpoint ahead previously you became familiar with security threats to an organization that come from the outside this includes illegitimate ways of entering a system such as malware attacks and legitimate ways of entering a system such as identity impersonation however there is another threat that a company can face when protecting data which is Insider risk this is when company information or infrastructure can come under threat from legitimate users who are legitimately allowed into a system in this video you'll explore Insider risk in depth along with the infrastructure that is in place to manage it this umbrella concept extends Beyond data to also cover workplace Communications safeguarding data and addressing workplace harassment are key aspects of compliance Insider Risk Solutions prevent on unauthorized data sharing abuse of language and Regulatory breaches Insider risk management encompasses a spectrum of potential threats that organizations must address these threats include leaks of sensitive data and data spillage which is unauthorized or accidental disclosure of confidential data caused by misconfigured access permissions data mishandling or malicious intent confidentiality violations or exposure of sensitive information to unauthorized individuals or entities and intellectual property or IP theft which entails illicit acquisition or misuse of intellectual property such as proprietary software Trade Secrets or patents there is also fraud consisting of deceptive practices carried out by insiders for personal gain such as financial fraud embezzlement or other deceitful activities insider trading which is the illegitimate trading of a company's Securities or assets based on non-public information often to EXP exploit fluctuations in market value and Regulatory Compliance violations or infringements of industry or government regulations potentially resulting in legal consequences or financial penalties Insider risk management relies on specific principles to effectively mitigate these threats which are transparency configurability integration and actionability let's explore each of these in more detail transparency involves balancing the privacy of users with the need to mitigate organizational risks through privacy by Design architecture so user privacy is respected while identifying and addressing risky Behavior configurability refers to Insider risk management policies that are configurable to meet the requirements of different Industries geographical locations and business units organizations therefore focus on the most pertinent risk factors integration means Insider Risk Management Solutions are integrated seamlessly into to purviews broader Suite of tools this integration facilitates a unified workflow enabling efficient risk identification monitoring and response and action ability involves delivering insights to stakeholders to facilitate user notifications data investigations and user investigations these insights direct informed actions to mitigate risks effectively by adhering to these principles organizations can proactively address Insider threats and protect their data intellectual property and Regulatory Compliance all while respecting user privacy and maintaining the highest levels of transparency and configurability observe the infographic which highlights Microsoft's templated response to a case of Insider risk the creation of a case involves a structured process first policies are formulated utilizing predefined templates and policy conditions these conditions specify the risk indic indicators within Microsoft 365 feature areas that are to be examined these conditions dictate which events and risk indicators are monitored how they trigger alerts which users are covered the services in focus and the detection time frame alerts are generated once these policies are in place to monitor their implementation they are generated by risk indicators that match the predefined policy conditions they are promptly displayed in the alerts dashboard providing a concise overview of alerts requiring attention this dashboard allows for efficient tracking of open alerts over time and offers valuable alert statistics at an organizational level subsequently the triage phase begins new activities that necessitate investigation generate alerts initially assigned a needs review status reviewers within the organization then assess these alerts they can open new cases assign alerts to existing cases or dismiss them as needed during this triage process this phase provides access to alert details Associated user activity alert severity and user profile information streamlining the process of identifying critical cases once the triage stage is complete the investigation phase commences with creating cases for alerts requiring more in-depth examination the case dashboard furnishes an encompassing view of all Active cases open cases over time and case statistics when a case is selected for investigation the key tools at the disposal of reviewers include user activity analysis content exploration and case notes the user activity feature presents an interactive chart displaying the user's risk activities over time allowing for detailed analysis and filtering the content Explorer automatically captures and categorizes all relevant data files and email messages associated with alert activities facilitating easy access and filtering based on various attributes additionally reviewers can add case notes in a central case note section finally after investigating reviewers can take actions to resolve the case or collaborate with other stakeholders these actions can range from sending notifications for inadvertent policy violations to escalating the case to ecovery premium in purview for more severe incidents this struct Ed process ensures effective Insider risk management encompassing policy-based alert generation streamlined triage comprehensive investigation and suitable actions for resolution in this video you explored Insider risk and its various forms you are guided through a detailed walkthrough of how a company will navigate The Insider riskmanagement workflow which facilitates identifying and resolving internal risk activities and compliance issues in many different Industries there are requirements that prevent certain kinds of interactions in this video you'll discover different ways in which Microsoft can limit interactions on its various Services different Services have their capabilities and the information barriers or IB are implemented depending on the nature of the service as well as understanding these distinctions you'll review scenarios that outline when IBS are useful finally you'll learn about some important implementation pre requisites let's begin by defining what information barriers are in Microsoft purview information barriers are a set of policies and configurations that restrict or control the flow of information between different groups of users within an organization these policies are designed to enforce separation and prevent unauthorized communication and access to sensitive data information barriers are particularly relevant in scenarios where strict data segregation is necessary such as Financial Services organizations legal firms and government agencies information barriers manifest differently across various Microsoft Services each tailored to address the unique requirements of these Platforms in Microsoft teams IB policies focus on unauthorized communication and collaboration which control actions like adding members to Microsoft teams and initiating chat sessions they can potentially block users from communicating with others within teams or remove them from group chats if necessary Microsoft's SharePoint and one drive both utilize IB policies to detect and prevent unauthorized collaboration it encompasses tasks such as adding members to sites accessing content and sharing content in contrast exchange online lacks IB policies for controlling communication and email messages therefore prompting organizations to consider Exchange mail flow rules for this purpose single and multi- segment modes have had changes in IB implementation and no longer rely on Exchange online address book policies or ABP and opting for IB segments therefore promoting greater flexibility on the other hand legacy mode utilizes exchange online abps to assign users to specific groups aligning them with customized views of the global address list or gal for short as IB policies are added it reshapes the gal to accommodate the IB framework this diversification of IBS across Microsoft Services ensures security and compliance while adapting to the particularities of each platform's use cases IB policies can be tailored to a variety of scenarios to control communication and collaboration some examples include restricting Finance staff working on confidential data from sharing documents with specific organizational groups an intern team possessing Trade Secrets is bared from external online chats or calls and a dedicated SharePoint site is inaccessible to anyone outside of that group before diving into the implementation of information barrier policies there are several critical prerequisites to address first and foremost it is necessary to ensure that an organization's directory data accurately reflects its structure including key user attributes like group memberships and Department names additionally it is necessary to have scoped directory search enabled in Microsoft teams audit logging must be turned on to monitor IB policy application effectively finally the mode of the organization should be reviewed as it determines various features and options the different available modes include legacy mode where the IB policies are based on Exchange online addressbook policies allowing users to be assigned to specific groups and providing customized views of the global address list users can only be in one segment in this mode single segment mode doesn't rely on Exchange online abps and there's more flexibility in defining IB segments users can belong to multiple segments if needed and multi segment mode is like single segment mode this mode is not based on Exchange online abps it offers more flexibility in segment definition and allows users to be part of multiple segments it is important to seg M your users effectively this involves determining the necessary IB policies based on your organization's needs and considering factors like legal or industry regulations requiring communication restrictions between groups there are two available types of policies namely block policies to restrict communication between groups and allow policies that permit specific group-to-group communication once the policy list is ready the administrator needs to identify segments which are essential for IB policies users must belong to at least one segment and can be assigned to multiple segments if necessary ensure your directory data includes values for attributes used to define segments such as department or member of it's crucial to have these attributes populated for users before proceeding note that there's a limit of 5,000 segments in an organization with a single IB policy per segment in this video you learned how Microsoft can limit interactions on its various Services different Services have their capabilities and the information barriers or IB are implemented depending on the nature of the service you also explored scenarios that outline when IVs are useful finally you concluded by examining some important implementation prerequisites Microsoft purview offers extensive flexibility in Information Management through the provision of granular access this is exemplified ified in the unique approach to role-based access control or rback for short and the utilization of administrative units the demand for this tailored solution is due to the intricate nature of the Microsoft purview compliance Center which necessitates a Hands-On investigation for maintaining compliance in many cases these compliance tasks are nuanced requiring a distinctive approach while maintaining data security and privacy in this video you'll investigate granular access through mic Microsoft purview and how it implements arbac Microsoft purviews compliance portal handles permissions for users involved in compliance tasks within Microsoft 365 it allows granular Access Control to manage user permissions for various compliance tasks such as device management data loss prevention ecovery Insider risk management retention and more users can only perform compliance tasks for which they have been explicitly granted access consistent with the rest of Microsoft Services permissions in the compliance portal are based on role-based access control to access the permissions tab in the compliance portal users must be Global administrators or be assigned the role management role which is only given to the organization management role group the role management role allows users to view create and modify role groups however permissions managed in the compliance portal do not cover all permissions needed in Individual Services certain service specific permissions must still be managed in the admin center for the respective service so if you hold a role such as compliance administrator you can perform tasks such as reading and copying information but it doesn't replace the need to manage service specific permissions in the respective admin centers you may need to work in the compliance portal and the specific service admin centers to ensure comprehensive Access Control across your organization's Microsoft 365 environment perview compliance takes a distinctive approach using role-based access control compared to a standard arbac implementation while traditional arbac models typically focus on granting or denying access to specific roles perview compliance introduces an additional layer of granularity in the standard arbac framework individuals are assigned roles that give access to Broad sets of organizational permissions and capabilities however perview compliance extends this Paradigm by employing role groups which serve as an intermediary layer between roles and members role groups and purview compliance allow for the precise assignment of permissions to different sets of users this means not all members of a particular role group have identical access instead administrators can tailor their permissions for different members within the same role group for instance within a compliance administrator role group you can assign to distinct permissions to individual members ensuring their access aligns with their specific responsibilities this nuanced approach to access control facilitated by ro groups aligns closely with the concept of granular access the perview compliance approach allows for fine-tuned control over individual access which can be critical in environments where precise data segregation and information management are Paramount furthermore the ability to provide granular access through Ro groups is integral to purview compliance' Mission of facilitating robust Information Management it empowers organizations to implement precise controls aligning access with job functions compliance requirements and data sensitivity as a result organizations can better enforce data segregation ensuring that sensitive information is only accessible to those with a legitimate need thereby enhancing data security and compliance efforts next are administrative units and Microsoft purview which are a structuring mechanism that allows organizations to divide their internal hierarchy into smaller more manageable units based on criteria such as geography departments or other relevant factors these units Ena a precise delegation of administrative tasks and permissions within the organization they are crucial in achieving granular access control for improved Information Management these units allow organizations to finely subdivide structure often based on geographic regions departments or other relevant criteria this subdivision facilitates a more organized and efficient approach to managing permissions and access within the organization the responsibility for managing members and permissions becomes highly targeted by assigning specific administrators to oversee each administrative unit this in turn allows more control of access to resources and data while administrative units and arbac share similarities administrative units focus more on structural organization and delegation of administrative tasks at the same time arbac defines access permissions based on user roles and responsibilities in this video you realized that Microsoft purview has strong Information Management capabilities offering a unique approach to granular Access Control through its distinctive implementation of role-based Access Control using Ro groups and the utilization of administrative units perview compliance provides organizations with precise and finely tailored access controls perview compliance is nuanced approach empowers administrators to Grant distinct permissions to individual members within the same role group ensuring access aligns with specific responsibilities this level of granularity is created to ensure that data remains segregated and information management enforces as much privacy as possible while still enforcing company standards ards by now you should be aware of the importance of compliance rules in various Industries and the need for policies to enforce business specific security and cost management rules for resources and Azure fortunately Microsoft offers Azure policy as a centralized means of creating company operational rules and ensuring that they are observed by all employees of an organization by the end of this video you'll have a better understanding of how policies are employed to over see and enforce best practices in both general terms and in a nuanced situation that may be pertinent to an organization in a given industry Azure policy manages policy definitions for enforcing rules and actions on resources ensureing compliance with corporate standards and service level agreements or slas during both deployments and for existing resources it also assesses and identifies non-compliant resources policies and azure primarily serve compliance control and scaling purposes enabling governance for resource consistency Regulatory Compliance security cost and management these policies can identify non-compliant resources block their creation or enforce required configurations Azure policy can be divided into three intended sets which are real-time enforcement and compliance scale and management groups and Remediation let's explore each of these sets at greater depth realtime enforcement refers to blocking the creation of non-compliant resources while compliance assessment concerns evaluating existing resources for compliance data from these assessments fuels a comprehensive compliance view ensuring that resources adhere to desired States and enabling efficient tagging inheritance scale and management groups are used to achieve efficient scaling by assigning policies to a Management Group you can affect numerous subscriptions and their resources with a single policy assignment policy initiatives allow grouping policies and viewing aggregated compliance results and exclusions provide flexibility in managing policy assignments finally remediation policies automatically bring non-compliant resources into compliance ensuring ongoing adherence to standards while existing non-compliant resources are flagged they aren't automatically changed to avoid unintended impacts remediation tasks can be created to bring these resources into compliance it is worth noting Azure policy is a free service Azure policies are used as a mechanism to achieve two overarching tasks the first is to organize what a user can do with the resource microsoft. authorization is a policy operation that dictates policy compliance by controlling how roles are assigned and enforcing rules associated with the policy the second microsoft. policy insights is concerned with monitoring Azure policies and extracting actionable insights an administrator looking to assess the effectiveness of a policy would use this operation many built-in rols Grant permissions for Azure policy resources the resource policy contributor role includes most Azure policy operations while the owner role has full rights contributor and reader roles allow read operations with contributor additionally capable of triggering remediation if none of the built-in roles have the required permissions you can create a custom role tailored to your needs custom roles should be designed with an understanding of default security policies which are baked into Azure and offer extra functionality across subscriptions and management groups these default policies address common challenges examples of which include allowed virtual machine SKS which ensure that only allowed virtual machine sizes or stock keeping units are are used helping to control costs and maintain resource consistency allowed locations which restricts resource deployment to specific Geographic locations or regions helping to enforce data residency requirements and compliance and audit VMS not using managed diss which audits resources that use unmanaged diss promoting best practices for virtual machine or VM storage creating a custom policy involves identifying business requirements ments mapping them to Azure resource properties creating aliases for these properties choosing the desired effect and composing the policy definition for example an industry that is heavily regulated may wish to avoid any compliance infractions as such they may elect to create a policy that performs data classification on all data storage this policy may have the outcome of blocking any storage attempt that involves data that is deemed inappropriately labeled this allows the creation of centralized policies that are concretely enforced by all employees wanting to interact with the system in this video you learned about policies in Microsoft Azure you've discovered how they are an effective mechanism for creating a company approach to a task and ensuring that it is adhered to you also know how this can apply to best practices as well as customizable to enforce actions that are beneficial to an organization's day-to-day operations when an organization has numerous Cloud environments they are expected to maintain consistency when it comes to areas such as applied policies and assigned roles this can be a cumbersome task to deal with manually not to mention the increased potential for costly human error fortunately Microsoft offers a solution that saves time while keeping things aligned in this video you'll become familiar with the scope function and capabilities of a blueprint made in Azure blueprints similar to to an Azure resource manager or arm templates it is used to enforce Conformity enabling a system architect to develop unified systems you'll also learn about the various actions which are permissible once a blueprint has been deployed but before you begin consider this analogy houses in a housing estate can be considered carbon copies of one another a builder looking to save time will follow one housing plan which is repeated for every house in the estate to achieve this the Builder follows a blueprint Azure blueprints serve the same function they are plans that detail how the environment should look they act as a means of quickly reproducing an existing setup Azure blueprints hold the design for a variety of different artifacts including role assignments which specify who has access to Azure resources and what they can do with them policy assignments to Define rules and restrictions to ensure compliance with organizational policies arm templates that Define the infrastructure and configuration of azure resources and resource groups which are logical containers that help organize and manage related Azure resources the blueprints are built on top of azure's Cosmos DB a globally distributed database this means that regardless of where in the world your organization is residing it is possible to quickly spin up a working replica the advantages to this align with good infrastructural design including low latency that makes replicating blueprint objects a quick process High availability meaning there is no impediment to when or where you can access them and consistency as using replicas means that your environment will always remain the same Azure blueprints are a means by which an organization can enforce uniformity across the whole organization this includes different departments that might have a variety of it knowledge as security measures are only effective if implemented consistently across an organization it can be thought of as an upgrade to an arm template that has a similar role arm templates focus on infrastructure provisioning and configuration but do not inherently address governance and compliance concerns Azure blueprints on the other hand provide a higher level abstraction that not only defines the infrastructure but also enforces organizational policies and compliance standards they offer a more comprehensive solution for ensuring that Azure environments adhere to specific rules and standards make making them a better choice for organizations looking to maintain consistency and security across their Azure resources blueprints are a means of creating a checkpoint for a version of your organization much like versioning in software development a blueprint has a unique version number as more changes are added to the environment an administrator can choose to publish this publishing means that the updated version becomes available older versions are still retrievable in case an organization wants to to revert to an old setup as blueprints are the foundation of an organization it is imperative that they are kept secure a hacker who gains access to the seed code can inject some malicious content that gets generated with new instantiations of a blueprint as such they are controlled with role-based access control or arbac notable roles include the owner which includes all Azure blueprints permissions among other permissions contributors who can create and delete blueprint def definitions but lack blueprint assignment permissions blueprint contributors who can manage blueprint definitions but cannot assign them and blueprint operators capable of assigning existing published blueprints but unable to create new blueprint definitions note that blueprint assignment requires a user assigned managed identity Azure blueprints provide a versatile mechanism for enforcing compliance within an organization they offer a preconfigured approach that governs rules and permissions ensuring adherance to specified standards by employing a systematic structure Azure blueprints facilitate the consistent configuration of different branches or units within the organization These Blueprints also enable the rapid deployment of services while incorporating well-defined rback controls seamlessly into the services setup in this video you explored the uses and benefits of azure blueprints you should now be aware of what they are as well as what they are capable of achieving you also observed how they are deployed with a range of Scopes and permissible actions previously you learned about Azure blueprints what they are capable of and how they differ from Azure resource manager templates in this video you'll take a deeper dive into blueprints which can be considered in the following way first they are a structure from which to build a service that conforms to organizational Norms they can act as a centralized approach for extending company policy to all departments further they can be shown as a means of rapidly creating a service while ensuring the correct sequence of creation is maintained in software engineering a design pattern is a set approach for building an application or system it's used repeatedly to ensure consistency and compatibility between different components in a system Azure blueprints are an example of this which enables a system architect to design a structure that is implemented in a uniform fashion the advantages of using a blue print when creating and deploying resources apply in three key areas resource locking application scope and sequencing order let's explore the specific benefits that blueprints bring to each area first is resource locking certain resources are deemed to have a different classification perview can automatically tag how a resource with a specific designation will be handled the actions that are performed for each label however may be interpreted differently on different levels through use of a centralized orchestration of enforced policy an organization can ensure consistent handling of certain labels and resources concretely there are some actions that can be hardcoded before a resource is created when a blueprint is assigned it can be done with specific caveats for example don't lock means the blueprint is subsequently customizable once deployed do not delete means that once a resource is deployed it is not possible to delete it although this setting is customized and read only means it is not possible to alter anything note that a blueprint supersedes an owner's permission this is to say that an owner of a resource can be denied permission to alter settings on their group if it goes against settings existing in a blueprint next let's go over how blueprints apply to application scope scope as you have learned relates to how influential a decree is blueprints can be assigned to a range of Scopes including management groups which allow the application to impact multiple subscriptions and resources under that group this is ideal for enforcing policies and configurations across a set of subscriptions with common governance requirements there are also subscriptions this application ensures compliance and consistency within specific subscriptions it is possible to create several different blueprints for different departments for flexible Conformity another scope is resource groups which enable policies that are applicable to interconnected resource ources recall that a resource Group is a collection of resources that interact to achieve a given goal they can be set up expressly for a project or be a continuing division of an organization in some cases blueprints can be assigned directly to specific resources applying governance rules at the resource level finally one more advantage of blueprints relates to sequencing order blueprints are a versatile means of ensuring compliance by having a preconfigured approach relating to rules and permissions they can enforce Conformity by employing a systematic structure for how a branch of an organization is configured it can be used as a means of rapidly spinning up a service consider the situation of a denial of service attack whereby an organization wishes to expand horizontally to ensure that a service remains functioning a blueprint is an ideal means of ensuring that the sequencing order of the service is created in the correct way the order in which resources are created can be crucial for the successful creation of a service resources often depend on one another which lead to issues when creating a new service if improperly created practically speaking you define a blueprint that has the correct sequence of operations this is applied to the subscription so that when called the service can become safe and operational in a short period of time to better conceptualize this consider the scenario of a web application comprising four integral parts virtual Network SQL database application service and firewall rules first you would create a virtual Network which enables communication between the service and the database next you would create a database to hold crucial application related information then the web app can be created and configured to the database and virtual Network finally you would set rules for how the different elements would communicate such as restricting certain traffic creating the firewall rule first is not advised as you may not know which IP address to configure the bootup series of the application may also require information from the database before it can launch in this video you took a deep dive into Azure blueprints on a high level they have been shown to be the scaffolding from which Services can be created in a secure and uniform manner their scope is adjustable depending on the requirements further it has been shown that they can be used to govern the successful creation of resources while enforcing company compliance during this week you explored two key areas for consideration when it comes to implementing a plan for securely handling an organization's data these are Insider risk and data governance you found that Insider risk concerns potential threats coming from legitimate users with authorized access to a system and its resources while data governance relates to keeping data safe throughout the various situations that it will be subjected to before you move on let's revisit the main Concepts that you became familiar with this week in Insider risk management you began by identifying the different types of Insider risk this can consist of illegitimate ways of entering a system such as malware attacks and legitimate ways of entering a system such as identity impersonation Microsoft recommends adhering to four principles to mitigate such threats which are transparency to enable identification of risky Behavior without compromising user or privacy configurability to customize policies for different needs integration of Risk Management Solutions with other security oriented tools and actionable insights that guide organizations to make informed decisions to assist in handling Insider risk cases Microsoft has a suggested workflow consisting of five stages defining policies that specify risk indicators alerts that are triggered when risky Behavior occurs triage to assess the severity of alerts and assign them to cases investigation of cases for in-depth review and action in cases once a plan Has Come Together note that the action phase involves measures such as implementing security controls disciplinary actions or refining policies based on the insights gained during the investigation you then learned about information barriers or IBS which are policies and configurations that limit or control the flow of information between users and groups in an organization these apply differently to various Microsoft services for example IBS can restrict communication and Microsoft teams or they can prevent unauthorized collaboration in SharePoint and one drive you found that to keep data safe it may be necessary to implement IBS in certain scenarios for instance you may want to block a company's marketing team from accessing Financial records or limit the chat capabilities of employees holding trade secret materials in the Microsoft purview compliance manager information barrier policies are primarily implemented through role-based Access Control otherwise known as arbac in addition to allowing role assignments to users and groups the purview approach to arbac also features Ro groups these enable administrators to tailor permissions for individuals in the same group resulting in more granular access for information management and compliance you discovered that Microsoft aligns with the standards set by the International Organization for standard standardization or ISO more specifically Azure is Guided by ISO 2701 a standard which concerns risk management and compliance it sets a framework for organizations to identify and assess information security risks Implement security controls and safeguards to mitigate those risks and monitor and improve their information security management system moving on you shifted your focus to Microsoft's solutions for handling data governance you first explored Azure policy which is a comprehensive solution for creating and implementing policies concerning compliance of organizational resources the three General sets of policies are realtime enforcement and compliance assessment for blocking creation of non-compliant resources and assessing existing ones scale and management groups for achieving efficient scaling and Remediation policies for bringing non-compliant resources into compliance above any established rules Azure policy serve two overarching functions the first is to dictate what a user can do with the resource this is done by controlling how roles are assigned and enforcing rules associated with the policy the second is to monitor policies and extract actionable insights that can be used to gauge the effectiveness of the policy next you covered Azure blueprints a tool for creating repeatable sets of azure resources that stay aligned with standards and requirements you should know how blueprints differ from Azure resource manager or arm templates in addition to defining resource infrastructure a core function of arm templates blueprints can hold artifacts such as role assignments policy assignments arm templates and resource groups blueprints also feature arbac for added security with notable roles being the owner who possesses all permissions contributors who can create and delete blueprint definitions but lack blueprint assignment permissions blueprint contributors who can can manage blueprint definitions but cannot assign them and blueprint operators who can assign existing blueprints but cannot create new ones finally in resources and compliance you observed blueprints in depth and found how they can be beneficial in three key areas for resource locking administrators can control the degree to which a blueprint can be modified after deployment in application scope blueprints prove flexible in their range of possible assignments and for sequencing order blueprints enforce Conformity by employing a systematic approach to configuration by getting through this week you've expanded your knowledge on Insider risk and data governance as well as how to handle Associated challenges using Solutions like Microsoft purview Azure policy and Azure blueprints this has taken you a step further in understanding how to maintain secure and compliant data practices and gets you closer to being a cyber security expert a successful exam with a good grade is an achievable goal if you are well prepared and practice some basic strategies as with all exams different assessments may require different strategies in this video you'll discover the recommended strategy to employ in order to maximize your chances of passing the exam sc900 Microsoft security compliance and identity fundamentals one of the best preparations that you can make is to take a practice test before the exam this way you can monitor your progress and identify the areas that might require a little more study or attention throughout this course you have taken knowledge checks graded quizzes and completed exercises these are specifically designed to help you monitor your progress while preparing for the real exam you will have the opportunity to complete the sc900 mock exam a little bit later which focuses on the key skills measured in the Proctor exam these key skills include your ability to describe the concepts of security compliance and identity the capabilities of Microsoft Azure active directory part of Microsoft entra the capabilities of Microsoft Security Solutions and Microsoft compliance Solutions you have covered the skills measured in the sc900 exam during this program and gained significant hands-on experience using the real world example of Sam Scoops now it's time to practice if you need to review anything you can go back to any lesson to revise a concept the sc900 mock exam is based on a similar style and format to the exam sc900 Microsoft security compliance and identity fundamentals it is intended to provide an overview of the style wording and difficulty of the questions that you are likely to experience on this exam these questions are not the same as what you will see on the exam nor is this document illustrative of the length of the exam or its complexity for example you may see additional question types such as drag and drop build list order case studies exhibit Act active screen with drop- down menus and option boxes and active screen where you complete a statement you have 150 minutes to complete the final practice exam which consists of 50 questions on completion of the exam you'll see your overall score and the questions you answered correctly once you've successfully completed the sc900 mark exam it's time to turn your attention to the real exam a good exam strategy for the sc900 exam can be summarized with a checklist of what to do on the test day when test day arrives consider doing the following ensure that you are well rested and nourished eat a meal or a snack try not to drink too much water so as not to need the bathroom during the exam give yourself enough time to get set up the last thing you want is to feel hurried or be late for the exam remember to bring your current government issued ID which must be an exact match to the name on your Microsoft certification profile use your phone to capture the required headshot and ID if you're on unsure and require more details check the official documentation from Microsoft and Pearson view you'll find links to these resources in the reading preparing for the exam the sc900 is a closed book exam meaning that you cannot bring any study or exam materials into the examination with you a score of 700 or greater is required to pass and finally take your time and read the exam questions carefully try to leave some time at the end to review your answers to get a feel for an exam go ahead and review some possible exam formats and question types from the Microsoft documentation in the reading preparing for the exam you have access to Microsoft's exam sandbox environment which was created to demo the interface that hosts exams to protect exam security Microsoft does not specify exam formats or question types before the exam Microsoft continually introduces Innovative testing Technologies and question types and reserves the right to incorporate either into exams at any time without advanced notice when it comes to answering the exam questions here are some strategies keep Cam and read the question in its entirety before checking the answer options students often choose the wrong option because they have misread the question if there are multiple answer options try to eliminate answers you know are 100% incorrect by using this process of elimination you can cross off all the incorrect answers make sure to read every answer option before choosing a final answer a common mistake that students make is to rush and pick that first answer if you're having difficulty with a question move on and come back after you've answered all of the questions you know it's all about the percentages try not to spend too much time on only one question which may leave you short on time for the rest ensure that you have enough time to attempt all the questions before checking them at the end depending on the question format you may not be able to change your answer so make sure that you have answered them correctly during your review you may be tempted to second guess yourself at times and change your answer while this can work in certain circumstances it can also be counterproductive remember that every step of your Learning Journey has been preparing for the sc900 exam be careful but try to trust your instincts the sc900 exam does not employ negative marking if you are unsure of a question try and make the best educated guess that you can this is based on existing logic of what you know be aware that some questions will apply partial marking if there's more than one correct answer required the important thing to always remember is that a successful blend of preparation test strategy and exam technique will help you maximize your chances of obtaining certification best of luck congratulations on reaching the end of the Microsoft sc900 exam preparation and practice course you have now achieved all of the cyber security milestones in this program this course gave you opportunities to practice your exam technique and refresh your knowledge of all the key areas assessed in the Microsoft certified exam sc900 Microsoft security compliance and identity fundamentals you tested your knowledge in a series of practice exams mapped to all the main topics covered in the sc900 exam to help you prepare for certification success you also got tips and tricks testing strategies use resources and information on how to sign up for the Microsoft sc900 Proctor exam now that you have successfully completed this professional certificate you are ready to schedule the exam sc900 Microsoft security compliance and identity fundamentals through Pearson view through a mix of videos readings and exercises you have learned about the expectations for the learning content by starting with an introduction to the course following this you reviewed what you learned about the Authentication features of azure ad like self-service password reset multiactor authentication and the password protection and management capabilities available in Azure ad you delved into the capabilities of Microsoft Security Solutions here you Revisited Azure distributed denial of service or dos protection Azure firewall Azure Bastion and just in time access you also covered Network segmentation in Azure virtual networks Azure Network secur groups and Azure data encryption you then investigated Azure Security Management this included consolidating your knowledge of cloud security posture management or cspm Microsoft cloud Defender and its enhanced security features as well as the security baselines for Azure the capabilities of Microsoft compliance Solutions is where you reviewed Microsoft service trust portal and privacy principles and the compliance management features of Microsoft purview for example you explored the compliance portal manager and score then with risk and resource governance you learned about Insider risk management communication compliance and information barriers you later shifted your focus to azure's Resource governance capabilities where you Revisited Azure Blueprints and Microsoft purviews unified data governance Solutions and finally you learned about the sc900 exam in depth including how to prepare for the proctored exam then you covered topics concerning Microsoft certification this focused on the various exam Preparatory items that you later undertook next you explored the concepts of security compliance and identity this included reviewing important topics like the zero trust model and authentication and authorization you examined the capabilities of azure active directory or Azure ad which is part of Microsoft entra this included the identity services and identity types in aure your ad such as internal identity hybrid identity and external identity types completing this course contributes towards gaining the cyber security analyst professional certificate from corsera this certificate not only helps you to enhance your skills but also gain a qualification that can lay the groundwork for a career as a cyber security analyst it serves as proof of your job Readiness and can be shared with your Professional Network to round off your learning you took a mock exam that has been set up in a similar style to the industry recognized sc900 exam the exam sc900 measures your ability to describe the following concepts of security compliance and identity capabilities of Microsoft entra capabilities of Microsoft Security Solutions and capabilities of Microsoft compliance solutions to complete the exam you should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security compliance and ident identity strategies provides an endtoend solution across these platforms you'll have an opportunity to later explore some additional resource links that will help you prepare further for the exam sc900 Microsoft security compliance and identity fundamentals remember that upon successful completion of the sc900 exam you can share your certification which enhances your cyber security analyst portfolio this is evidence for potential employers that you are motivated capable and not afraid to learn new things your journey of Discovery has required a great deal of perseverance and you should take pride and how far you've come continue the great work during this final lap of your Learning Journey feel free to recap any learning material until your exam completing all of the cyber security courses in this program was no small task and is an amazing achievement that has provided you with Newfound knowledge it has been a pleasure to accompany you on this path of exploration good luck this course can help you jumpstart your career whether you're new to the field or just wanting to refresh your knowledge as a seasoned professional as technology evolves and becomes more robust with security protocols hackers also become savier in their Cyber attack methods by taking advantage of technological advancements businesses are required to increase their security measures to secure and Safeguard their information devices and assets because of this sought after professionals such as cyber security analysts cybercity engineers and security Engineers are in demand to actively anticipate detect and mitigate cyber attacks or system vulnerabilities are you intrigued by this career field and wondering how to get started let's meet a few candidates and explore their career paths and how they got started Alex is currently a successful customer service representative at a call center she is a high school graduate and is well-versed in Microsoft 36 6 five applications she's also upskilling herself with macros and Visual Basic for applications to automate some processes in Microsoft Excel Alex's natural career progression is to move to a managerial role where she can receive promotional benefits and a salary increase however Alex has her sight set on moving to an IT role within the digital technological industry she has identified cyber security as interesting and her research has confirmed that specialists in this field are in demand she favors the career of a cyber security analyst it'll allow her to help protect a company's Network and assets including hardware and software from cyber attacks she'll be responsible for staying AB breast of cyber Trends within the threat landscape and identifying suspicious behavior that may threaten the company's confidentiality or damage the devices her plan is to focus on gaining qualifications in this area which will allow her to begin applying for entry-level cyber security jobs Alex is a beginner but has already mapped out her career and certification path with a view to getting ahead Alex has enrolled in the Microsoft cyber security analyst professional certificate which began with the introduction to computers and operating systems and security she enjoys self-paced learning because she works shifts in her current job once she has completed the sc900 exam she will begin applying for jobs as a junior cyber analyst Alysa has worked as a CL work in the motor vehicle sector for four years and security of information is part of her work-related tasks she became interested in it related issues when an online website that she subscribed to suffered a data breach as a result she has become conscious of how her personal information is gathered stored and used online Alyssa wants to know more about cyber security in hopes of understanding and assessing how security is handled by online companies that she deals with she would also like like to be able to protect her own devices prior to enrolling in the Microsoft cyber security analyst professional certificate program Alyssa completed several in-house workshops on data protection and data security upon completing the sc900 exam she has a deeper understanding of the threat landscape and how to mitigate risks against cyber attacks through this program she has extended her Professional Network with the relationships she has developed with her classmates during these courses Alyssa has also been promoted to her company's in-house security engineer where she maintains all the computers and networks against suspicious cyber activity in her private capacity she's continuously broadening her skill set to not only identify suspicious cyber Behavior but to create protocols and software that defend the business against cyber crime as the business expands Alyssa hopes to be promoted in the future to security engineer manager and expand her team through the recruiting process you you may find yourself in a similar situation to Alyssa deciding to change careers can be daunting Alyssa found the change rewarding so taking the step can lead to you being instrumental in identifying a need in your current workplace and pioneering a new role that is mutually beneficial and fulfilling for you and the company Josh would like to advance his career he graduated with a masters in computer science Josh has more than four years working as a software developer he wants to add new credentials to his portfolio and expand his expertise Beyond software into cyber security Josh aspires to become a qualified cyber security engineer based on his research of the role he feels that his attention to detail and inclination to problem solve would stand them in good stead a cyber security engineer develops and implements security systems they monitor and evaluate an organization security measures to protect their data from cyber attacks or unauthorized ized access some of the day-to-day tasks include performing security assessments and audits crafting solutions to security V abilities and investigating cyber criminals and threat models if this describes your ideal workday then this is the program for you Josh completed the series of courses in the Microsoft cyber security analyst professional certificate program as well as the sc900 exam he is actively pursuing his cyber security career by earmarking his next Microsoft security certification program in his Learning Journey congratulations on taking this first step toward a career in the Cyber secur field by the end of this program you'll emerge with a stronger foundational knowledge and you'll be able to make more informed decisions about where to proceed next some additional links to the various Microsoft certifications are provided at the end so that you can explore them in more detail good luck