hi everyone Welcome to our sc900 study cram V2 I figured it was probably about time I updated it remember the sc900 the security compliance and identity fundamentals is a fundamentals exam it's generally pretty rapid fire questions really trying to understand if you know which solution to use to meet what requirement an organization may have you don't have to know any of the technology super deep it really is just hey I have a broad understanding of what the different things can do in terms of preparing for the exam the best resource you have is to actually go to the sc900 fundamentals web page and if you scroll down it talks about preparing for the exam and there is a free online course so I really would recommend you just go through the entire course and it will put you in in a great position there's practice assessments you can experience the sandbox which is the actual exam environment you don't get um stressed out about well what's it going to be like what do these buttons do so you can actually go and try out the complete experience it's telling you there's 45 minutes to complete the assessment talks about the exam policy you can schedule the exam and there's even a great study guide so the study guide will walk through the these specifics of what has been updated and then what are the core skills you need to have so the goal would be you can go through this document and tickle the boxes say yep I understand all of those different capabilities what they offer me why I would use them and once you've gone through that Microsoft learn site you will have that you'll being a great position to go through remember it isn't just about Azure this is the Microsoft complete set so it's Azure it's entra it's Microsoft 365 and all the different solutions that may even extend beyond Azure and the Microsoft ecosystem maybe some partner Solutions and what Microsoft Security Solutions exist that might help for other clouds even so we're going to go through all of that so with all of that um let's just get started so again the goal of this is It's a review of some of the core principles maybe watch it just before you take the exam to just cement some of those core things in your mind one of the biggest Focus areas is this idea of shared responsibility because if I think about any kind of solution there's different layers to that solution I can think about well great there's the information and data that's associated with something there are devices there are identities then I can think okay well there's probably identity infrastructure what actually enables that identity to be authenticated to leverage you're going to have your application there's going to be networking components this could be where your resources sit this could be how I talk to the solution there going to be an operating system and then will those things actually run on hosts those hosts live on a physical Network which live in a physical data center so's all these different components and the point of the shared responsibility model is depending on what I'm using the responsibility shift so for example if I am on premises well then the respon responsibility is all the customer there is no one else involved now you may potentially hire some managed provider to come and manage things on your infrastructure you pay someone but you're still responsible for that you're still finding that solution then you move into an infrastructure as a service Cloud offering now you might often think of this as um like a virtual machine in the cloud now in this world the responsibility for the customer it's everything from the operating system up so I can think well that's all the customer but then the underlying physical infrastructure the hypervisor things like that well that would be the provider so this would all be Microsoft so there's a line there then you get into the platform as a service offerings now the Platformers of service offerings this is where for example you're provided with a complete kubernetes environment I'm provided with app Services I'm provided with a managed database so in the platform as a service offering the way this would work is you as the customer you're really only responsible for uh a large part of the your data your devices and your identity management your users your groups so you're responsible for those elements of the solution now m moft well they're still fully responsible for the hosts and all of those things so you say hey Microsoft you're still doing those same responsibilities right here but now there's a shared element of responsibility and and it varies a little bit depending on what exact service you are using but if I think about well the application well that's mine but the ual some elements of the run times that's going to be responsibility of the provider so what you now get into is this idea of a shared set of responsibilities so there were some shared responsibilities that we think of in that model so it's just a things start to shift a little bit as we go through that and in fact one of the things I would stress actually here I'm got to draw that line a little bit differently the OS in A Pas model that is the responsibility of Microsoft so that does shift up a little bit and then you can think about you have these complete softwares of service offerings so that's where a complete solution is delivered to you so that could be something like Microsoft 365 so in a SAS world you as the customer well you would still be responsible for your identities your devices that's still your responsibility but now on the shared side it's very very small the only shared element you're probably going to get is that identity infrastructure and that's only because you probably have for example an on- premises active directory there are some synchronization components involved in that you still have some responsibility there but everything else the application the the network the operating system that is now all managed by the provider of that particular solution so it's just this idea is as you move up the the Richer as a service offerings to really that business service is provided you're responsible for less and less but you always have little bits of responsibility now another big focus when I think of security is you have this idea of Defense in depth you don't ever want to rely on one single element to provide a complete protection for your environment so we have lots and lots of layers and you can really think about this defense in depth it starts with the physical security so great I have the physical security to my data center locks on the do security guards cameras Etc and then identity quickly becomes a new primary security perimeter in many organizations today then you have perimeter security now I'm thinking for example here on the network so the perimeter of my network I might have things like distributed denial of service protection there and then we have the network itself what can I do on the network to help protect my workloads I might segment my different areas so they're isolated from each other I might have for example limiting the amounts of traffic that can flow between them have very very good controls then there's the compute my hosts themselves my compute I'd have firewalls on them I'd have good security practices to make sure they've got anti- malware they're patched they're as current as possible my application will be well written and well tested so I don't have vulnerabilities in there and then of course I've got my data and the data is really the most important thing to an organization it's the most critical element we want to protect and so when we talk about defensing depth think of all of these things as layers so these are all layers upon layer that if any one of them failed there is another layer under it to protect to protect to protect until you get to that most critical thing which is the data itself now one of the balances we always have to have with security and Mark Mani said this is you can be Ure and out of business so I can be so secure my company can't actually function anymore so you have to find the right balance between having security but not being so inconvenient to the user base that you can't do the job anymore and you'll often hear about this Triad the CIA Triad and the goal of this is there are three critical elements where when I think of my protection so we have c i a so this is focused on confidentiality so the confidentiality is hey I have my data so my sensitive data making sure it's encrypted it's protected I want to make sure I maintain the Integrity of my data ensuring there is no tampering ensuring I maintain rain data in the correct way I'm keeping it exactly as it needs to be and availability data is available to those that need it when they need it and there's a whole bunch of different types of threats you have against this there's data breach so someone steals your data there are dictionary attacks where someone tries to attack your identities by running these brute falce attacks against them there's rant somewhere hey malicious code goes and encrypts your data there's disruptive attacks there's distributed denile of service types attacks there's fishing you get an email hey click this link it's good I promise you sphar fishing someone does these attacks on the people to try and trick them so all of these different things are here to give me protection in layers from all those bad things that can happen another common term term you need to be aware of is this idea of zero trust and this is at the Cornerstone of a lot of the security architectures we see today and it's really based on the assumption that we don't trust the Network anymore we don't trust hey just cuz something's within our interet our internal Network it's good to go we trust no one we verify everything so we think about the core rules are we are going to verify explicitly so every single attempt to access we're going to perform authentication on we're going to make sure it's authorized to access that resource so a device a location a classification we don't trust anything with always going to verify explicitly constantly we want to focus on least privilege what that means is in the past you might give something a certain role that has a whole bunch of permissions to it that lets you do the task but it also lets you do a bunch of other things as well so least privilege is what is the minimal set of permissions you can have to do a certain role so um just enough Administration JEA but also Al you only have those permissions when you need them so rather than you sitting there with these heightened permissions all the time you have a much lower set normally and then just in time jet jit then you get given the permissions for the hour or so when I need to do that you go through some elevation maybe stronger authentication so a big part of that is this idea of just enough Administration and just in time so I only have the permissions I absolutely need and only when I absolutely need them and you assume breach you assume the bad person is on your network and so if we assumed there was a bad person on our Network all of the time then we would make sure hey we segment the network we ensure we're constantly looking for signals that would detect threats we segment things as much as we can we only allow through the types of traffic that absolutely has to be allowed through and if I think of the zero trust and what are the different entities we have to consider as part of this world well we have identities and the reason you hear about identities so much is In This Cloud world I can't rely on a Network anymore as hey if I'm inside my network I'm safe like we did in the old days in the old days it was our corporate network if I was inside it hey I'm probably good because someone had to badge in well In This Cloud world most of the resources we use don't live in our Network and so it's the identity that's actually that first line of security so we always focus on how do we make sure the identity is as secured and as validated as possible so that's users that's devices that's Internet of Things um that's many different types of identity applications exist out there and then I can think about well there's devices that are leveraged and again that could be a users bring your own device it could be a corporate device it could be a server but these can provide a very large attack surface if I don't have these secured well we have the applications that we're using both to consume data and maybe generate the data and then of course we have the data itself which is a huge thing that we want to protect we need to know where our data is very often today you find these challenges that data is all over the place in different storage accounts in different cloud services different SAS Services how do I know where the important data is so I have to be able to discover my data classify my data based on its importance its sensitivity based on its retention and then take actions maybe there's encryption maybe there's data loss prevention there's different things we have to to do so data is key and then this all sits on top of different types of infrastructure that we have to secure and then the networks again it comes back to that segmentation making sure we're doing all of the right things we need now one of the things you need to understand as part of the overall security because it comes up really time and time again uh is encryption I've mentioned encryption encryption encryption so when we think of encryption there's two key Concepts and types of encryption now you don't need to understand the details of the encryption But realize you at least need to understand um symmetric versus asymmetric so if I think of symmetric we have these keys and keys are some data that is used as part of the cryptographic operations that encrypt or decrypt so encrypt is I'm taking some data and making it unreadable I don't know what it is anymore decrypt is to take that unreadable stuff and make it readable again so with symmetric the idea here is that I have my original data and then I have a key key so we'll call it key1 and I use the key one to create The Scrambled data but if I want to now be able to read the data and convert it back to the unencrypted I use exactly the same key so it's symmetric the same key is used to both encrypt and decrypt so in the old days where you have the little Co that had different letters that mapped the key might be how you shift it three places well it would be the same key that is used to encrypt and decrypt and the challenge with symmetric how do I securely share the key I can't just send it to someone because if it's intercepted that person can now decrypt so symmetric has a challenge around how do I distribute the key to the other party and then the other side of this is we have asymmetric and as you would guess the goal of asymmetric is there is now two keys and the way this typically works is one of them is private to the person that owns the key pair they never share it and then there's a public key that everyone can know and here what happens is if I have the data so I have a public and private key and I'm going to share the public key with everyone so what actually happens if I want to encrypt some data what I actually use is I use the public key of the person I want to share data with so the public key now generates that encrypted whatever that garbled junk is and then to decrypt the data to the original the private key of that pair is used so remember only I have my private key everyone has my public key so if someone wants to send something to me encrypted well they can encrypt it with my public key they can just send it to me no one else can read it because only I have my private key if I encrypted say them with my private key everyone could read it it would be useless so it's always the opposite key can reverse the operation perform so if I encrypt it with my private key only my public key could decrypt it so if someone encrypts it with my public key only I can then decrypt and read that message which is great and now I don't have a problem with sharing the keys because hey I just put the public key out there it doesn't matter it only does one way of the operation now the other way this can be used is imagine I do have some data I want to share but now instead of maybe worrying about the secrecy I want to worry about the Integrity I want to prove to someone that no one messed around with the message so one of the things I can do here is I can leverage a hashing algorithm so I might run a hashing algorithm and what a hashing algorithm does is it takes some amount of data and it runs an algorithm to give me a fixed size result and the hash it creates will always be the same for the same inbound data and it'll always be of this fix size that's the way the algorithm works so what I could do now if I were to send something to someone and prove the Integrity of the data that no one has messed with it well I could run a hashing algorithm on my data and then that hash I will encrypt it with my private key and I send that along with the data so now those things are sent to the receiving party the receiving party then has the data they just run the hashing algorithm themselves and they come out with the hash I sent this to them as a signature but they can decrypt it because they have my public key so then when they decrypt this with the public key it will decrypt so they get the hash that was stored in it and they're equal so they know the data they've received not has been tampered with because hey this was encrypted with the private key only the person who sent it has the private key so only they could have sent it so that's some of the ways we use that asymmetric and symmetric keys so both to sending data but also to help prove the Integrity saying has not been tampered with now funny enough that hashing is actually really important in other ways as well well so we often use it with passwords so if I am sitting at my computer and I want to authenticate to some system now whatever that password system is there's some accounts database and what we don't want to do is store the base password so I want to authenticate I type in my password but we don't want to just store the password in the database so one of the things we do is we run a hashing algorithm on the password so now we get whatever that hash again a fix size thing and what we do is we store for user John we store the hash in the database so then when I authenticate I type in my password it generates the hash and then if the hash is matched then that means I typed in the correct password because the same input will always result in the same output the other thing we might do though is well these hashing algorithms become well known so if I was a a malicious actor I could generate a whole set of dictionaries of the hashes for all of the common passwords and then just try and use them against it so what they also had add is a sort so this is a per user has a different salt value so in addition to their final hash they store what the salt used is this is combined with the password that's run through the hash so now it's going to be a unique hash for that value for each user so a regular table of password hashes wouldn't be very useful anymore because it doesn't contain the salt and so that's what gets stored and when I try and authenticate hey I type in my password it adds my user s hashes it and Compares it to what's stored and only if they match do I get authenticated so that's one of the ways that we use the hashing as well because we don't want to store those plain text passwords that that's not something that's good for us at all um another common these are really all about sets of terms that you're going to hear is governance GC risk compliance governance and we're going to come back to a whole set of these different terms risk but for now just understand hey what this means so this is all about reducing risk uh improving your compliance Effectiveness so governance what are the rules what are the practices what are the processes that as an organization I use as the foundation of all of the different activities and things I do within my company now very often from a governance perspective this might be based on some regulatory requirements maybe I'm in a certain industry maybe a certain country I have to adhere to those requirements risk is about identifying assessing and responding to threats or events that are happening that impact my business and remember risk can be external and internal yes there's obviously external parties that want to be malicious or get my data there's also Insider threats so how do we have to think about detecting and reacting to those as well and then compliance Again country region Federal industry what do I need to adhere to and as part of these sometimes you'll hear about data residency data sovereignty data privacy so data residency would be where does my data have to live data sovereignty is which country's laws apply to the data I'm storing and data privacy is is about what what am I storing how am I leveraging uh that data so those terms are important as well okay so I want to shift gears now and think about identity so let's give ourselves we'll fly over to here so with identity this really has become a huge Focus for everything around computers as we're adopting these cloud services remember identities can be many different things and identity can be a user and by user I'm talking about a flesh based thing it's some carbon based life form that's leveraging and needs to prove they are who they say they are and has certain rights to do something if I'm an application we generally want to treat those differently so an application it also might need to authenticate and get access to resources but we shouldn't be using user accounts for this there's special types of identity I can use for an application an identity can be a device often their devices will have identities as well and that's really important because I can think about what device might send signals in I need to know it's really coming from who I think it's coming from I could be malicious as a device and send a bunch of fake signals and make a company think something's happen happening that isn't happening and then there's just other uh groups other types of resource that may exist so we have all of these different types of identity in the system and with those there's really four key pillars when I think about identity so from a 4key pillar perspective I might think about well there's the administration it's a d so there's Administration an Administration is about the basic management of the identities then we think about authentication so I'm going to say Au n authentication so this is about who I am so that's proving I am who I say I am that will grant access to something once I've proven I am who I say I am then we have authorization so I'm going to say off Z so off Z is about what I can do so once I've proven who I am then it's about what can I do so that granted me access this is what is the level of access and then there's audit I mean this is really saying what have I done and we need all of these pillars when I think about authentication and we're going to address each of those now when we think about modern authentication today we think about a centralized identity provider that can be leveraged by many different types of service they're going to speak web type protocols that are going to give us tokens they can be used by different resource is it's going to have risk detection it's going to have auditing and when I think about modern authentication today we have an identity provider so if I was thinking identity provider so an I DP entra is an example of this so when we think of entra ID this used to be remember called Azure active directory is now called entra ID this is a cloud based identity provider it speaks Cloud protocols so if I think of how do I authenticate how do I get authorization well I have awf 2 that lets me do different types of authorization to delegated resources we have open ID connect which Builds on iol 2 that is a way to give details about who I am and what I'm doing there's saml which is a federation protocol but with this the whole whole goal is all of these different identities will they all live inside my entra ID tenant my apps but also what happens here is well lots of third parties so lots of third party applications they leverage my tenant if I think of Microsoft 365 they use entra if I'm using aure and different will trust so the whole point here is these are trusting a specific instance of entra so as an organization I get a tenant and a tenant is my set of objects my boundary of security so when you create a service it trusts your tenant and now what happens is all of these different Services trust your entra so when I have an identity I get services like single sign on I only have to authenticate once but now I don't have to keep re-authenticating to use services that trust my tenant and that's a huge benefit I now have one account that as a company I make sure has strong authentication I'm using passw relist I'm using uh multiactor authentication whatever that may be and I get one set of auditing and now I can go and use all these different Services all around and we can take a quick look at this if we jump over if I go and look at my entra tenant so we have the entra portal so we on ent. microsoft.com it gives me basic information I'm in the just the homepage but I can see things like my identity score mine is not particularly great but it would give me recommendations about things I can do I would also see that I'm in the overview right now and I'm just going to my view recommendations and it will give me things to focus on so I can see the amount of secure points I can see the impacted type of resource over here and the more points the the higher priority and again it's given me a priority over here as well so I would know hey one of the things I should focus on to improve my identity score which would then also improve my all up security which which is obviously a huge goal of what I'm trying to do here now moving on from that so if that's our our cloud-based solution this is very much a flat structure now realize what we also probably have in many of the companies today is we have an active directory domain Services now this was our original directory services and it's speaks authentication that we use for on Prem so this speaks things like Kos ntlm and this is hierarchical in nature so we have organizational units that let us create a structure of the different objects we have but what we do here is often we have a hybrid identity and what hybrid ID density is all about is we synchronize the objects up now the synchronization primarily flows from active directory domain Services the think of this is the source of Truth and then objects flow this way so we're doing a synchronization but it's really synchronization that way and there's different solutions for this so you hear about entra connect where the engine for the synchronization runs on premises in a virtual machine then there's also entra Cloud so you pick one of them say and that's where the engine runs in the cloud so there's two different options um over time we're focusing more on the Cloud sync that's the future directory but it now extends even further that idea of single sign on that as a user I have one identity that I can use for both on Prem resources and things that trust my on Prem and things that use my cloud and this has different options like it can synchronize a hash of the hash of the user's passwords there's pass authentication there's Federation op options but generally today we do this password hash Sync It's a hash of the hash it's not just copying the password for the best overall experience we want as much authentication to happen in the cloud as we can we don't want Cloud authentications having to come back to on premises it adds points of failure we just don't want now I mentioned Federation and we're doing elements of that here but just to be super clear when we talk about identity Federation this is the idea that there are multiple identity providers in play now this might be multiple identity providers in that there's different tenants of enture for example so it's the same overall provider but there's different tenants or it might be a completely different identity provider but the point of it is Imagine here we have two different tenants A and B they could be both entra they could be entra and Gmail or saying on premises VI s it doesn't matter but I have a a user and this user well their user account lives in this identity provider and what actually happens is there's a really nice resource that I want to use that its identity lives in the different provider so I've got some resource here and it trusts this instance of the identity provider but I want to use it so what is established is the idea of a Federated trust so here the a identity provider would Trust the B so it's trusting that this one is going to do the right things to authenticate and I will therefore trust their identities so now I would let this user have access so once that Federation is in play well fantastic name now I can be given permission and I can access so when you hear the word Federation it's all about hey I have resources in different identity providers or instances of identity providers but I want my users to be able to consume those resources and this is way better than just creating this user another account over here and there's many reasons for that but if I think of as the user so I want this idea of a single account which is what this enables me to do my password only exists here I'm only authenticating here so this is really good for the user because now I don't have multiple accounts I'm not trying to remember multiple passwords I don't have 50 different mfas so it's a great user experience it's really good also for my company because now I'm not worried about well did they use the same account over here so if the password is comp compromised over here can they now compromise my my account if they leave the company I just have to disable One account so it's great for my company and it's also great for the Resource company because now they're not having to user management for a whole bunch of people that aren't part of their company having to have calls because people have forgotten the passwords which will happen a whole bunch and so this becomes a very attractive um component of nearly every re identity architecture and you'll see this in every resource you use today you'll see the idea of a federation and that's why no one wants to maintain multiple accounts now I mentioned accounts a couple of times so realize here when I think of just users for example there's two primary types of user here so I have the idea of an internal user so an internal user is an account that I create in my tenant that's a typically an employee of my company but I can also have an external so imagine for a second there is a company I collaborate with a partner but they have their entra ID tenant so this is an an other tenant and there's a user in here remember I don't want to create them an account over here that's really messy so instead what I can do is we can add them as something called external often they are guest as well they have a subset of permissions but now this user and the other authenticates against theirs but if you think of that Federation idea they can now be given access to resources that trust my tenant and leverage that so that could be a different entry ID tenant that could be a Facebook a Gmail an on premises samel whole bunch of different things we can do when I think of the applications we often call these workload identities and again I never want to use a user account and try and fake some element of it being a user what we use for applications thing called a service principle and that can then authenticate using a secret like a password or a certificate but there's also a special type if it's an Azure resource if it's an an app that's running in an Azure resource I can use something called a managed identity and that identity is then managed completely by Azure it's tied to the resource if it's system assigned or if it's user assigned I can grant that identity to multiple resources but it's now tightly coupled there's no secret to manage it just inherently as the application can act as the identity because it's running inside that resource when I think of devices there's different levels of device and interaction with entra so one of the things we can have here is I can be entra ID joined so when it's joined I actually authenticate to the device as a user from entra so that's the the tightest binding that would generally be a corporate owned device I can also do entra ID registered now if registered the device is known to entra I can have certain management from the company must be a bring your own device scenario but I'm not authenticating directly with an ENT identity but it is known I can do some heightened trust elements with it there's also a concept of hybrid joint with hybrid joint the device is actually joined my active directory domain services and then the device object gets synchronized and then is registered as well so hybrid joint is a combination of those things so depending on where the device sits what it really needs to use we have different options around that so that's like Windows 7 and above um can all support that hybrid joint entry IG ID joint is only Windows 10 and windows 11 entry ID registered Windows 10 and above iOS Android Mac OS they can all support the registered okay so that's a lot about the management um pillar of this now I want to talk about the authentication side remember authentication happens first I have to prove I am who I say I am and there's different levels that we can have with authentication so I can have the idea the worst is password only so just a password and I'm sure you've seen a million times now no one likes just password it's something called a network secret if I know it I can use it anywhere it's too easy to be tricked into giving away so we we don't like that what we rather have is we talk about multiactor authentication so this is using multiple things to prove I am who I say I am now this could be using my phone this could be an SMS message it might be voice we can do that we have things like software Hardware tokens and these would typically generate a onetime use code or we can actually go in and say oh yes it's this number I type this thing in so that gives me some additional capabilities and you'll hear of O A open authentication as a standard around that so this this is better so I'm using this multia authentication again and multiactor authentication is I'm two of so it's something I know I have I am so I know would be a password or pin I have my phone my device I am biometric face scan fingerprint whatever that might be so want multiple of those and then we get into the idea of passwordless so passwordless is there is no password at all we saw the Microsoft authenticator app so the Microsoft authenticator app I can use in a passwordless way and it would show a number I'd have to type the number in on my authenticator app it would show me where I'm authenticating from the application that's requesting it to try and prevent fishing which is where someone's trying to trick me to doing something and now we're also in the world of pass keys so pass keys are very strong Authentication and they're fishing resistant because there's a proximity requirement for the device that I'm doing the authentication on to the device where I want to authenticate for example I could be having the pass key on my phone and I'm using it to authenticate to something via my PC well the phone would have to be close I can't be tricked by someone hundreds of miles away to use a pass key I have to have this proof of proximity for example via Bluetooth that I am close to my phone now for p keys there's different solutions to this and the authenticator app can now do pass keys for entra so the authenticator app Remember can be used for just pass password list but it can also now be used for pass keys I'm going to do it within the boundary there's also Windows hello for business is using a pass key if I use a 52 key well that is a pass key so there's different Pass Key Solutions and that's generally now the big push to leverage hey use pass Keys they're a standard they prove proximity so they're fishing resistant so that's the way we can prove we are who we say we are so whenever we hear the term how can I improve identity security you're probably going to say MFA or or Paris that they the terms to understand no realize when we talk about MFA there's different ways to enforce MFA in entra we talk about conditional access which we're about to talk about but if I'm a company that maybe doesn't have licenses for conditional access or I just don't know what to do there are something called security defaults so if we go and look really quickly if I'm on my identity um overview and look at my properties tab over here you'll see there is this option for security defaults now I don't use this cuz I have conditional access but if I didn't if I didn't know what I was doing security defaults would enforce multifactor authentication for all users it would force administrators to use multiactor authentication and then for specific types of activity it would requ require users to use MFA so I as a company have no control over it it's defaults but it can be really useful if I don't have the licenses for P1 I can't use conditional access and I just want something so that that can be uh a benefit there those security defaults there's a whole set of other features when I think about the passwords and who I am and what I can do do when I'm using entra fact let's just jump back over again for a second one of the things we have if I'm looking in my entra and I look in the protection section we will see I have this idea of authentication methods so I'm over here under protection So within authentication methods we'll see this idea of password protection and there's multiple elements to this there is an idea of just the standard protection for the words they're going to protect against then you can also enforce a custom list of passwords so imagine I'm in Texas why don't want to use the word Cowboy um if I've moved for example I might add the word potato to that list for example no guesses where I've moved to but you get the idea so I can enforce I can even enforce these on active directory so these protections can go and leverage in more and more places there are things like f alerts so I have the ability based on lockouts so you can see here there's certain types of smart lockouts if people are just trying to maybe Hammer my passwords I can help protect against that I have capabilities such as password reset I I can enable users to reset their own passwords and I can say well how many methods they have to configure to be a to reset their passwords one or two what methods are available I can add custom security questions there's all different things that we can add as part of those sets of capabilities so moving on let's talk about the authorization when I think about authorization in the entral world we're really talking about conditional access because I've proven I am who I say I am now I want to get authorized and get tokens that I can give to a resource to give me access to something and conditional access enables us to put a lot of controls based on my location my device health the risk of my user the risk of I sign in what I'm trying to access a whole set of different criteria before it will go and give me the token and maybe that's easy to just quickly go and see one of those so if I go and look if I just go to conditional access and look at a policy and I can do things like terms of use so also if I want people to agree to something I can create terms of use which are PDF files and then say hey I need this accepted before I let you access this particular application if I go to my policies and just create a new one super high level who am I applying it to users particular groups of users is it a particular role they have is it just external people what resource I'm trying to access a particular Cloud application and I can say which one from all different Cloud apps that are trusting my particular tenants it would show me a whole list that I could go and select from here I could also do it for certain types of actions different authentication context different locations that I want to use what are the conditions so the user risk the signin risk Insider risk device platform locations Client app filter for devices and then my controls well hey I want to require MFA require a certain authentication strength which is I can configure hey I need this to be fishing resistant for example what is the state of the device do I want to have accepted a terms of use do I require them to change the password maybe I've detected a high user risk so it's just a whole set of different things that I can configure really focused on the idea of how strict the requirements I want to set before you can access this particular type of resource and that can surround anything that is leveraging my entry tenant and then also we have role-based access control and as the name suggests Ro based access control is generally around the idea that I have some role which has a set of permissions or actions there is a certain identity that I want to give the role to and I want to give it on a certain resource or maybe a certain scope and so I take the role and I'm giving that role to a certain identity at a certain resource and so this is called a role assignment and this arbac exists in entra it exists in Azure it exists in the Microsoft 365 many many different Services have this and there are roles that are built in so for example if I look at entra for a second if I go and look at my roles and admin and I look at all of the different roles well I can add filters so I can look at the type and I could say it's built in and there are lots of built-in roles now these roles some of them are just general specific to entra some of them apply to many different Services some of them apply to a particular service so if I add a filter for services we notice there were Microsoft cloud services there were particular applications there's readon roles but if I selected cloud services well then I can see things like well okay there's Azure devops administrators there's Dynamics 365 administrators there's exchange administrators so there are some roles that are specific to a certain service there are some that are more generic like Global admin that gives me powers over lots of things and then Azure itself has its own set of services and roles so there was a very different from entra and remember the key goal across all of these is remember our zero trust think the minimum possible role that does the job there's probably going to be lots of roles that would Ena it to do the job like Global admin it probably do anything but it doesn't need that so we think the smallest possible role and then we get into the auditing now when I say auditing it actually also means governance and once again there were many different solutions that enable me to do this I'm going to move this over just a little bit so I don't get stuck for space okay there we go so when I I think of the governance side there are many different solutions but one of the big ones here is is entra identity governance and you'd often hear about the idea of a joiner mover lever from a user's life cycle in the company they join the company they move around inside the company then they they leave the company well associated with the Joiner lever there would be on the user there would be properties of start date and an end date so what identity govern lets me do is based on these These are triggers and I can say well 4 days before the start date a day of the end date a week after the end date whatever I can go and Trigger certain actions so hey a week before they start send out a welcome email the day they start generate a onetime passcode email it to the manager for them to talk through the user so they can do the onboarding of their device the bootstrapping so they can do password less authentication hey the day they leave remove their access add them to an Alumni network distribution list so they can get talking about those also Dynamic groups are super powerful here Dynamic groups add remove users based on properties of them so that could be really powerful to leverage so identity governance is really useful for the life cycle of the user we have things like access reviews access reviews can be useful to check access to groups to Applications um to various types of roles that I might have and it might be someone doing the review it can be a self review where I'm asked do you still need these things but it helps validate that hey we don't have people with permissions they just don't need anymore there's things like Pim privileged identity management and when we talked about this whole assignment and only having what you need and just in time well pin is a solution that lets you elevate up only when you need it and for a certain time window then it will take it away again we have things like idenity protection idenity protection is looking at lots of different signals that will help me understand the risk level of the user in general but also a specific signin activity so the user is the identity and I do lots of different signin but maybe my password has been found on the dark web so that's the use of My overall risk and then every time I sign in that specific sign in how risky does that one seem well this sign in is coming from a country they've never signed in before from a device theyve never signed in before that looks kind of risky and when we talked about conditional access these signals from Identity protection ction can be used as part of the conditional access as something we can say hey look the sign in is risky above medium let's make them do an MFA or the users's risk is medium let's make them change their password so I can leverage those things together um there's also things like permissions management permissions management is good and this works actually across clouds so this yes obviously is azure but order the AWS and Google Cloud platform and what it's looking at is it's going to go and discover what permissions an identity has and which ones they're using then it will go and remediate so it will say you don't need all these permissions let's shrink them and then it will monitor in an ongoing way to help give you that protection so permissions management is really nice to help strip down those permissions to exactly what you need now I'm going to talk about two other solutions that at the time of recording are not in the exam but I suspect they'll be added fairly soon so if I think about all of these Solutions and the access and the things they're provided we realize as a user I'm on my device and my device can be anywhere well I might want to access things that are on private networks so there's some resource here on a private network but also I'm probably accessing stuff uh on the internet which can be full of very very useful resources and very very bad things so I have private things I want to access and internet things I want to access and as a company I want to facilitate access without using traditional vpns cuz they don't follow the zero trust principles and also I want to maybe protect my users from bad things on the internet well if we remember that we have our entra capability up here one of the solutions is there's a global secure access client that gets installed on the device and this same client is used to facilitate both of these things so one of them is entra private access so with entra private access when I want to access a private resource it redirects it to the entra edge and then sends it to the resource there's not a regular VPN but it facilitates that so that's entra private access and that is for anything that is TCP or UDP and because it's bouncing via entra conditional access gets evaluated and then well maybe they want to access stuff to the internet once again it's going to bounce to the edge do a check and then enable that so then we have internet access and that can check things like fully qualified domain names categories it has all of those abilities to validate and verify those things for you so it helps you protect your users give them access to stuff no matter where it is and help protect them from maybe bad things on the internet um and as you have these additional Solutions you can buy them individually but also Microsoft have introduced and again I think it's just useful to understand this the entra suite so the requirement is I have to have P1 licensed then the entra suite adds on top of P1 so it's adding that point how you have to have P1 but then you get all of the features of P2 plus it gives you private access internet access all of the governance features including the rich access reviews that go even beyond what P2 has those life cycle workflows the governance gives me the identity protection features that are part of the P2 anyway but it also gives me face check on verified ID so if I was using things like access packages that give me access to a certain set of resources face check would let me do a liveness check at the time of requesting that before I'm allowed to go and access that resource so it's another validation thing so just realize the ENT Suite again the time of recording is not in the exam but I suspect all of these things will get added so just understand hey I need to enable access to private resources on a private Network enter private access I would like to help protect my users from things on the internet based on certain categories internet access hey I'm using multiple Solutions I need to do live cycles for my users and all this the entra suite will probably be a good solution to think about there so I just wanted to make sure I covered those cuz I thought that was an important thing to understand because it's it's bound to come up okay so with that let's PIV it for a second and let's look at Azure so if I think about Azure and the different Security Solutions let's give yourself some space we'll come back over here all right so that was the shared responsibility we had all that information over there so if we now want to think about Security Solutions and yes let's start with Asia so remember Asia is the cloud in many regions all throughout the world where I can spin up resources like virtual machines and kubats custers and app services and storage and databases all of that and if I think about basic Network and data security Concepts so in Asia one of the first things I'll think about if I'm offering a service to the world well remember what are some of the negative things that can happen well the negative thing that can happen is a distributed denal service attack so I can think about dos and so aure has a Dos protection solution now there's different capabilities the basic that's just free but it's really only geared towards stop really really high volume not specific to how your application is expected to work and then there's the standard and with standard there are two tiers when I think about this the traditional was Network so I would spin up the Dos protection for a virtual Network which is a construct in Azure that livesin a region within a subscription there's a set of Ip ranges resources that live in it and it would protect all of the public facing resources that exist in that Network or I can also now do IP based where I just protect specific IP addresses so maybe I don't need the entire network I don't have many resources for example so I can do this another way this is a layer 34 but the beauty of when I I'm using these and these standard tiers they're tuned to the specific application it uses machine learning to understand what's the normal type of traffic we would expect I can create custom policies there's traffic monitoring and alerting and there's even support that you can get as part of that and then inside my virtual Network I can deploy Azure firewall now Azure firewall works for both layer seven and layer 4 so layer 7even would be applic policies layer four would be Network policies so application policies it understands the HTTP it understands the fully qualified domain name it can even do TLS inspection it can have a certificate that gets trusted by the client so it can be in the middle of the communications it has threat intelligence there's a huge set of capabilities later for it understands TCP UDP and the flow of packets between those so this can give me the ability for anything that's operating into or out of or within the virtual Network it can do that inspection and give me those protections building on that you then have the web application firewall so if I think of the the Dos protection was very much layer three layer four well then what I can also have is the idea of the web application firewall the web application firewall is protection from a lot of common types of exploits there's this core W set the CRS so this would be protecting against maybe certain types of SQL injection and there's cross site there's many different things it protects against it would also protect against HTTP floods so a layer S Type dos attack and this helps because I typically will have some kind of load balancing solution for my resources now within a virtual Network so if I was for a second draw the idea that there's actually a v-net sitting here come on go away there was a v-net sitting here I have a bunch of resources very often within the v-net I'll have an app Gateway so an app Gateway is a layer seven and I'd have a bunch of layer seven sort of HTTP resources behind it that it balances to well I can have a regional W solution but I can also have something called an Azure front door which is a global solution there's also layer seven which would often then go and point to a regional solution so I can add W in front of the regional app Gateway or the global Azure front door to give me those protections from those capabilities now I mentioned a virtual Network think of a virtual Network as a boundary my virtual Network it lives with within a specific region within a specific subscription and if I have another v-net well those v-ets can't talk to each other so by default if I have another v-net over here they're isolated now there are things I can do like peering to enable them to talk but by default they are a boundary so that's really one of the key things to understand there but I can further isolate them now I talked before about Azure fball I could tell all of my resources your next hops the next place to go is azure firewall then as a fire would say well do I let this traffic flow out into other resources but the other thing I can do is I can create so if I think about I have lots of subnets so this is kind of subnet one I might have a subnet to a construct I can create it's called a network security group and this is based on the source or destination IP address port and the protocol TCP UDP so I create these list of rules so I create all of these rules and then I assign them to subnets that's typically how we want to do it you can assign it to Nyx directly as well it's generally hard to manage and so the upshot of that could be if I construct these I might say well hey look this subnet this is allow to receive 443 inbound from the internet but I'm not going to allow 443 to this subnet I'm going to allow from this subnet to this subnet 1433 but nothing else so let me start to do additional segmentation so network security groups think of those as letting me do additional segmentation within my virtual Network and they can also control the flow in and out of the virtual Network now there is another solution today so there is a solution called Azure virtual network manager now that has multiple different capabilities but from a security perspective it lets me create something called a security admin Rule and really they look very very similar to nsgs but these are centrally managed it's a central service and on those rules where's these going allow and deny well this can do the same thing it can allow and think of this as a funnel so if it allows these run before nsgs so if I do allow it will then flow and then it would process any nsgs that existed before being allowed to then go on to whatever the target is but it also has always allow always allow bypasses the nsgs and we'll just let it go to the Target that might be really useful if I have to ensure resources can always get to a patching infrastructure or my domain control I don't want to risk some local app developer breaking that so it always allow lets me configure those and then of course yes it has deny so if I do deny it never even gets to the NSG the traffic just gets killed off so realize that exists as a capability to sit in front of it so there's another way to centrally manage those things other key Services um if I think about I want to get to a Source well imagine I'm draw on this one cuz it's easier for space imagine I have for example a virtual machine and I want to be able to get to it from the internet so I'm sitting over here and I want to access it I don't want to just have a public IP on the VM cuz then I can do Port scanning it's going to get attacked constantly we like the idea of a jump box something I connect to and then from there I connect to it so aure has a service called aure Bastion so when I deploy Azure Bastian it now enables me to connect to this it can be RDP or SSH so it's going to work with Linux and interestingly enough the higher skews of this solution would let me do SSH to Windows and it mixes between those I can use the a command but then I don't worry about exposing anything I can't be Port scanned anymore so it gives me protection against zero day exploits things like that there are different SKS so if we go and look at that super quickly there's actually a whole bunch of them and as you can see here it walks through hey look connect to a Linux using RDP connect to Windows using SSH but it's only for those higher SKS so that's why I have to be using standard or premium but there's also things where I can go and connect to VMS V IP addresses I can connect to things on um via the a I can connect to things in peered virtual networks as well but that's not with the developer skew so there's just different capabilities and I would go and look at those and say well what do I actually need as part of my solution and I would go and pick accordingly to those so there's not a right or wrong it really just just boil down to well what do I what do I actually need the other service and it's final kind of azure one but I'm going to go back over here where I talked about encryption so I talked about these Keys a whole bunch so one of the Azure resources is azure key Vol so I create this resource and then within there I can support a number of different types of things now one of them is secrets with a secret I can write it and I can read it so that would a password a shared access signature something I need to be able to update and then read it back I have the idea of keys so a key is something that I can import or generate but I cannot export it what I can do though is within it I can run cryptographic operation so the idea here is my private key for example is sitting in here I can ask it to sign this I can ask it to decrypt this thing but it it can't leave the key volt I can't just go and Export that thing out and then it has the idea of certificates so it can handle the complete life cycle management of my TLS my SSL CS that I can use there's a standard and premium tier um standard uses software based encryption premium uses Hardware based protection keys so those are those capabilities okay so let's talk um Beyond Azure now so it's oh didn't that so still on the Security Solutions but let's really go beyond just Azure and I want to start with the idea of the Microsoft Defender for cloud now when we talk about Defender for cloud this is a cloud native application protective platform sure hear the a cnap very probably not going to need to remember that but it's broken up into a number of different capabilities that I would then go and leverage for example you'll hear about a cloud um security posture management so I want to understand what's the state of my cloud and this works across different clouds so yes aure but all AWS and and gcp there's a um Cloud workload protection platform and then also it focus on dev SEC Ops so I'm sure you're familiar with devops Dev SEC Ops is moving elements of our security we always think shift left how can I and left is earlier in the process so if we think about shift left here how can I get my security earlier in my devops pipelines to help protect and lock those things down and when I think of the cloud security posture management it's actually based around leveraging a feature called Azure policy and what it does is it creates something called an initiative which is a whole set of different um policies that it then applies to it and they have something called the Microsoft um Cloud security Benchmark Microsoft cloud security that's a standard one they give you for free and I can go and apply that and it will give me a posture status for my cloud so if I jumped over for a second and let's quickly just go to portal. azure.com and I can scroll down to my Defender for cloud and one of the things it shows me here is my security posture and it shows me my secure score for my Azure cloud is 43% I can see different recommendations my Regulatory Compliance so it gives me this Microsoft cloud security Benchmark for free but I can also go and add other regulatory compliance Solutions if I have the paid offering so there's a free and a paid offering so my cloud security Benchmark I can see I've got 40 of 64 passed but there's also many other Regulatory Compliance things I could add to this if I had the paid offering which I do not have on this system so look my compliance offerings you can see all these different things I could go and apply to my environment and I can leverage those as required I can see my security posture here and once again it will have view recommendations and it shows them by risk the priority how many points it might give me for leveraging them so I know where I might want to start to go and start locking things down the cloud workload protection platform the other po that's features for specific workloads so there are things like um Defender for storage Defender for KEYT for containers there's Solutions specific to each of the different types of capabilities at the core level it adds things like just in time access to Virtual machines and resources in Azure it adds adaptive Network and application controls to those services so it adds key capabilities to the core resource and of course the dev SEC Ops is is just adding UniFi Security Management as part of that core environment now the next service you're going to hear a lot about is Sentinel so M it's now called Microsoft Sentinel not Azure Sentinel so I have Microsoft Sentinel and this is what we call a Sim and a saw so I can think of a Sim as a security instant and event management s is security orchestration automated response so this is about hey basically it's it's signals right so I I have a collection so I want to go ahead and collect signals so I have lots and lots of signals from different systems so these could be um agents ascending in these signals it could be diagnostic settings from Azure resources it could be I'm sending Cy logs whatever that is so it's logs it's all being sent and collected so the Sim is looking at those and then it's looking for collections of signals that help it understand when there's something going on so then it's going to detect and it's then going to help me investigate what I'm finding but then the sore is maybe me helping to automate a response says automations that I can place within that solution so I'm going to collect the data at Cloud scale users devices um networks infrastructure on Prem Cloud other clouds and then look for the threats I want to try and minimize false positives I'm going to use analytics and machine learning straight intelligence signals coming in then AI again will help me investigate and look at all those suspicious activities at very very large scales and then the response through there's builtin automations and then I can add in my own as well so it's giving me that complete ability to react now the way Sentinel works is it builds on a log analytics Works based I'm paying for the signals that are ingesting and then for depending on what that retention needs to be you're also going to hear when I talk about security I guess this is a good time to talk about is security co-pilot now you'll hear about co-pilots everywhere and security co-pilot is really working in the same way as everything else the whole point is is adding AI specifically most of the time a large language model which is that idea that hey I can interact with natural language and then what makes it special is the way I craft The Prompt and what additional data I give it and so what's happening here is if I think about things like Sentinel uh entra InTune Defender there's a whole bunch more of these but all of these now are integrating into security co-pilot in an embedded way so embedded is co-pilot becomes part of the console the web portal for that service hey I'll see a co-pilot icon in InTune I'll see a co-pilot icon in entra I'll see it in perview but there's also an immersive experience which is a separate prompt where I can just type in and work across all the different things so now I want to talk about Defender xdr and this is recently merged with Sentinel for the portal experience if I just go to security. microsoft.com but let's take a quick look at that so if I go so here I'm looking at security. microsoft.com is my portal but notice well I've got my incident alerts my hunting my threat intelligence all of that here but then we start to get into these other areas of email and collaboration Cloud apps auditing identities assets exposure management so it's bringing all of the different elements in one place for me and the whole point of this is it is touching on many many different areas so there are solutions here for Office 365 so for example it will work for email for the collaboration it helps find malicious threats in emails that are sent to me QR codes that are sent to me and there's some attachment it can go and run it in a detonation chamber to make sure it's not going to do something malicious to me it works with endpoint so Defender for endpoint we often think about malware protection so this is a unified endpoint prevention platform but also it helps me gather signals that's happening so I can do postevent detection it can show me the maps of what happened they received this it then went and ran this process then it went and spoke to this machine to help me respond to those things it's got Cloud apps so Cloud apps helps me understand what is being utilized within my organization both things where my identities from my entra working with other services but can also integrate with maybe my proxy devices to get the signals from what's happening with all those softwares or service those SAS solutions that I'm having in my environment there's Defender for identity now this is different from the identity protection I talked about earlier remember in that hybrid world I probably still have active directory domain Services Federation Services what this does is it looks at those signals from my on premises identity infrastructure to help look for signals and once again find compromised identities find threats and help me address those there's vulnerability management so that's going to help me this continuous asset visibility so what is exposed in my environment um what types of things should I be looking at to help strength from my environment where do I need to focus my attention so it's looking for hey where do I have things exposed and then there's threat intelligence so thre intelligence is hey within the defender portal now I can go and look at reports and information about things that I need to be considering in my environment then we move on to compliance and compliance is obviously huge in these many industries that we have I need to make sure I'm adhering to whatever that exists but also I can prove that I'm ading to whatever I should be for my particular industry and when you think about compliance there are six key principles the first one is control so as the customer I have the control of the Privacy that I need for my services I have the tools and the visibility to make the right choices about what I want there has to be transparency we have to understand what is the data being collected by the Microsoft Solutions and so again you can make those informed decisions there has to be security ensuring that when you are entrusting data to Microsoft they have strong security strong encryption you want strong legal protections so this is about hey whatever the local privacy laws are um helping you as the customer in your legal rights of that data and we've probably seen in the news before where Microsoft were in the news because they would be fighting some local governing body that wanted access to things stored in its data centers that belong to a customer and Microsoft would have those fights to protect you as the customer's data no content based targeting so here the idea is say look we're not using email or chat or files or any personal content to try and Target advertising to you and it should always benefit you I mean that's really the key goal as the customer if there is data collected it should be for your benefit to make your experiences better so that's really the key goal around all of that now to help you with some of these things there is the serviced trust portal and this resource has different types of certification detail that exists it has has different reference materials it has standards that are being used we can see there are different types of reports there's detail on different industry and Regional information so we can go and look at that so if we take a quick jump over here if we look at the service trust portal you can sign in but notice straight away I've got details on the different Services different regulations I can get reports and white papers I can see Regional resources if some of these a particular interest to me I can add them so I can create a library of things that I care about the most but I can go and look in any of these different elements so let's go and look at fed ramp information and then there's applicable documents to that so I can go and dive into well what applies specific to that if I care maybe about pentesting and security assessments I can go and look at that but it's just resources for me that I really care about the most as part of my validations now if you're looking for the the compliance that's actually moved and we're going to cover that in a second but yeah that that is not there anymore is now part of purview I mentioned private data so the next solution I actually want to talk about is Microsoft pra and the name kind of hints to what it's doing this is about private personal data so as an organization I'm hosting private data and the whole goal of this is for you as an organization exchange online SharePoint online one drive for business teams it helps me understand what private data I have so there's two different elements to this so there's the pre privacy risk management so this is about helping me discover what private data I have and then also limit its transfer so if I find hey there's private data I want to stop it being a to be just moved around different Regional or departmental borders within my company but it's going to help identify where I have that data stored and then a separate solution is subject rights request because today in many countries as an individual I have the right to request what personal data you're storing and even request you to delete that data so if I have as a company stored a lot of information about individuals I need to be able to handle those requests so what this does is it handles that complete workflow so I have workflow automation to handle the request to handle the removal and it also gives me a lot of reporting about those capabilities so think of the prea for if there's questions around hey you're storing lots of information about your customers you need to as a company identify where you have that private information how can you help restrict its movement oh look privacy risk management you need to support customers making requests to remove or get a list of what data you're storing from them oh previous subject rights um request Solutions so that will help you with all of those different elements to support those different capabilities and I just mentioned funly enough perview so then you have perview think of purview as three key pillars of things so I would think of it as governance compliance and data security so this is a huge one so if if you hear something about governance or compliance or anything around those the chances are line up it's something to do with perview so that that's going to be the solution in play here and so the first one this is where we just go to perview microsoft.com so once again let's just jump over and take a look so here I'm in perview so I've gone to perview microsoft.com and you'll notice there's really this solutions so there's a whole bunch of different solutions available in here if I select it well the first one I actually want to talk about but you can see all these different ones here compliance manager so compliance manager is there to help me as an organization understand my compliance against various different things now what I will get is a compliant score so compliance score helps me understand my current compliance posture so I'm at 69% here it will show me the points I've achieved and notice there's points that I have achieved and then there's things that Microsoft are responsible for so Microsoft as you would expect is doing way better than me but it lets me go and track all these different Improvement actions and it will show me the impact so the higher the points the more important that would be and the more I would want to prioritize that and I can go and drill down into those Improvement actions and one of the really cool things we can do here if we scroll around so notice we have an action type so operational but I can assign it I can assign it to individuals to start tracking it it will show me the testing type so how someone has to go in and manually do this and then they can attest to yes it's done the responsibility will sometimes be my or sometimes it's going to be shared if it's shared it would be Microsoft and my organizer ation but this really helps me understand where I need to focus on and it will run this against different areas so I can see the different solutions I can see different assessments so an assessment is a grouping of controls from a specific regulation so I can create assessments but then we'll see all the different regulations that I can work against so we can see there's premium template premium AI based templates but all of these different things that I as a company may need to adhere to I can leverage this to help start assessing and tracking my compliance and again I create an assessment which would be a certain grouping of those different controls so this is really useful to understand that it's got some related Solutions down there as well I can go and create policies I don't have permissions for that um and I can get alerting as well but this is is fantastic to go and understand the compliance against kind of this built-in but I can also go and add additional ones that I care about and then I might think about from a a data security perspective and this is actually becoming a bigger and bigger deal today because of AI I drew the idea of a large language model I talked about data in helps Drive some of the things you do well first let's just make a big notes this is compliance manager but when I start using artificial intelligence one of the things that happens is these Solutions these co-pilots go and find data they they're Vector based so it's a meaning based the semantic meaning of the data and it will send it into large language model to help answer your question so what's happening is companies historically have not done a great job of knowing where the data is classifying the data and then protecting the data so users have access to way more stuff than they probably should and the company didn't know that well now these large language models and the orchestration solutions that go and search for data and finding it sending it to the large language model and it becomes part of the answer and the companies are freaking out so when I think of data security this is a huge aspect that perview can help with and if I break it down into the components of that well I have to know so I have to be able to find where my data is and then once I find it I have to be able to classify it now they are built in and I can create custom ones so I have to find my data once I know where it is and what it is I can then protect my data once I'm protecting it the right way I can also then do things to help prevent its loss and then I probably want to go and govern it so we get these life cycled components of our data so I need to know it I need to know my data landscape where it is classify it protect it encrypt it add access restrictions to it maybe watermarks if it's a document so someone takes a picture well I know this was Bob Bob did this detect risky Behavior don't let them copy it to places and then automatically keep or delete data based on certain requirements and remember there's different types of data there's pii there might be health information Social Security numbers I want to be able to detect those different things and so purview is going to help us with all of those different elements so if we jump over again so if we go to our Solutions this time we could look at data like life cycle management and within here there's classifiers and notice I have this idea of trainable classifiers but also sensitive info types and it has a whole bunch tax numbers physical addresses shed access signatur like massive amounts of different types of data here so it's easy to then I can use um different types of policies to then enforce I can label data that I find that matches these with certain labels I could put retention policies to make it keep the data for a certain amount of time there's Explorers so I can use things like data Explorer to go and look at what content I found activity Explorer will help me understand what is being done with that labeled data across my entire organization and the key thing is when I think about the there are different types of labels so also if I look at my Solutions there's information protection and these have sensitivity labels so this is a little bit different this might be highly confidential um public data personal top secret now when I think of these labels this is about protecting the data right so this might be classifying it it's got pii It's got uh Social Security numbers whatever that is then we move into okay from protecting these might be sensitivity labels that I then apply actions to this could be watermarking it so I it's just metadata it's transparent metadata that I can see stored in clear text commonly we see that with emails and documents but again I can then trigger things off of that so I can add a watermark I can add encryption to that and any particular item has a single label so I can't have multiple different labels as part of this and then I think of preventing loss so that is digital loss protection DLP and once again we see that in our data life cycle management so we go back again State life cycle management we have our policies and we have different things so I've got label policies here and that policy I could use it once I create labels I can publish them but when I have these I can use policies both to retain and delete data because it might be hey I have actually need to make sure I don't keep data for too long so when I think of my governing I have retention I also have deletion and all of these I can trigger off of these different labels that I have applied then we also have records management so record management helps me meet different types of legal requirements so if I label content as a record then restrictions are put in place automatically to block certain activities any activity is logged against what is now considered a record I get this proof of disposition at the end of the retention period to show it has been disposed of and I can set up these retention labels as the administrator to enable the marking of things as records um there are other capabilities there data catalog that lets me quickly go and see there's data sharing to help me share data um etc etc uh other Solutions so there's Insider risk management again we talked about threats can come from both inside and outside so we talk about Insider risk and really the ins side of risk management is I Define policies that identify what are the risk signals that we're going to see so I Define a policy of what I'm looking for once I have the policy defined it will create alerts when it sees that behavior now once I see the alert then what will happen is someone triages this so I go and look at hey what are the different alerts and I do one of two things here either I just dismiss it it's not a problem or we go and create a case that then has further investigation and those reviewers go and pick and do those different capabilities um there's also uh eisc discovery and there's there's different categories for the ecovery so obviously this is about finding data in mailboxes in groups in teams in SharePoint online in one drive for business uh Skype yamama and there there's three categories so if we go and look super quickly so we can see there's content search so I can search for staff based on different keywords I can export the results based on different permissions there's ecovery standard search and Export case management legal hold and then premium adds all these other types of capabilities um so it depends on what I require for which of these different services that I would want to implement in my environment but there are really those three levels so basic content um search then we get the idea of with standard I can create cases so I can track how I'm doing with those things I can do legal holds on the data but then we have premium which has a whole bunch of different things but it's about that complete end to end workflow of that eisc Discovery and those cap abilities that I have to meet and then final um Services is audit I mean audit is about keeping the data so I can respond to requests to I need forensic evidence of something that's happening compliance regulations internal investigations and if I think and this is really geared towards M365 so I think if I've got M36 65 there are thousands and thousands of different operations happening against M365 so what this enables me to do for all of those M365 operations they go and get captured to a log and then it enables me to go and search against that now there's two skews there's standard and there's premium and this is all about the default retention so standard is 90 days retention premium is one year so depending on the retention I need I would pick also with premium you get a a higher bandwidth API so I can get more records faster for both of them there's goey access there's command line access there's API access but it's about wanting to be able to go and query against all the operations happening against my Microsoft 365 and that was it so that's the the quick cram quick cram um again it's Foundation you just need to have a base understanding of the solutions and what they help you do understand there shared responsibilities the more you move to ask the less responsibility you have but even then I'm still managing things like the identities you want defense in depth as many layers of protection as you possibly can zero trust is about I'm not trusting the network I'm constantly validating verifying you have the access I want you to have the least possible privilege just enough the minimum possible role just in time only when I need it assume breach encrypting everything segmenting everything minimizing everything and this supplies to identities devices apps data infrastructure Network encryption symmetric same key encrypts and decrypts asymmetric there's a pair of keys whatever one key does the other one can undo so generally hey I'll use the public key the person to encrypt say I want to send to them then only they can decrypt it with the private key Azure KEYT is the Azure service that's fantastic for storing Secrets things I can read and write to keys I can import I can generate I can't export them but I can run cryptographic operations inside certificates managing that life cycle of them when I think of identities enter ID you have a particular tenant which is your set of objects that's users that's applications that's devices groups Etc apps and services will trust a particular tenant and then I get a nice single sign on even expanding to my on Prem directory with things like the synchronization authentication is proving I am who I say I am multiactor is the minimum multiple factors of authentication something I know something I have something I am two of those three but ideally it's password less there is no password conditional access is a way to have requirements before I will grant tokens to go and access and be authorized to use something there's a whole set of governance Solutions which are around the life cycle of the user when they on board when they move between roles when they leave the company access reviews to let me see who has access to this group who has access to this application who has this role Pim gives me a just in time access to a role identity protection understanding the risk of a user or a particular signin permissions management assesses what permissions you have what do you actually need and using entra private access gives me access to private resources in a private Network internet access helps lock down services on the internet I can do categories fully qualified domain names when I go and think of identity Federation lets me use my identity against resources in another identity provider Azure from a network perspective you want distributed denial of service I can apply that the network or the IP level as a paid solution Azure F will provides a really managed network but appliance that does level four Network and layer 7 app HTTP there's the web application firewall for both Azure front door at Global level and app Gateway at Regional level virtual networks are in isolation by default unless I peer them they can't talk to each other I can further segment it using network security groups which are sets of rules that govern the flow as a virtual network manager lets me have Central management via security admin rules that run before the NSG so it's a funnel that only if it passes then goes to the NSG unless I do always allow which case it bypasses it um if I want access to resources Azure Bastian provides a managed jump boox Defender for cloud has capabilities across the posture of my cloud that could be AWS gcp or aure there's built-in initiatives the Microsoft cloud security Baseline is free then there were paid ones when I purchased Defender for cloud there are Defender for storage Defender for containers Defender for key bolt to add additional capabilities but also at the core level things like just in time protection adaptive Network adaptive applications all hardening and I'm trying to move security as far left as I can Sentinel is all about the idea of getting as many signals in from Agents from CIS logs from diagnostic settings from those signals it collects in a log analytics workspace it can then run detect protections help you investigate threats and then automate responses Defender xdr it's a whole set of different solutions across Office 365 cross your device endpoints your SAS Cloud applications your on premises hybrid identity looking for vulnerabilities across your different services that are facing the internet threat intelligence six core principles of compliance control transparency security legal protections no content-based targeting and and should be a benefit to you and the service trust portal is a great place to go and see those different things security coiler is a large language model AI that can help you across a range of those Services um embedded in those portals or the immersive is a separate portal where I can just go and interact priva helps with private personal data both discovering it and limiting its use and then also helping when users request access to see it or have it removed and then perview is that governance compliance data security solution uh helps you find your data classify the data protect your data prevent its loss and then govern its retention its deletion marking it as records for legal hold inside of risk management helps you to find policies that can then alert you and then triage accordingly eisc Discovery helps you go and find again do legal holds manage that and audit hey all those M365 things um helps me search against those so that was it uh covered a lot obviously I hope that was useful I think my key thing would be go through the Microsoft learn uh try and get as much experience with those as you can but again it's really the fundamentals you just need to understand what they do and why I would use them so there a question you don't know the answer to trying to eliminate the obvious wrong things and just pick the one that makes the most sense that's probably is the right answer if you don't pass the first time look at the results and it will show you where you are strong where you were weak and on those weaker sections just go back and restudy and you'll get it the next time um good luck and uh see you in the next video