Microsoft Azure Security 3-Day Training

Day 1 – Azure AD Security
Zero Trust
Types of threats
Microsoft Licenses E3, E5
Role-Based Access Control: Separate Azure Roles for Higher Security
Azure AD Admin Center
Create Conditional Access Policies and Require MFA
Microsoft Authenticator
Privileged Identity Management (PIM)
Chat and file security in Teams
Security fundamentals
Identity concepts
Manage users’ access in 365 and SharePoint
Download login info

Day 2 – Microsoft 365 Defender and Microsoft Purview
Microsoft 365 Defender
Safe Links/Safe Attachments
Defender for Endpoint for Devices vs Microsoft Defender for O365
Defender for Cloud Applications
DLP Policies via Sensitivity Labels
3 main things lead to insider threat: Provocation, Opportunity, Rationalization
HR connectors to verify provocations by potential insiders
Secure and Managing Big Data
Finding everywhere data is located using Purview
Information protection
Data Lifecycle
Create an Azure Purview Account
Apply sensitivity labels to Azure Purview
Scan Tables in Azure SQL Databases with Purview
Set Scan Triggers in Purview

Day 3 – Microsoft Sentinel
Investigate, respond to and hunt for threats
Create and Manage a Microsoft Sentinel workspace
Create a Log Analytics workspace
Connect Sentinel to 3rd Party Data Sources
Add Azure Sentinel to Log Analytics workspace
Connect Azure Virtual Machine to Log Analytics workspace
Create Queries using Kusto Query Language (KQL)
Connect 365 Defender to Sentinel
Penetration Testing the Tenant