Become a Microsoft Defender for Cloud Ninja

fantastic content - Thanks. Is there a plan to make a full fledged MS Learn in-depth course on ASC and Sentinel. ASC there is a level 200, but no course yet on Sentinel.

Awesome blogpost @Yuri Diogenes with great Content 

Just Shared it with Education in Amsterdam for Teachers and Students 

Cheers James

Thanks @knsw7 - I'm glad you liked it. For cross-product lab, please try https://github.com/microsoft/DefendTheFlag/

Thanks @James van den Berg - that's great! 

Great to see this, Yuri!

Great blogpost. I will definitive recommend this for everyone interested in ASC. 

Great stuff, just posted this internally for all our Security Champions

Thank you Yuri- Have posted to the MW & S&C TSs 

Thanks! This looks great. I am hoping it will help me in my journey to a Az-500 certification.

Excellent content. Thanks for share.

Keep up the GREAT team and community work. We have really have benefited from these well curated and very instructive videos and guidance. As a Microsoft Partner we are able to educate our team, plan and implement security services on Azure and Office 365 for our clients with confidence. ASC is our best buddy along with Sentinel, Cloud APP Security, ARC, ATP and Defender. So many security tools all rolled up into one dashboard makes our job so much easier.

Also not to forget the compliance center and Azure blue prints. We are working with clients in Healthcare, Financial and California regulatory systems and security is just a one-click away. Very much enjoying ARC and ability to patch, monitor and isolate. And then finally adding Azure Lighthouse and Endpoint Manager to rollup clients and implement extensive device controls making a zero-trust security posture possible from a central management portal at scale.

Loving Azure and Office integrated Security.

Best, Managed Connections, trusted Microsoft partner!

Thanks for sharing this blogpost @Yuri Diogenes

This is a truly great help for anyone looking to learn ASC, thanks for putting it together @Yuri Diogenes 

I will certainly be sharing this with more than a few people.

@Yuri Diogenes thanks for pulling this together, lots of great info all in one place makes it much easier for us to stay informed.  I did notice that the Best practices posting at https://techcommunity.microsoft.com/t5/azure-sentinel/best-practices-for-designing-an-azure-sentinel... has a lot of questions that have not been answered by the author. Could you please have someone take a look and provide some answers. thanks

Awesome resource @Yuri Diogenes and the team @Nicholas DiCola (SECURITY JEDI) , @RebeccaHalla , @Tom Janetscheck !

Thanks!

Sasha

@Tiander Turpijn please see @Dean Gross comment.

@Yuri Diogenes  realmente você se superou com esse conteúdo. Imagino a quantidade de horas investidas para realizar essa curadoria de conteúdo.

Parabéns e obrigado por compartilhar seus conhecimentos de maneira organizada e didática.

Muito obrigado @danielbastos - abs! 

Hi,

Do we have an estimation of the time requested to complete this training ?

Thanks in advance

@FrancoisV500 my rough goal is over 8 weeks to complete the content doing an hour or so 5 days a week. I'll let you know roughly how long it took me to complete once done.

Update on the above, I completed this training in roughly 8 weeks doing roughly on average 30 - 60 minutes a day.

Love the YouTube walkthrough, awesome work guys, fantastic that this page is continuously updated and kept relevant. Thank you. 

Module 1, link for defender plan is not correct and is referring to "what is microsoft defender for cloud"

• 

   

   Microsoft Defender for Cloud plans

Thanks for sharing such information through this blog.

Great content. Thank you so much!

Thank you for the resources.

I wasn't sure how to offer feedback on the exam so I'll do it here.

The test makes some references to "Azure Defender" which is no longer a thing.

"Which one of the actions below is the only one that a user with Security Admin role cannot perform?" has misleading answers.

It appears to be referencing knowledge from https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions

While it is true that the Security Admin does not deploy the agents and extensions, since this is handled via managed identities, the Security Admin would still be the account to manage auto-provisioning.

"What are the two roles that allow you to create a resource exemption in Microsoft Defender for Cloud?" has confusing resources.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions claims the security admin cannot exempt resources.

https://learn.microsoft.com/en-us/azure/defender-for-cloud/exempt-resource published two months later claims that they can.

This creates a scenario where official resources can lead to different sets of "correct" answers in the multiple choice.

Per the https://learn.microsoft.com/en-us/azure/role-based-access-control documentation all of the roles save for Security Reader should have the access--Security Admin and Resource Policy Contributor get it explicitly via Microsoft.Authorization/policyExemptions/*, and Owner has it implicitly as they have all actions available to a resource.

Unless this is supposed to be about suppressing alerts.

"What capabilities below are part of Microsoft Defender for Servers?"

Wording suggests it might be asking about the capabilities of a specific plan or could be Defender of Servers as a whole. Would suggest clarifying.

"Microsoft Defender for DNS protects resources that are connected to Azure DNS. Which one scenario is not supported?"

Every scenario in the answer is supported per https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-dns-introduction#what-are-th... unless the test is trying to be very sly about its wording around communication with malicious servers or DNS, which I would recommend against.

Regards

@JMonty 

Thanks for the feedback and very timing, because we are updating the assessment this month (December 2023) and we will be changing many of these questions anyway. 

Thanks for your contribution.