This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100)!
Dear Microsoft 365 Security and Azure Security Friends, When I first read about this certification I was immediately excited! But at the same time I had a lot of respect, because it is an expert certification. I quickly started collecting information. The first thing I learned was that it takes a so-called prerequisite exam to become a Microsoft Certified: Cybersecurity Architect Expert certification. The following prerequisite exams are available (only one of these exams must be passed): Microsoft Certified: Security Operations Analyst Associate (SC-200) https://docs.microsoft.com/en-us/learn/certifications/security-operations-analyst/ Microsoft Certified: Identity and Access Administrator Associate (SC-300) https://docs.microsoft.com/en-us/learn/certifications/identity-and-access-administrator/ Microsoft Certified: Azure Security Engineer Associate (AZ-500) https://docs.microsoft.com/en-us/learn/certifications/azure-security-engineer/ Microsoft 365 Certified: Security Administrator Associate (MS-500) https://docs.microsoft.com/en-us/learn/certifications/m365-security-administrator/ I have taken all these prerequisite exams. The two exams AZ-500 and MS-500 helped me the most in preparing for the SC-100 (this is certainly not the case for everyone). In this SC-100 exam you will be quizzed on topics in Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender for Cloud Apps (and all other Defender products), Azure Policy, Azure landing zone, etc. This spectrum is huge, please take enough time to "explore" these "portals" deeply. You don't have to have the technical knowledge down to the last detail. No not at all, in this exam it is important to use all the features and products with the right strategy. This was among other things my way to success! Now to my preparations for the exam: 1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics. https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/ Please take a close look at the skills assessed: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWVbXN 2. So that I can prepare for an exam I need an Azure test environment (this is indispensable for me). You can sign up for a free trial here. https://azure.microsoft.com/en-us/free/ Next, I set up a Microsoft 365 test environment. You can sign up for a free trial here. https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products I chose the "Microsoft 365 Business Premium" plan for my testing. I have also registered several free trials to test the various Defender products. 3. Now it goes to the Microsoft Learn content. These learn paths (as you can see below, all 4) I have worked through completely and "mapped"/reconfigured as much as possible in my test environment. https://docs.microsoft.com/en-us/learn/paths/sc-100-design-zero-trust-strategy-architecture/ https://docs.microsoft.com/en-us/learn/paths/sc-100-evaluate-governance-risk-compliance/ https://docs.microsoft.com/en-us/learn/paths/sc-100-design-security-for-infrastructure/ https://docs.microsoft.com/en-us/learn/paths/sc-100-design-strategy-for-data-applications/ 4. Register for the exam early. This creates some pressure and you stay motivated. https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/ 5. Please also watch the video of John Savill, it is very helpful! https://youtu.be/2Qu5gQjNQh4 6. The Exam Ref for the SC-200 exam was also very supportive. https://www.microsoftpressstore.com/store/exam-ref-sc-200-microsoft-security-operations-analyst-9780137666720 7. Further I have summarized various links that have also helped me a lot. Sorted by Functional Group. Design a Zero Trust strategy and architecture: https://docs.microsoft.com/en-us/security/cybersecurity-reference-architecture/mcra https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-governance https://docs.microsoft.com/en-us/azure/architecture/framework/security/monitor-audit https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-logging-monitoring https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-network-connectivity https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-network-segmentation https://docs.microsoft.com/en-us/security/zero-trust/deploy/infrastructure https://docs.microsoft.com/en-us/security/zero-trust/integrate/infrastructure https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/define-security-strategy https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/business-resilience https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/technical-considerations/ https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/organize/ https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-checklist https://azure.microsoft.com/en-us/services/defender-for-cloud/#features https://docs.microsoft.com/en-us/azure/sentinel/overview https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation https://docs.microsoft.com/en-us/security/compass/incident-response-overview https://docs.microsoft.com/en-us/security/compass/incident-response-planning https://docs.microsoft.com/en-us/security/compass/incident-response-process https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-operations https://docs.microsoft.com/en-us/security/compass/security-operations https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/organize-resources https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/manage-access https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices https://docs.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-overview https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods https://docs.microsoft.com/en-us/microsoft-365/education/deploy/design-credential-authentication-strategies https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-identity-authentication https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-identity-authorization https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access https://docs.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-zero-trust https://docs.microsoft.com/en-us/azure/active-directory/roles/best-practices https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate https://docs.microsoft.com/en-us/azure/active-directory/roles/groups-concept https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/security/compass/identity https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/principles-of-operation https://docs.microsoft.com/en-us/azure/active-directory/roles/security-planning Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/govern/policy-compliance/regulatory-compliance https://docs.microsoft.com/en-us/azure/security/fundamentals/technical-capabilities https://docs.microsoft.com/en-us/security/compass/governance https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls https://docs.microsoft.com/en-us/azure/governance/policy/overview https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage https://azure.microsoft.com/en-us/global-infrastructure/data-residency/ https://azure.microsoft.com/en-us/resources/achieving-compliant-data-residency-and-security-with-azure/ https://azure.microsoft.com/en-us/overview/trusted-cloud/privacy/ https://azure.microsoft.com/en-us/blog/10-recommendations-for-cloud-privacy-and-security-with-ponemon-research/ https://docs.microsoft.com/en-us/security/benchmark/azure/introduction https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-access-and-track https://docs.microsoft.com/en-us/azure/defender-for-cloud/enhanced-security-features-overview https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-governance-landing-zone https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/landing-zone-security https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-ti?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwide https://techcommunity.microsoft.com/t5/security-compliance-and-identity/reduce-risk-across-your-environments-with-the-latest-threat-and/ba-p/2902691 Design security for infrastructure: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines https://docs.microsoft.com/en-us/windows-server/security/security-and-assurance https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory https://docs.microsoft.com/en-us/azure/active-directory-domain-services/secure-your-domain https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates https://docs.microsoft.com/en-us/azure/security/fundamentals/management https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cloud-services-security-baseline https://azure.microsoft.com/en-us/overview/iot/security/ https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview?view=azuresql https://docs.microsoft.com/en-us/azure/azure-sql/database/security-best-practice?view=azuresql https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/sql-database-security-baseline https://docs.microsoft.com/en-us/azure/cosmos-db/database-security?tabs=sql-api https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/synapse-analytics-security-baseline https://docs.microsoft.com/en-us/azure/app-service/overview-security https://docs.microsoft.com/en-us/azure/app-service/security-recommendations https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/app-service-security-baseline https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/storage-security-baseline https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/container-instances-security-baseline https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/container-registry-security-baseline https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/aks-security-baseline https://docs.microsoft.com/en-us/azure/aks/concepts-security https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli https://docs.microsoft.com/en-us/azure/architecture/framework/services/compute/azure-kubernetes-service/azure-kubernetes-service Design a strategy for data and applications: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-mitigations https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-threat-model https://docs.microsoft.com/en-us/compliance/assurance/assurance-security-development-and-operation https://docs.microsoft.com/en-us/azure/security/develop/secure-design https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction https://docs.microsoft.com/en-us/azure/architecture/framework/security/resilience https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-governance-strategy https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/securing-data-solutions https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-storage https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-data-protection https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-storage-encryption 8. You can find a list of all the links here: https://github.com/tomwechsler/Microsoft_Cloud_Security/blob/main/SC-100/Links.md I know you've probably read and heard this many times: read the exam questions slowly and accurately. Well, that was the key to success for me. It's the details that make the difference between success and failure. Let me give you an example at this point. You want to make a business app available. The authentication should be done by each person with his own LinkedIn account. Which variant of Azure Active Directory do you use for this? At this point you should know the different types of Azure Active Directory. One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube! I hope this information helps you and that you successfully pass the exam. I wish you success! Kind regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerUpdate 1810 for Configuration Manager current branch is now available
Update 1810 for Configuration Manager current branch is now available. In this release we have focused on simplification of your Configuration Manager infrastructure and added functionality to make it easier to stay up to date with Windows and Office. We continue to light up new cloud powered value with improvements to co-management and new options to apply Conditional Access to ConfigMgr managed PCs.Cloud Attach Your Future - Part II - "The Big 3"
When the global pandemic started, we were all thrust into the new (and very lightly explored) area of managing devices remotely 100% of the time. Of course, everyone rushed to their VPN solution only to uncover new obstacles and even more significant challenges which they had never anticipated. As I talk to customers and I listen to how their management of the Windows estate has changed, I am always surprised by the lack of the "Big 3": Cloud management gateway (CMG) Tenant attach Co-management These are the essential features that you need NOW as you continue to modernize and streamline your management solution.Microsoft Intune security tasks extend Microsoft Defender ATP’s Threat & Vulnerability Management
We are happy to introduce Microsoft Intune security tasks, a new one-click remediation capability in Microsoft 365 that bridges security stakeholders—security administrators, security operations, and IT administrators—by allowing them to collaborate and seamlessly remediate threats. This capability will extend the newly announced Microsoft Defender Threat & Vulnerability Management (TVM), a new component of Microsoft Defender ATP that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
Linux Managed Device Chrome support
Hi, We are in process of On-boarding Linux devices as all other OS'es must pass Conditional Access Managed/Compliant Device check. We are stumbling on a lot (a lot) of user resistance with forcing them on switch to use (only) Edge. Is there any roadmap or date when will Chrome Extension (at least chrome) be available for Linux and Managed device check during sign-in?[New Blog Post] iOS Enrollment with Microsoft Intune Decision Tree
In the ever-evolving landscape of mobile device management, Microsoft Intune stands as a beacon of simplicity and efficiency. For organizations embracing the Apple ecosystem, enrolling iOS devices into Intune offers a world of possibilities. Let's embark on a journey through the high-level overview of various iOS enrollment methods, each designed to cater to diverse organizational needs. iOS Decision Tree 1. Supervised Devices: For Maximum Control and Customization Supervised devices are the powerhouses of iOS management. Perfect for corporate-owned devices, they provide enhanced control, allowing organizations to tailor settings and restrictions as needed. 2. User Enrollment: Balancing Work and Life on a Single Device Ideal for personal device use, User Enrollment ensures a harmonious coexistence of work and personal data. Users maintain privacy while benefiting from the organizational security umbrella. 3. Device Enrollment: Comprehensive Control for Personal Devices For a more encompassing approach, Device Enrollment brings personal iOS devices into the organizational fold. Organizations maintain control while users enjoy the familiarity of their own devices. 4. Automated Device Enrollment (formerly DEP): Seamless Out-of-the-Box Experience Formerly known as Device Enrollment Program (DEP), Automated Device Enrollment streamlines the onboarding process for new devices, ensuring they are automatically enrolled into Intune upon activation. 5. Apple Configurator: Tailoring Settings for a Cohesive Experience Apple Configurator offers a manual yet robust approach for customizing settings on iOS devices. Ideal for specific use cases where hands-on configuration is preferred. Elevate your iOS device management experience with Microsoft Intune – where simplicity meets efficiency! :mobile_phone::sparkles: https://www.linkedin.com/in/shady-khorshed-19277723/ is a Microsoft enthusiast. He loves writing on iOS/Android, Windows 11, Windows 365 and related Microsoft Intune. He is here to share quick tips and tricks for all young professionals. #MicrosoftIntune #iOSDeviceManagement #TechSolutions #MobileSecurity #MicrosoftIntune #MobileDeviceManagement #AndroidEnrollment #TechInnovation #Apple #ios #android #decisiontree #microsoft #intune #COPE #COSU #COBO #BYOD #Appprotectionpolicy #Workprofile #devices #design #environment
