Updating best practices for Domain Controllers
Customers are on a journey and hybrid identity environments will be an important state for many customers for a long time. Domain Controllers still act as a pivotal piece of infrastructure for many organizations, and the identities that Active Directory holds are often the target for attackers.A behind the scenes look at how we secure the Microsoft 365 platform
Microsoft 365 is one of the world’s largest enterprise and consumer cloud services, and customer trust is the foundation of our business: customers and people all around the world rely on us to securely operate and maintain some of their most critical assets. To maintain that trust, we invest heavily in securing the infrastructure that powers our services and hosts this data on behalf of our customers – keeping customer data private and secure is THE top priority for our business. This post, and the other ones we’ll share in this series, will shed light on what we do behind the scenes to secure the infrastructure powering the Microsoft 365 service.
Introducing campaign views in Office 365 Advanced Threat Protection
Office 365 ATP campaign views present security teams with an all-encompassing view of the entire email campaign that targeted their organization enabling them to quickly identify vulnerable users, home in on any weaknesses in their defenses and correct any configuration flaws they may have and gather attacker-specific intelligence for hunting.This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100)!
Dear Microsoft 365 Security and Azure Security Friends, When I first read about this certification I was immediately excited! But at the same time I had a lot of respect, because it is an expert certification. I quickly started collecting information. The first thing I learned was that it takes a so-called prerequisite exam to become a Microsoft Certified: Cybersecurity Architect Expert certification. The following prerequisite exams are available (only one of these exams must be passed): Microsoft Certified: Security Operations Analyst Associate (SC-200) https://docs.microsoft.com/en-us/learn/certifications/security-operations-analyst/ Microsoft Certified: Identity and Access Administrator Associate (SC-300) https://docs.microsoft.com/en-us/learn/certifications/identity-and-access-administrator/ Microsoft Certified: Azure Security Engineer Associate (AZ-500) https://docs.microsoft.com/en-us/learn/certifications/azure-security-engineer/ Microsoft 365 Certified: Security Administrator Associate (MS-500) https://docs.microsoft.com/en-us/learn/certifications/m365-security-administrator/ I have taken all these prerequisite exams. The two exams AZ-500 and MS-500 helped me the most in preparing for the SC-100 (this is certainly not the case for everyone). In this SC-100 exam you will be quizzed on topics in Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender for Cloud Apps (and all other Defender products), Azure Policy, Azure landing zone, etc. This spectrum is huge, please take enough time to "explore" these "portals" deeply. You don't have to have the technical knowledge down to the last detail. No not at all, in this exam it is important to use all the features and products with the right strategy. This was among other things my way to success! Now to my preparations for the exam: 1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics. https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/ Please take a close look at the skills assessed: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWVbXN 2. So that I can prepare for an exam I need an Azure test environment (this is indispensable for me). You can sign up for a free trial here. https://azure.microsoft.com/en-us/free/ Next, I set up a Microsoft 365 test environment. You can sign up for a free trial here. https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products I chose the "Microsoft 365 Business Premium" plan for my testing. I have also registered several free trials to test the various Defender products. 3. Now it goes to the Microsoft Learn content. These learn paths (as you can see below, all 4) I have worked through completely and "mapped"/reconfigured as much as possible in my test environment. https://docs.microsoft.com/en-us/learn/paths/sc-100-design-zero-trust-strategy-architecture/ https://docs.microsoft.com/en-us/learn/paths/sc-100-evaluate-governance-risk-compliance/ https://docs.microsoft.com/en-us/learn/paths/sc-100-design-security-for-infrastructure/ https://docs.microsoft.com/en-us/learn/paths/sc-100-design-strategy-for-data-applications/ 4. Register for the exam early. This creates some pressure and you stay motivated. https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/ 5. Please also watch the video of John Savill, it is very helpful! https://youtu.be/2Qu5gQjNQh4 6. The Exam Ref for the SC-200 exam was also very supportive. https://www.microsoftpressstore.com/store/exam-ref-sc-200-microsoft-security-operations-analyst-9780137666720 7. Further I have summarized various links that have also helped me a lot. Sorted by Functional Group. Design a Zero Trust strategy and architecture: https://docs.microsoft.com/en-us/security/cybersecurity-reference-architecture/mcra https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-governance https://docs.microsoft.com/en-us/azure/architecture/framework/security/monitor-audit https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-logging-monitoring https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-network-connectivity https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-network-segmentation https://docs.microsoft.com/en-us/security/zero-trust/deploy/infrastructure https://docs.microsoft.com/en-us/security/zero-trust/integrate/infrastructure https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/define-security-strategy https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/business-resilience https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/technical-considerations/ https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/organize/ https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-checklist https://azure.microsoft.com/en-us/services/defender-for-cloud/#features https://docs.microsoft.com/en-us/azure/sentinel/overview https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation https://docs.microsoft.com/en-us/security/compass/incident-response-overview https://docs.microsoft.com/en-us/security/compass/incident-response-planning https://docs.microsoft.com/en-us/security/compass/incident-response-process https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-operations https://docs.microsoft.com/en-us/security/compass/security-operations https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/organize-resources https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/manage-access https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices https://docs.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-overview https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods https://docs.microsoft.com/en-us/microsoft-365/education/deploy/design-credential-authentication-strategies https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-identity-authentication https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-identity-authorization https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access https://docs.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-zero-trust https://docs.microsoft.com/en-us/azure/active-directory/roles/best-practices https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate https://docs.microsoft.com/en-us/azure/active-directory/roles/groups-concept https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/security/compass/identity https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/principles-of-operation https://docs.microsoft.com/en-us/azure/active-directory/roles/security-planning Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/govern/policy-compliance/regulatory-compliance https://docs.microsoft.com/en-us/azure/security/fundamentals/technical-capabilities https://docs.microsoft.com/en-us/security/compass/governance https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls https://docs.microsoft.com/en-us/azure/governance/policy/overview https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage https://azure.microsoft.com/en-us/global-infrastructure/data-residency/ https://azure.microsoft.com/en-us/resources/achieving-compliant-data-residency-and-security-with-azure/ https://azure.microsoft.com/en-us/overview/trusted-cloud/privacy/ https://azure.microsoft.com/en-us/blog/10-recommendations-for-cloud-privacy-and-security-with-ponemon-research/ https://docs.microsoft.com/en-us/security/benchmark/azure/introduction https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-access-and-track https://docs.microsoft.com/en-us/azure/defender-for-cloud/enhanced-security-features-overview https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-governance-landing-zone https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/landing-zone-security https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-ti?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwide https://techcommunity.microsoft.com/t5/security-compliance-and-identity/reduce-risk-across-your-environments-with-the-latest-threat-and/ba-p/2902691 Design security for infrastructure: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines https://docs.microsoft.com/en-us/windows-server/security/security-and-assurance https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory https://docs.microsoft.com/en-us/azure/active-directory-domain-services/secure-your-domain https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates https://docs.microsoft.com/en-us/azure/security/fundamentals/management https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cloud-services-security-baseline https://azure.microsoft.com/en-us/overview/iot/security/ https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview?view=azuresql https://docs.microsoft.com/en-us/azure/azure-sql/database/security-best-practice?view=azuresql https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/sql-database-security-baseline https://docs.microsoft.com/en-us/azure/cosmos-db/database-security?tabs=sql-api https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/synapse-analytics-security-baseline https://docs.microsoft.com/en-us/azure/app-service/overview-security https://docs.microsoft.com/en-us/azure/app-service/security-recommendations https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/app-service-security-baseline https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/storage-security-baseline https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/container-instances-security-baseline https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/container-registry-security-baseline https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/aks-security-baseline https://docs.microsoft.com/en-us/azure/aks/concepts-security https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli https://docs.microsoft.com/en-us/azure/architecture/framework/services/compute/azure-kubernetes-service/azure-kubernetes-service Design a strategy for data and applications: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-mitigations https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-threat-model https://docs.microsoft.com/en-us/compliance/assurance/assurance-security-development-and-operation https://docs.microsoft.com/en-us/azure/security/develop/secure-design https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction https://docs.microsoft.com/en-us/azure/architecture/framework/security/resilience https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-governance-strategy https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/securing-data-solutions https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-storage https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-data-protection https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-storage-encryption 8. You can find a list of all the links here: https://github.com/tomwechsler/Microsoft_Cloud_Security/blob/main/SC-100/Links.md I know you've probably read and heard this many times: read the exam questions slowly and accurately. Well, that was the key to success for me. It's the details that make the difference between success and failure. Let me give you an example at this point. You want to make a business app available. The authentication should be done by each person with his own LinkedIn account. Which variant of Azure Active Directory do you use for this? At this point you should know the different types of Azure Active Directory. One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube! I hope this information helps you and that you successfully pass the exam. I wish you success! Kind regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerMicrosoft Partners with Terranova Security for Security Awareness Training
Microsoft is pleased to announce a strategic partnership with Terranova Security to provide world-class security training to end users. Through this partnership, we will address our customers’ most significant risk vectors – phishing driving risky end user behaviors. After a multi-month search across the industry, we chose to team up with Terranova Security because we believe that our partnership will enable us to deliver unique and highly differentiated value to our customers.
