Azure Cybersecurity Architect (SC-100) STUDY GUIDE 2024 LATEST UPDATE(DIAGRAMS INCLUDED).

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard Brainpower Read More Previous Play Next Rewind 10 seconds Move forward 10 seconds Unmute 0:00 / 0:15 Full screen Zero Trust Architecture Uses the device, and user trust claims to gate access to organizational data and resources Unified operations solutions RBAC vs Azure policy Security continuous improvement /collaboration Azure logic apps, defender for cloud, Microsoft graph security, Sentinel indicators of compromise (IOCs) individually known malicious events that indicate that a network or device has already been breached Secure Score Driven by Azure policy with compliance and guardrails In Guest w/Azure Policy Uses DSC for Windows and Chef for Linux Azure Blueprint Components Includes and applies Azure Policy, Resource groups, RBAC, and templates that can be linked to subscription Azure Blueprints Enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements Encryption at rest * Platform managed key (PMK) * Custom managed key (CMK) (you rotate) Azure Gen2 VM's Added Security UEFI gives us TPM, Trusted Launch Azure Confidential Computing The protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). Basically encryption RAM and CPU SGX Enclaves Confidential Computing: Enclaves are secured portions of the hardware's processor and memory. You can't view data or code inside the enclave, even with a debugger Trusted Execution Environment (TEE) a general computation environment that provides additional security properties such as access to keys, memory encryption, etc. Just In Time (JIT) AAD PIM feature, requires P2, feature of Defender for server allows this for VM to workload System-assigned managed identity have their lifecycle tied to the resource that created them User-assigned managed identity can be used on multiple resources. Azure Resource Manager (ARM) Control plane in Azure AAD Microsoft's cloud-based identity and access management service. It provides single sign-on authentication, conditional access, password-less and multifactor authentication, automated user provisioning AAD B2C customer identity and access management (CIAM) solution capable of supporting millions of users and billions of authentications per day RESTful API endpoints Enables multifactor authentication (MFA) and role-based access control (RBAC), enable identity verification and proofing, improve security with bot detection and fraud protection, and meet Payment Services Directive 2 (PSD2) Secure Customer Authentication (SCA) requirements. Entitlement management create access packages that users can request as they join different teams/projects and that assign them access to the associated resources (such as applications, SharePoint sites, group memberships) Conditional Access is used as the policy engine for a Zero Trust architecture that covers both policy definition and policy enforcement Components of zero trust Best practice conditional access policies structure policies related to common access needs and bundle a set of access needs in a persona for a group of users who have the same needs Personas identity types that share common enterprise attributes, responsibilities, experiences, objectives, and access You can enable MFA on AD roles using two methods Role settings in Privileged Identity Management, Conditional Access Automated investigation and response (AIR) * 365 Defender product * determine if threat requires action * taking remediation actions Azure firewall categories in Azure diagnostics AzureFirewall: Network Rule, DnsProxy, ApplicationRule, ThreatIntelLogs Risk management activities fall into 4 phases identification, assessment, response, and monitoring and reporting Cloud Infrastructure Entitlement Management (CIEM) a workflow grants access to infrastructure entitlements and prevents privileged creep Rapid modernization plan (RAMP) Consists of: Separate and manage privileged accounts, Improve credential management experience Azure key vault premium Ability to store keys in HSM Azure Security Benchmark (ASB) Evaluate security posture of workloads Azure landing zone's enable application migration, modernization, and innovation at enterprise-scale Each identified risk is assessed using three metrics impact, likelihood, and control deficiency Five disciplines of cloud governance To ensure proper governance you can use Azure policy and Azure blueprints Azure Policy help to set guardrails throughout your resources to help ensure cloud compliance, avoid misconfigurations, and practice consistent resource governance Validating a new policy definition * Tightly define your policy. * Audit your existing resources. * Audit new or updated resource requests. * Deploy your policy to resources. * Continuously monitor. Azure monitor alerts and notifications for when non-compliant devices are identified server-side encryption at rest All Azure Storage services (Blob storage, Queue storage, Table storage, and Azure Files) Microsoft Purview Data classification, is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and Software as a Service (SaaS) data, provides central data discovery and cataloging capabilities to ensure compliance with regulations Azure Blueprints are different than Azure Resource Manager (ARM) and Azure Policy because Blueprints package many different types of artifacts - including ARM templates, resource groups, policy assignments, and role assignments - all in one container. Cloud Security Posture Management (CSPM) Continuous assessments based on ASB; Secure score Resource inventory and health Misconfigurations and recommendations Azure cloud resources (net, storage, VMs) Can be extended to other clouds Playbooks Are nothing more than Azure logic apps that are set to trigger an incident in Azure Sentinel Shift left the principle of integrating security earlier in the processes to make fixing security issues easier and more effective Security Compliance Toolkit (SCT) set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines Azure Security Benchmark (ASB) guidance for OS hardening which has led to security baseline documents for Windows and Linux. Intune security baselines are not CIS or NIST compliant True What dictate the hardening settings that should be applied to a server. Server's role How to understanding the current state of a server? Compliance Toolkit (SCT) manage device lifecycle: from enrollment, through configuration and protection, to retiring the device when it's no longer required Intune Defender for identity Utilizes profiling, deterministic detection, machine learning, and behavioral algorithms App creates certain in keyvault 1. Key Vault returns a Certificate Signing Request (CSR) to your application. 2. Your application passes the CSR to your chosen CA. 3. Your chosen CA responds with an X.509 Certificate. 4. Your application completes the new certificate creation with a merger of the X.509 Certificate from your CA Defender for endpoint live response * Run basic and advanced commands to do investigative work on a device. *Download files such as malware samples and outcomes of PowerShell scripts. Download files in the background (new!). * Upload a PowerShell script or executable to the library and run it on a device from a tenant l