SC-5002: Secure Azure services and workloads with Microsoft Defender for Cloud regulatory compliance controls

SC-5002: Secure Azure services and workloads with Microsoft Defender for Cloud regulatory compliance controls

To obtain this Microsoft Applied Skills credential , students must demonstrate their ability to implement regulatory compliance controls as recommended by the Microsoft cloud security testbed.

This course is a guide to protecting Azure services and workloads using Microsoft Cloud Security Benchmark controls in Microsoft Defender for Cloud through the Azure Portal.

Intermediate - Microsoft Defender for Cloud, Azure - Administrator - Security

Objectives of the SC-5002 training

• Microsoft Defender for Cloud Configuration
• Implementation of Just-In-Time (JIT) access to virtual machines
• Create a Log Analytics workspace
• Mitigation of network security risks
• Mitigation of data protection risks
• Mitigation of security risks at connection points
• Mitigation of position management risks and vulnerabilities

Course content SC-5002

Module 1: Review of Defender for Cloud's regulatory compliance standards

• Regulatory compliance standards in Defender for Cloud
  
• Microsoft Defender for Cloud Cloud Security Benchmark
  
• Improved regulatory compliance in Defender for Cloud

Module 2: Enabling Defender for Cloud in an Azure subscription

• Connecting Azure subscriptions
  
• Exercise: Configuring Microsoft Defender for Cloud for Enhanced Protection

Module 3: Filtering network traffic with a network security group using the Azure Portal

• Azure Resource Group
• Azure Virtual Network
  
• How do network security groups filter network traffic?
  
• Application security groups
  
• Exercise: Creating a virtual network infrastructure

Module 4: Creating a Log Analytics Workspace

• Log Analytics Workspace
  
• Exercise: Creating a Log Analytics workspace

Module 5: Collecting monitoring data from the Azure guest operating system and hybrid virtual machines using the Azure Monitor agent

• Azure Monitor Agent Implementation
  
• Data collection with the Azure Monitor agent
  
• Exercise: Creating a data collection rule and installing the Azure Monitor agent

Module 6: Exploring JIT access to the virtual machine

• Understanding just-in-time access to virtual machines
  
• Enabling Just-In-Time access on virtual machines
  
• Exercise: Enabling Just-In-Time access on virtual machines

Module 7: Configuring Azure Key Vault Networks

• Azure Key Vault Basics
  
• Recommended procedures for Azure Key Vault
  
• Azure Key Vault network security
  
• Configuring Azure Key Vault firewalls and virtual networks
  
• Exercise: Configuring Key Vault Network Options
  
• Introduction to temporary deletion of Azure Key Vault
  
• Virtual network service endpoints for Azure Key Vault
  
• Exercise: Enabling temporary deletion in Azure Key Vault

Module 8: Connecting to an Azure SQL Server using a private Azure endpoint through the Azure Portal

• Azure Private Endpoint
• Azure Private Link
  
• Exercise: Connecting to an Azure SQL server using a private Azure endpoint with the Azure Portal

Prerequisites

Familiarity with Azure Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) is recommended. Experience with Azure security features and a working knowledge of regulatory compliance standards are also required.

Language

• Course: English / Spanish
  
• Labs: English / Spanish

Microsoft Applied Skills

This course is part of the Microsoft Applied Skills Credentials.

To obtain this Microsoft Applied Skills credential, students must demonstrate their ability to implement regulatory compliance controls as recommended by the Microsoft cloud security testbed.

Applied Skills: Explore all credentials in one guide