Course syllabus

This Live Virtual Class consists of 6 Modules in terms of Securing the Cloud. They include essential theory combined with individual practice during the exercises as well as loads of hands-on tools and real-case scenarios.

Module 1: Monitoring operations in Entra ID

• Entra ID Operations and Logs
• Entra ID Roles
• Identity Protection – Roles, Review access, alerts, Discovery and Insights
• How to deal with Audit Log
• Challenging Entra ID settings in Azure and Office from red team perspective
• Privileged Identity Management – JITA, Discover and Monitor
• Office Management API – Logs around Office 365
• Microsoft Azure Policies – getting started, compliance, remediation, assignments, blueprints
• Labs

Module 2: Microsoft 365 Security

• Secure Score and Security Center
• Best Practices for Improving Your
• Secure Score
• Azure Defender for Servers
• Security Benchmark Policy
• Labs
• STIG & CIS – cloud security baseline

Module 3: Secure resources and Identities in Azure

• Secure identity and access (PIM, Identity Protection)
• Secure Networking (NSG, Azure Firewall, APIM)
• Secure Compute
• Secure Storage
• Secure Databases
• Defender for Cloud
• Labs

Module 4: Governance in Azure

• Security Baseline
• Azure Policy
• Azure Role-Based Access Control (RBAC)
• Management Groups
• Resource Graph
• Tagging in Azure
• Labs

Module 5: eXtended Detection and Response with Sentinel

• Sentinel 101 – Azure Sentinel Dashboards, Connectors
• Understanding Normalization in Azure Sentinel
• Cloud & on-prem architecture
• Workbooks deep dive – Visualize your security threats and hunts
• Incidents
• KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance
• Auditing and monitoring your Azure Sentinel workspace
• Sentinel configuration with Microsoft Cloud stack and MCAS
• Streamlining your SOC Workflow with Automated Notebooks
• Customizing Azure Sentinel with Python
• Best Practices for Converting Detection Rules from Splunk, QRadar, and ArcSight to Azure Sentinel Rules
• Deep Dive into Azure Sentinel Innovations
• Investigating Azure Security Center alerts using Azure Sentinel
• Customizable Anomalies and How to Use Them
• Introduction to Monitoring GitHub with Azure Sentinel for Security Professionals
• Hunting in Sentinel
• Deep Dive on Threat Intelligence
• End-to-End SOC scenario with Sentinel

Modul 6: Microsoft Cloud App Security

• Intro do MCAS
• Enabling Secure Remote Work
• App Discovery and Log Collector Configuration
• Extending real-time monitoring & controls to any app
• Connecting 3rd party Applications
• Automation and integration with Microsoft Flow
• Conditional Access App Control
• Threat detection
• Information Protection
• Labs: Protect Your Environment Using MCAS
• DLP in Microsoft stack – how to deploy and monitor using MCAS and Sentinel

Who is it for?

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

To attend this training, you should have a good hands-on experience in administering Windows infrastructure. At least 5 years in the field is recommended. All attendees should have experience with Active Directory Domain Services (AD DS) administration.

Speaker: Marcin Krawczyk