| Introduction |
|
xix | |
| Organization of this book |
|
xix | |
| Preparing for the exam |
|
xx | |
| Microsoft certifications |
|
xx | |
| Quick access to online references |
|
xx | |
| Errata, updates, & book support |
|
xxi | |
| Stay in touch |
|
xxi | |
|
Chapter 1 Build an overall security strategy and architecture |
|
|
1 | (26) |
|
|
|
2 | (1) |
|
|
|
3 | (2) |
|
Architects work across teams and roles |
|
|
5 | (1) |
|
Zero Trust transformation and security architects |
|
|
5 | (2) |
|
Security architects are critical to Zero Trust |
|
|
6 | (1) |
|
Skill 1-1 Identify the integration points in an architecture by using Microsoft Cybersecurity Reference Architectures (MCRA) |
|
|
7 | (4) |
|
MCRA and Cloud Adoption Framework Secure Methodology |
|
|
7 | (3) |
|
How to use the MCRA to identify integration points |
|
|
10 | (1) |
|
Skill 1-2 Translate business goals into security requirements |
|
|
11 | (2) |
|
|
|
12 | (1) |
|
Skill 1-3 Translate security requirements into technical capabilities, including security services, security products, and security processes |
|
|
13 | (4) |
|
Requirement: Mitigate compromise of accounts using password spray and other credential compromise |
|
|
15 | (1) |
|
Requirement: Shorten response times to attacks across resources in the environment |
|
|
16 | (1) |
|
Requirement: Integrate network security into Infrastructure as Code (laC) automation |
|
|
16 | (1) |
|
Requirement: Enable eDiscovery processes for Office 365 data |
|
|
16 | (1) |
|
Skill 1-4 Design security for a resiliency strategy |
|
|
17 | (2) |
|
Reducing risk by reducing critical security events |
|
|
17 | (1) |
|
Resilience requires shifting from a network-centric to an asset- and data-centric mindset |
|
|
18 | (1) |
|
Skill 1-5 Integrate a hybrid or multi-tenant environment into a security strategy |
|
|
19 | (2) |
|
Skill 1-6 Develop a technical governance strategy for security |
|
|
21 | (1) |
|
|
|
22 | (1) |
|
Tailoring security technology to different business scenarios |
|
|
22 | (1) |
|
Thought experiment answers |
|
|
23 | (2) |
|
|
|
25 | (2) |
|
Chapter 2 Design a security operations strategy |
|
|
27 | (28) |
|
Skill 2-1 Design a logging and auditing strategy to support security operations |
|
|
27 | (5) |
|
Centralizing log collection |
|
|
28 | (1) |
|
Deciding which logs have security value |
|
|
28 | (1) |
|
Designing security operations use cases |
|
|
29 | (2) |
|
Determining log retention periods |
|
|
31 | (1) |
|
Skill 2-2 Develop security operations to support a hybrid or multi-cloud environment |
|
|
32 | (5) |
|
Cross-platform log collection |
|
|
32 | (1) |
|
Cloud security posture management (CSPM) |
|
|
33 | (2) |
|
|
|
35 | (1) |
|
Internet of Things (loT) / Operational Technology (OT) coverage |
|
|
36 | (1) |
|
Skill 2-3 Design a strategy for SIEM and SOAR |
|
|
37 | (3) |
|
Microsoft Security Operations Reference Architecture |
|
|
37 | (1) |
|
Ingest logs into your SIEM |
|
|
38 | (1) |
|
Automate, automate, automate |
|
|
39 | (1) |
|
Skill 2-4 Evaluate security workflows |
|
|
40 | (5) |
|
General incident response workflow |
|
|
41 | (3) |
|
Automation, automation, automation (again) |
|
|
44 | (1) |
|
Skill 2-5 Evaluate a security operations strategy for the incident management lifecycle |
|
|
45 | (5) |
|
Microsoft's approach to security incident management |
|
|
46 | (1) |
|
|
|
47 | (1) |
|
|
|
47 | (1) |
|
|
|
48 | (1) |
|
|
|
48 | (1) |
|
|
|
49 | (1) |
|
|
|
49 | (1) |
|
Skill 2-6 Evaluate a security operations strategy for sharing technical threat intelligence |
|
|
50 | (2) |
|
Microsoft's threat intelligence strategy |
|
|
50 | (1) |
|
Sharing technical threat intelligence in your organization |
|
|
51 | (1) |
|
|
|
52 | (1) |
|
Security operations strategy at Contoso Ltd. |
|
|
52 | (1) |
|
Thought experiment answers |
|
|
53 | (1) |
|
|
|
53 | (2) |
|
Chapter 3 Design an identity security strategy |
|
|
55 | (54) |
|
Skill 3-1 Design a strategy for access to cloud resources |
|
|
56 | (8) |
|
Identity-related access controls |
|
|
56 | (1) |
|
Network-related access controls |
|
|
57 | (1) |
|
Coordinated identity and network access |
|
|
57 | (1) |
|
Interconnection and cross-service collaboration |
|
|
58 | (3) |
|
Assume-breach and explicitly verify |
|
|
61 | (1) |
|
People, process, and technology approach |
|
|
61 | (3) |
|
Skill 3-2 Recommend an identity store (tenants, B2B, B2C, and hybrid) |
|
|
64 | (5) |
|
Foundational implementations |
|
|
65 | (1) |
|
|
|
66 | (3) |
|
Skill 3-3 Recommend an authentication strategy |
|
|
69 | (13) |
|
|
|
69 | (8) |
|
|
|
77 | (1) |
|
Controlling authentication sessions |
|
|
78 | (2) |
|
|
|
80 | (2) |
|
Skill 3-4 Recommend an authorization strategy |
|
|
82 | (8) |
|
Configuring access to support authorization |
|
|
82 | (6) |
|
|
|
88 | (1) |
|
|
|
89 | (1) |
|
Skill 3-5 Design a strategy for conditional access |
|
|
90 | (4) |
|
|
|
92 | (2) |
|
Skill 3-6 Design a strategy for role assignment and delegation |
|
|
94 | (5) |
|
Delegating to non-administrators |
|
|
95 | (2) |
|
Delegating access to service providers |
|
|
97 | (2) |
|
Skill 3-7 Design security strategy for privileged-role access to infrastructure, including identity-based firewall rules and Azure PIM |
|
|
99 | (5) |
|
Privileged Access Workstation (PAW) |
|
|
99 | (1) |
|
Privileged Identity Management (PIM) |
|
|
100 | (3) |
|
Microsoft Entra Permissions Management |
|
|
103 | (1) |
|
|
|
104 | (1) |
|
Skill 3-8 Design security strategy for privileged activities, including PAM, entitlement management, and cloud tenant administration |
|
|
104 | (2) |
|
Privileged Access Workstation (PAW) |
|
|
105 | (1) |
|
Privileged Identity Management (PIM) |
|
|
105 | (1) |
|
Microsoft Entra Permissions Management |
|
|
106 | (1) |
|
|
|
106 | (1) |
|
Thought experiment answers |
|
|
107 | (1) |
|
|
|
108 | (1) |
|
Chapter 4 Design a regulatory compliance strategy |
|
|
109 | (26) |
|
Overview of security governance |
|
|
109 | (5) |
|
Skill 4-1 Interpret compliance requirements and translate into specific technical capabilities (new or existing) |
|
|
114 | (5) |
|
Security compliance translation process |
|
|
116 | (1) |
|
Resolving conflicts between compliance and security |
|
|
117 | (2) |
|
Skill 4-2 Evaluate infrastructure compliance by using Microsoft Defender for Cloud |
|
|
119 | (2) |
|
Skill 4-3 Interpret compliance scores and recommend actions to resolve issues or improve security |
|
|
121 | (1) |
|
Skill 4-4 Design implementation of Azure Policy |
|
|
122 | (1) |
|
Skill 4-5 Design for data residency requirements |
|
|
123 | (1) |
|
Skill 4-6 Translate privacy requirements into requirements for security solutions |
|
|
124 | (3) |
|
|
|
125 | (2) |
|
|
|
127 | (1) |
|
Building repeatable technical patterns for security compliance |
|
|
127 | (1) |
|
Thought experiment answers |
|
|
128 | (4) |
|
|
|
132 | (3) |
|
Chapter 5 Evaluate security posture and recommend technical strategies to manage risk |
|
|
135 | (24) |
|
Skill 5-1 Evaluate security posture by using benchmarks (including Azure security benchmarks for Microsoft Cloud security benchmark, ISO 27001, etc.) |
|
|
135 | (1) |
|
Microsoft cloud security benchmark |
|
|
136 | (3) |
|
Monitoring your MCSB compliance |
|
|
136 | (2) |
|
|
|
138 | (1) |
|
Skill 5-2 Evaluate security posture by using Microsoft Defender for Cloud |
|
|
139 | (5) |
|
|
|
139 | (1) |
|
Security posture management |
|
|
140 | (2) |
|
Considerations for multi-cloud |
|
|
142 | (1) |
|
Considerations for vulnerability assessment |
|
|
143 | (1) |
|
Skill 5-3 Evaluate security posture by using Secure Scores |
|
|
144 | (2) |
|
Secure Score in Defender for Cloud |
|
|
144 | (2) |
|
Skill 5-4 Evaluate security posture of cloud workloads |
|
|
146 | (2) |
|
|
|
146 | (2) |
|
Skill 5-5 Design security for an Azure Landing Zone |
|
|
148 | (3) |
|
|
|
149 | (1) |
|
|
|
149 | (1) |
|
|
|
150 | (1) |
|
|
|
150 | (1) |
|
|
|
150 | (1) |
|
Skill 5-6 Interpret technical threat intelligence and recommend risk mitigations |
|
|
151 | (3) |
|
Threat intelligence in Defender for Cloud |
|
|
151 | (2) |
|
Threat intelligence in Microsoft Sentinel |
|
|
153 | (1) |
|
Skill 5-7 Recommend security capabilities or controls to mitigate identified risks |
|
|
154 | (2) |
|
Identifying and mitigating risk |
|
|
154 | (2) |
|
|
|
156 | (1) |
|
Monitoring security at Fabrikam Inc |
|
|
156 | (1) |
|
Thought experiment answers |
|
|
157 | (1) |
|
|
|
157 | (2) |
|
Chapter 6 Design a strategy for securing server and client endpoints |
|
|
159 | (48) |
|
Skill 6-1 Specify security baselines for server and client endpoints |
|
|
160 | (7) |
|
Group Policy Objects (GPO) |
|
|
160 | (1) |
|
Security Compliance Toolkit (SCT) |
|
|
161 | (1) |
|
Azure Security Benchmark (ASB) |
|
|
161 | (1) |
|
Microsoft Endpoint Manager (MEM) |
|
|
162 | (1) |
|
|
|
163 | (1) |
|
|
|
163 | (1) |
|
|
|
163 | (2) |
|
Azure Resource Manager (ARM) templates |
|
|
165 | (1) |
|
|
|
165 | (1) |
|
Microsoft Defender for Cloud (MDC) |
|
|
166 | (1) |
|
Microsoft Defender for IoT (MDIoT) |
|
|
166 | (1) |
|
|
|
166 | (1) |
|
|
|
167 | (1) |
|
Skill 6-2 Specify security requirements for servers, including multiple platforms and operating systems |
|
|
167 | (9) |
|
Shared responsibility in the cloud |
|
|
168 | (1) |
|
Legacy insecure protocols |
|
|
169 | (1) |
|
|
|
170 | (1) |
|
Local Administrator Password Management (LAPS) |
|
|
171 | (1) |
|
|
|
171 | (1) |
|
|
|
172 | (2) |
|
|
|
174 | (2) |
|
Skill 6-3 Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration |
|
|
176 | (7) |
|
Local Administrator Password Management |
|
|
176 | (1) |
|
Basic Mobility and Security |
|
|
176 | (1) |
|
|
|
177 | (1) |
|
|
|
177 | (1) |
|
|
|
178 | (1) |
|
|
|
179 | (1) |
|
|
|
180 | (1) |
|
|
|
180 | (2) |
|
|
|
182 | (1) |
|
Skill 6-4 Specify requirements to secure Active Directory Domain Services |
|
|
183 | (8) |
|
|
|
183 | (4) |
|
Privileged Access Management |
|
|
187 | (1) |
|
|
|
188 | (1) |
|
Microsoft Defender for Identity |
|
|
188 | (2) |
|
Active Directory Federation Services (AD FS) |
|
|
190 | (1) |
|
Skill 6-5 Design a strategy to manage secrets, keys, and certificates |
|
|
191 | (5) |
|
|
|
192 | (1) |
|
|
|
193 | (1) |
|
|
|
194 | (1) |
|
|
|
194 | (2) |
|
Skill 6-6 Design a strategy for secure remote access |
|
|
196 | (7) |
|
Key configurations to enable secure remote access |
|
|
196 | (2) |
|
Remote access to desktop, applications, and data |
|
|
198 | (2) |
|
Remote access to on-premises web applications |
|
|
200 | (1) |
|
|
|
201 | (1) |
|
Remotely provisioning new devices |
|
|
202 | (1) |
|
|
|
202 | (1) |
|
|
|
202 | (1) |
|
|
|
203 | (1) |
|
Thought experiment answers |
|
|
203 | (1) |
|
|
|
204 | (3) |
|
Chapter 7 Design a strategy for securing SaaS, PaaS, and IaaS services |
|
|
207 | (20) |
|
Skill 7-1 Specify security baselines for SaaS, PaaS, and IaaS services |
|
|
207 | (2) |
|
Specify security baselines for SaaS services |
|
|
208 | (1) |
|
Skill 7-2 Specify security requirements for IoT workloads |
|
|
209 | (2) |
|
|
|
209 | (1) |
|
Security posture and threat detection |
|
|
210 | (1) |
|
Skill 7-3 Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB |
|
|
211 | (4) |
|
Security considerations for Azure Cosmos DB |
|
|
214 | (1) |
|
Skill 7-4 Specify security requirements for web workloads, including Azure App Service |
|
|
215 | (2) |
|
|
|
215 | (1) |
|
Authentication and authorization |
|
|
216 | (1) |
|
Security posture and threat protection |
|
|
216 | (1) |
|
Skill 7-5 Specify security requirements for storage workloads, including Azure Storage |
|
|
217 | (3) |
|
|
|
217 | (2) |
|
Identity and access management |
|
|
219 | (1) |
|
|
|
220 | (1) |
|
|
|
220 | (1) |
|
Skill 7-6 Specify security requirements for containers |
|
|
220 | (2) |
|
Hardening access to Azure Container Registry |
|
|
221 | (1) |
|
Skill 7-7 Specify security requirements for container orchestration |
|
|
222 | (2) |
|
|
|
223 | (1) |
|
|
|
224 | (1) |
|
Design a strategy for securing PaaS and laaS services at Fabrikam, Inc |
|
|
224 | (1) |
|
Thought experiment answers |
|
|
224 | (1) |
|
|
|
225 | (2) |
|
Chapter 8 Specify security requirements for applications |
|
|
227 | (16) |
|
Skill 8-1 Specify priorities for mitigating threats to applications |
|
|
227 | (5) |
|
|
|
228 | (1) |
|
Application threat modeling |
|
|
228 | (1) |
|
Microsoft Security Development Lifecycle (SDL) |
|
|
229 | (3) |
|
Skill 8-2 Specify a security standard for onboarding a new application |
|
|
232 | (5) |
|
|
|
232 | (1) |
|
Security standards for onboarding applications |
|
|
233 | (4) |
|
Skill 8-3 Specify a security strategy for applications and APIs |
|
|
237 | (3) |
|
Waterfall to Agile/DevOps |
|
|
237 | (2) |
|
Security in DevOps (DevSecOps) |
|
|
239 | (1) |
|
|
|
240 | (1) |
|
Application migration and modernization at Fabrikam, Inc. |
|
|
240 | (1) |
|
Thought experiment answers |
|
|
241 | (1) |
|
|
|
241 | (2) |
|
Chapter 9 Design a strategy for securing data |
|
|
243 | (18) |
|
Skill 9-1 Specify priorities for mitigating threats to data |
|
|
243 | (3) |
|
|
|
243 | (3) |
|
|
|
246 | (1) |
|
Skill 9-2 Design a strategy to identify and protect sensitive data |
|
|
246 | (7) |
|
|
|
247 | (1) |
|
|
|
248 | (2) |
|
|
|
250 | (1) |
|
|
|
251 | (2) |
|
Skill 9-3 Specify an encryption standard for data at rest and in motion |
|
|
253 | (5) |
|
|
|
253 | (2) |
|
|
|
255 | (3) |
|
|
|
258 | (1) |
|
Design a strategy for securing data |
|
|
258 | (1) |
|
Thought experiment answers |
|
|
259 | (1) |
|
|
|
259 | (2) |
|
Chapter 10 Microsoft Cybersecurity Reference Architectures and Microsoft cloud security benchmark best practices |
|
|
261 | (28) |
|
|
|
262 | (8) |
|
Antipatterns are the opposites of best practices |
|
|
262 | (4) |
|
Microsoft Cybersecurity Reference Architectures (MCRA) |
|
|
266 | (2) |
|
Microsoft cloud security benchmark (MCSB) |
|
|
268 | (2) |
|
Skill 10-1 Recommend best practices for cybersecurity capabilities and controls |
|
|
270 | (3) |
|
Skill 10-2 Recommend best practices for protecting from insider and external attacks |
|
|
273 | (4) |
|
Skill 10-3 Recommend best practices for Zero Trust security |
|
|
277 | (3) |
|
Skill 10-4 Recommend best practices for the Zero Trust Rapid Modernization Plan |
|
|
280 | (2) |
|
|
|
282 | (1) |
|
Identifying applicable best practices |
|
|
282 | (1) |
|
Thought experiment answers |
|
|
282 | (3) |
|
|
|
285 | (4) |
|
Chapter 11 Recommend a secure methodology by using the Cloud Adoption Framework (CAF) |
|
|
289 | (14) |
|
Skill 11-1 Recommend a DevSecOps process |
|
|
289 | (5) |
|
|
|
290 | (1) |
|
|
|
290 | (1) |
|
|
|
291 | (1) |
|
|
|
292 | (1) |
|
Go to production and operate |
|
|
293 | (1) |
|
Skill 11-2 Recommend a methodology for asset protection |
|
|
294 | (3) |
|
|
|
294 | (1) |
|
|
|
294 | (1) |
|
Key recommendations for an asset protection program |
|
|
295 | (2) |
|
Skill 11-3 Recommend strategies for managing and minimizing risk |
|
|
297 | (2) |
|
|
|
298 | (1) |
|
|
|
298 | (1) |
|
|
|
299 | (1) |
|
Using the CAF for secure methodologies at Tailwind Traders |
|
|
299 | (1) |
|
Thought experiment answers |
|
|
300 | (1) |
|
|
|
301 | (2) |
|
Chapter 12 Recommend a ransomware strategy by using Microsoft Security Best Practices |
|
|
303 | (12) |
|
Skill 12-1 Plan for ransomware protection and extortion-based attacks |
|
|
303 | (3) |
|
|
|
304 | (1) |
|
Security hygiene and damage control |
|
|
305 | (1) |
|
Skill 12-2 Protect assets from ransomware attacks |
|
|
306 | (3) |
|
|
|
307 | (2) |
|
|
|
309 | (1) |
|
|
|
309 | (1) |
|
Skill 12-3 Recommend Microsoft ransomware best practices |
|
|
309 | (3) |
|
|
|
310 | (2) |
|
|
|
312 | (1) |
|
Developing a strategy to protect against ransomware |
|
|
312 | (1) |
|
Thought experiment answers |
|
|
312 | (1) |
|
|
|
313 | (2) |
| Index |
|
315 | |
