Professional Documents
Culture Documents
SC-900
Updated and
expanded 7/26/21!
EXAM
CRAM
Exam DOMAINS for SC-900
01
02 Describe the Concepts of Security, Compliance, and Identity
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
What is an “evergreen” edition?
What is an “evergreen” edition?
As updates are released for the exam, we
will continuously update with short videos
to cover “what’s new” in the latest update
What is an “evergreen” edition?
Links to these short video updates will be
added to this video’s Description
Important note!
01
02 Describe the Concepts of Security, Compliance, and Identity
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for SC-900
01
02 Describe the Concepts of Security, Compliance, and Identity
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for SC-900
01
02 Describe the Concepts of Security, Compliance, and Identity
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for SC-900
01
02 Describe the Concepts of Security, Compliance, and Identity
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for SC-900
01
02 Describe the Concepts of Security, Compliance, and Identity
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
A pdf copy of the presentation is
available in the video description!
Subscribed
SUBSCRIBE
FREE SC-900 practice quiz
NOW AVAILABLE!!!
(link in the video description)
Exam DOMAINS for SC-900
01
02 Describe the Concepts of Security, Compliance, and Identity
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for az-900
02
01
Describe the Concepts of Security,
Compliance, and Identity
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
addresses the limitations of the legacy
network perimeter-based security model.
treats user identity as the control plane
Assumes compromise / breach in verifying
every request. no entity is trusted by default
CSP OS OS OS OS
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
CLOUD MODELS & SERVICES - IAAS
Applications Applications
Data Data
Runtime Runtime CSP provides building blocks, like
Middleware Middleware
networking, storage and compute
OS OS
Virtualization Virtualization
CSP manages staff, HW, and
Servers Servers
datacenter
Storage Storage
Networking Networking
On-premises IaaS
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
CLOUD MODELS & SERVICES - IAAS
Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure Virtual Amazon EC2 GCP Compute
Storage Storage Machines Engine
Networking Networking
On-premises IaaS
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
CLOUD MODELS & SERVICES - PAAS
Applications Applications
Data Data
Runtime Runtime Customer is responsible for
Middleware Middleware deployment and management of apps
OS OS
Virtualization Virtualization CSP manages provisioning,
Servers Servers
configuration, hardware, and OS
Storage Storage
Networking Networking
On-premises PaaS
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
CLOUD MODELS & SERVICES - PAAS
Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure SQL API Azure App
Storage Storage Database Management Service
Networking Networking
On-premises PaaS
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
CLOUD MODELS & SERVICES - SAAS
Applications Applications
Data Data
Runtime Runtime
Middleware Middleware Customer just configures features.
OS OS
Virtualization Virtualization CSP is responsible for management,
Servers Servers
operation, and service availability.
Storage Storage
Networking Networking
On-premises SaaS
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
CLOUD MODELS & SERVICES - SAAS
Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers
Storage Storage
Networking Networking
On-premises SaaS
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
shared responsibility model
100% YOURS
Applications Applications Applications Applications
Data Data Data Data
Runtime Runtime Runtime Runtime
Responsible Middleware Middleware Middleware Middleware
CSP OS OS OS OS
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Shared responsibility model (2021 edition)
On-premises
SaaS
PaaS
IaaS
RESPONSIBILITY ALWAYS RETAINED BY CUSTOMER
These are programs with built in dictionaries. They would use all
dictionary words to attempt and find the correct password, in the
hope that a user would have used a standard dictionary word.
WHAT IS
MOST COMMON ATTACKS
WHAT IS
WHAT IS
Prevention
- Update and patch computers AI-driven cloud
- Use caution with web links services offer
- Use caution with email attachments help with these
- Verify email senders
- Preventative software programs
Common threats these are a class of attacks
WHAT IS A
FUNDAMENTAL CONCEPTS OF
CONCEPT: Symmetric vs Asymmetric
example - AES
Symmetric
Encryption
Encryption is a two-way function; what is encrypted can be decrypted with
the proper key.
Symmetric
Typically used for bulk encryption / encrypting large amounts of data.
Asymmetric
Distribution of symmetric bulk encryption keys (shared key)
Identity authentication via digital signatures and certificates
Non-repudiation services and key agreement
Hash functions
Verification of digital signatures
Generation of pseudo-random numbers
Integrity services (data integrity and authenticity)
Microsoft’S PRIVACY principles ETHICAL
1 Control
Enabling you to determine what data is collected and with whom it’s shared.
Transparency
2 Being transparent about data collection and use so that everyone can easily make
informed decisions.
Security
3 Protecting the data that's entrusted to Microsoft by using strong security and encryption.
Strong legal protections
4 Respecting local privacy laws and fighting for legal protection of privacy as a
fundamental human right
5 No content-based targeting
Not using email, chat, files, or other personal content to target advertising
Benefits to you
6 When Microsoft does collect data, it's used to benefit you, the customer, and to make
your experiences better.
Microsoft Security and compliance principles
https://aka.ms/STP
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
identify core azure identity services
https://aka.ms/STP
Exam DOMAINS for SC-900
01
02 Describe the Concepts of Security, Compliance, and Identity
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for az-900
02
02
Describe the capabilities of Microsoft Identity
and Access Management Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Traditional Architecture Zero Trust Architecture
Cloud mobile workforce
Services (WFH, BYOD)
Untrusted
Trusted Trusted
Identity
You can federate your on-premises environment with Azure AD and use
this federation for authentication and authorization.
This sign-in method ensures that all user authentication occurs on-
premises.
Allows administrators to implement more rigorous levels of access control.
Certificate authentication, key fob, card token
identity federation (example) may be cloud or on-premises
Twitter Azure AD
idP-A trusts idP-B
idP-B idP-A
shared access
user website
This type of attack is attempting to break the password by trying all possible
key combinations and variations
Azure AD joined
devices exist only in the cloud. Azure AD joined devices are owned by an organization
and signed in with their account.
Azure AD Connect
On-premises
Active Directory Office 365
Apps Azure AD
Password change
when a user knows their password but wants
to change it to something new.
Password reset
when a user can't sign in, such as when they
forget the password, and want to reset it.
Azure AD
Password unlock
SSPR when a user can't sign in because their
account is locked out.
saves time and money, improves productivity and security
A Z U R E A D PASSWORD PROTECTION & MANAGEMENT
Windows Hello is for personal devices Windows Hello for Business always uses key-
and uses a pin or biometric gesture based or certificate-based authentication
identify core azure identity services
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for az-900
02
03
Describe the capabilities of
Microsoft Security Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe azure network security
-Servers -ACR
-App Service -Key Vault
-Storage -Resource Manager
-SQL -DNS
-Kubernetes -Open-source Azure DB
You can also add regulatory standards, like NIST, Azure CIS, and others
for a more customized view of your compliance.
SIEM and SOAR uses AI, ML, and threat intelligence
Identity Apps
MS Defender MS Cloud App
for Identity Security
Endpoints Email/Collab
MS Defender MS Defender
for Endpoint for Office 365
Describe Microsoft defender for identity
shadow IT
Describe Microsoft 365 security center
New Experience
New experience brings Defender for Endpoint, Defender
for Office 365, Microsoft 365 Defender, and MCAS data
into the Microsoft 365 security center
https://security.microsoft.com
How to use Microsoft secure score
Purpose is to help orgs improve security
posture for Microsoft 365 services
Incidents
Incidents are a collection of correlated alerts created when a
suspicious event is found.
Alerts are generated from different device, user, and mailbox
entities, and can come from many different domains.
Provides a comprehensive view and context of an attack.
Incident management
You can manage incidents on devices, users accounts, and
mailboxes from the incident queue.
Incidents are auto-assigned and named but can be updated.
what is Microsoft intune?
Manage devices
Manage security baselines
Use endpoint security policies
Endpoint Use device compliance policy
Security Device and app-based Conditional Access
Defender for Endpoint integration
Microsoft endpoint manager admin center
combines services, including Microsoft Intune, Configuration Manager,
Desktop Analytics, co-management, and Windows Autopilot.
03
02 Describe the capabilities of Microsoft Security Solutions
04
02 Describe the Capabilities of Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for az-900
02
04
Describe the Capabilities of
Microsoft Compliance Solutions
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Compliance Center
https://compliance.microsoft.com
Compliance manager
https://compliance.microsoft.com/compliancemanager
Compliance score
Compliance
Score
data classification
Retention labels and policies help organizations to manage and govern information
by ensuring content is kept only for a required time, and then permanently deleted.
Records Management often tied to a regulatory requirement
evaluation works
DLP policies
Search
query the
index is
search
updated
index
Compliance in Microsoft 365
Microsoft
Creates Creates receives Microsoft Customer
support support approval approves approves
ticket ticket request request request
Content search
Consists of searches and exports, but not holds
Core eDiscovery
You can add sources, create holds and queries, export case
results, and manage the life cycle of your case
Advanced eDiscovery
Add custodians, automate notifications, view jobs, additional settings
describe content search tool
1 2 3
5 4 3
Export and Review and analyze Add data to
download case data data in review set review set
Data governance
Adapt
Define Plan Ready
Strategy
Framework
Innovate
enforce standards, ongoing admin
Govern Manage
cloud governance
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
cloud governance
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
cloud governance
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
cloud governance
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
cloud governance
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe azure governance features
Management Subscriptions
Groups
Resources
Resource
Groups
Describe core architecture components
Management
Groups
Subscriptions
Resource
Groups
Resources
Describe core architecture components
Management Subscriptions
Groups
Resources
Resource
Groups
Describe core architecture components
Subscriptions
Subscriptions
Resource Groups
Subscriptions
Resource Groups
Resources
Describe core architecture components
Management Group
scope
Subscriptions
Resource Groups
Resources
INSIDE CLOUD
THANKS
F O R W A T C H I N G!