Microsoft Certified Security, Compliance and Identity

Fundamentals
A REPORT

Submitted by

PAVURAYALA SAI NITHIN (20BEC1278)

ECE1902 – INDUSTRIAL INTERNSHIP

in partial fulfillment for the award of the degree of

BACHELOR OF TECHNOLOGY
in

ELECTRONICS AND COMMUNICATION ENGINEERING

October 2023

i
 School of Electronics Engineering

DECLARATION BY THE CANDIDATE

I hereby declare that the Industrial Internship Report entitled “Microsoft

Certified Security, Compliance and Identity Fundamentals” submitted by
me to VIT University, Chennai in partial fulfillment of the requirement for the
award of the degree of Bachelor of Technology in Electronics and
Communication Engineering is a record of bonafide work carried out by me. I
further declare that the work reported in this report has not been submitted and
will not be submitted, either in part or in full, for the award of any other degree
or diploma in this institute or any other institute or university.

Signature

PAVUARYALA SAI NITHIN (20BEC1278)

CHENNAI
31/10/2023

ii
CERTIFICATE

iii
 School of Electronics Engineering

BONAFIDE CERTIFICATE

This is to certify that the Industrial Internship Report entitled “Microsoft

Certified Security, Compliance and Identity Fundamentals” submitted by
PAVURAYALA SAI NITHIN (20BEC1278) to VIT, Chennai in partial
fulfillment of the requirement for the award of the degree of Bachelor of
Technology in Electronics and Communication Engineering is a record of
bonafide industrial internship undertaken by him fulfills the requirements as per
the regulations of this institute and in my opinion meets the necessary standards
for submission. The contents of this report have not been submitted and will
not be submitted either in part or in full, for the award of any other degree or
diploma in this institute or any other institute or university.

Signature of the Examiner

Date:

Head of the Department (B. Tech ECE)

iv
 ACKNOWLEDGEMENT

• Dr. Mohanaprasad K, Head of the Department (HoD), B. Tech Electronics

and communication engineering, SENSE, VIT Chennai

• Dr. Susan Elias, Dean of the School of Electronics Engineering, VIT

Chennai

• Dr. Reena Monica P, Associate Dean (Academics) of the School of

Electronics Engineering, VIT Chennai

• Dr. John Sahaya Rani Alex, Associate Dean (Research) of the School of
Electronics Engineering, VIT Chennai

• Parents, Friends

PAVURAYALA SAI NITHIN

(20BEC1278)

v
 TABLE OF CONTENTS

Title Page No
i
Declaration ii
Certificate iii
Bonafide certificate iv
Acknowledgement v
Table of contents vi
Topics Covered vii
Score report xi
Conclusion xi

vi
 Topics Covered

1. Security and Compliance Concepts and Methodologies

Security and compliance are two of the most important aspects of any IT
organization. Security is the practice of protecting information and systems
from unauthorized access, use, disclosure, disruption, modification, or
destruction. Compliance is the practice of meeting the requirements of laws,
regulations, and standards.
There are a number of different security and compliance concepts and
methodologies that organizations can use. Some of the most common include:
• Risk assessment: Identifying and assessing the risks to your organization's
information and systems.
• Threat intelligence: Gathering and analyzing information about potential
threats to your organization.
• Identity and access management (IAM): Managing who has access to your
organization's resources and what they can do with them.
• Data protection: Protecting your organization's data from unauthorized
access, use, disclosure, disruption, modification, or destruction.
• Incident response: Responding to security incidents in a timely and
effective manner.

2. Identity Concepts
Identity is a set of attributes that uniquely identify an individual or entity. In the
context of IT, identity is used to determine who has access to resources and
what they can do with them.
There are a number of different identity concepts that are important to
understand, including:
• Identity provider (IdP): A system that issues and manages identities.
• Service provider (SP): A system that relies on an IdP to authenticate users.
vii
• Single sign-on (SSO): A mechanism that allows users to authenticate to
multiple SPs using a single set of credentials.
• Multi-factor authentication (MFA): A security measure that requires users
to provide two or more factors of authentication when logging in.

3. Basic Identity Services and Identity types of Azure AD

Azure Active Directory (Azure AD) is a cloud-based IAM service that helps
organizations manage user identities and access to resources.
Azure AD offers a variety of identity services, including:
• User authentication: Azure AD can authenticate users using a variety of
methods, including passwords, MFA, and social login.
• Authorization: Azure AD can authorize users to access resources based on
their roles and permissions.
• Identity governance: Azure AD can help organizations manage user
identities and access throughout their lifecycle.
Azure AD also supports a variety of identity types, including:
• User accounts: User accounts are used to represent individual users.
• Group accounts: Group accounts are used to represent groups of users.
• Service accounts: Service accounts are used to represent applications and
services.

4. Authentication and access management capabilities of Azure AD

Azure AD provides a variety of authentication and access management
capabilities, including:
• SSO: Azure AD can provide SSO to a variety of cloud and on-premises
applications.
• MFA: Azure AD supports a variety of MFA methods, including phone
calls, text messages, and mobile apps.

viii
• Conditional access: Azure AD conditional access allows organizations to
define policies that control access to resources based on factors such as the
user's location, device, and risk level.
5. Identity protection and governance capabilities of Azure AD
Azure AD provides a variety of identity protection and governance capabilities,
including:
• Security monitoring: Azure AD monitors user activity and detects
suspicious behavior.
• Identity risk assessment: Azure AD assesses the risk of each user identity
and provides recommendations for mitigating risks.
• Identity lifecycle management: Azure AD helps organizations manage user
identities throughout their lifecycle, from creation to deletion.

6. Basic security capabilities in Azure and Microsoft sentinel

Azure and Microsoft Sentinel offer a variety of basic security capabilities,
including:
• Firewalls: Firewalls can be used to filter traffic and block unauthorized
access to resources.
• Intrusion detection systems (IDS): IDS can detect malicious traffic and
generate alerts.
• Intrusion prevention systems (IPS): IPS can block malicious traffic and
prevent it from reaching its target.
• Security information and event management (SIEM): SIEM systems can
collect and analyze security data from across an organization to identify
threats and incidents.

ix
7. Threat protection with Microsoft 365 defender
Microsoft 365 Defender is a unified threat protection platform that provides a
comprehensive set of capabilities for protecting against cyber threats. Microsoft
365 Defender includes the following components:
• Exchange Online Protection (EOP): EOP protects against email-borne
threats such as spam, phishing, and malware.
• Microsoft Defender for Office 365 (DO365): DO365 protects against
threats to Office 365 applications such as SharePoint, OneDrive, and Teams.
• Microsoft Defender for Endpoint: Defender for Endpoint protects against
threats to devices such as laptops, desktops, and servers.

8. Security Management Capabilities of Azure

Azure's security management capabilities include Azure Security Center, which
provides unified security management and advanced threat protection across
hybrid cloud workloads. It offers security policies, threat intelligence, and
continuous monitoring to safeguard Azure resources, helping organizations
proactively identify and mitigate security risks.

9. Resource Governance Capabilities of Azure

Azure's resource governance capabilities enable organizations to manage and
optimize cloud resources effectively. This includes policies for resource
tagging, cost management, and access control, ensuring resources are used
efficiently and securely. Azure Policy and Azure Blueprints help enforce
organizational standards, ensuring compliance and consistency across the cloud
environment.

x
 Score Report

Conclusion

Exam successfully completed and qualified. Certification Obtained. Completing

the SC-900 certification has deepened my knowledge of security, compliance,
and identity basics. This expertise makes me more valuable at work, especially
as technology keeps changing.

xi