Professional Documents
Culture Documents
Security,
Compliance, and
Identity
Fundamentals
Solutions de sécurité
Azure
https://aka.ms/sc900academy
Agenda
Save the date
Introduction
Basic security capabilities in Azure
Microsoft Defender for Cloud
Microsoft Sentinel
Ressources
https://aka.ms/sc900academy
Save the date
Date Thème
https://aka.ms/sc900academy
Overview of Microsoft Certified: Get started at
Security, Compliance, and Identity Fundamentals aka.ms/SecurityCerts_Fundamentals
Start here
Decide if this is the right Upskill with recommended Pass required exam to
certification for you training and experience earn your certification
Additional resources
• Microsoft Docs
This certification is targeted to those looking to familiarize themselves with the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. This is a
broad audience that may include business stakeholders, new or existing IT professionals, or students who have an interest in Microsoft security, compliance, and identity solutions.
Sujets :
Describe the concepts of security, compliance, and identity (10-15%)
Describe the capabilities of Microsoft identity and access management solutions (25-30%)
Describe the capabilities of Microsoft security solutions (25-30%)
Describe the capabilities of Microsoft compliance solutions (25-30%)
Describe the capabilities of Microsoft Security
Solutions (25-30%)
Fonctionnalités principales:
Types d’attaques DDoS traitées par Monitoring permanent du traffic
Azure DDoS Protection : Profilage intelligent du traffic
Volumétriques Télémétrie et alertes
Protocolaires (couche 3 et 4) Facturation protégée
Support de réponse rapide
Azure DDoS Protection SKUs
Feature DDoS IP Protection DDoS Network Protection
Active traffic monitoring & always on detection Yes Yes
L3/L4 Automatic attack mitigation Yes Yes
Automatic attack mitigation Yes Yes
Application based mitigation policies Yes Yes
Metrics & alerts Yes Yes
Mitigation reports Yes Yes
Mitigation flow logs Yes Yes
Mitigation policies tuned to customers application Yes Yes
Integration with Firewall Manager Yes Yes
Azure Sentinel data connector and workbook Yes Yes
DDoS rapid response support Not available Yes
Cost protection Not available Yes
WAF discount Not available Yes
Protection of resources across subscriptions in a Yes Yes
tenant
Price Per protected IP Per 100 protected IP
Azure Firewall
Cloud native stateful Firewall as a service
Centralized logging
Spoke 2
Archive logs to a storage account, stream events to Azure Firewall Traffic is denied
your Event Hub, or send them to Log Analytics or Security Integration and by default
Event Management (SIEM) system of choice
Custom rules
OWASP rules
Bot management
Powerful custom rules engine
WAF policy
Geo-filtering Incoming requests
IP Restriction
Logs
HTTP Parameter Filtering
Size Restriction Monitor
Azure Global WAF Azure Regional WAF
(Front Door) (Application Gateway)
Preconfigured OWASP top 10
Metrics
Conditional rate limiting at Azure network edge
Sentinel
Bot protection integration with Microsoft Threat
Intelligence
Easy configuration: ARM, Portal, API, PS, CLI, IaaS, PaaS, Serverless, on-premises
Terraform and other cloud backends
Network Security Groups
Sur site10.0/16
ACL étendues et ordonnées
Filtrage niveaux 3 (IP) & 4 (TCP/UDP)
Permet la segmentation réseau Internet
Peut s’appliquer à un sous-réseau ou à une
carte réseau d’une VM S2S Internet
1 seul NSG par NIC ou Subnet VPNs √ √
Impossible de supprimer les règles par
défaut, mais possible de modifier leur √ √
priorité VPN
GW
Tout trafic autorisé en sortie
Backend Mid-tier Frontend
Tout trafic bloqué en entrée sauf le trafic venant du 10.3/16 10.2/16 10.1/16
VNet ou du Load Balancer Azure
Virtual
Network
Network Security Groups : Default rules
Inbound default rules
Name Priority Source IP Source Port Destination IP Destination Protocol Access
Port
ALLOW VNET 65000 VIRTUAL_NETW * VIRTUAL_NETW * * ALLOW
INBOUND ORK ORK
ALLOW AZURE 65001 AZURE_LOADB * * * * ALLOW
LOAD BALANCER ALANCER
INBOUND
DENY ALL 65500 * * * * * DENY
INBOUND
Default rules cannot be deleted, but because they are assigned the lowest priority, they can be overridden by
the rules that you create
How NSG Rules are Processed
Administration simplifiée pour les NSGs
Application Security Groups: groupes de VM définis par l’utilisateur pour
les règles NSG
Augmented NSG Rules: Plusieurs adresses IP et ports dans une seule
règle
Service Tags dans les NSGs
Azure utilisés
La maintenance des adresses IP
Azure Services
pour chaque tag est faite par Allow only Azure
service traffic
Azure
Support de tags globaux et
Network Security Group (NSG)
régionaux (dépend des services) Action Name Source Destination Port
TCP 80 HTTP
TCP 443 HTTPS
TCP 22 SSH
TCP 3389 RDP
Azure Bastion
Machine (Service) de rebond pour l’administration des machines Windows et Linux dans Azure.
Authentification Azure AD, clés SSH ou password, integration Azure Key Vault possible
Transfert de fichiers
Connection IP-based
Modèles de chiffrement au repos
Deux approches à considérer
Chiffrement Cloud Chiffrement Client
Exemples
Azure Storage Service Encryption (Azure-managed disks, Azure Blob Storage, Azure Files, Azure
Queue Storage)
Azure Disk Encryption (Windows : BitLocker, Linux : dm-crypt)
Transparent Data Encryption (TDE) (Azure SQL Database, Azure Data Warehouse)
Leveraging
Azure Arc
Improve your Secure Score and overall security +7% +2% +1% +3% +2%
posture in minutes
3 Secure Score
Security posture assessment and
recommendations
*industry standards
Azure Security Benchmark (ASB) & Security baselines
doc | GitHub
Knowledge check
Microsoft Sentinel
Describe security capabilities of Microsoft Sentinel
Define the concepts of SIEM and SOAR
Describe how Microsoft Sentinel provides integrated threat
management
Integrated Threat Protection
SIEM
Microsoft Sentinel
Network
Identities Apps traffic IoT Apps
XDR
Microsoft Defender
Définitions
Collecte de données (infra, logiciels, Déclenche des workflows automatisés en Prévention, détection et réponse aux
ressources, appliances…) réponse à des alertes et incidents. menaces à travers l’entreprise : identités,
périphériques (endpoints), applications,
Analyses, détection, corrélations, anomalies
email, IoT, infrastructure, cloud.
Génère des alertes et incidents.
Microsoft Sentinel
Collect Detect Investigate Respond
security data across your threats with vast threat critical incidents rapidly and automate
enterprise intelligence and AI guided by AI protection
Connectors: syslog, Built-in or custom Proactive hunting for Incident management Automated response /
Windows Events, CEF, analytics alerts. security threats through workflows : Azure Logic
Interactive investigation
TAXII (threat query tools Apps playbooks.
Machine learning based tools
intelligence), Azure,
models.
AWS, GCP, etc. Interactive graph to
investigate entities and
Workbooks: interactive
threats
dashboards
Microsoft Sentinel Costs
Microsoft Sentinel data is stored in a Log Analytics workspace
Billing based on the volume of data (logs) ingested
Pay-as-you-go ($/GB)
Capacity reservations (> 100 GB/day)
Acronyms: https://aka.ms/MSAcronyms