WEBVTT 0:00:02.380000 --> 0:00:08.420000 Hi, in this video, I want to take a look at the Managed Security Operations 0:00:08.420000 --> 0:00:13.600000 Objective Domain for the AZ -500 Certification Exam. 0:00:13.600000 --> 0:00:18.580000 This objective domain represents 25 to 30 percent of the overall weight 0:00:18.580000 --> 0:00:22.920000 of the exam. So what are the objectives in this domain? 0:00:22.920000 --> 0:00:26.200000 There are four objectives within this objective domain. 0:00:26.200000 --> 0:00:30.300000 The first is Monitoring Security using Azure Monitors. 0:00:30.300000 --> 0:00:31.620000 We have Azure Monitor. 0:00:31.620000 --> 0:00:36.740000 Next is Monitoring Security using Security Center, Azure Security Center. 0:00:36.740000 --> 0:00:38.740000 So we have Monitor, we have Security Center. 0:00:38.740000 --> 0:00:41.340000 Next we have Azure Sentinel. 0:00:41.340000 --> 0:00:43.180000 Again, Monitoring Security using that. 0:00:43.180000 --> 0:00:46.560000 And finally, we're going to talk about security policies, which really 0:00:46.560000 --> 0:00:51.380000 kind of interweaves, frankly, between all three of the previous. 0:00:51.380000 --> 0:00:56.580000 Let's go ahead and let's take a look at the details of these objectives. 0:00:56.580000 --> 0:01:02.860000 All right, so the first objective, Monitoring Security by using Azure 0:01:02.860000 --> 0:01:05.040000 Monitor. What are we going to look at? 0:01:05.040000 --> 0:01:12.940000 Going to cover alerts and understand what alerts are and also understand 0:01:12.940000 --> 0:01:15.380000 how you can respond to alerts. 0:01:15.380000 --> 0:01:18.700000 We'll look at Monitoring Security Logs by using Azure Monitor. 0:01:18.700000 --> 0:01:22.140000 I say we look at thinking about teaching it. 0:01:22.140000 --> 0:01:25.280000 Obviously, these are things you are responsible for. 0:01:25.280000 --> 0:01:28.980000 And you are also responsible for, so there I got it right. 0:01:28.980000 --> 0:01:33.280000 Configuring diagnostic logging and log retention. 0:01:33.280000 --> 0:01:38.440000 So these are all topics, all details that you need to be very comfortable 0:01:38.440000 --> 0:01:44.200000 with when Monitoring Security using Azure Monitor. 0:01:44.200000 --> 0:01:47.820000 And all of that's, I think, relatively straightforward. 0:01:47.820000 --> 0:01:50.020000 Obviously, it's things you need to know, but I don't think there's too 0:01:50.020000 --> 0:01:52.560000 many gotchs there. 0:01:52.560000 --> 0:01:56.020000 Okay, next is Security Center. 0:01:56.020000 --> 0:01:59.720000 And I will tell you this with Security Center. 0:01:59.720000 --> 0:02:05.880000 This is a bit of a, if you will, beast of a tool. 0:02:05.880000 --> 0:02:10.460000 And a ton of things in this tool, spend some time in Security Center. 0:02:10.460000 --> 0:02:12.620000 Go beyond what's in content that you find. 0:02:12.620000 --> 0:02:14.820000 Go beyond what's in any kind of hands-on. 0:02:14.820000 --> 0:02:19.120000 Really kind of click around and get used to what Security Center offers 0:02:19.120000 --> 0:02:26.920000 because it is a large, powerful, and growing resource within the Azure 0:02:26.920000 --> 0:02:31.140000 environment. Okay, now specifically, what do we need? 0:02:31.140000 --> 0:02:33.900000 We need to understand vulnerability scans. 0:02:33.900000 --> 0:02:35.600000 How do we set up vulnerability scans? 0:02:35.600000 --> 0:02:37.080000 How do we use them? 0:02:37.080000 --> 0:02:40.260000 You need to understand just in time access. 0:02:40.260000 --> 0:02:43.840000 With Azure Security Center, I'm not a huge fan of just in time access. 0:02:43.840000 --> 0:02:47.820000 It has its place, but you need to know it. 0:02:47.820000 --> 0:02:51.760000 Also, and this kind of goes to what I was talking about in terms of the 0:02:51.760000 --> 0:02:56.780000 objectives, configure centralized policy management by using Azure Security 0:02:56.780000 --> 0:03:00.680000 Center. Azure Security Center, you could kind of say, is really based 0:03:00.680000 --> 0:03:04.520000 on policy. And it's just to have what I go about actually implementing 0:03:04.520000 --> 0:03:09.400000 that. And also, and this is something that is relatively new. 0:03:09.400000 --> 0:03:12.380000 And I think it's actually really cool. 0:03:12.380000 --> 0:03:14.140000 And that's compliance policies. 0:03:14.140000 --> 0:03:16.000000 What are compliance policies? 0:03:16.000000 --> 0:03:18.380000 How do you implement compliance policies? 0:03:18.380000 --> 0:03:23.620000 How would you add additional compliance policies to what comes standard 0:03:23.620000 --> 0:03:26.280000 with Azure Security Center? 0:03:26.280000 --> 0:03:33.400000 Okay, next we have a tool that gets quite a bit of buzz recently, and 0:03:33.400000 --> 0:03:39.660000 that is again, a relatively new tool, which is the Azure Sentinel. 0:03:39.660000 --> 0:03:43.260000 So first of all, I would say you definitely need to understand what Azure 0:03:43.260000 --> 0:03:48.740000 Sentinel is, and what it does, and what are the components that make up 0:03:48.740000 --> 0:03:55.620000 Azure Sentinel. This is Microsoft's SEIM tool that's integrated with Azure. 0:03:55.620000 --> 0:04:01.360000 It actually integrates with log analytics, and also Security Center does 0:04:01.360000 --> 0:04:02.120000 a ton of things. 0:04:02.120000 --> 0:04:05.760000 How do you create and customize alerts that are specific to Sentinel? 0:04:05.760000 --> 0:04:11.360000 How do you configure data sources that are going to feed data into Sentinel? 0:04:11.360000 --> 0:04:14.520000 What kind of results are you going to get and analyze? 0:04:14.520000 --> 0:04:18.700000 And also, how can you use Sentinel for security automation by using a 0:04:18.700000 --> 0:04:28.060000 playbook? And those are the Azure Sentinel topics that you need to be 0:04:28.060000 --> 0:04:30.860000 familiar with and comfortable with. 0:04:30.860000 --> 0:04:35.800000 All right, and the last objective in this objective domain is security 0:04:35.800000 --> 0:04:41.480000 policies. Now, with security policies, there are two things, one of which, 0:04:41.480000 --> 0:04:46.540000 again, really, this first one is pretty much integrated really with Security 0:04:46.540000 --> 0:04:48.680000 Center, but it is policy there. 0:04:48.680000 --> 0:04:53.400000 You should understand how policy and Security Center work together. 0:04:53.400000 --> 0:04:56.340000 New topic here, something you do need to be familiar with, and that is 0:04:56.340000 --> 0:04:58.080000 Azure Blueprint. 0:04:58.080000 --> 0:05:04.400000 What does Azure Blueprint, what can Azure Blueprint do that other resources, 0:05:04.400000 --> 0:05:08.220000 other security techniques in Azure may not be able to do things like being 0:05:08.220000 --> 0:05:13.320000 able to set up deny roles, but just in general, understand what it is, 0:05:13.320000 --> 0:05:16.340000 what are the parts of it, what you can do with it, and how you would use 0:05:16.340000 --> 0:05:21.440000 it. And those are the objectives and the objective details in this objective