Cover
Title Page
Copyright Page
Acknowledgments
About the Authors
About the Technical Editor
Contents at a Glance
Contents
Introduction
What Is Azure?
About the SC-100 Certification Exam
Why Become a Certified Microsoft Azure Cybersecurity Architect?
Preparing to Become a Certified Microsoft Cybersecurity Architect
How to Become a Certified Microsoft Cybersecurity Architect
Who Should Buy This Book
How This Book Is Organized
Chapter Features
Bonus Digital Contents
Conventions Used in This Book
Using This Book
Technology Requirements
SC-100 Exam Objectives
How to Contact the Publisher
Assessment Test
Answers to Assessment Test
Chapter 1 Define and Implement an Overall Security Strategy and Architecture
Basics of Cloud Computing
The Need for the Cloud
Cloud Service Models
Cloud Deployment Models
Introduction to Cybersecurity
The Need for Cybersecurity
Cybersecurity Domains
Getting Started with Zero Trust
NIST Abstract Definition of Zero Trust
Key Benefits of Zero Trust
Guiding Principles of Zero Trust
Zero Trust Architecture
Design Integration Points in an Architecture
Security Operations Center
Software as a Service
Hybrid Infrastructure—IaaS, PaaS, On-Premises
Endpoints and Devices
Information Protection
Identity and Access
People Security
IOT and Operational Technology
Design Security Needs to Be Based on Business Goals
Define Strategy
Prepare Plan
Get Ready
Adopt
Secure
Manage
Govern
Decode Security Requirements to Technical Abilities
Resource Planning and Hardening
Design Security for a Resiliency Approach
Before an Incident
During an Incident
After an Incident
Feedback Loop
Identify the Security Risks Associated with Hybrid and Multi-Tenant Environments
Deploy a Secure Hybrid Identity Environment
Deploy a Secure Hybrid Network
Design a Multi-Tenancy Environment
Responsiveness to Individual Tenants’ Needs
Plan Traffic Filtering and Segmentation Technical and Governance Strategies
Logically Segmented Subnets
Deploy Perimeter Networks for Security Zones
Avoid Exposure to the Internet with Dedicated WAN Links
Use Virtual Network Appliances
Summary
Exam Essentials
Review Questions
Chapter 2 Define a Security Operations Strategy
Foundation of Security Operations and Strategy
SOC Operating Model
SOC Framework
SOC Operations
Microsoft SOC Strategy for Azure Cloud
Microsoft SOC Function for Azure Cloud
Microsoft SOC Integration Among SecOps and Business Leadership
Microsoft SOC People and Process
Microsoft SOC Metrics
Microsoft SOC Modernization
SOC MITRE ATT&CK
Design a Logging and Auditing Strategy to Support Security Operations
Overview of Azure Logging Capabilities
Develop Security Operations to Support a Hybrid or Multi-Cloud Environment
Integrated Operations for Hybrid and Multi-Cloud Environments
Customer Processes
Primary Cloud Controls
Hybrid, Multi-Cloud Gateway, and Enterprise Control Plane
Azure Security Operation Services
Using Microsoft Sentinel and Defender for Cloud to Monitor Hybrid Security
Design a Strategy for SIEM and SOAR
Security Operations Center Best Practices for SIEM and SOAR
Evaluate Security Workflows
Microsoft Best Practices for Incident Response
Microsoft Best Practices for Recovery
Azure Workflow Automation Uses a Few Key Technologies
Evaluate a Security Operations Strategy for the Incident Management Life Cycle
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Evaluate a Security Operations Strategy for Sharing Technical Threat Intelligence
Microsoft Sentinel’s Threat Intelligence
Defender for Endpoint’s Threat Intelligence
Defender for IoT’s Threat Intelligence
Defender for Cloud’s Threat Intelligence
Microsoft 365 Defender’s Threat Intelligence
Summary
Exam Essentials
Review Questions
Chapter 3 Define an Identity Security Strategy
Design a Strategy for Access to Cloud Resources
Deployment Objectives for Identity Zero Trust
Microsoft’s Method to Identity Zero Trust Deployment
Recommend an Identity Store (Tenants, B2B, B2C, Hybrid)
Recommend an Authentication and Authorization Strategy
Cloud Authentication
Federated Authentication
Secure Authorization
Design a Strategy for Conditional Access
Conditional Access Zero Trust Architecture
Verify Explicitly
Use Least-PrivilegedAccess
Assume Breach
Conditional Access Zero Trust Architecture
Summary of Personas
Design a Strategy for Role Assignment and Delegation
Design a Security Strategy for Privileged Role Access to Infrastructure Including Identity-Based Firewall Rules and Azure PIM
Securing Privileged Access
Develop a Road Map
Best Practices for Managing Identity and Access on the Microsoft Platform
Design a Security Strategy for Privileged Activities Including PAM, Entitlement Management, and Cloud Tenant Administration
Developing a Privileged Access Strategy
Azure AD Entitlement Management
Summary
Exam Essentials
Review Questions
Chapter 4 Identify a Regulatory Compliance Strategy
Interpret Compliance Requirements and Translate into Specific Technical Capabilities
Review the Organization Requirements
Design a Compliance Strategy
Key Compliance Consideration
Evaluate Infrastructure Compliance by Using Microsoft Defender for Cloud
Protect All of Your IT Resources Under One Roof
Interpret Compliance Scores and Recommend Actions to Resolve Issues or Improve Security
Design and Validate Implementation of Azure Policy
Design for Data Residency Requirements
Storage of Data for Regional Services
Storage of Data for Nonregional Services
Data Sovereignty
Personal Data
Azure Policy Consideration
Azure Blueprints Consideration
Protecting Organizational Data
Encryption of Data at Rest
Encryption of Data in Transit
Encryption During Data Processing
Azure Customer Lockbox
Translate Privacy Requirements into Requirements for Security Solutions
Leverage Azure Policy
Summary
Exam Essentials
Review Questions
Chapter 5 Identify Security Posture and Recommend Technical Strategies to Manage Risk
Analyze Security Posture by Using Azure Security Benchmark
Evaluating Security Posture in Azure Workloads
Analyze Security Posture by Using Microsoft Defender for Cloud
Assess the Security Hygiene of Cloud Workloads
Evaluate the Security Posture of Cloud Workloads
Design Security for an Azure Landing Zone
Design Security Review
Security Design Considerations
Security in the Azure Landing Zone Accelerator
Improve Security in the Azure Landing Zone
Evaluate Security Postures by Using Secure Scores
Identify Technical Threats and Recommend Mitigation Measures
Recommend Security Capabilities or Controls to Mitigate Identified Risks
Summary
Exam Essentials
Review Questions
Chapter 6 Define a Strategy for Securing Infrastructure
Plan and Deploy a Security Strategy Across Teams
Security Roles and Responsibilities
Security Strategy Considerations
Deliverables
Best Practices for Building a Security Strategy
Strategy Approval
Deploy a Process for Proactive and Continuous Evolution of a Security Strategy
Considerations in Security Planning
Establish Essential Security Practices
Security Management Strategy
Continuous Assessment
Continuous Strategy Evolution
Specify Security Baselines for Server and Client Endpoints
What Are Security Baselines?
What Is Microsoft Intune?
What Are Security Compliance Toolkits?
Foundation Principles of Baselines
Selecting the Appropriate Baseline
Specify Security Baselines for the Server, Including Multiple Platforms and Operating Systems
Analyze Security Configuration
Secure Servers (Domain Members)
Specify Security Requirements for Mobile Devices and Clients, Including Endpoint Protection, Hardening, and Configuration
App Isolation and Control
Choose Between Device Management and Application Management
Device Settings
Client Requirements
Specify Requirements for Securing Active Directory Domain Services
Securing Domain Controllers Against Attack
Microsoft Defender for Identity
Design a Strategy to Manage Secrets, Keys, and Certificates
Manage Access to Secrets, Certificates, and Keys
Restrict Network Access
Design a Strategy for Secure Remote Access
Design a Strategy for Securing Privileged Access
Summary
Exam Essentials
Review Questions
Chapter 7 Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services
Establish Security Baselines for SaaS, PaaS, and IaaS Services
PaaS Security Baseline
IaaS Security Baseline
Establish Security Requirements for IoT Workloads
Establish Security Requirements for Data Workloads, Including SQL Server, Azure SQL, Azure Synapse, and Azure Cosmos DB
Security Posture Management for Data
Databases
Define the Security Requirements for Web Workloads
Security Posture Management for App Service
Determine the Security Requirements for Storage Workloads
Security Posture Management for Storage
Define Container Security Requirements
Security Posture Management for Containers
Define Container Orchestration Security Requirements
Summary
Exam Essentials
Review Questions
Chapter 8 Define a Strategy and Requirements for Applications and Data
Knowing the Application Threat Intelligence Model
Analyze the Application Design Progressively
Mitigation Categories
Mitigate the Identified Threats
Specify Priorities for Mitigating Threats to Applications
Identify and Classify Applications
Assess the Potential Impact or Risk of Applications
Specify a Security Standard for Onboarding a New Application
Onboarding New Applications
Security Standards for Onboarding Applications
Specify a Security Strategy for Applications and APIs
Enforcing Security for DevOps
Security Strategy Components
Strategies for Mitigating Threats
Specify Priorities for Mitigating Threats to Data
Ransomware Protection
Design a Strategy to Identify and Protect Sensitive Data
Data Discovery: Know Your Data
Data Classification
Data Protection
Specify an Encryption Standard for Data at Rest and in Motion
Encryption of Data at Rest
Encryption of Data in Transit
Azure Data Security and Encryption Best Practices
Manage with Secure Workstations
Key Management with Key Vault
Summary
Exam Essentials
Review Questions
Chapter 9 Recommend Security Best Practices and Priorities
Recommend Best Practices for Cybersecurity Capabilities and Controls
Essential Best Practices in the MCRA
Recommend Best Practices for Protecting from Insider and External Attacks
Recommend Best Practices for Zero Trust Security
Recommend Best Practices for Zero Trust Rapid Modernization Plan
Recommend a DevSecOps Process
Plan and Develop
Commit the Code
Build and Test
Go to Production and Operate
Recommend a Methodology for Asset Protection
Get Secure
Stay Secure
Dilemmas Surrounding Patches
Network Isolation
Getting Started
Key Information
Recommend Strategies for Managing and Minimizing Risk
What Is Cybersecurity Risk?
Align Your Security Risk Management
Knowing Cybersecurity Risk
Plan for Ransomware Protection and Extortion-Based Attacks
Regain Access for a Fee
Avoid Disclosure by Paying
Protect Assets from Ransomware Attacks
Strategy for Privileged Access
Recommend Microsoft Ransomware Best Practices
Remote Access
Email and Collaboration
Endpoints
Accounts
Summary
Exam Essentials
Review Questions
Answers to Review Questions
Chapter 1: Define and Implement an Overall Security Strategy and Architecture
Chapter 2: Define a Security Operations Strategy
Chapter 3: Define an Identity Security Strategy
Chapter 4: Identify a Regulatory Compliance Strategy
Chapter 5: Identify Security Posture and Recommend Technical Strategies to Manage Risk
Chapter 6: Define a Strategy for Securing Infrastructure
Chapter 7: Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services
Chapter 8: Define a Strategy and Requirements for Applications and Data
Chapter 9: Recommend Security Best Practices and Priorities
Index
EULA