sc900 Flashcards
Microsoft Entra Verified ID
a service for securely managing and verifying digital credentials. It automates identity verification while maintaining privacy.
Microsoft Entra Permissions Management
a Cloud Infrastructure Entitlement Management (CIEM) solution that helps organizations manage permissions for identities and resources across Microsoft Azure, AWS, and GCP, supporting a Zero Trust security model with least privilege access.
Microsoft Entra ID Protection
helps organizations detect, investigate, and remediate identity-based risks by analyzing signals from user and workload identities. It integrates with tools like Conditional Access and SIEM for better security.
Six Foundational Pillars of Zero Trust
Identities, Device, Applications, Data, Infrastructure, Networks (IDADIN)
Data Residency
Refers to regulations governing the physical location where data can be stored and how it can be transferred, processed, or accessed internationally. These regulations vary by jurisdiction, making it crucial for organizations to be aware of local laws when handling data across borders.
Data Sovereignty
This principle states that data, especially personal data, is subject to the laws and regulations of the country or region in which it is collected, stored, or processed. This can create complexity as data may cross multiple jurisdictions, each with different laws.
Data Privacy:
transparency about the collection, use, and sharing of personal data. Organizations must comply with various laws and regulations to protect privacy
Authentication
is the process of verifying a person’s identity, proving they are who they claim to be.
Authorization
happens after authentication and determines what resources a person can access and what actions they can perform.
Four Pillars of Identity Infrastructure
Administration, Authentication, Authorization, Auditing
The Microsoft Service Trust Portal (STP)
how Microsoft protect data, maintain compliance
Microsoft Priva
is a set of privacy solutions designed to help organizations manage privacy operations, ensure compliance with regulations, and mitigate privacy risks.
Microsoft Purview
is a set of integrated data security, data governance, and data compliance solutions that can help organizations secure and govern their entire data estate, while helping them meet their compliance requirements
Data Loss Prevention (DLP) in Microsoft Purview
helps organizations protect sensitive information from being shared inappropriately.
Describe audit in Microsoft Purview (standard and premium)
log retention policies, high-value intelligent insights, and higher bandwidth to API.
The following authentication methods are available for SSPR:
Mobile app notification
Mobile app code
Email
Mobile phone
Office phone
Security questions
service password reset (SSPR) is a
feature of Microsoft Entra ID that allows users to change or reset their password, without administrator or help desk involvement
azure Bastion provides
secure RDP and SSH connectivity to all of the VMs in the virtual network for which it’s provisioned.
Microsoft Purview Compliance Manager
helps reduce risks related to data protection.
Microsoft Purview Communication Compliance
helps detect, capture, and address inappropriate messages that may lead to breaches or compliance incidents.
Microsoft Purview Data Lifecycle Management
provides tools for managing data retention and deletion, helping organizations meet compliance requirements.
Microsoft Purview data governance
enables organizations to securely manage, access, and utilize their data across a distributed environment while ensuring compliance, improving data quality, and supporting innovation.
Microsoft Purview Data Catalog
provides a comprehensive solution for organizing, managing, and securing data across the organization.
federation
When multiple identity providers work together where users only need to log in once, and their credentials can be used to access multiple applications
FIDO2
passwordless authentication standard using security keys or built-in device keys. It’s more secure than passwords, resistant to phishing, and supports single sign-on for both cloud and on-premises resources.
Windows Hello for Business
something you have, something you know, and something that’s part of you.
Conditional Access
extra layer of security by automating access decisions based on user, location, device, application, and risk factors
Microsoft Global Secure Access dashboard
a security solution that unifies Microsoft Entra Internet Access (SAAS) and Private Access (VPN) to protect users, devices, and data
Microsoft Entra ID different identity types
User Identities:
Workload Identities:
Device Identities:
Hybrid Identities:
external Identities
In entra ID there are three basic terminologies
Tenant: is an instance of entra ID
Directory: a database or catalog of identities and resources associated with an organization’s tenant.
Multi-tenant: is an organization that has more than one instance of Entra ID. including organizations with multiple subsidiaries, organizations that merge or acquire companies
Microsoft Entra ID Governance
who should have access, what users do with that access, and whether controls are working effectively
Microsoft Entra access reviews
manage group memberships, application access, and role assignments, ensuring only the right people have access to resources
Entitlement Management in Microsoft Entra automates
access requests, assignments, reviews, and expirations, helping manage access at scale. It allows non-administrators to create access packages and define access policies.
Network Security Groups (NSGs):
NSGs filter inbound and outbound network traffic to Azure resources, like virtual machines (VMs). An NSG consists of rules that define traffic flow based on criteria such as source, destination, port, protocol, and direction
NSGs vs Azure Firewall:
While NSGs provide distributed network-level filtering, Azure Firewall is a firewall that offers both network and application-level protection across multiple virtual networks and subscriptions. Together, they provide a defense-in-depth approach to security.
Microsoft Defender for Cloud
is a cloud-native application protection platform (CNAPP) designed to secure cloud-based applications from cyber threats and vulnerabilities
Microsoft Sentinel
is a cloud SIEM solution that provides intelligent security analytics and threat intelligence to protect enterprises.
Microsoft Defender XDR
is an enterprise security suite designed to protect against sophisticated cyberattacks by integrating threat signals from endpoints, applications, email, and identities.
Microsoft Defender for Office 365
protects organizations from threats like phishing, malware, and attacks targeting email links, attachments
Microsoft Defender for Endpoint
is a platform designed to protect enterprise networks by securing endpoints such as laptops, phones, tablets, PCs, routers, and firewalls
Microsoft Defender for Cloud Apps
provides comprehensive protection for Software-as-a-Service (SaaS) applications
Microsoft Defender for Identity
is a cloud-based security solution that leverages on-premises identity infrastructure signals to detect and respond to identity-based threats
Microsoft Defender Vulnerability Management
provides organizations with asset visibility, intelligent risk assessments,
Microsoft Defender Threat Intelligence (TI)
helps security teams efficiently aggregate, analyze, and prioritize threat intelligence data to protect organizations from the most impactful threats.
Microsoft Purview Information Protection
provides data classification capabilities to help organizations manage sensitive information and comply with regulatory requirements
OATH (Open Authentication): A standard for generating time-based one-time passwords (TOTP) for user verification.
- Software OATH tokens: Apps generating OTPs using a secret key.
- Hardware OATH tokens: Devices like key fobs showing changing codes every 30-60 seconds.
Used as secondary authentication in Microsoft Entra ID for password resets or multifactor authentication.
Cloud security posture management (CSPM
CSPM provides detailed visibility into the security state of your assets and workloads and offers hardening guidance to help you improve your security posture.
An identity provider (IdP)
is a service responsible for creating, maintaining, and managing identity information.
Examples of Identity Providers:
Microsoft Entra ID, Google, Amazon, LinkedIn, and GitHub.
Single Sign-On (SSO):
An important feature of modern identity providers is Single Sign-On (SSO). With SSO, users only need to log in once, and their credentials can be used to access multiple applications or resources. When multiple identity providers work together in this manner, it is called federation.
Data Residency: .
the physical location where data can be stored and how it can be transferred, processed, or accessed internationally
Data Sovereignty:
personal data, is subject to the laws and regulations of the country or region in which it is collected, stored, or processed.
Data Privacy:
transparency about the collection, use, and sharing of personal data.
Defense in Depth is a layered security approach that prevents unauthorized access by using multiple security mechanisms
Physical :
Identity and access control:
Perimeter
Network :
Compute :
Application :
Data :
Key Principles of Zero Trust:
Verify Explicitly:
Least Privilege Access:
Assume Breach:
shared responsibility model
Devices & accounts always CUSTOMER
On-premises datacenters: The organization is fully responsible for everything
IaaS: customer responsible for everything except physical
PaaS: customer responsible shared with applications and network
SaaS: Organization responsible for everything
eDiscovery
eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases
Lockbox
Lockbox ensures that Microsoft can’t access your content to do service operations without your explicit approval.
