How Well Do You Know Microsoft Cloud Security Policies and Remediation Technique...

Microsoft Cloud Security: Policies, Roles, and Remediation

• To detect connections to Microsoft 365 apps from botnet networks, create a custom template-based policy in Microsoft Cloud App Security using IP address tag filters.
• When deploying Azure Defender, assign User1 the Contributor role to assign initiatives, edit security policies, and enable automatic provisioning, and assign User2 the Contributor role to view alerts and recommendations, apply security recommendations, and dismiss alerts.
• To identify impacted entities in an aggregated DLP alert, review the Events tab of the alert in the DLP alert management dashboard of the Microsoft 365 compliance center.
• To allow or block a user-specified range of IP addresses and URLs in Microsoft Defender for Endpoint, enable custom network indicators in the Advanced features from the Endpoints Settings in the Microsoft 365 Defender portal.
• To delegate tasks related to Microsoft Defender for Servers, assign User1 the task of enabling Microsoft Defender for Servers on virtual machines and assign User2 the task of reviewing security recommendations and enabling server vulnerability scans.
• To create a hunting query that will return every email that contains an attachment named Document.pdf, use the query: EmailAttachmentInfo | where Timestamp > ago(1h) | where Subject == “Document Attachment” and FileName == “Document.pdf” | join kind=inner ( … ) on SHA256, ensuring that it only shows emails sent during the last hour and optimizes query performance.
• To remediate the security risk associated with unsecure Kerberos delegation in Microsoft Defender for Identity, modify the properties of the computer objects listed as exposed entities.
• To ingest Google Cloud Platform (GCP) data into Azure Defender, configure the GCP Security Command Center, enable the GCP Security Command Center API, create a dedicated service account and private key, and from Azure Security Center, add cloud connectors, and finally enable Security Health Analytics.
• To use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center, provision the required Azure resources by defining the properties of the Microsoft.Security/automations type.
• To enable just-in-time (JIT) VM access and network detections for Azure resources, enable Azure Defender at the subscription level.