Microsoft 365 (M365) Security

Questions and Answers

In a shared responsibility model for cloud services, how does the level of responsibility change as you move towards Software as a Service (SaaS)?

• Responsibility stays the same regardless of the service model.
• Responsibility becomes solely focused on network security.
• Responsibility decreases as the provider manages more of the underlying infrastructure. (correct)
• Responsibility increases as you manage more aspects of the infrastructure.

What is the core principle behind a zero-trust security model?

• Relying on perimeter security to protect the network.
• Assuming all users and devices inside the network are inherently trusted.
• Continuously validating and verifying access requests, regardless of the user or device. (correct)
• Granting users the maximum possible privileges to ensure productivity.

What is the primary purpose of Azure Key Vault?

• Deploying web applications.
• Storing and managing secrets, keys, and certificates. (correct)
• Monitoring network traffic.
• Managing virtual machines.

How does Conditional Access enhance security?

By enforcing requirements before granting access to resources. (D)

What is the purpose of Privileged Identity Management (PIM)?

To grant just-in-time access to roles and identities. (D)

What does the term 'federation' mean in the context of identity management?

Using one identity to access resources in another identity provider. (B)

What is the function of Azure Web Application Firewall (WAF)?

Protecting web applications from common web exploits. (A)

What is the purpose of Network Security Groups (NSGs) in Azure?

To filter network traffic to and from Azure resources. (D)

What is the function of Azure Bastion?

Providing a secure and managed jump box for accessing Azure resources. (C)

What capabilities does Microsoft Defender for Cloud provide?

Security posture management and threat protection across multi-cloud and on-premises environments. (A)

What is the purpose of Microsoft Sentinel?

Providing SIEM and SOAR capabilities for threat detection, investigation, and response. (D)

What type of information can be collected by Sentinel?

Logs and data from various sources, including cloud services, on-premises systems, and security devices. (D)

What is the purpose of the Service Trust Portal?

To access compliance reports, audit results, and other trust-related information about Microsoft cloud services. (C)

What does Microsoft Purview help organizations achieve?

Data governance, compliance, and risk management. (D)

What is the purpose of eDiscovery?

To identify and collect electronic data for legal and regulatory matters. (A)

What is symmetric encryption?

It uses the same key to encrypt and decrypt data. (C)

An organization wants to allow only necessary access to resources at a given time. What principle should they follow?

Least Possible role (D)

What is a common use case for asymmetric encryption?

Allowing someone to send you an encrypted message that only you can decrypt (C)

When considering defense in depth, what does this strategy aim to achieve?

Implementing multiple layers of security to protect assets (A)

What is the primary benefit of Single Sign-On (SSO)?

Enabling users to access multiple applications with one set of credentials (D)

Flashcards

Zero Trust

A security strategy where no user or device is trusted by default; verification is required for access.

Encryption

A method of ensuring data confidentiality by converting it into an unreadable format using cryptographic algorithms.

Symmetric Encryption

Encryption using a single key to both encrypt and decrypt data.

Asymmetric Encryption

Encryption using a pair of keys: a public key for encryption and a private key for decryption.

Azure Key Vault

An Azure service for securely storing and managing secrets, keys, and certificates.

Entra ID

A directory and identity management service by Microsoft, providing authentication and authorization for users and applications.

Multi-Factor Authentication (MFA)

A method of confirming a user's identity using more than one verification factor.

Conditional Access

A way to enforce requirements before granting access to resources.

Privileged Identity Management (PIM)

Provides temporary, elevated access to roles or permissions.

Federation

Allows users to use one set of credentials to access multiple applications and services across different domains.

Azure Web Application Firewall (WAF)

A cloud-based web application firewall (WAF) that protects web applications from common web exploits and attacks.

Azure Bastion

A managed jump box service that provides secure RDP/SSH access to virtual machines without exposing them to the internet.

Defender for Cloud

A cloud security posture management (CSPM) and cloud workload protection platform (CWPP) solution that provides threat protection and security management across multi-cloud and hybrid environments.

Azure Sentinel

A cloud-native SIEM and SOAR solution that provides intelligent security analytics and threat intelligence across the enterprise.

Microsoft Purview

A Microsoft tool that helps organizations discover, classify, protect, and govern their data.

Microsoft Priva

Microsoft tool that provides insights and controls to manage privacy risks, automate data subject rights requests (DSRs).

Study Notes

• There are thousands of operations constantly occurring against Microsoft 365 (M365).
• Enhanced capabilities allow better management.

Shared Responsibilities

• As you move to the cloud, you have less responsibility, but you still manage things like identities.
• Defense in depth involves as many layers of protection as possible
• Zero trust involves not trusting the network and constantly validating access.
• Least privilege focuses on providing only the minimum necessary access, only when needed (just-in-time).
• Assume breach involves encrypting everything, segmenting, and minimizing access.
• The approach applies to identities, devices, apps, data, infrastructure, and network encryption.

Encryption

• Symmetric encryption uses the same key for encryption and decryption.
• Asymmetric encryption uses a pair of keys, where one key's action can be undone by the other.
• Public key: used to encrypt data that only the recipient can decrypt with their private key.
• Azure Key Vault (KYT) is an Azure service for storing secrets.
• Storing keys can read, write, and import them.
• Keys can be generated but not exported, cryptographic operations can be run inside it.
• Certificates can be managed to control their lifecycle.

Identities in Microsoft Entra ID

• A tenant is a set of objects, including users, applications, devices, and groups.
• Apps and services trust a particular tenant.
• Single sign-on can be extended to on-premises directories using synchronization.

Authentication

• Authentication proves you are who you claim to be.
• Multi-factor authentication (MFA) is the minimum, requiring multiple factors for authentication.
• Factors include something you know, something you have, or something you are.
• Passwordless is ideal and involves conditional access.
• Conditional access sets requirements before granting tokens for access and authorization.

Governance

• Governance Solutions manages the lifecycle of a user.
• Onboarding, role changes, and offboarding should be monitored.
• Access reviews determine who has access to groups and applications.
• Privileged Identity Management (PIM) gives just-in-time access to roles.
• Identity Protection provides risk assessment for users and sign-in permissions.
• Management assesses permissions and validates what's needed.
• Microsoft Entra Private Access provides access to private resources in a private network.
• Internet access helps lock down services.
• Categories of Fully Qualified Domain Names (FQDN) can be used.
• Federation allows using identities against resources in another identity provider like Azure.
• Network perspective prevents distributed denial-of-service (DDoS) attacks with network or IP-level solutions.

Azure Firewall

• Azure Firewall provides a managed network appliance with layer 4 (Network) and layer 7 (Application) capabilities.
• HTTP, web application firewall for Azure Front Door (Global level) and Application Gateway (Regional).
• Virtual networks are isolated by default unless peered, which enables further segmentation using Network Security Groups (NSGs).
• NSGs are sets of rules governing traffic flow.
• Azure Virtual Network Manager allows central management using security admin rules that run before NSGs.
• The rules will funnel traffic that pass or bypass (always allow).

Azure Bastion

• Azure Bastion provides a managed jump box for accessing resources.
• Microsoft Defender for Cloud monitors cloud posture across different clouds.
• Built-in initiatives include the Microsoft cloud security baseline (free) and paid options.
• There are specific Defender plans for storage, containers, and key vaults, adding extra capabilities.
• Core-level features include just-in-time protection, adaptive network hardening, and adaptive applications.
• Security moves as far left as possible.

Microsoft Sentinel

• Sentinel gathers signals from agents (CIS logs and diagnostic settings).
• The signals from logs are collected in a log analytics workspace.
• The workspace can then run detection rules to investigate threats and automate responses.
• Microsoft Defender XDR is a comprehensive solution set across Office 365.
• It spans devices, endpoints, SaaS, cloud applications, on-premises, and hybrid identity.
• It looks for vulnerabilities across different services facing the internet.
• Threat intelligence includes six core principles of compliance control.
• Principles: transparency, security, legal protections, no content-based targeting, and benefits.
• The Service Trust Portal is a place to find different resources regarding compliance.
• Security Copilot is a large language model AI that assists across a range of services.
• Portals like the Immersive Portal offer a separate space to interact.

Microsoft Priva

• Microsoft Priva helps manage private personal data by discovering it.
• Limits its use, and helping users request access or removal.

Microsoft Purview

• Microsoft Purview offers governance, compliance, and data security solutions.
• It helps find data, classify it, protect it, prevent its loss, and govern its retention, deletion, and marking.
• Records management helps find policies to alert, triage, and manage legal holds.
• Purview eDiscovery helps find data and manage legal holds and audits.
• Compliance tools help search across Microsoft 365.