Microsoft Cybersecurity Architect(SC-100) Training

About Course

The Microsoft Cybersecurity Architect (SC-100) certification validates expertise in designing and implementing secure Microsoft Azure solutions. It covers identity and access management, threat protection, governance, and compliance. Targeted at cybersecurity professionals, architects, and consultants, SC-100 emphasizes integrating security best practices into Azure solutions to mitigate risks and protect organizational assets. Certification holders demonstrate proficiency in configuring security services, implementing secure network architectures, and managing security operations using Azure tools. This certification enhances career opportunities by showcasing advanced skills in cybersecurity architecture, ensuring organizations can confidently adopt Azure while maintaining robust security postures against evolving threats.

Course Content

Module 1: Design a Zero Trust strategy and architecture

Slides and Diagrams download
How are we approaching this course
About this section
Zero Trust
Security – Integration endpoints
Cloud Adoption Framework
Security Strategy
Security Strategy – Hybrid environments
Security logging – tools
Let’s start using the tools
Security logging – Our next steps
Security logging – Building a simple infrastructure
About Microsoft Sentinel
Lab – Microsoft Sentinel – Setup
Lab – Microsoft Sentinel – Data connectors
Lab – Microsoft Sentinel – Azure Activity
Lab – Microsoft Sentinel – Generating Incidents
Lab – Microsoft Sentinel – Generating Incidents – Resources
Incidents
Lab – Microsoft Sentinel – Virtual Machines – Incidents
Lab – Microsoft Sentinel – Virtual Machines – Incidents – Resources
Microsoft Sentinel – Workbooks
Microsoft Sentinel – Automation
Microsoft Sentinel – Note on threat protection
NSG Flow logs
Note on Multiple Log Analytics workspaces
Our next focus – Azure Active Directory
Review on Role-based access control
Identity Governance – Entitlement Management
Review of Application Objects
Example on using Application Objects
Installing the Postman tool
Another example on Application Objects
Installing Visual Studio 2022
Enterprise Applications
Example on Enterprise Applications
Review – Azure AD Identity Protection
Review – Conditional Access Policies
Hybrid Identities – Azure AD Connec
Review – Azure AD Privileged Identity Management
Azure B2B
Azure B2C
Which service to choose
Azure AD Logs
Note on Azure AD Application Proxy
Quick Revision
Quick note before moving along

Module 2: Evaluate Governance Risk Compliance

Compliance of your resources
Review of Azure Policy service
Introduction to Microsoft Defender for Cloud
Microsoft Defender for Cloud – Initial Look
Azure Security Benchmark
Microsoft Defender for Cloud – Servers
Microsoft Defender for Cloud – Secure Management Ports
Microsoft Defender for Cloud – Workload Protection features
Microsoft Defender for Cloud – Workflow Automation
Microsoft Defender for Cloud – Vulnerability assessment
Management Ports update
Microsoft Defender for Cloud – Regulatory compliance
Microsoft Defender for Cloud – Remediations
Microsoft Defender for Cloud – AWS resources
Quick note on other AWS aspects
Azure Landing zones
Azure Blueprints
Example on using Azure Blueprints
Example on using Azure Blueprints – Resources
Quick Revision

Module 3: Design security for infrastructure

What are we going to cover
Quick overview of the services
Azure Storage Accounts – Authorization
Azure Storage Accounts Authorization – Access keys
Azure Storage Account Authorization – Shared Access Signature
Azure Storage Accounts – Azure AD Authentication
Azure Storage Accounts – Firewalls
Azure Storage Account – Service Endpoint
Azure Storage Accounts – Deny use of Access keys
Azure Storage accounts – Azure Policy use case
Creating an Azure SQL database
Azure SQL Database – Auditing
Azure SQL Database – Log output
Using the Azure Bastion Service
Azure Bastion – Creating the environment
Lab – Using the Azure Bastion Service
Azure Web Apps – Enabling Diagnostics
Azure Web Apps – Diagnostics results
Azure Web Apps – Virtual Network Integration
Azure Web App – Isolated App Service Plan
Azure Web Apps – More Networking Details
Azure Web App – Usage of Private Endpoints
Lab – Creating an Azure Cosmos DB Account
Lab – Creating an Azure Cosmos DB Account – Resources
Example of an application connecting to Azure Cosmos DB
Example of an application connecting to Azure Cosmos DB – Resources
Storing Azure Cosmos DB keys
Storing Azure Cosmos DB keys – Resources
Azure Cosmos DB logs
Azure Cosmos DB – Azure AD Authentication
Azure Cosmos DB – Disable local authentication
Azure Cosmos DB – Disable local authentication – Resources
Azure Automation – Storage account copy
Azure Automation – Storage account copy – Resources
Azure Automation – Azure Key Vault
Azure Automation – Azure Key Vault – Resources
Microsoft Threat Modeling Tool
Microsoft Defender for Containers
Containers – What are we going to implement
Building a Docker Image
Building a Docker Image – Resources
Deploying the container
Deploying the container – Resources
Quick Note on protecting domain controllers
Network Security Groups – Quick Review
Looking into Microsoft 365 Security
Introduction to Microsoft Defender
Microsoft 365 Admin Center
Example on how to apply for Trial Licenses
Quick look at Microsoft Defender for Endpoint
Azure Virtual Desktop – Creating an endpoint
Azure Virtual Desktop – Using the machine
Azure Virtual Desktop – Using the machine – Resources
Quick Revision

Module 4: Design a strategy for data and aplications

What are we going to cover
Protecting your data
Lab – Azure SQL database – Dynamic data masking
Lab – Azure SQL database – Dynamic data masking – Resources
Azure SQL database – Classification of data
Encryption of data
Azure Storage Service Encryption
Azure SQL Database Encryption
Azure SQL Database – Always Encrypted feature
Managed Disks Encryption
Note on Azure Backups
Protecting your workloads
Note on your DevOps pipeline
Quick Note on securing applications
Review of the Azure Firewall service
Quick Note on Azure Web App – Azure Firewall
Simple implementation of Azure Front Door
Azure Front Door – Web Application Firewall
Azure Front Door Log details
Note on Remote access
Review on VPN Connections
Microsoft 365 – Sensitivity labels
Microsoft 365 – Data Loss Prevention
Note on other Microsoft 365 Compliance features
Microsoft Defender for Cloud Apps
Note – Microsoft Defender for Identity – Entity tags
Quick Note – Microsoft 365 Defender – Web Content Filtering
Microsoft Purview for Azure assets

Module 5: Practice Section

Add this certificate to your resume to demonstrate your skills & increase your chances of getting noticed.

About Course

What Will You Learn?

Course Content

Module 1: Design a Zero Trust strategy and architecture

Slides and Diagrams download

How are we approaching this course

About this section

Zero Trust

Security – Integration endpoints

Cloud Adoption Framework

Security Strategy

Security Strategy – Hybrid environments

Security logging – tools

Let’s start using the tools

Security logging – Our next steps

Security logging – Building a simple infrastructure

About Microsoft Sentinel

Lab – Microsoft Sentinel – Setup

Lab – Microsoft Sentinel – Data connectors

Lab – Microsoft Sentinel – Azure Activity

Lab – Microsoft Sentinel – Generating Incidents

Lab – Microsoft Sentinel – Generating Incidents – Resources

Incidents

Lab – Microsoft Sentinel – Virtual Machines – Incidents

Lab – Microsoft Sentinel – Virtual Machines – Incidents – Resources

Microsoft Sentinel – Workbooks

Microsoft Sentinel – Automation

Microsoft Sentinel – Note on threat protection

NSG Flow logs

Note on Multiple Log Analytics workspaces

Our next focus – Azure Active Directory

Review on Role-based access control

Identity Governance – Entitlement Management

Review of Application Objects

Example on using Application Objects

Installing the Postman tool

Another example on Application Objects

Installing Visual Studio 2022

Enterprise Applications

Example on Enterprise Applications

Review – Azure AD Identity Protection

Review – Conditional Access Policies

Hybrid Identities – Azure AD Connec

Review – Azure AD Privileged Identity Management

Azure B2B

Azure B2C

Which service to choose

Azure AD Logs

Note on Azure AD Application Proxy

Quick Revision

Quick note before moving along

Module 2: Evaluate Governance Risk Compliance

Compliance of your resources

Review of Azure Policy service

Introduction to Microsoft Defender for Cloud

Microsoft Defender for Cloud – Initial Look

Azure Security Benchmark

Microsoft Defender for Cloud – Servers

Microsoft Defender for Cloud – Secure Management Ports

Microsoft Defender for Cloud – Workload Protection features

Microsoft Defender for Cloud – Workflow Automation

Microsoft Defender for Cloud – Vulnerability assessment

Management Ports update

Microsoft Defender for Cloud – Regulatory compliance

Microsoft Defender for Cloud – Remediations

Microsoft Defender for Cloud – AWS resources

Quick note on other AWS aspects

Azure Landing zones

Azure Blueprints

Example on using Azure Blueprints

Example on using Azure Blueprints – Resources

Quick Revision

Module 3: Design security for infrastructure

What are we going to cover

Quick overview of the services

Azure Storage Accounts – Authorization

Azure Storage Accounts Authorization – Access keys

Azure Storage Account Authorization – Shared Access Signature

Azure Storage Accounts – Azure AD Authentication

Azure Storage Accounts – Firewalls