Cloud Security on Microsoft AZURE | Harshit Srivastava | Skillshare

Playback Speed

  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

15 Lessons (1h 37m)
    • 1. Azure Security- Intro

    • 2. Security Center

    • 3. PRA 1 Security Center

    • 4. Active Directory

    • 5. VPN Gateway

    • 6. DDoS Protection

    • 7. Key Vault

    • 8. PRA 3 Key Vault

    • 9. Dedicated HSM

    • 10. Application Gateway

    • 11. PRA 2 Application Gateway AA

    • 12. PRA 2 Application Gateway BB

    • 13. Sentinel

    • 14. PRA 4 Sentinel

    • 15. Info Security

  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.





About This Class

In this course, we would explore Microsoft AZURE Cloud Platfrom. Learn all the available Identity and Security tools and services under catalog, and what we can do with each service provided with platform. This course covers wide range of Azure Cloud services with theoretical lectures and practical demonstration including-

Securtity Center, Azure Active Directory, VPN Gateway, DDoS Protection, Key Vault, Dedicated HSM, Application Gateway, Azure Sentinel, and Information Protection.

Meet Your Teacher

Teacher Profile Image

Harshit Srivastava

Developer on IBM Cloud, Bluemix


I am Self-Taught developer who had worked on various platforms using varied languages, and involved in various Projects both Open Source and Proprietary.

I have developed Web and Android Applications, chrome Extension, worked on various frameworks, fixed bugs for some projects, and explored numerous others. I think education and learning should be free and open, not be bound with restrictions like attending classes or going to college, People from all age groups, gender, faith, race, nations, etc must get equal privilege. When entire world would act this way like being a single FAMILY, we would truly realise VALUE of Knowledge and Human Life.

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
  • Yes
  • Somewhat
  • Not really
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.


1. Azure Security- Intro: You have developed in application and hosted on the Cloud. It's running perfectly well. Until you notice something weird, they smoke is coming out. There is an attack or a massive security breach. Now it's time to call a security team. But you realize you have none. Maybe you have a security team, but they don't handle the Cloud. Your business has room and you're losing millions of dollars every second. You could have simply avoided this kind of incident or just got better control over stuff. If you have learned and applied various Cloud security tools and services. So we're resource person, Savior organization at critical times and start learning cloud security. Now. 2. Security Center: Hi. Welcome, friend. We're learning cloud computing with Microsoft a zero on here in this lecture, we're going to learn about security search center with this secure of level under the security category off as your club. So what? The security center security Centuries of one place our solution. I was helped you unify security implementation for the unpromising undercard resources. You have your data would like virtual machines. Are you have a networking you have Ask you, Will you have applications? You have Ah, storage. You have ah network VPN. I defend the sources running in your pre mice either on on premise Stater or on the cloud on as you. It would have the monitoring and assessment done for you. The security center unifies everything in order to have providing. I'd want straight protection across your hybrid workloads, be it on cloud or on your compromise. But you have to provide the access there. So the Here it is. What does it look like when you create an instance for security center and idea resources to be monitored? It will show you very recommendations off. Ah, high similarity medium severity on low severity for the applications that you have on, like, virtual machines are not working. Ask you and different resources on the centers required developed by smart people like our say humans. Uh, no doubt the lepers off 13 would be very smart. But smart peoples are still humans on. Humans have Certain errors are that human error takes place. They may have Ah, gonna miss configurations. Either the bucks are introduced. Are anything unknowingly and at me risk your and our business operation So you don't want to take that risk on you? Call Oneto. Perform assessment on as you help you here in the commanding different changes that you need to do So far, any high civility, the commendation for the application in order to perform the immediately steps, take our actions and that regarding second things, it will show you the detailed information as well. So say forwards and machine showing up. The civility is high. For the contrary, configuring data collection in storage, you have to configure that thing for you have finalized their application. Fire was set up, which is high civility. But as a result, the state is open. Our result. If it is open, it has not been resolved yet. on. Once it has been sold on the Paris has been fixed on recommended. While task has been done, it will be showed. As a result, the medium severity has, ah, little or medium level of impact on the low civility has less impact. So you have to focus on high civility. Tough for your application, which has are different things like, If you have ah Web application of website running on the Web, you may upload everything from rep Regis, the images and everything on the public domain. If you also upload a configuration file and make it public, it is a risk on you. Don't have want to allow your anyone from the boy to modify your configuration files the piece we configuration or any configuration file. So you want to restrict access to a public fight. You could implement that thing. It has a medium civility or high civility based on the difference in abuse so you can have ah, wiping. The solutions are why, during the for recommendations that could be there for different things, you can, how different things. It also shows that are discover solutions that you could add. It would add a zero ready identity protection, our Cisco Network off firewall and anything like that. If you have that thing are the security center will show you the solution based on security alerts it provides you do for extending your security posture. It has to protect against the traits by assessing your watch. Low Sanders is a threat prevention recommendations that we know I allows you to get secure faster so you don't need to perform manual of integration assessment and everything. It will be done on automatically provisions for you. All you need to do is to just decide what you want to take action. It will tell you recommendations under this season will be yours. Different best practices and common fixes off missed configurations for a zero infrastructure service and performance. Everything those let me include failure to deploy a system of great if there are update for different virtual machines are different set of applications. You need to deploy the ablaze because updates help you get a fix off. Are different force tackles pre willing. In the earlier versions, you could remove the doors box Advice is simply updating the thing you have done essentially exposure to the Internet through public facing endpoints. It could monitor those endpoint at firewalls on removed on unnecessary exposure. You got unencrypted data in transitory storage. So you want to encrypt everyday tower that is being in transit. So there could be attacks like mine in the middle attack, our side channel attacks or any kind of attacks that could be there that could tamper with your confidential information. You don't want the hardest thing to be in the bad hands. So how Security center works, it works simply, It makes you self machine learning. Microsoft Team has developed and advanced machine learning, and Norman that helps USS off the deployed mortals. Whatever you provided to the security center, it will monitor on provide you automatically recommendation for the Watcher machines using a machine Learning for your own provides virtual machines. You manually deployed agent at the security center will begin the assessment off the security states off all your washing machines, networks, applications and data. So again, he makes use machine learning for that thing. So how does also shows you you shows you the secure school, a security school eyes a new entity for this thing? You don't hear I on other platforms as you were introduced at the security school, the secure scorer would tell you from the security level on the level of concern that you need to have it is an accumulation off all your recommendation scores. For a certain application, you can view your overall security score on for the subscription or management groups, depending on what you sell it. For Freedia. It has different standards for P S. A good has different standards. U. S Gold will very based on subscription off active recommendation off these subscriptions. If your score is high, your application tends to be more secure. If discover it's no, you need to take up immediate actions to make it more secure. Way have the overall the score at 6 22 out off 13 under 16. So there's a medium level of severity winning toe. Make it more secure. You have different stages and capability. You can have the prevented state that detect this far in the stages. There's fund, out comes the security center, gives your defense on induct ability to board detect on help protect against the trips, and it is have a little annulled above the standard here. The Freedia understand until will provide you more features to reduce our surface area for attack. Uh, for it. The standard. Here. You got options to protect your limits. And our windows servers are you got option to protect your cloud meteorite applications. We would option to protect your data off. You could protect your Iot solutions as well. The security center alert with your fortress. And in Norman, such as remote Dexter Pretty girls have brute force attacks, astral injections or any kind of heart. Man in the middle are other artifacts that may take please. It provides you actionable recommendations for mitigating these threats. Haskell injections could be off different ranges. It would be as a small as a simple Kredi that could be passed to access a different sources the brute force for password and anymore. Next up, we could, uh, prevent these things by simple configurations, making applications more secure. Be more cautious. Be up to date of greater applications are radio skills. Try building alone solution til then keep learning and keep moving 3. PRA 1 Security Center: Hi. Welcome back, friends out here in this practical exercise, we're going to learn about security sinker on Microsoft K zero. So let's start with you can create an instance for Aziz, your security center right away from your hotel, moving toward the security services. It allows you to monitor different recommendations, associate it to your different applications that run on the cloud. Did you test our virtual machines without a data collection? Isn't witness told her? It is? Are you? Can you have to install the region's If you have unpromising stare on, we want toe provided to the security center or for other cases as well. You have to choose the subscription plan that could be associated with this. You have a free tier sale we have. You can install. Agents are you can move to remind me later. So here it is. Ah hires a policy and complaints. It's just a secure ISCO. Currently, the security score off our obligations is depicted that stand out of 35. So we need to be more secured. Wortham. And here's a really alert Oh, for no recommendation for high severity on one. For Lucy rooting for the high civility risk is for data storage. We have made maybe miss configure anything like it here on date. I storage. So you can view the recommendations here moving to the view recommendations and want to show off. What are the actual recommendations that shows our requires? Secure transfer to his storage account, innit? Implement a security concern here on you have to restrict the access to secure storage account with firewall on watching, like for configuration. So when you have implemented that thing, you're secular. Is Korbel Move are up under. The commendation is such a soil. So when you create any applications, albeit virtual machines that story it or anything on the cloud there is a chance for human error on. You want to have ah, recommendation or card authority or automation being done? That the comments? You are what you can do. You have the policy and complaints as well. You can have the coverage of the security school. You could check. You could have this security policy here. You have the regulatory compliance Here. You have the recommendations. You have the computer and applications. You got the authority Hub resource is you got evens here. You could monitor the evens out from here. You could choose the working space to view in the coverage. Your subscription is not fully protected. It shows here you have to upgrade. If you have a free Pierre account, you have tow upgraded to a standard plants like physical model eso you would be more than colored, so you could create an access role here as well. For fully covered plan, you have to create a custom plan Here it master toe valid I d he said. A security score you could monitor. Here you have the security policy you could implement of the regulatory. Our compliance regarding different things never seem to monitor environment for risk based on the different standards. On with a report that shows on the complaints. So we have moderate hair. We can cry the complaints here as it is for network control, for policy, for intelligent threat detection and all things we could hind four traits as well. We have the recommendation shown here. I find a different category store security solutions. We can also map the security solutions that we can act. We have the advantage of our defense technologies here level so you can have the application White listing off the programs. You could have the religion process. Telegrams on virtual machines recommended to white list so it won't. We were checked again and again, keeping your price less. It costs less, and you can have the just in time virtual machine access as well. You. It has you toe deal with a malicious and are not a software application control. It allows you to specify the applications that you can run on. The virtual machines are computers. Yeah, I don't trade prediction as well. The security alerts. Hi, def endings, the VM access. I never said to lock down their virtual machines in case of any blocking or inbound traffic to a specific cold. Is there university to control the access or reduce the threat? You can create our right away from here, so if you want to learn how it actually works, you could get in the morning. But it shows you how you can deal with our different tres very fine tuning. We have the file integrity, monitoring service as well. Currently, it is not supported as our plan because the way we have a freakin when your grade it will show you right here. And when you have applications back to it, every displayed on trade protection is Were you detect? Are any possible threat dark may occur? You could say they're different Custom. All our crews this on a certain events that may occur if my trigger you Oh, so that you could take of the security measures. It shows a trait map from the source where alert that contains I p address targeting resources in case you're dos attack or any kind of military attack, it could remark from different locations. So if a hyper czar sitting from any of the country or geography is in the world, it would be, uh, 1,000,000,000 a year from that. Say, if you have a client cell working on the Europe on, you have a data center in China. Attackers are from Africa. You could block eyepiece from that region. Attackers with I figured out that traffic as well you could create a logic up here just providing name all for this up. I choose a subscription plan using resource group off things here that could add Krieger's to her playbook. And when you no longer need this our service, you could always that you still related or during a golf 4. Active Directory: Hi. Welcome back, friend. We're learning Count competing with Microsoft on Ju on here in this lecture we're going to learn about as your active Daftari. So let's start with this as they were. Active Directory are as your 80 is a fully managed marketing and service from Microsoft that offers identity and access capabilities for obligations running on Microsoft. Crazier on for applications, running on on promoting government. It provides you I authentication on the gateway to access are different things. It is an authentication to toe properly identify things you may have. Ah, multiple persons working simultaneously on a collaborative and warming on. They have to authenticate on various levels based on different rules. You could have a different set of directory permissions added to it as they were. 80 is not a replacement for Windows Server Active Directory. If you are already having on from ice directly, it can be extended are to the cloud using Barrick re integration. Calculating off as you're 80 it answered the security. It simplifies the access and get a small policies. Smart policies with a single identification platform. You can use it as a single sign on on access when it went to. They provide seamless, highly secure access, which would be used as connected to users are applications they need to running on. Affection is experience with the cloud. My wife are compromised applications. We got a comprehensive identity protection. You can protect your user accounts and this a security with conditional access on ongoing threat detection and response. Off kills. You got officials management on compliance at a skill you going to stay in control and reduce the cost. Are using automation Self service on policy enforcement. You've got customer and partner identities. You could connect with a connect and collaborate with your customers and partners easily between secure without the extra were hard. You've got identity platform for the lepers, even accelerator. After Lippman on improved customer experience without indication of single sign on user prohibition and love, you want identity for intra sector and the service. You can see when identity in physical costs when you joined the other virtual machines, you don't mean the document controller are we've been connection. It could be also extended. Teoh performing a service, a software and service on the cloud outs. Martyrs either active directory could be supported are integrated with a wide range off our tools or applications out there, we can simplify the sign on off thousands off a pre integrated sauce applications after service obligations You got integrated with Microsoft Office 3 65 Uh, Google App. Work the sap successfactors a canvas blackboard. Learn sales fourth on different occasions. Hard here. It could be integrated with drives stories like Box. It could be integrated with the right kinds of girls it supports Are different protocols. It's about the AWS for Gracia as the MLB. What indication to open? I did connect. So there is a use case. Sahara after Bella Cream may work. You haven't your different devices, we tell. Move from tablet PC's off laptop are stops. It would have different machines from door to machines. How you could provide authentication, Liar as Iraqi territory, using a corporate I D or access rules or keys that could be incorporated. You know that or 10 ticket, the person went out. Indication is being done. King of the third Party Software Service Week on platform by the service involvement are Microsoft Race. You are can be deployed on AWS as well, you know, supports after Bela Tree as well on it makes out our tradition. Call minuses, insisting on when you are authenticated, you are redirected to the service that you're going to access. Otherwise, if your credentials does not match, it won't allow you to proceed. Folder. It could be a compared to log in with Google. Log in with Facebook. Bucket itself differently. It is not a account log, and you could have a fatal Facebook or Gmail account. You could not map. Do anything with your active directory. You have a real account having the court put it ideal really assigned only to persons who have a valid credit cards can create. A zero outcome could not be infected easily. You have indicated persons as your active attitude. You got a user so you got groups A Z, your subscription. It could be added to the subscription plan that is associated to a particular user. It could be B Atago mortal of free service, although it could be associated with the resource groups of various resource groups. Mapping to a different set of resource is we'd absolutely this our date every services computer with a story services, networking services Almost. It could be as your active directory could be integrated out with fire. Well are compromised. Dr. Bela Tree as well using the dash dressing was in violation. Killed. So another use case. Here we have a user having devices. It provides a user name and password to the active directory in order to access our religious obligations on the cloud, It would be Dropbox. It would be obviously 65. It could be a customer applications. It could be any kind of sauce applications like sap I salesforce Google's or more applications based on that of the Cloud Active Directory verifies the user name and password doctors retract from the cube I stood in the server validates against active military from the corporation. You know, that could be on unpromising center. They turn on you. So you have a corporation here which has on provided I store implementing active charity services on the authentication is managed from Dale. But you will be allowed to use the cloud resources that is capital on the flag. So I use it could be anywhere in the world. On making the connection request to the prim compromise are the cloud seems a little complicated, but I could be simplified with active directory, a brief introduction a lot as your active directory. It could be used in order to implement the security meters or facilitator or users are Cline's Try building a solution til then keep learning and keep moving ahead. 5. VPN Gateway: Hi. Welcome back, friend. We're learning cloud computing with Microsoft at zero on her. In this lecture, we're going to learn about weepy and get it. It is very important. Kill when you can want to configure a network on the cloud, you could create a virtual private cloud or what? Your private network on the camp. I never went The security concerns underneath self. Let's start on this as they re being gateway as a specific type of what your neck for that is used to send encrypted traffic between your virtual network on an unpromising location over the public Internet so it could create a virtual natural. That seems like to be a private network, but it is not completely private. You could say that between the on for my sister on a virtual club. You can also use a VPN gateway to send encrypted traffic between other virtual networks. Want the Microsoft Network. Each virtual liquid can have only one reaping gate so we can have on the single weeping gateway on each network. We can create multiple networks multiple virtual and with we can have multiple connections to the same weeping gateway. At the same time, When we create our multiple connections to the same weeping get, we always belittle us. Our share the every available Okay, tree band wit. So the Gateway Bandit will be shared across our different tunnels between Turner's when we connect Ah, multiple in truck to the same weeping get. It has different advantages. You could connect you data center t as here, directly or indirectly What? Where you feel like you know you want. Oh, have your on premises store as well along with the cloud and you can going to secure general say the for government purpose. Government organizations like coat used this kind of networks a Z every being get we connect your on reminds network to ours your side to side. We've seen there are different types of weeping apologies. We're going to learn in a later section of this video in similar read that you can set up on connector reward branch office. You may have a different branch offices, I wanna headquarter and you want to connect it off over the next. The connectivity is secure and uses the industry standard protocols for I p Sick Internet critical security on Internet are key exchange. I k, you can connect you as you're watching network from animal. If he anywhere in the world using the point to side VP in it is another kind of European with FC. Connect your virtual machines on other virtual network from anywhere. A. Very you are on the road walking on favorite coverage. Managing your deployments are anything you could do, so they are different configurations at level, for we've been gateway connections on. Based on your requirement, you have to decide which configuration would be incorporated into your organization, so the 1st 1 is a sight to side connection. Here we have the weeping Gayatri. It allows you to connect over. I reset on. I keep weeping tunnels. The side to side connection can be used for cross prices. Means it would be connected to a big win to a different compromise. It's, too. On the hybrid configurations. It requires a weeping device located on Prum eyes that as a public i p address. So install all weepy in the rice on your compromise over the network, having a different I P, said protectee that has been assigned to it so that it could be managed. And it's not located behind the back. It is the happy located in the different zone. On the then we have the mighty site. Well, being this type of connection is a variation off site to site connection you create can create more than one weeping connections from your watch elect for gateway in the side to side. We have only one connection from source to destination or whatever you feel the source and destination we change. But here we can have multiple of destinations here. Our target. We could connect 234 different connections have weeping connections as well, by typically connecting multiple on pra my sites or locations data centers. When working with our multiple connections are you must use the route based weeping type. Also known that dynamic ITRI are working with a classic we next because each virtual network can only have ah, one briefing of Gayatri. All connections of the decree share the global bond with here we have our we've been getting here, which is allocated in the US West region. Having a separate I pee on. It provides a tunnel for the letter transformer for encrypted transfer between two different Entre Mayes locations. So takes the data from unpromising A to another location are to the cloud and so on. Then we have another weeping option that is point to site A point to side we've been get re connection lets you create a secure connection to your virtual network from an individual client computer. It could be used from anywhere in the world we've from while device from a computer from, ah, tablets from any remote location it could be accessed. A point of sight connection is established by starting from the client computer The solution useful for telecommuters who want to come back to our arena from a remote location such as from home or a conference. What could we have? The Selamat are such things. The PDS connection is ah useful solution. You stayed off side to side with you when you only have a few clients techniques to connect with. So I was an implementation off this thing You have a weeping get you have an additional experts not get re install it as well. The experts are establishing another connection. Teoh Unpromising Still it will be connected passed through the tunnel and corporate channel . Do the weeping get away again on the reprint. Good people allow their movable location on 1 60 location. Then we have ah ah Vina to be no connection. Watching that left about your network, you can connect the words a network to another. Watch on that call in similar way by connecting. Watch your network to an entre mai's name that that you have a duty being get and you can hide both side off the promesas. You could have entre nous as well, but it will be not visible to anyone. It seems to be having a different which network as a whole. Then you have a both connectivity type off getting providing a secure channel. It can be used in three different cases. It could be used for the same or different regions on the club. It could be used for Samar. Different subscriptions. I couldn't for free, free as a tool. A multiple subscription associated to multiple account as well. It would be used for same or different deployment models as well. We take formal service, suffer service in such a service. It could be used, are different, cloud deployment, wanted said so this other alcohol bpm get me. We want a secure general transfer between our data are on the organization. We can implement our VPN virtual private club for compromise are on the cloud, traveling on all solution, fill them, keep learning and keep going ahead. 6. DDoS Protection: Welcome back, friend. We're learning Coward comforting with Microsoft Easier. Are we learning? Very security services. I'm here in this lecture. We're going to learn about indeed us protection. So let's start as you read US protection is a jeweler of level off for you under the category off Security on Microsoft as your cloud in order to prevent your applications are the sources from distributed denial of service and denial of service attacks. These days, it is getting very common for a popular site like YouTube Google, their daily denial of service attacks being lost from anywhere in the world. So they have huge infrastructure on their unpromising as well as cloud, so they can manage the attacks. But for your company, if, say, your computer has paid a ransom to anyone else are any malicious? Hacker group has long sleep machines are attacks. Uh, so how you can prevent that thing you can distinguish between the legitimate traffic on duh attacker Adidas Production of wood security resources on the club order Virtual network on is here. So what is a DDOS attack? Generally DDOS attack consist off an attacker who hot various our slave machines on these slave machines. There's nothing makes a request for your Web application. Our resources do matters. Does it also you? You know that any on every server in the world can this 0.0, only a limited number of requests. That number may be huge on thousands or millions, or maybe billions, but it is still limited on faced. So I think we have a Bortnick. Obviously, computer or networks of computer say I can have hacked into a school Computers, which is connected to the network Internet on their 100 off schools, are thousands off the schools has been hacked and they don't know how they're hacked. So the dogs attack is very easy to done for, ah, malicious person. And you could not prevented unless you have ah, sites kind off in Exeter were load balancing on. Distributor network has been done, so I tackle computers. Generate malice is traffic over the Internet. The same Internet article. Real users have to use a clean traffic for the Tigers server. When the number off Attackers are huge, your application goes down. Or maybe maybe I'll get offline out of service. So they're not We have level. Do theirs. You have seen that when a day off reserve off for high schools are intermediate gets out on the side, crashes down due to huge traffic. Traffic is a new solar cell for attack. The leaders production has various features it has always on monitoring on automatic NATO attack mitigation options. It has adaptive feeling based on performance inside saunas, you it is have level and at the application layer protection with our obligation as your application gateway, the application file was you want integration with our monitoring for our analytics. You could monitor the resources, anything we want. We were the protection against on forcing cost off our DDOS attacks. DDOS attacks would be very expensive in when you want to make your website available for critical purpose. Our mission critical information. You have to have your website running up every time so you could not face a dossier you could not afford. It often goes attack production with the scale and elasticity off his ear could be prevented because, as here is the largest cloud in the world, it has various reasons resources to prevent a DOS attack. You must have a very few resource that could scale up, so don't worry about the cost because videos attack would not make back up off your data over the thousands off network, but it will prevent your traffic. How it is has some offering cost. It has, ah, against a turnkey defense. It covers all the resources on Watcher next, when you enable your bid US protection. Simplified configurations. It was always on traffic monitoring, proactive real time protection off DDOS attacks and from where it has been lost. It will trade down, track down the attacker. No interval is required. Dido's production is automatically mitigated. Attacked. It has adapted tuning. You tune it as a requirement. Dealers protection provides advanced intelligence and that automatically configures and to you until details production settings. The Dedo service understand that you resource it than this sounds. Configuration uses intelligent traffic pulling to learn obligation traffic patterns. Over the time you want my earlier production, you were deprived without your obligation. Get a Web application firewall. The leaders are prediction defense against our comprehensive set off. On that row, Clears delivered three and four attacks. I'm predicting that application from common things. It prevents attacks like high school injection. Close. I descriptive that after the session hijinks as well, and you would safeguard your applications. The application firewall comes without Brick configured our things to handle different kinds of threats on Commonwealth readies. You got a near real time metrics and alert roughly near time. It has a certain delay, but that delays not for 24 hours. Our motive. It is a lot of matter. A few hours or minutes. The native integration off Euromonitor exposed attack metrics to be where you find him. Analyze the attack. The attack has been analysed. You got detailed report in five minute increments during an attack for videos, medications flows that you get a log for everything you've got even to management system for mere time. The real time monitoring You got a rapid response options. He could set a response team for help with attack investigation. If you don't have any team security team currency and, like you could hard a zero isn't so. You could had anybody to help you out there. You could see the help on the res. A ticket on ago, we are answered. It would protect against an unplanned or resource cost so it could also prevent their costs . It is not an attack, but you work with this feature. Here you are different plants that production plan the basic plan under a standard plan, there are two different plans for the toss for the basic plan you got it is available for free. It has Ah, it's obviously without reminding. As your region, it has support for best effort. It has no mitigation policy, no metric and lord unavailable on as a region. So it is good when you want to start your application and your data is not mission critical . But you want to learn these things. You could offer the basic plan. But when you have a mission critical data or secure very confidential of in form in which you could not be compromised, you can adjust a standard plan. I go because you are monthly based on usage. PSE Good model. It has a better a silly security level application. So this little agreement Sorry it got in this cost prediction as well. Then you got more support and access to Dido's exports, as your Microsoft has. Where is redos exports available on the cloud to help clients like you. So when you go to a standard plan. You could also seek support from them in case you haven't attack. Then the medication locked close is have level. Who are the mitigation report as well? And I've already zone is on as you are as well. It's on from eyes and detects could be covered. There are different types off attacks that could be here are in the dollars kind of things you got telemetry attack. You got protocol? It actually. What resource application? We are back to handle these things. Volumetric attacks where the attacker school is to flirt. The network clear with our substantial markoff are legitimate traffic like your GP flow, flirt amplification floors and other is proof package could be there. It could prevent at this volume off their attack with us. Then you got a critical kind of attack We have seen float tackle, which would exploit the weakness off a little tree and therefore off the application. Always. I model, uh, adidas protection standards on me to give these attacks on different shape between malicious and real traffic, collision with legitimate traffic by interacting with the client and blocking malicious traffic. A group right there. We blocked the traffic on allow only clients to access a resource is than a resource. Attacks off could be there, which would target to have application package to disrupt the transmission of data between the host. It could be also prevented by saying that he doesn't put up protectionist and a gun. The standard mitigation consists off the policy that you choose. You have the customers, you are the customer and you log in with your as a portal. Have the Watcher let work. You have to enable Adidas. Production is standard plan are basically for for the sake off crowd information then have to enable the public eye piece on associate with the Adidas Protection on you have got to this policy generated on for that policy. You have to provide anything. It compares actual traffic delegation on constantly compares against a treasure or defined in the reader's policy to after identify read this policy implemented. Careful. So this sort of our leaders protection that is available in the clog. There were security concerns that need to be address certain things that you could assault on your home hand by removing simple bucks off, making different recommendations. Adidas is something up which could not be prevented by a single person. You need an anti infrastructure. Our planet A zero will help you out. In this case, try building a non solution til then keep learning and people in. 7. Key Vault: how will come back, friend her in this lecture, willing to learn about as your keyboard, which is a security tool. Have level another Microsoft as your cloud portal. So they start with this with his your keyboard. You could restore your different kinds off. Cryptographic keys are secret like a passwords are of a different set of things that you want to keep in a very secure place you could not afford lost off your key. It isn't really recommended, not toe right or a story, a password in an inform. You had just to remember it. But there are different kinds of keys. Are cryptographic keys or other resource I d or ah, different side of things that you want to remember? How are they? They are not remembered. Easy to remember on. You have to keep it safe. The cloud applications and services tends to use these things. The keyboard allows you to safeguard. Keep it safe with our keys and secrets. You can use the keyboard to encrypt off authentication keys. Off storage accounts for data encryption keys Not be F X files are passwords that are predicted by hardware. Security modules are HSN's. You could create an instance for this thing. It has a very sad wanted years old over other alternatives you could have. Ah, it includes is the security and control of our keys and passports that you have. You can have a back up off the keys. You could create an import encryption keys in a matter of minutes. Your applications have no doubt it access to the keys. Could we indirectly be accessible? You can use ah, Level two are relegated at yourselves. Hardware security models Every reduces the leniency with cloudy scale on global redundancy . This simplifies and automates tasks for secure socket layer or TLS trans certifications. So here it is, how it looks like when you go to the dashboard off Microsoft as you on with the security services, you create an instance for keyboard ferret yourself that will appear on the screen. It shows how much people tees up that has been generated based on certain a subscription location, our resource school. It was always hard. Any of key are modified. The existing keys. There are different type off functionality that is being offered with the keyboard. You've got a secret minutes when you got key management you are certificate management about the still secret off back as backed by at SM with the secret minutes weren't you can stick your release to rock with tight control. Access to their tokens are the secret tokens that could be used for generated as an hash or any in transit messages. Ah, possible of certificates and distance certificates safe. If you generate an epic A under application filed it. When it's a scientific is reduced a certificate. You have to restore that certificate. You could keep that thing here. You can have the certificates informative, Jason in plain text or any algorithm, you have the keys at other sectors that could be stored here. You've got the key management where you can create and control encryption keys that Andrew Power decoupled. Later, you have the certificate management to provisioned, manage and deploy both public and private SSL or TLS certificate for use within a zero on your internal connected resources, you can install our secret. What Thatcherism Why? Using either software for liberal que validation to protect secrets and the keys she has a news case with the key voice way can create an instant for as Yuki voice where we can have an administrator as you developer, the security administrator and so the administrator with a zero subscription create and managers the world on the keys you rs five lucky uniformly for this also identifies for the keys are sent to the A zero developer on the uses. Looking for keys I sent to the security. I consider that the security administrator could access the lock. FIEs see the logs of water. There are the usage on everything he could monitor and perform assessment with some security comments on the U Ours are available for that. Every Open could allow him Teoh act access that every eight keys useful for development purpose off the application, all the project. Similarly, we could just send generator us for the jesters or other rival Rose. There are the use case for the thing of it Could be integrated with NASCAR service Aziz Active Eric Priano. Here we have a person who's injured for portable power shell and rest a p I. The keyboard. Add Win that grant a value grant World access. He want access to the SQL database server using its unique ah as you active directory identity has a unique identity based on his role on it. He provides access to the database for a certain stations. The server uses our eyes as you're ready. Identity to authenticate well, as your 84 access to your keywords, then the server sense sense get rocky on drafty request. So the asymmetric key that is the story in the keyboard for data with encryption, so it sends a request to the keyboard. The keyboard will verify the request verify, and then the art indication is made to the as you acrobatically, although as service similarly, we would perform all the authentication for any kind of thing. We could have the certificate restore. We could have multiple things as your active. Radically uniquely identifies are based on the key that has been started. In that case, we don't need to provide the key directly. How it gets, I verified are based on the cloud. It makes it more secure. Their where is authentication method. For this, you have the managed identities for as a resource, and you got the service principal certificate. Anderson was principal for two secret. The manage identity for as your resources is, most Brayford recommended where you can assign and identity to your watcher machines having access to the keyboard. You can assign identities to other resources as well. The benefit for this approach is that the up or services not managing the rotation of the first secret it is automatically done introduced the identities on it. Some let me have the service principle and certificate where you can use the self service principle as an associate ID or certificate that has access to the keyboard. Didn't lead is not recommended. We got the application owner. Our developer must rotate the scientific it manually on his own, so there is a chance for human error. Human. We could not trust the human more than machines, but we need to properly configure the machines. Are the system the service, our principles, our and secret? You could get a secret authentication. Two cables on it is hard to automatically rotate the Buddhist top secret. How it is still inside the human hand, so there's are under use case way. Have the key word owner the key secrets owner obligation operator on the cloud. So there a key on a keyboard owner. It creates a keyboard on authorizes our users and applications to use them using the key. What? He cleared the application. Then there's the keys on Authorizes. Uses Teoh users to access the application based on different rules and privileges. The keyboard at ah the sorry, the T secret owner after or updates or delete two keys and seekers in the keyboard based on the access provided to her. Him? Yeah. Here. He then presents a unique You are right for every key and a secret. A unique Jurado is provided killer by the keyboard owner. She only shares the you are A to developers, not the keys on application operator Onley configure the application with the U are Nike. The applications is negotiated with security key for the keyboard. Internally, it does not make the request to the application operators on either off the item in all key water. So here we can perform accommodated mystical persons to work simultaneously on a single project on we can integrate it all with more things like that. Are you Resource manager? Virtual machines are active at pretending we could integrate vesting on our air traffic from here. So this was about keyboards. We can use the keyboard arbiter as a major security tool to keep our keys of safe on providing access to different persons off for different levels of pretensions. Try building a door solution til then keep learning and keep moving. 8. PRA 3 Key Vault: Hi. Welcome to this practical exercise of where we're going to create an instance for key voice that is available under the security tool on a zero job. So let's start with this. You can clear your instance. Just try hitting this option. Very good. Mr your cryptographic keys of pastors are any security concern keys and you don't want to lose. You could have a multiple keys. When you have an existing keys, it'll appear on the dashboard. Otherwise, you can always choose to create a new key. You have to just provide the name for this key, boy. Say any T we demo. Then we have the subscription plan. You have to choose the resource group while you can choose to create a new resource group. In this instance, you have to provide a name for the resource group. Then you can choose the location and use their standard or premium tier. The standard here is available are throughout the world. On it is it will cost you very less arty. Reviews of Vermont are roughly for think 3 to 4 cents and then there is a premium allergy that is a Chisholm Back Harbor security model on any after use the access policy. That's a magnet, really, roughly $1. And then we have the access plan. You have to configure the template. I have to select the principal. You have to add to keep our mission, you have to add the secret permission. You have to add the secure certificate permission you have to our devotion network access. Here, you can allow access from all neutrals. Are the selected networks to this keyboard? I can do the exception. You could allow the Trust and Microsoft Service to bypass this fireball if you want. Otherwise you seem kill. What is this policy sending is allergic to fire a lonely. In order to access the people, the district services will also be given permission to access a fireball. That was it will be secure. Barta not accessible. Then there you could find our templates here on when you have to find everything you have to validate and then hit the create option. Relegate off. It will move to the creation off this voice so that people still, uh, new, very important keys here. Uh, with the cable, it'll appear on the notification pane off. Once it has been deployed so you could access from there by hitting the Goto reserve option and love your hair. So the department made exciting time. It has been mapped. The results were about Emma. Elsa, let me have created earlier the key void off stores. A set of keys that could be required for different authentications. Had we go, we have this. The total number of requests on everything is mapping on the screen. I have residency success ratio. Currently we have Don't have on the left hand side, we have multiple options. We could choose to monitor the love for the keyboards. It is important because we don't want anyone to overwrite our existing are whitely keys so we could monitor the lock. What are the operations that have created currently are right. Operations are audit. Are another operations have been showing here. Then we can choose Teoh, Move to the settings right away. The keys. Here. You can generate our import. A different set of keys. Are you have the option to this? Told the backup state the generate option. We have the generate import on the start. Back up three options There we have a broad the name of the key to the key type the RS say the easy the electric car name said Dr Wish indeed the expiration date and yourself I never obviously real option. You could check the activation date when it will be activated or it was activated from there. You could also said the expiration date or if you don't have the exploration or activation date, you could choose to Homer, this is stop there for importing a key. You have to upload that file. I say you have the upload option for back off. You still have to upload. Agreed A backup. So whatever you do, just providing name our movement tours next option. I hate that. Create key here Say we have chosen the t 07 few key size I need to create option here. So it is creating a key named key, one that has been created. So our key husband is told in this voice. Eso here it is the current version of this key. I'll just bring a neighbor. You could delete it. Delete turkey anytime born, you could add the secrets certificates access policies are fire was and more for the secret you could choose to generate our involved. The option. Then you have the upload options. Here you have the name of the value. Have the country me out. You can have the manual uploaded. You have decided Forget, upload and say on use again. Get the option for activation and expiration date for the secret. Similarly, you could create certificates as well you could generate on in fort certificate. They're The options are different. I could provide a method of certificate creation. You have to choose the type of certification authority it could be. Self sign are based on a different issue. Non integrated, our integrated. See a certification authority. Then you have to choose a DNS name. Uh, they're already in its name for this certification. Then you have to choose the country and type the P K. C is a PM aptitudes. A lifetime action type are committed. Lee renew at a given person Taking off lifetime safe are 20% off the life or anything like that. You have to choose a president Lifetime. 80% Here. The extended usage could be provided here. The key uses flags could be configured. You can use toe use the key for the naval or not. You have any other options as well? You have the advance policy configuration. Are you have different options you get for importing a certificate. We have to provide the name, upload a certificate and for the past were that simple Creating itself alerting on a burning is different things. Then you have the access policy for this keys. You have the fireball excess off for our network or selected network. You could choose who can access this keys for selected network. You have to provide the I P addresses for selected networks it would allow are disallowed Microsoft to bypass the firewall In order to access this thing, you can monitor these things. You have the properties option here that you could get the resource idea that DNS name for this key. The subscription Neymar subscription 90 and world. It is weaker said where it's kind off locks. Here Regarding the source, I get the export template and cli power shell dark matter Ruby Good monitor everything. So here it is, showing the total number of requests regarding the certificate keys, give or take, and showing in the metric we have because we have requested a key. I was showing the life. So it tracks the events in the life environment of it. A little lily, you could share this thing you could download on the details in the Excel. You could copy the link. You have a different living see map here when you you could also move this world to other account. The subscription are when you don't want this application to be existing number, you could really 9. Dedicated HSM: Hi. Welcome back, friend. We're learning, child comforting with my exact as you on here. In this lecture, we're going to learn about dedicated at some, which is the critical A zero council. I start with this. It is, ah, hardware security model that is implemented and cloud. It provides a cryptographic key storage on as you on Mr Moods off singing customer security and compliance requirements, which allows you to implement the hardware security for insert eternal service. It is an either solution for customers requiring of a PS 1 40 never on three validated devices with complete on exclusive control, off edges and up lines. It is not for a gentle person who does not to use this thing. It is not a simple Harvard prediction. It maintains full administrative. When cryptographic control off your harder security models. It really days off level agreement and to common credit. Yes, It can migrate at some applications to a zero with minimal changes on improbably agency. You have unpromising up hardware. Security on it is it could be migrated to the club. You have a zoo, you have the application consisting off your dedicated. Adjust them for different customers. You could have different instances false there with that Want to give up? Using at ISM you can manage are harder security models that are used and as every but as you are dedicated, that system you can manage a hose inauguration can access at some time to scope assignment off the rules. You have the full administrative and cryptographic control. If you're adamant after researchers, Microsoft has no access or visibility to the keys and storing them. It is ah, comparable Teoh the fingerprint, our data that is being installed in your phone on your mobile phone, our mobile phone. You have the fingerprint sensor. You know that of the fingerprint information is not stored in the memory or in the operating system. It is not accessible by the android herself. It is a separate student in the hardware level. So it is that must secure. The Microsoft does not have access to it on our security and compliance with controls and certifications each at some device comes are validated against all level three on the common criteria ensuring tamper resistance, this intimacy. To meet a wide variety of security and compliance requirements, you can easily migrate applications to you as you. It is the liquid developed on partnership, but off other involvement. Other corporations are a tent, so you can keep the copy off your keys for security. It is ah, best suited for different scenarios for migration off Isis um, applications to you as you access and obligations from other clouds. Examples include on my clothing off application from unpromising as your virtual machines are running a shrink wrapped software and as original machine, we are best suitable for using here using dedicated activism on Dedicated. That system is not fit for use that for cloud services that support encryption with customer Manus Keys. So the services that already have the encryption and customer Maliki's off, such as information protection this can encryption Vitale, Keystone or Azzurri Storage or SQL on office. 3 65 Customer keys It could not be integrated with. Dedicated after Sam's testimony to use are performing a service office after their service land Microsoft Defensive ability. So it is basically made for inspection service clanks not for parts or assessor planes. It is a level of disaster recovery and protect against the users accidentally leaving the keys of Microsoft assures the customers are applications on the pass and sauce to meet this promise. Such services off our customer minus keys. Why, as your keyboard service And it is not available in a dedicated activism so dedicated that some could be used on different scenarios. Otherwise, you could use the key void for other sauce or platform service applications. Try building another solution. Basic. You keep learning and keep going ahead. 10. Application Gateway: Hi. Welcome back, friend, Or we're learning about comforting with Microsoft is you on? We're exporting whisky. Security services have level on the club. So here in this section, we get to learn about obligation gateway, which is another security to under Microsoft Azure Cloud. So let's start with this as your application. Gateway is, Ah, traffic, your balancer that enables you to manage traffic to your Web applications. It is different from traditional load balancers that operate at the transport layer for the recipient. Would you repeal air on route traffic based on the source I P address and the book to the destination? Answer. Simple. It is used for handling Web applications on the load type of traffic on different servers, or virtual machines that has been initialized with application Gateway. You can make a rotting decision based on additional attributes. Often STP requests such as you are a part or host headers. You could make use off takes like quickly spring or anything. The nature off all you have application all the nature off. The request is the key to Lord balancing here, saying if a request is made for an image, it will move to another continuing off a server. If the request is made for the video or anything like that, Hell it It's an example. We have application get installed as a load balancer for a Web application. The contras dot com and I think that could be here. We have two different servers or post the email server pool, and then we just went for it. If our users that there can be hundreds off a millions off users, eso, a particular user say, makes a request open. So you are and makes a request for an image to request an image and the incoming you are. It could order traffic to the specific set off servers that has been pre configured for image. It will move to the email server pool. The request will be diverted there. If the U. N will consist off the video link or anything like that off, say a test request a pdf request our people the request on anything. We could have separate server for that to handle the our coach inquiries are to handle the fight, and we have. You may have still have different set of servers, and there really is at 12 years off using obligation gateway. It is highly scalable, high available. We have application delivery on the cloud. It gives the application level outing. A load balancing service that lets you build a scalable on highly available were front. And as you you haven't told the size of the gateway and scale your deployment based on your needs. I suppose all their obligations firewalls a productive application from common over the release on exports like Haskell injection across I descriptive attacks. It could be integrated with other other security tools. Mexico Dissenter that has your monitor our wider request recommendations for changes you got efficient on and secure the front end with SSL. That all flow tub is a secure their friend and with sufficient back and server cell for streamlining your certificate management for SSR, and then you have the close integration with the ah zero services. It gives you an easy integration with a zero traffic manager to support must be region redirect from automatic free liver on zero downtime Maintenance obligation. Gayatri is also also integrated with load balancing. This killer defending it has a huge Acela service level agreement. 1984 95% allies being offered by Microsoft, so it is always up and running. It is generally not down. So here is another use case for application Gateway. We could install the application gateway as a load balancer for handling different kind of request. We can link it to ah White set off those like a storage log. Analytics even helps the Log analytics. We love you get the performance law fireable law access or anything like that. Evens could be generated, and it will be stolen on any kind of stories we table block or any storage. Then we could also integrated with a security center of your application. Get. We will send alerts on their security center would send recommendations regarding our request. I know things that are happening there so that we can make our system more secure. Application. Get me as a load balancer follows a certain kind of hierarchy with Internet. We have the DNS a load balancer that as your traffic manager on the top, then it consist up for my people Load balancers in different abducted regions, then each have the application gate with installed for them on each application get. They consist off multiple virtual machines that could be shared across different regions. Our expand across different zones, the hell we provide in regional scalability and elderly obligation get re provides the u. R L. On country and with starting on load balancing and the virtual machines are provide the Web servers. Could we integrated as's follows application? Get eyes wide alert. Handling Web traffic. Make it more secure if you do not read. Added to traffic according to different nature off request. I will make yourself what is slow down a little bit. And if the traffic is very large on, the management is not properly done. Installed. Uh, human face starting downtimes safer on the cloud. You have to use the power of the cloud and where the stools that that make it prestigious try building in or solution looking to learn more in the coming little Still, then keep learning and keep moving 11. PRA 2 Application Gateway AA: Hey, come back here. In this practical exercise, we're going to create an instant for application Gateway have level and another security tool on the Microsoft Azure Cloud. You can create an instance for application gateway right away by clicking this option on it will create your instance there. If you have an existing application, get running out there, it will. Appearing on it will be around the frame. Otherwise, you can choose to create your application, right. I will come there to create application Gateway. You need to just Archerd and kind of configurations. You have to provide a name for this. Get re application. You have to choose a gear by standard here that we say pressing here the waf fear the preview mode you could choose. You have to decide the capacity type. So here our instance count based on different configurations. There are different. In fact, you tie standard plan I attitude instance count. You have to create multiple instances for this thing. I say I wasn't one what it is saying that you have to choose minimum number. A few instance Come one is not covered in the SL is also with limited agreement. It is not a secure organization. The juice of then ask you size. She was a subscription on the research group under location where it will be different then you when you have configured it, you can't use Okay. Worker have been moving under consideration. You have to ride a subject configuration. Choose a watch network. You have to create a new much electric If you don't have an existing abuse on starting address of plan on the subtext, you have to do find this thing. Then you can create your own public I p address all the private I p. We have to provide the I. P in case you have four front and you can use existing are creating for private. You could have two tutto portable lighter, though. Astra QPR, Aston DBS You have to configure the I P address either in time or minutes. A DNS name assignment, listener configuration. The port number were really mapped does things. And here it is a summary off are tedious configuration details and aren't going to be creating okay better than in our sure on come from that you have provided the right information, dio it may take certain time because the server side process created provisioning out instances. It depends on how much traffic is currently there in the next. But it was beyond my kind of moments when it will be deployed. It will appear on the notification pane so you could go to the resource and garishly from here, or you can do so all the sources. 12. PRA 2 Application Gateway BB: in our application Husband successfully deployed. I will show you in a notification being you can hit the go to resource option to move to the reserve Are you can check the status of while it was running. Her three resources has been created. The gate redeemable rd miles. I went to three for research group on a demo gateway. You can set check the operational three days here clicking this option. You could say the operation I d tracking I d on the reserves. I d on the plants. You could check the input of our ports and the templates here. It could be followed by my daughter cli mode. Our Jason could be configured from animal in the you find options when it is already. You could take the problem of deployment issues. Uh, you have this gateway demo very been created. Application get. You have to choose. This option chills. The total sum of requests are some of request feels Currently, we have not having any resources brush up on the screen. You have very things on the left hand side. Off the options. It shows a very different configurations or settings. You have the monitoring options that I lowered my tricks. And, well, I haven't used to configure the Gateway Application Gateway. You can choose a standard here. W After here, you can modify the settings that we have provided earlier. When we created this application, you can increase or decrease the instance count or confuse the sq size based on different thing. You have to enable artists of all the things it would add, the Web application firewall or the Louis F. In case here, you create nothing. You could add the back and pulls. Currently, we have a single back and pull that has been created. It would add more back and pills whose all the service who were our request from, maybe got it. Okay, then we have the estate to being settings. Couldn't we have a single setting? The winning star? You could configure retail by hitting this option. The cookie based affinity, the connection raining the critical you could enable it our disability, the truth options. You have the friend and all configurations. Currently, we have a single friend and application that has been deployed. Didn't public domain. You can choose the I P or changes i p. Based on the requirements. You have the SSL policy of the listener port. It provides a default configuration. The pretty fine and the question Mort, you can choose from these three on the left. Soccer's other details that is supposed native grab socket across your gate face. You don't need to configure it additionally, but the Web soccer traffic could be received on the application gateway. I could have their custom. You have the minimum critical of war isn't on real. You can hear the rule option in orderto either, basically all right part. You can edit the existing rules as well. Regarding back and pull. The listener asked. It'd be settings. All I could find those things. Then you have the health probe. You could add the health probe. You could check the properties, it would add the locks. You have the disorder side here being depicted on this ring. You could find a export template people to export this thing you have more options are you can get the overview off of your obligation, get in front of you. It would be considered toe different back and our friend and pools, you could configure it alternatively on. Whenever you don't no longer required this application, you can choose to our delete are moved to any other subscription. If you're going 13. Sentinel: Welcome back, friend. We're learning about competing with Microsoft as you on here. In this section, we're going to learn about a security tool called Sentinels. So let's start with this. I do. Sent in the love is a cloud Native Security information and even a manager, a platform that it was built on an area to help analyse a large volumes of data across our enterprise fastly cookie. It is just like a watchman who's a standing to watch by your side. It allows your intelligence Security Analytics for and and that business our entire obligation. It aggregates data from all sources, including user application fervor on devices running on provides or in the club. It involves building connection for our easy on boarding off popular security solutions. It collects data from an ethers with support from a open standards for math. You could up with Cloud is Killed it a collection with Microsoft's own threat to texting tools center like an automated response using orchestration across your entire state, it has always use cases. You can collect data at the cloudy scale that the scale of the cloud so there's no upper limit for how much did you could collect That could be from any number of devices. You may have an android. Um, well, application that has a user data You could collect all kind off data or streaming detail on monitor I You could detect the previously uncovered traits on minimize are false positives using analytics on unparalleled Trettel intelligence from Microsoft. It would also incorporate our money. People doubt your data. Maybe channel eyes through aws are blue mix. You could have everything on a zero as well as Entre Mayes. You can perform investigation off threats with artificial intelligence and hard is precious off suspicious activities at any skate topping. Two biggest off cybersecurity work at Microsoft. You can respond to incidents rapidly with our building. Arkestra on automation off common tasks. So here it is how it looks like when you create an eastern for our security insight you can get all the details here. You got out even a large over time. You have the potential malicious evens. You got the common other task. You have the same slot. You have the alert. Common security issues are based on different Don't. You could want it that everything it will this time watch the senator with have your assessment. It is limited like a limitless. With the cloud escape his feet. I just fast and you have to only pay for pay as you go model over whatever resources are being used, you have to pay only for that no friend cost. You can bring your own office. 3 65 data for free. You can integrate are easily with your existing tools as well. It could be used for our different scenarios. Like it could be used as a hunt for threats off you could. Oh, Rachel, you if you're investigator Ah, cybersecurity analysts are saying a person like that who wants to be proactive about looking for security threats off regarding his there are organisational in that Internet the senator provides, or hunting salts and query tool toe hand for security threat a car. So sources. But your system and security applications are going later, large and off the mountains of data that are difficult to parse eso into meaningful. Lee Wendell, security analyst. Our need a better tool over that. Sentinel has building hunting credits to guide you through asking the right questions and find the issues that are already in the neck. So there could be of you set off issues and say, Here is a scenario for hunting. We have total light number of queries with the different results are different bookmarks. You can generate a new query perform such either bookmarks. It has been shown up with the reference level that he start hasn't profound on the top. Most frequently used the query, their description. It shows the description so the credit could be uncommon. Process. Fight the bottom 5% automation off your 80 up based on authentication, it could have description of having the details. It shows the provider the provider could be Microsoft custom queries or any third party. Then how the data Sosa, where Greta has been generated, the security went. It could be signing love. It could be obviously ran. It could be other, even sounds. It shows the number of resources being consumed. The tactics, how you can deal with this. You could use the logs that you could animal things that you could drive more insights, our destiny ready. Select any particular thing. It shows a complete description. The number of results of security events that occur at the curry information on the time stamp for that thing. Now, the initial access details that for systems and you gonna run the Cory Little could be incorporated for the advanced level of security. It is not generally used for Ah, simple applications are devices. However, if you fear our nation, our obligation is scales up on the cloud. You are also need a senator sentinel off for a better security on. Have a better hands on on different celebrities before they occur Are during the occur You can start out things on just the issues as they come. Try building a solution. Tell them, keep learning and give away. 14. PRA 4 Sentinel: welcome back. Friends are here In this practical exercise we're going to create an instant for I 0% in L A security tool level and as your club. So I start you have to deception at as your Sentinel which is currently in preview mode, I would have level the film now in general mood and the preview mode applications that they are not covered by Astle A service level agreements but when they are full flesh it will be covered by SLE So you can easily integrate our data generated by an foreign devices or network infrastructure are others security systems Using sentinel, you have to choose to connect. So here it is a working space. You can add the working space you could use. The work is pretty that Could we add it here? Our creative workspace And we don't have working space here. So we have to create You can link an existing workers place which will take the log analytics work experience. But it's not here. So we have to create this provider Log Analytical August face name. I use a subscription plan. Hi, Daddy Soe's group You hear the name? Say here Locked Demo you can have an existing resource. Well, that could be used here. But you can choose to create our own. This whole screw you have the pressing Here. Here are the passing. Pierre is based on the four GB. I guess you're right off his stories. I, Michelle starting Arab. The name was not unique. So you have to provide a unique name. It may heart already being taken your pride. Okay. So it would create an instance off for scenting there's Once it has been created, it will appear on the notification pane. 15. Info Security: Hi. Welcome back, friend. Are we learning cloud computing with Microsoft is you on? We're learning with the security kills on here in this lecture went to learn about information protection. So let's start with this information Protection off is a cloud based security solution that helps an organization to classify on protected documents and emails. By applying labours, you could add different levels for a different kind. Off documents are female are different text documents that as a layer of security on confidentiality, livers can be applied automatically by are initiators horrifying those conditions manually by users or a combination off boat where users are given different recommendations. You might have seen our various are documents, a word file, a pdf file and there it was a really protected. That was a kind of level you could use are different levels. It may I ask your passport for authentication For such things? Yeah, follow certain steps. You have to classify any label A document to classify Ah White were kind of for document. It is off. What kind of humility is designated for a secure transfer? A confidential message, A top secret that is depicted in Hollywood movies are any kind of labour's. Then you have to protect the document through RMS on the track and monitor the product a document you could attack, whether the document has been tempered or not. The security is whether compromise or not on the level is secure or you could be work access if required. You could allow a particle reports and access to the document based on different credentials, but you could remove anything anytime it allows off. When its functionalities over that you could classify your data based on the sensitivity, you could configure the policies to classify level and protect your data. The classifications with information protection is automatic, driven by user. Always under the commendations. You could protect all your data at all. The times you can add classifications on production information for different position productions are following a reader to ensure removed remain protected regardless of where it is is told. If you have a video file, observe that it should not be allowed to anyone to relight our performer. Overriding off the obligations, it must be only available to the reliable mood. But who will implement the securities constants if we just copied or for other persons of computer, it may be converted back to the word file or vegetable. For most, you need a prediction, so hiding information protection is very rightist. You could add visibility and control the contract activities on a share data, and you could recall rework access if necessary. I didn't can be powerful logging and reporting to different monitoring and actually stools . It would collaborate with a wide range of people are more security on with others. You could share your data safely with co workers, your police as a lose customers and partners. There could be different confidential documents like contracts in distal contracts are different things. Like all these days when you are distantly Matt or work for off work or differences things you may have to sign different documents need to be confidential on their implemented in the similar way on the club, it defines our who can access the data of what they can do with this. On such a long to do, you are ratifies, but it may not allow you to print or forward a message. I think I know permissions could be added to different second document. It is not a simple piece of paper that could be temperament. It is easy to use our distant document elicit use our data. Classifications on protection allows you to be easily used. It could be integrated into Microsoft Office Are similar applications. To secure the data, you're working with a single click. It could be deployed on managed with flexibility. You can choose your own encryption keys that are managed by Bring your own keys, our hold on key options under on from eyes, Other cloud The stories you could have told the key with the keyboard or different places like that. So how did it is a view This picture shows an example off as your information protection in action on the user's computer. The argument has contributed a level with rules in that detector sensitive data. In this example, it's a financial least history with a credit card information. When the user safe Sabor document it contains afraid that information she she or he sees a custom touristy, exactly command Stop label that the administrator has configured this limits classified the document unprotected. I was showing that doesn't commended Teoh level. This file is confidential for all implies. You can change it are restaurants are different things like that. You could add the only thing I could provide a name or for different things. You could select our various RMS templates available. No Artemus template could be off type of sales and marketing that could be readable and printable. Only it could not be modified. It would maybe not be overrated. Then you gotta have the confidential view. Only the confidential. I do not follow adoption. Here. You could choose are different items templates and that may be applied to different documents. You could protect sensitive information by detecting, classifying, protecting and monetary. Follow this simple stuff. It will be usually after detect the sensitive great out based on the policies water sensitively your identify. Then you have to classify what are different levels that need to be apply for each off them on. Then you have to implement the prediction. Actions are performing encryption access restrictions on a playing those Then you could monitor whether they say for security has been compromised. It could be integrated with a widening of services are say, with multiple office 3 65 Applications with Microsoft SharePoint, Accion Server Word, Excel Open office are far from our other things like that, you have to provide excess. Keep the predictions are you have to provide the executed Valls scandal Fires that were filed. You have to add the policies are delivers off the documents and interest on it will be able to share with the other set of users. I never level to be access from any kind. Off resources are girls. Here we have the Windows Server Rights Management, which manages everything. It could be integrated with a Windows Server active directory. It could be connected to on for my servers. Accent server SharePoint servers on a zero arguments provides a bright management capability for 3 65 office. The providing easy consideration and first lentils information protection policies is the level on the Vegas popular platforms that is being supported. Windows Mac IOS. And right now I have fun. It could be connected to several files that could be used as a common identity for your entre Mice active directory. All those directed radically to this other or the information protection that he could perform on the white range of documents are applications. Try building a on solution till then, keep learning and get moving