Develop a security and compliance plan

Microsoft via Microsoft Learn

Go to class Write review

Use Microsoft Entra ID to you secure your internal, external, and customer identities.
In this module, you'll:
- Describe the core terminology of Microsoft Entra ID.
- Describe the core features of Microsoft Entra ID.
- Describe the licensing models for Microsoft Entra ID.
Manage users and groups in Microsoft Entra ID
In this module, you will:
- Learn the difference between Microsoft Entra ID and Windows Server Active Directory.
- Understand tenants, subscriptions, and users.
- Create a new Microsoft Entra ID.
- Add users and groups to a Microsoft Entra ID.
- Manage roles in a Microsoft Entra ID.
- Learn how to create a hybrid identity solution with Microsoft Entra Connect.
Configure and manage secrets in Azure Key Vault
In this module, you'll:
- Explore proper usage of Azure Key Vault.
- Manage access to an Azure Key Vault.
- Explore certificate management with Azure Key Vault.
- Configure a Hardware Security Module Key-generation solution.
Monitor Microsoft Entra security events with built-in reporting and monitoring capabilities to prevent unauthorized access and potential data loss.
In this module, you will:
- Store Azure audit logs and sign-in activity logs in a Log Analytics workspace.
- Create alerts for security events in a Log Analytics workspace.
- Create and view dashboards to support improved monitoring.
Learn best practices for building, hosting, and maintaining a secure repository on GitHub.
In this module, you will:
- Identify the tools and GitHub features to establish a secure development strategy.
- Enable vulnerable dependency detection for private repositories.
- Detect and fix outdated dependencies with security vulnerabilities.
- Automate the detection of vulnerable dependencies with Dependabot.
- Add a security policy with a SECURITY.md file.
- Remove a commit exposing sensitive data in a pull request.
- Remove historical commits exposing sensitive data deep in your repository.
Learn about post-incident reviews, a practice necessary to help you sustainably achieve the appropriate level of reliability in your systems, services, and products.
In this module, you will:
- Discover the importance of learning from incidents.
- Understand the aspects of complex systems that make learning from failure important.
- Learn when and how to conduct a post-incident review.
- Understand the purpose and goals of a post-incident review.
- Learn the components that go into a good post-incident review.
- Explore the Azure tools that can assist with getting started with post-incident reviews.
- Become aware of common traps to avoid.
- Identify helpful practices to conduct a better review.
Learn the incident response fundamentals necessary to help you sustainably achieve the appropriate level of reliability in your systems, services, and products.
In this module, you will:
- Learn the importance of effective incident response.
- Gain an understanding of the lifecycle of an incident so we know just how to apply our efforts.
- Learn the building blocks for constructing an incident response process that allows us to respond with urgency.
- Begin to track your incidents effectively using Azure DevOps tools.
- Explore ways to automate your incident tracking for a speedy and consistent response.
- Understand the guidelines around communication that allow incident response to be more efficient.
- Visit some Azure tools that can significantly speed up your remediation times during an incident.

Syllabus

Secure your identities by using Microsoft Entra ID
- Introduction
- Microsoft Entra overview
- Understand Microsoft Entra ID licenses and terminology
- Essential features of Microsoft Entra ID
- Get started with Microsoft Entra ID
- Summary
Manage users and groups in Microsoft Entra ID
- Introduction
- What is Microsoft Entra ID?
- Create and manage users
- Create and manage groups
- Use roles to control resource access
- Connect Active Directory to Microsoft Entra ID with Microsoft Entra Connect
- Summary
Configure and manage secrets in Azure Key Vault
- Introduction
- Guidelines for using Azure Key Vault
- Manage access to secrets, certificates, and keys
- Exercise - store secrets in Azure Key Vault
- Manage certificates
- Summary
Monitor and report on security events in Microsoft Entra ID
- Introduction
- Use logs to detect suspicious activity
- Exercise - Set up and view sign-in logs and audit logs
- Integrate logs with a Log Analytics workspace
- Exercise - Integrate logs with a Log Analytics workspace
- Set and view alerts in your Log Analytics workspace
- Exercise - Set an alert in your Log Analytics workspace and view alerts
- Set up dashboards and reports to visualize log data
- Exercise - Set up a dashboard and add a report
- Summary
Maintain a secure repository by using GitHub best practices
- Introduction
- How to maintain a secure GitHub repository
- Automated security
- Exercise - Secure your repository's supply chain
- Module assessment
- Summary
Improve your reliability with modern operations practices: Learning from failure
- Introduction
- Why learn from incidents?
- What is a post-incident review?
- Characteristics and components of a good post-incident review
- The post-incident review process
- Common traps to avoid
- Helpful practices for learning from failure
- Summary
Improve your reliability with modern operations practices: Incident response
- Introduction
- Importance of incident response
- Characteristics and lifecycle of an incident
- Foundations of incident response
- Incident tracking
- Communication and collaboration
- Remediation
- Summary