See “Zero-trust guiding principles” on MS Learn https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/2-describe-zero-trust-methodology?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.wwl.describe-concepts-of-security-compliance-identity

Asymmetric encryption uses a public key and private key pair. Symmetric encryption uses a single shared key for bulk data encryption. Hashing is a one-way function that does not require a key.

TLS, which facilitates HTTPS, uses asymmetric encryption to first establish the identity of one or both parties. Then, it uses asymmetric encryption to exchange a key to a symmetric cipher. However, asymmetric is only used during the initial setup of communication.

A distributed denial of service (DDoS) attack is a disruptive attack that attempts to exhaust an application's resources, making the application unavailable to legitimate users. DDoS attacks can target at any endpoint or service reachable on Internet.

Distributing the physical location of servers provides added security at the physical layer by mitigating the risk that may come from outages caused by fire, hurricanes, and other disasters. Splitting a network up into multiple sub-networks provides better layered security and is an example of defense in depth at the network layer.

The SaaS model, implemented by services such as Office 365, the cloud service provider takes on service management responsibilities beyond configuring the customers desired user data and device configuration settings.

Just-In-Time and Just-Enough Access (JIT/JEA), Azure AD RBAC and conditional access implement least privilege access. See https://www.microsoft.com/en-us/security/business/zero-trust.

The two types of risk defined in the Identity Protection feature are user risk and sign-in risk. User risk represents the probability that a given identity or account is compromised. Sign-in risk represents the probability that a given authentication request isn't authorized by the identity owner.

Privileged Identity Management (PIM) allows users to activate eligible roles themselves, while offering notification of role activation to other admins, as well as optional manager approval. If desired, PIM access reviews can be configured to allow users to self-review, and then automatically apply changes based on user response.

Azure Active Directory (Azure AD) entitlement management is an identity governance feature that enables organizations to manage identity and access lifecycle by streamlining and automating access request workflows to a single request, grouping resources in a single access package. Entitlement management also enables access reviews, request approval, and expiration. See “What is entitlement management?” https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview

The questions addressed by identity governance are: 1) Which users have access to which resources? 2) What are users doing with access? 3)Are there effective organizational controls for managing that access? and 4) Can auditors verify those controls are working.

While Azure AD roles ease role assignments in delegation scenarios and implementation of least privilege, it is Azure AD Identity Protection that supports detection of user risk and sign-in risk.

While the first three items are benefits of conditional access policies, device compliance policies are implemented through Microsoft Intune.

Conditional access policies bring several benefits to authentication and authorization, including enabling selectively prompting users for a secondary authentication factor based on user location, app selection, device compliance or management state, and sign-in risk.

Windows Hello is for personal devices, while Windows Hello for Business is for managed devices. Windows Hello for Business can uses a key-based or certificate-based authentication factor, where Windows Hello uses a pin or biometric authentication.

Due to vulnerabilities, such as SIM swap attacks. SMS(text) message is considered relatively weak as a second factor, and therefore is discouraged. Voice call is the one secondary method that cannot be disabled.

Azure AD Password Protection reduces the risk of users setting weak passwords by detecting and blocking known weak passwords from a global banned password list, or also from a customer-maintained  custom banned password list.

A user cannot set or reset their password when their account is not enabled.

With single sign-on, a user signs in once and can then access multiple applications or resources. Although a central identity provider can be used by an organization, it isn't a benefit of single sign-on.

Azure AD B2B allows secure collaboration between organizations leveraging their work accounts. Azure AD B2C is a customer identity access management solution enabling customers to login to your directory with their social identity (like Google or Facebook).

See “What is Microsoft Defender for Identity?”See "What is Microsoft Defender for Identity?" https://docs.microsoft.com/en-us/defender-for-identity/what-is

A security principal is not an identity type available in Azure AD. Valid types are user, group, service principal, and management identities. Security principal more broadly describes any entity that can be authenticated by the Windows OS.

Cloud solutions such as Azure Active Directory (Azure AD) provide capabilities such as multifactor authentication, identity protection, and robust role-based access control. Azure Active Directory also provides the ability to provision on-premises and third-party applications such as Box, Concur, Google Apps, Salesforce, and more.

A phishing attack is when a hacker sends an email that appears to come from a reputable source. The email contains a credible story, such as a security breach, instructing the user to sign in and change their password. Instead of going to a legitimate website, the user is directed to the scammer’s website where they enter their username and password. A spear phishing attack is a more sophisticated attack designed to target a specific user or group of users.

A password spray attack attempts to match a username against a list of weak passwords. See “Describe identity principles” on MS Learn: https://docs.microsoft.com/en-us/learn/modules/describe-identity-principles-concepts/2-describe-common-identity-attacks

Federation relies on a trust relationship to allow access to resources for authenticating entities.

Active Directory (AD) is a set of directory services developed by Microsoft as part of Windows 2000 for on-premises domain-based networks. It stores information about members of the domain, including devices and users, verifies their credentials, and defines their access rights. However, it does not natively support mobile devices, SaaS, and line of business (LOB) apps that require modern authentication methods. See “Describe the concept of directory services and active directory” https://docs.microsoft.com/en-us/learn/modules/describe-identity-principles-concepts/6-describe-concept-of-directory-services-active-directory.

In Azure AD, an identity provider maintains and manages identity information while providing authentication services to applications. See “Add an identity provider to your Azure Active Directory B2C tenant” https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-identity-provider

Azure AD Conditional Access policies ensure users meet our requirements for authentication, including MFA. When coupled with Azure AD Identity Protection to ensure acceptable user and sign-in risk, and Intune endpoint protection policies to secure devices, we have a solid layered defense.

You will find the Microsoft Endpoint Manager Admin Center at https://endpoint.microsoft.com.

Endpoint security policies are designed to enable easy configuration targeting a specific aspect of device security to manage security tasks for devices when those devices are at risk. They are located under the ‘Endpoint security’ node of the Microsoft Endpoint Manager Admin Center. Because they are more narrowly focused than security baselines and configuration profiles, they tend to be easier for novice administrators to manage. See “Manage endpoint security in Microsoft Intune” https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security.

Microsoft Intune is a cloud-based service that focuses on mobile device management, mobile application management, and endpoint security.

Incidents are a collection of correlated alerts created when a suspicious event is found. Alerts are generated from different types of entities, like devices, users, and mailboxes, and can come from many different domains. See “Incidents in Microsoft 365 Defender” https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide.

Microsoft 365 security dashboard shows cars with these categories: identities, data, devices, and apps.

Microsoft Secure Score is a measurement of an organization's security posture across identities, endpoints, and apps. Currently there are recommendations for Microsoft 365 (including Exchange Online), Azure Active Directory, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Cloud App Security, and Microsoft Teams See “Microsoft Secure Score” https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide

Microsoft 365 Security Center is the new home for monitoring and managing security across your Microsoft identities, data, devices, and apps at https://security.microsoft.com.

The cloud discovery feature in Microsoft Cloud App Security uses your traffic logs to dynamically discover and analyze the cloud apps that your organization is using. To create a snapshot report of your organization's cloud use, you can manually upload log files from your firewalls or proxies for analysis. Or, to set up continuous reports, use Cloud App Security log collectors to periodically forward syslog data from your perimeter network devices, such as firewalls and proxies. See “What is Cloud App Security?” https://docs.m icrosoft.com/en-us/cloud-app-security/what-is-cloud-app-security

Microsoft Defender for Endpoint detects advanced threats on your Windows 10. and other endpoints and automates investigation and threat response. See “Microsoft Defender for Endpoint” https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide

Attack Simulation Training in MS Defender for Office 365 lets you run realistic, but simulated phishing and password attack campaigns in your organization. You can create and run a campaign against some or all users.

Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. See “What is Microsoft Defender for Identity?” https://docs.microsoft.com/en-us/defender-for-identity/what-is

App discovery on endpoints to help identify unsanctioned apps is a core function of Microsoft Cloud App Discovery (MCAS), but not a feature of Azure Sentinel.

An XDR system is designed to deliver intelligent, automated, and integrated security across an organization’s domain. It helps prevent, detect, and respond to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.

A security information event management (SIEM), such as Azure Sentinel, is a tool that an organization uses to collect large amounts of data from across your environment to correlate anomalous and potentially malicious activity to identify security threats.

A baseline is the implementation of a security benchmark for the specific Azure service. A control is a high-level description of the feature or activity and is not specific to a technology. A configuration item exists within a baseline. An access package is an element of entitlement management, and not related to baselines.

Cloud security posture management (CSPM) includes foundational (think “Free tier”) features like secure score, detection of security misconfigurations in your Azure workloads, and asset inventory.

Azure Defender, when integrated with Azure Security Center, provides a single portal for monitoring Azure and hybrid cloud workload protection and security. Azure Defender includes extended detection and response (X DR) capabilities, and intelligent protection for VMs, web app instances, cloud databases, cloud storage, and more. See “What resource types can Azure Defender secure?”

See “Secure score in Azure Security Center” https://docs.microsoft.com/en-us/azure/security-center/secure-score-security-controls

Azure Security Center helps you prevent, detect, and respond to threats. It provides increased visibility into and control over the security of your Azure resources. Application Gateway is integrated with Security Center. Security Center scans your environment to detect unprotected web applications. It can recommend Application Gateway WAF to protect these vulnerable resources. However, it is not responsible for storage and retention diagnostic and audit log data.

Learn more in “Describe ways Azure encrypts data” on MS Learn at https://docs.microsoft.com/en-us/learn/modules/describe-basic-security-capabilities-azure/7-describe-ways-azure-encrypts-data

See “What is Azure Web Application Firewall?” https://docs.microsoft.com/en-us/azure/web-application-firewall/overview

Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS in a web browser. Azure VMs do not need a public IP address to allow RDP/SSH access via Azure Bastion. See “What is Azure Bastion?” https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

High availability and unrestricted scalability is built into the solution. There is no need to select and configure scale instances.

The Basic tier of Azure DDoS is automatically enabled and protecting all Azure subscriptions by default. See “Azure DDoS protection overview” https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview.

The Standard service tier provides additional mitigation capabilities that are tuned specifically to Microsoft Azure Virtual Network resources.

NSG rules are processed in priority order, with lower numbers processed before higher numbers. When traffic matches a rule, processing stops. This means that any other rules with a lower priority (higher numbers) won't be processed.

The Microsoft Cloud Adoption Framework includes strategy and planning resources, migration guides, a cloud journey tracker, and many other resources to support a strong security posture in all phases of Azure migration and adoption. See “Microsoft Cloud Adoption Framework for Azure” https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/

Azure Policy continuously monitors Azure resources to ensure compliance. The evaluation and reporting cycle is every 24 hours. See “What is Azure Policy?” https://docs.microsoft.com/en-us/azure/governance/policy/overview

Azure Blueprints enables cloud architects to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with trust they're building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery. See “What is Azure Blueprints” https://docs.microsoft.com/en-us/azure/governance/blueprints/overview

Resource locks can prevent unwanted changes or accidental deletion at the subscription, resource group, or even the resource level. See “Lock resources to prevent unexpected changes” https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

Advanced Audit helps organizations to conduct forensic and compliance investigations by increasing audit log retention required to conduct an investigation, providing access to crucial events that help determine scope of compromise, and faster access to Office 365 Management Activity API. See “Advanced audit in Microsoft 365” https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide.

You can use the Microsoft 365 compliance center to search the unified audit log to view user and administrator activity in your organization. See “Search the audit log in the compliance center” https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide.

Azure Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. Easily create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. See “What is Azure Purview?” https://docs.microsoft.com/en-us/azure/purview/overview.

Advanced eDiscovery workflow builds on the existing core eDiscovery and analytics capabilities. Advanced eDiscovery provides an end-to-end workflow to preserve, collect, analyze, review, and export content that's responsive to your organization's internal and external investigations. You can create a legal hold in core eDiscovery. See “Overview of Microsoft 365 Advanced eDiscovery” https://docs.microsoft.com/en-us/microsoft-365/compliance/overview-ediscovery-20?view=o365-worldwide.

Adding data custodians, automating notifications, and jobs are features of advanced eDiscovery. See “Get started with Core eDiscovery in Microsoft 365” https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide

You can use the Content search tool in the Microsoft 365 compliance center to quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations, and instant messaging conversations in Skype for Business. Searching Azure AD audit logs is most often performed directly in Azure AD within the Azure Portal. See “Search for content using the Content search tool” https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365-worldwide.

eDiscovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases. See “eDiscovery solutions in Microsoft 365” https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery?view=o365-worldwide.

Customer Lockbox ensures that Microsoft cannot access your content to perform a service operation without your explicit approval. See “Customer Lockbox in Office 365” https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-lockbox-requests?view=o365-worldwide.

Privileged access management (PAM) allows granular access control over privileged admin tasks in Office 365. Privileged Identity Management is a feature of Azure AD Identity Governance that manages privileged role access. See “Learn about privileged access management” https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-overview?view=o365-worldwide.

Information barriers in Microsoft 365 is designed to prevent communication between groups, business units, or individuals that may results in a conflict of interest or regulatory breach. See “Learn about information barriers in Microsoft 365” https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers?view=o365-worldwide

Communication compliance in Microsoft 365 is designed to identify helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. See “Learn about communication compliance in Microsoft 365” https://docs.microsoft.com/en-us/microsoft-365/compliance/communication-compliance?view=o365-worldwide

Insider risk management helps minimize internal risks by enabling you to detect, investigate, and act on malicious and inadvertent activities in your organization. Insider risk policies allow you to define the types of risks to identify and detect in your organization, including acting on cases and escalating cases to Microsoft Advanced eDiscovery if needed. See “Learn about insider risk management in Microsoft 365”: https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwide

Data loss prevention helps protect this sensitive data and reduce risk; they need a way to prevent their users from inappropriately sharing it with people who should not see it. See “Learn about data loss prevention ” https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

Records management in Microsoft 365 helps an organization manage their legal obligations, provides the ability to demonstrate compliance with regulations, and increases efficiency with regular disposition of items that are no longer required to be retained, no longer of value, or no longer required for business purposes. Records management in Microsoft 365 includes notifications, reminders, and disposition reviews so you can ensure deletion is appropriate. See “Learn about records management in Microsoft 365” https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management?view=o365-worldwide

Use a retention policy to assign the same retention settings for content at a site or mailbox level and use a retention label to assign retention settings at an item level (folder, document, email). See “Retention policies and retention labels” https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide

Use a retention policy to assign the same retention settings for content at a site or mailbox level and use a retention label to assign retention settings at an item level (folder, document, email). See “Retention policies and retention labels” https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide

Sensitivity labels are used for data classification. Label policies are used for data protection and/or retention. See “Learn about sensitivity labels” https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide.

All data files and email messages associated with alert activities are automatically captured and displayed in the Content Explorer. Activity Explorer allows you to monitor what is being done with labeled content. See “Get started with content explorer” https://docs.microsoft.com/en-us/microsoft-365/compliance/data-classification-content-explorer?view=o365-worldwide

A Microsoft 365 trainable classifier is a tool you can train to recognize various types of content by giving it samples to look at. Once trained, you can use it to identify item for application of Office sensitivity labels, Communications compliance policies, and retention label policies. To learn more about the different types of classifiers, see Learn about trainable classifiers.

Compliance Manager provides admins with the capabilities to understand and improve their compliance score so that they can ultimately improve the organization’s compliance posture and help it to stay in line with its compliance requirements

Compliance score shows the compliance score and will forward admins to the Compliance Manager where they can see a breakdown of the compliance score. Compliance score measures the progress in completing recommended improvement actions within controls. The score helps an organization to understand its current compliance posture and prioritize actions based on their potential to reduce risk. See “Compliance score calculation” https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide

Compliance Manager is an end-to-end solution in Microsoft 365 Compliance Center to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.

Microsoft 365 Compliance Center provides centralized access to the tools and other resources admins need to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization. Compliance Manager is an end-to-end solution in Microsoft 365 Compliance Center to enable admins to manage and track compliance activities.