microsoft partner logo color
8243  Reviews star_rate star_rate star_rate star_rate star_half

Microsoft Cybersecurity Architect

This is an advanced, expert-level course. Although not required to attend, students are strongly encouraged to have taken and passed another associate level certification in the security, compliance...

Read More
$2,380 USD GSA  $1,960.96
Course Code SC-100T00
Duration 4 days
Available Formats Classroom, Virtual

This is an advanced, expert-level course. Although not required to attend, students are strongly encouraged to have taken and passed another associate level certification in the security, compliance and identity portfolio (such as AZ-500, SC-200 or SC-300) before attending this class. This course prepares students with the expertise to design and evaluate cybersecurity strategies in the following areas: Zero Trust, Governance Risk Compliance (GRC), security operations (SecOps), and data and applications. Students will also learn how to design and architect solutions using zero trust principles and specify security requirements for cloud infrastructure in different service models (SaaS, PaaS, IaaS).

Audience Profile

This course is for experienced cloud security engineers who have taken a previous certification in the security, compliance and identity portfolio. Specifically, students should have advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection, security operations, securing data, and securing applications. They should also have experience with hybrid and cloud implementations. Beginning students should instead take the course SC-900: Microsoft Security, Compliance, and Identity Fundamentals.

Skills Gained

After completing this course, students will be able to:

  • Design a Zero Trust strategy and architecture
  • Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies
  • Design security for infrastructure
  • Design a strategy for data and applications

Prerequisites

Before attending this course, students must have:

  • Highly recommended to have attended and passed one of the associate level certifications in the security, compliance and identity portfolio (such as AZ-500, SC-200 or SC-300)
  • Advanced experience and knowledge in identity and access, platform protection, security operations, securing data and securing applications.
  • Experience with hybrid and cloud implementations.

Course Details

Outline

  • Introduction to Zero Trust and best practice frameworks
    • Introduction to best practices
    • Introduction to Zero Trust
    • Zero Trust initiatives
    • Zero Trust technology pillars part 1
    • Zero Trust technology pillars part 2
    • Knowledge check - Introduction to Zero Trust and best practice frameworks
    • Summary - Introduction to Zero Trust and best practice frameworks
  • Design security solutions that align with the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)
    • Define a security strategy
    • Introduction to the Cloud Adoption Framework
    • Cloud Adoption Framework secure methodology
    • Introduction to Azure Landing Zones
    • Design security with Azure Landing Zones
    • Introduction to the Well-Architected Framework
    • The Well-Architected Framework security pillar
    • Knowledge check - Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)
    • Summary - Design solutions that align with the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)
  • Design solutions that align with the Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft cloud security benchmark (MCSB)
    • Introduction to Microsoft Cybersecurity Reference Architecture and cloud security benchmark
    • Design solutions with best practices for capabilities and controls
    • Design solutions with best practices for protecting against insider, external and supply chain attacks.
    • Knowledge check - Design solution with Microsoft Cybersecurity Reference Architecture and Microsoft cloud security benchmark
    • Summary - Design solution with Microsoft Cybersecurity Reference Architecture and Microsoft cloud security benchmark
  • Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices
    • Common cyberthreats and attack patterns
    • Support business resiliency
    • Design solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged access
    • Design solutions for business continuity and disaster recovery (BCDR), including secure backup and restore
    • Evaluate solutions for security updates
    • Knowledge check - Design a resiliency strategy for common cyberthreats
    • Summary - Design a resiliency strategy for common cyberthreats like ransomware
  • Case study: Design solutions that align with security best practices and priorities
    • Case study description
    • Case study answers
    • Conceptual walkthrough
    • Technical walkthrough
    • Knowledge check
  • Design solutions for regulatory compliance
    • Introduction to regulatory compliance
    • Translate compliance requirements into security controls
    • Design a solution to address compliance requirements by using Microsoft Purview
    • Address privacy requirements with Microsoft Priva
    • Address security and compliance requirements with Azure policy
    • Evaluate and validate alignment with regulatory standards and benchmarks by using Microsoft Defender for Cloud
    • Knowledge check
    • Summary - Design solutions for regulatory requirements
  • Design solutions for identity and access management
    • Introduction to Identity and Access Management
    • Design cloud, hybrid and multicloud access strategies (including Microsoft Entra ID)
    • Design a solution for external identities
    • Design modern authentication and authorization strategies
    • Align conditional access and Zero Trust
    • Specify requirements to harden Active Directory Domain Services (AD DS)
    • Design a solution to manage secrets, keys, and certificates
    • Knowledge check - Design solutions for identity and access management
    • Summary - Design solutions for identity and access management
  • Design solutions for securing privileged access
    • Introduction to privileged access
    • The enterprise access model
    • Evaluate the security and governance of Microsoft Entra ID solutions
    • Design a solution to secure tenant administration
    • Design a solution for cloud infrastructure entitlement management (CIEM)
    • Design a solution for privileged access workstations and bastion services
    • Evaluate an access review management solution that includes Microsoft Entra Permissions Management
    • Evaluate the security and governance of on-premises Active Directory Domain Services (AD DS), including resilience to common attacks
    • Knowledge check - Design solutions for securing privileged access management
    • Summary - Design solutions for securing privileged access
  • Design solutions for security operations
    • Introduction to Security operations (SecOps)
    • Design monitoring to support hybrid and multicloud environments
    • Design centralized logging and auditing, including Microsoft Purview Audit.
    • Design a solution for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM)
    • Design solutions for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM).
    • Design a solution for security orchestration, automation, and response (SOAR)
    • Design and evaluate security workflows, including incident response, threat hunting, and incident management
    • Design and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and ICS
    • Knowledge check - Design solutions for security operations
    • Summary - Design solutions for security operations
  • Case study: Design security operations, identity, and compliance capabilities
    • Case study description
    • Case study answers
    • Conceptual walkthrough
    • Technical walkthrough
    • Knowledge check
  • Design solutions for securing Microsoft 365
    • Introduction to security for Exchange, Sharepoint, OneDrive and Teams
    • Evaluate security posture for productivity and collaboration workloads by using metrics
    • Design a Microsoft Defender XDR solution
    • Design configurations and operational practices for Microsoft 365
    • Evaluate data security and compliance controls in Microsoft Copilot for Microsoft 365 services
    • Evaluate solutions for securing data in Microsoft 365 using Microsoft Purview
    • Knowledge check - Design solutions for securing Microsoft 365
    • Summary - Design solutions for securing Microsoft 365
  • Design solutions for securing applications
    • Introduction to application security
    • Design and implement standards to secure application development
    • Evaluate security posture of existing application portfolios
    • Evaluate application threats with threat modeling
    • Design security lifecycle strategy for applications
    • Secure access for workload identities
    • Design a solution for API management and security
    • Design a solution for secure access to applications
    • Knowledge check - Design solutions for securing applications
    • Summary - Design solutions for securing applications
  • Design solutions for securing an organization's data
    • Introduction to data security
    • Evaluate solutions for data discovery and classification
    • Evaluate solutions for encryption of data at rest and in transit, including Azure KeyVault and infrastructure encryption
    • Design data security for Azure workloads
    • Design security for Azure Storage
    • Design a security solution with Microsoft Defender for SQL and Microsoft Defender for Storage
    • Knowledge check - Design solutions for securing an organization's data
    • Summary - Design solutions for securing an organization's data
  • Case study: Design security solutions for applications and data
    • Case study description
    • Case study answers
    • Conceptual walkthrough
    • Technical walkthrough
    • Knowledge check
  • Specify requirements for securing SaaS, PaaS, and IaaS services
    • Introduction to security for SaaS, PaaS, and IaaS
    • Specify security baselines for SaaS, PaaS, and IaaS services
    • Specify security requirements for IoT workloads
    • Specify security requirements for web workloads
    • Specify security requirements for containers and container orchestration
    • Evaluate AI Services security
    • Knowledge check - Specify requirements for securing SaaS, PaaS and IaaS services
    • Summary - Specify requirements for securing SaaS, PaaS, and IaaS services
  • Design solutions for security posture management in hybrid and multicloud environments
    • Introduction to hybrid and multicloud posture management
    • Evaluate security posture by using Microsoft Cloud Security Benchmark
    • Design integrated posture management and workload protection
    • Evaluate security posture by using Microsoft Defender for Cloud
    • Posture evaluation with Microsoft Defender for Cloud secure score
    • Design cloud workload protection with Microsoft Defender for Cloud
    • Integrate hybrid and multicloud environments with Azure Arc
    • Design a solution for external attack surface management
    • Posture management using Exposure management attack paths
    • Knowledge check - Design solutions for security posture management in hybrid and multicloud environments
    • Summary - Design solutions for security posture management in hybrid and multicloud environments
  • Design solutions for securing server and client endpoints
    • Introduction to endpoint security
    • Specify server security requirements
    • Specify requirements for mobile devices and clients
    • Specify internet of things (IoT) and embedded device security requirements
    • Secure operational technology (OT) and industrial control systems (ICS) with Microsoft Defender for IoT
    • Specify security baselines for server and client endpoints
    • Design a solution for secure remote access
    • Evaluate Windows Local Admin Password Solution (LAPS) solutions
    • Knowledge check - Design solutions for securing server and client endpoints
    • Summary - Design solutions for securing server and client endpoints
  • Design solutions for network security
    • Design solutions for network segmentation
    • Design solutions for traffic filtering with network security groups
    • Design solutions for network posture management
    • Design solutions for network monitoring
    • Evaluate solutions that use Microsoft Entra Internet Access
    • Evaluate solutions that use Microsoft Entra Private Access
    • Knowledge check - Design solutions for network security
    • Summary - Design solutions for network security
  • Case study: Design security solutions for infrastructure
    • Case study description
    • Case study answers
    • Conceptual walkthrough
    • Technical walkthrough
    • Knowledge check
|
View Full Schedule