book

Microsoft 365 Security Administration: MS-500 Exam Guide

Name: Microsoft 365 Security Administration: MS-500 Exam Guide
Author: Peter Rising
ISBN: 9781838983123

by Peter Rising

June 2020

Intermediate to advanced

672 pages

12h 27m

English

Packt Publishing

Read now

Unlock full access

Microsoft 365 Security Administration: MS-500 Exam Guide
Why subscribe?ContributorsAbout the authorAbout the reviewersPackt is searching for authors like you
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchReviews
Section 1: Configuring and Administering Identity and Access in Microsoft 365
Chapter 1: Planning for Hybrid Identity
Planning your hybrid environmentSynchronization methods with Azure AD ConnectPassword hash synchronizationPass-through authentication FederationClaims-based authentication Federated trusts Azure AD Seamless Single Sign-OnAdditional authentication securityMulti-factor authentication Self-service password reset Conditional Access Event monitoring and troubleshooting in Azure AD ConnectSummaryQuestionsReferences
Chapter 2: Authentication and Security
Implementing Azure AD dynamic group membershipCreating a dynamic group in Azure AD using the Azure portalCreating dynamic groups with Azure AD PowerShellUsing group-based licensing in Azure ADImplementing Azure AD self-service password reset (SSPR)Setting up SSPRRegistering for SSPRUsing SSPR to reset passwordsCombined registration for SSPR and MFAImplementing and managing Multi-Factor Authentication (MFA)Enabling MFAService settingsConfiguring the secondary authentication methodManaging Azure AD access reviewsPerforming an access reviewSummaryQuestionsReferences
Chapter 3: Implementing Conditional Access Policies
Explaining Conditional AccessCreating a simple Conditional Access policyEnhancing Conditional Access with IntuneDevice-based Conditional AccessCreating a device-based Conditional Access policyApp-based Conditional AccessCreating an app-based Conditional Access policyMonitoring Conditional Access eventsSummaryQuestionsReferences
Chapter 4: Role Assignment and Privileged Identities in Microsoft 365
Planning, configuring, and monitoring RBACPlanning RBACHow role assignments workConfiguring RBACManaging RBAC using PowerShellMonitoring RBACPlanning, configuring, and monitoring PIMPlanning PIMConfiguring PIMTasks:Manage:Monitoring PIMSummaryQuestionsReferences
Chapter 5: Azure AD Identity Protection
Understanding Identity ProtectionConfiguring MFA registration policiesConfiguring alert optionsUsers at risk detected alertsWeekly digestManaging and resolving risk eventsExamining users at riskExamining risky sign-insExamining risk detectionsSummaryQuestionsReferences
Section 2: Implementing and Managing Threat Protection
Chapter 6: Configuring an Advanced Threat Protection Solution
Identifying the organizational needs for Azure ATPUnderstanding suspicious activityExploring advanced attacks and malicious activitiesUnderstanding the Azure ATP architectureStage 1Stage 2Stage 3Setting up an Azure ATP instanceAdditional configuration optionsManaging Azure ATP activities The security alerts timeline in the Azure ATP portalAzure ATP reportsThe Azure ATP workspace health centerSummaryQuestionsReferences

Chapter 7: Configuring Microsoft Defender ATP to Protect Devices
Technical requirements Licensing requirementsSupported operating systemsImplementing Microsoft Defender ATPConfiguring Microsoft Defender ATPManaging and monitoring Microsoft Defender ATPAttack surface reduction capabilitiesThe Secure score dashboardIntegrating with Azure ATPThe Microsoft Defender Security Center settingsImplementing additional Microsoft Defender features Configuring Microsoft Defender Application GuardConfiguring Microsoft Defender Application ControlConfiguring Microsoft Defender Exploit GuardUsing WIP to configure WIP policies and protect dataManaging device encryption for your Windows 10 devicesIntroduction to BitLockerSummaryQuestionsReferences
Chapter 8: Message Protection in Office 365
Protecting users and domains with ATP anti-phishing protection and policiesSetting up an ATP anti-phishing policyConfiguring Impersonation settingsConfiguring spoof settingsConfiguring Advanced settingsConfiguring Office 365 anti-spam protectionDefault spam filter policyConnection filter policyOutbound spam filter policySpoof intelligence policyAdditional email authentication protectionConfiguring Office 365 anti-spam settings and policies with PowerShellExploring Office 365 ATP Safe Attachments options and policiesCreating a Safe Attachments policy from the Security and Compliance CenterCreating a Safe Attachments policy using Windows PowerShellExploring Office 365 ATP Safe Links options, blocked URLs, and policiesViewing or modifying the default Safe Links policy from the Security and Compliance CenterCreating a new Safe Links policy from the Security and Compliance CenterCreating a Safe Links policy using Windows PowerShellSummaryQuestionsReferences
Chapter 9: Threat Intelligence and Tracking
Understanding the Office 365 threat management security dashboardThreat protection statusInsightsThreat IntelligenceTrendsUsing Office 365 Threat Explorer and threat trackersUsing Threat ExplorerUsing threat trackersManaging quarantined messages and filesPerforming controlled simulated attacksLaunching an attackSummaryQuestionsReferences
Chapter 10: Using Azure Sentinel to Monitor Microsoft 365 Security
Planning and configuring Azure SentinelEnabling Azure SentinelConnecting Azure Sentinel to data sourcesUsing Azure Sentinel playbooksManaging and monitoring Azure SentinelAzure Sentinel Overview Azure Sentinel LogsThreat management toolsSummaryQuestionsReferences
Section 3: Information Protection in Microsoft 365
Chapter 11: Controlling Secure Access to Information Stored in Office 365
Understanding privileged access managementEnabling PAMSubmitting and approving PAM requestsUnderstanding Customer LockboxEnabling Customer LockboxResponding to Customer Lockbox requestsProtecting access to the collaboration components of Office 365Allowing external user access with B2B sharingSummaryQuestionsReferences
Chapter 12: Azure Information Protection
Planning and implementing an AIP deployment for your organizationChecking AIP activation status using the Office 365 Admin CenterChecking AIP activation status using the Azure portalChecking AIP activation status using the Azure AIPService PowerShellConfiguring AIP superusersSetting up AIP labels and policiesSetting up labelsSetting up label policiesEnabling Unified labelingUser experienceUsing the AIP Scanner to detect and protect on-premises contentInstalling the AIP ScannerTracking and revoking protected documentsSummaryQuestionsReferences
Chapter 13: Data Loss Prevention
Planning and implementing DLPCreating DLP policies and assigning them to Office 365 locationsTesting your DLP policyEditing your DLP policyManaging sensitive information typesDLP reporting and alerting capabilitiesSummaryQuestionsReferences
Chapter 14: Cloud App Discovery and Security
Understanding Cloud App SecurityCloud DiscoverySanctioning or unsanctioning cloud appsUsing app connectors to gain visibility and control of third-party appsUsing Azure AD Conditional Access App Control in conjunction with Cloud App SecurityUsing built-in policies or creating custom policies to control SaaS app usageConfiguring Cloud App SecurityConfiguring Cloud DiscoverySanctioning and unsanctioning appsConnecting appsControlling apps with policiesUsing Conditional Access App Control with Cloud App SecurityUsing the Cloud App Security dashboard, reports, and logsSummaryQuestionsReferences
Section 4: Data Governance and Compliance in Microsoft 365
Chapter 15: Security Analytics and Auditing Capabilities
Understanding Desktop Analytics, Windows diagnostics, and Office TelemetryDesktop AnalyticsWindows diagnosticsOffice TelemetryConfiguring Office 365 auditingTurning on the audit logPerforming an audit log searchConfiguring an audit alert policySummaryQuestionsReferences
Chapter 16: Personal Data Protection in Microsoft 365
Conducting searches for personal dataUsing retention labels to protect personal dataAccessing logs and reports to search for and monitor personal data leaksData loss prevention reportsAlert policiesMicrosoft Cloud App SecuritySummaryQuestionsReferences
Chapter 17: Data Governance and Retention
Understanding data governance and the retention requirements for your organizationThe content is modified or deleted during the retention periodThe content is unchanged during the retention periodMailbox and public folder contentNavigating data governance reports and dashboardsConfiguring retention tags, retention policies, and supervision policiesCreating a retention policy using the Exchange admin centerCreating a retention policy using the Security & Compliance Center Creating a supervision policyConfiguring litigation holds to preserve Office 365 dataLitigation HoldImporting data into Office 365 from the Security & Compliance CenterConfiguring archivingSummaryQuestionsReferences
Chapter 18: Search and Investigation
Understanding eDiscovery and content search in Microsoft 365eDiscovery casesContent searchAdvanced eDiscoveryeDiscovery delegated role groupsCreating eDiscovery cases, placing locations on hold, and performing content searchesCreating an eDiscovery case and placing locations on holdPerforming a content searchExporting content search resultsSummaryQuestionsReferences
Chapter 19: Data Privacy Compliance
Planning for regulatory compliance in Microsoft 365Phase 1 – the first 30 daysPhase 2 – after 90 daysPhase 3 – ongoingAccessing the GDPR dashboards and reportsService Trust PortalMicrosoft Compliance ScoreThe GDPR dashboard and the GDPR toolboxCompleting DSRsSummaryQuestionsReferences
Section 5: Mock Exam and Assessment
Chapter 20: Mock Exam
Case StudyOverviewInternal network configurationCloud configurationPlanned changesSecurity requirementsGeneral requirements
Chapter 21: Mock Exam Answers
Answers and explanations
Chapter 22: Assessments
Chapter 1 – Planning for Hybrid IdentityChapter 2 – Authentication and SecurityChapter 3 – Implementing Conditional Access PoliciesChapter 4 – Role Assignment and Privileged Identities in Microsoft 365Chapter 5 – Azure AD Identity ProtectionChapter 6 – Configuring an Advanced Threat Protection SolutionChapter 7 – Configuring Microsoft Defender ATP to Protect DevicesChapter 8 – Message Protection in Office 365Chapter 9 – Threat Intelligence and TrackingChapter 10 – Using Azure Sentinel to Monitor Microsoft 365 SecurityChapter 11 – Controlling Secure Access to Information Stored in Office 365Chapter 12 – Azure Information ProtectionChapter 13 – Data Loss PreventionChapter 14 – Cloud App Discovery and SecurityChapter 15 – Security Analytics and Auditing CapabilitiesChapter 16 – Personal Data Protection in Microsoft 365Chapter 17 – Data Governance and RetentionChapter 18 – Search and InvestigationChapter 19 – Data Privacy Compliance
Other Books You May Enjoy
Leave a review - let other readers know what you think

Content preview from Microsoft 365 Security Administration: MS-500 Exam Guide

Chapter 10: Using Azure Sentinel to Monitor Microsoft 365 Security

Azure Sentinel is a cloud-based security information and event management (SIEM) tool that enables the analysis of vast quantities of data both within Microsoft 365 and from external sources using artificial intelligence technology. Azure Sentinel allows you to gather data, detect potential threats, and then investigate and respond to those threats. In this chapter, we will show you how to plan and configure your Azure Sentinel instance, explain the process of using Azure Sentinel playbooks, and finally how to monitor and manage Azure Sentinel on an ongoing basis.

After reading this chapter, you will be able to access and enable Azure Sentinel in the Azure portal, set up a Log ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Exam Ref MS-500 Microsoft 365 Security Administration

Publisher Resources

ISBN: 9781838983123

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Microsoft 365 Security Administration: MS-500 Exam Guide

by Peter Rising

Chapter 10: Using Azure Sentinel to Monitor Microsoft 365 Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.