Book Image

Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900

By : Dwayne Natwick
Book Image

Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900

By: Dwayne Natwick

Overview of this book

Cloud technologies have made building a defense-in-depth security strategy of paramount importance. Without proper planning and discipline in deploying the security posture across Microsoft 365 and Azure, you are compromising your infrastructure and data. Microsoft Security, Compliance, and Identity Fundamentals is a comprehensive guide that covers all of the exam objectives for the SC-900 exam while walking you through the core security services available for Microsoft 365 and Azure. This book starts by simplifying the concepts of security, compliance, and identity before helping you get to grips with Azure Active Directory, covering the capabilities of Microsoft’s identity and access management (IAM) solutions. You'll then advance to compliance center, information protection, and governance in Microsoft 365. You'll find out all you need to know about the services available within Azure and Microsoft 365 for building a defense-in-depth security posture, and finally become familiar with Microsoft's compliance monitoring capabilities. By the end of the book, you'll have gained the knowledge you need to take the SC-900 certification exam and implement solutions in real-life scenarios.
Table of Contents (24 chapters)
1
Section 1: Exam Overview
3
Section 2: The Key Concepts of Security, Compliance, and Identity
7
Section 3: The Microsoft Identity Management Solutions
11
Section 4: The Microsoft Security Solutions for Microsoft 365 and Azure
17
Section 5: The Microsoft Compliance Monitoring Capabilities within Microsoft 365 and Azure

Describing common threats

This section is going to cover some of the common threats that you should maintain an awareness of within your technology infrastructure. Before we discuss those common threats, it's important to understand how to identify a threat.

What is a threat?

As we discussed in the previous chapter, there are many stages of a cyberattack, and we protect against them by incorporating a defense in depth security posture. The reason that we do this is to decrease vulnerabilities within our infrastructure. A threat is created when an attacker takes advantage of a vulnerability. As security professionals, it is our responsibility to identify and respond to threats within our company infrastructure.

Threats can be internal or external. They are also not always intentional or malicious, nor necessarily meant to cause harm to the organization. We will discuss this in more detail as we identify some of these threats in the next sections. The threats listed are...