Sc-100: Microsoft Cybersecurity Architect Expert

Pass SC-100 | Elevate your Career

What you'll learn

Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices

Design solutions that align with the Microsoft Cybersecurity Reference Architectures (MCRA) and Microsoft cloud security benchmark (MCSB)

Design solutions that align with the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected Framework

Design solutions for security operations

Design solutions for identity and access management

Design solutions for securing privileged access

Design solutions for regulatory compliance

Design solutions for security posture management in hybrid and multicloud environments

Specify requirements for securing server and client endpoints

Specify requirements for securing SaaS, PaaS, and IaaS services

Evaluate solutions for network security and Security Service Edge (SSE)

Evaluate solutions for securing Microsoft 365

Design solutions for securing applications

Design solutions for securing an organization's data

Requirements

Basic IT Knowledge

Willingness to learn cool stuff!

Description

This SC-100 course by Christopher Nett is a meticulously organized Udemy course designed for IT professionals aiming to pass the Microsoft SC-100: Microsoft Cybersecurity Architect Expert exam. This course systematically guides you from the basis to advanced concepts of Cyber Security.By mastering Microsoft Cybersecurity Architectures, you're developing expertise in essential topics in today's cybersecurity landscape. The course is always aligned with Microsoft's latest study guide and exam objectives:Skills at a glanceDesign solutions that align with security best practices and priorities (20–25%)Design security operations, identity, and compliance capabilities (25–30%)Design security solutions for infrastructure (25–30%)Design security solutions for applications and data (20–25%)Design solutions that align with security best practices and priorities (20–25%)Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best PracticesDesign a security strategy to support business resiliency goals, including identifying and prioritizing threats to business-critical assetsDesign solutions for business continuity and disaster recovery (BCDR), including secure backup and restore for hybrid and multicloud environmentsDesign solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged accessEvaluate solutions for security updatesDesign solutions that align with the Microsoft Cybersecurity Reference Architectures (MCRA) and Microsoft cloud security benchmark (MCSB)Design solutions that align with best practices for cybersecurity capabilities and controlsDesign solutions that align with best practices for protecting against insider, external, and supply chain attacksDesign solutions that align with best practices for Zero Trust security, including the Zero Trust Rapid Modernization Plan (RaMP)Design solutions that align with the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected FrameworkDesign a new or evaluate an existing strategy for security and governance based on the Microsoft Cloud Adoption Framework (CAF) for Azure and the Microsoft Azure Well-Architected FrameworkRecommend solutions for security and governance based on the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected FrameworkDesign solutions for implementing and governing security by using Azure landing zonesDesign a DevSecOps process that aligns with best practices in the Microsoft Cloud Adoption Framework (CAF)Design security operations, identity, and compliance capabilities (25–30%)Design solutions for security operationsDesign a solution for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM)Design a solution for centralized logging and auditing, including Microsoft Purview AuditDesign monitoring to support hybrid and multicloud environmentsDesign a solution for security orchestration automated response (SOAR), including Microsoft Sentinel and Microsoft Defender XDRDesign and evaluate security workflows, including incident response, threat hunting, and incident managementDesign and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and ICSDesign solutions for identity and access managementDesign a solution for access to software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), hybrid/on-premises, and multicloud resources, including identity, networking, and application controlsDesign a solution for Microsoft Entra ID, including hybrid and multi-cloud environmentsDesign a solution for external identities, including business-to-business (B2B), business-to-customer (B2C), and decentralized identityDesign a modern authentication and authorization strategy, including Conditional Access, continuous access evaluation, risk scoring, and protected actionsValidate the alignment of Conditional Access policies with a Zero Trust strategySpecify requirements to harden Active Directory Domain Services (AD DS)Design a solution to manage secrets, keys, and certificatesDesign solutions for securing privileged accessDesign a solution for assigning and delegating privileged roles by using the enterprise access modelEvaluate the security and governance of Microsoft Entra ID, including Microsoft Entra Privileged Identity Management (PIM), entitlement management, and access reviewsEvaluate the security and governance of on-premises Active Directory Domain Services (AD DS), including resilience to common attacksDesign a solution for securing the administration of cloud tenants, including SaaS and multicloud infrastructure and platformsDesign a solution for cloud infrastructure entitlement management that includes Microsoft Entra Permissions ManagementEvaluate an access review management solution that includes Microsoft Entra Permissions ManagementDesign a solution for Privileged Access Workstation (PAW), including remote accessDesign solutions for regulatory complianceTranslate compliance requirements into security controlsDesign a solution to address compliance requirements by using Microsoft PurviewDesign a solution to address privacy requirements, including Microsoft PrivaDesign Azure Policy solutions to address security and compliance requirementsEvaluate and validate alignment with regulatory standards and benchmarks by using Microsoft Defender for CloudDesign security solutions for infrastructure (25–30%)Design solutions for security posture management in hybrid and multicloud environmentsEvaluate security posture by using Microsoft Defender for Cloud, including the Microsoft cloud security benchmark (MCSB)Evaluate security posture by using Microsoft Secure ScoreDesign integrated security posture management solutions that include Microsoft Defender for Cloud in hybrid and multi-cloud environmentsSelect cloud workload protection solutions in Microsoft Defender for CloudDesign a solution for integrating hybrid and multicloud environments by using Azure ArcDesign a solution for Microsoft Defender External Attack Surface Management (Defender EASM)Specify requirements and priorities for a posture management process that uses Exposure Management attack paths, attack surface reduction, security insights, and initiativesSpecify requirements for securing server and client endpointsSpecify security requirements for servers, including multiple platforms and operating systemsSpecify security requirements for mobile devices and clients, including endpoint protection, hardening, and configurationSpecify security requirements for IoT devices and embedded systemsEvaluate solutions for securing operational technology (OT) and industrial control systems (ICS) by using Microsoft Defender for IoTSpecify security baselines for server and client endpointsEvaluate Windows Local Admin Password Solution (LAPS) solutionsSpecify requirements for securing SaaS, PaaS, and IaaS servicesSpecify security baselines for SaaS, PaaS, and IaaS servicesSpecify security requirements for IoT workloadsSpecify security requirements for web workloadsSpecify security requirements for containersSpecify security requirements for container orchestrationEvaluate solutions that include Azure AI Services SecurityEvaluate solutions for network security and Security Service Edge (SSE)Evaluate network designs to align with security requirements and best practicesEvaluate solutions that use Microsoft Entra Internet Access as a secure web gatewayEvaluate solutions that use Microsoft Entra Internet Access to access Microsoft 365, including cross-tenant configurationsEvaluate solutions that use Microsoft Entra Private AccessDesign security solutions for applications and data (20–25%)Evaluate solutions for securing Microsoft 365Evaluate security posture for productivity and collaboration workloads by using metrics, including Microsoft Secure ScoreEvaluate solutions that include Microsoft Defender for Office and Microsoft Defender for Cloud AppsEvaluate device management solutions that include Microsoft IntuneEvaluate solutions for securing data in Microsoft 365 by using Microsoft PurviewEvaluate data security and compliance controls in Microsoft Copilot for Microsoft 365 servicesDesign solutions for securing applicationsEvaluate the security posture of existing application portfoliosEvaluate threats to business-critical applications by using threat modelingDesign and implement a full lifecycle strategy for application securityDesign and implement standards and practices for securing the application development processMap technologies to application security requirementsDesign a solution for workload identity to authenticate and access Azure cloud resourcesDesign a solution for API management and securityDesign solutions that secure applications by using Azure Web Application Firewall (WAF)Design solutions for securing an organization's dataEvaluate solutions for data discovery and classificationSpecify priorities for mitigating threats to dataEvaluate solutions for encryption of data at rest and in transit, including Azure KeyVault and infrastructure encryptionDesign a security solution for data in Azure workloads, including Azure SQL, Azure Synapse Analytics, and Azure Cosmos DBDesign a security solution for data in Azure StorageDesign a security solution that includes Microsoft Defender for Storage and Microsoft Defender for Databases

Overview

Section 1: Introduction

Lecture 1 Slides

Lecture 2 Basics

Lecture 3 Demos

Lecture 4 FAQs

Section 2: Basics - Azure

Lecture 5 Cloud Computing Properties

Lecture 6 Cloud Computing Types

Lecture 7 Azure Global Backbone

Lecture 8 Shared Responsibility Model

Lecture 9 Azure Resource Hierarchy

Lecture 10 Azure Subscription Types

Lecture 11 Entra ID Tenants and Azure Subscriptions

Section 3: Basics - Microsoft Security

Lecture 12 The Microsoft Security Cosmos

Lecture 13 Defending Across Attack Chains

Section 4: Lab Setup

Lecture 14 Demo: Create your Azure Subscription

Lecture 15 Demo: Activate and Assign Microsoft 365 E5

Lecture 16 What is Defender XDR?

Lecture 17 Demo: Configure RBAC

Lecture 18 Demo: Install VirtualBox

Lecture 19 Demo: Install Kali Linux

Lecture 20 Demo: Configure Kali Keyboard Layout

Lecture 21 Demo: Install Tor Browser in Kali

Section 5: Design solutions that align with MCRA and MCSB

Lecture 22 Zero Trust

Lecture 23 NIST 800-207: A Zero Trust Architecture

Lecture 24 ZTA Components

Lecture 25 Microsoft Zero Trust Principles

Lecture 26 Microsoft Zero Trust Capability Mapping

Section 6: Design a resiliency strategy for ransomware and other attacks

Lecture 27 Demo: Exposure Management in Defender XDR

Lecture 28 Demo: Attack Surface

Lecture 29 Demo: Exposure Insights

Lecture 30 Demo: Secure Score

Section 7: Design solutions for security operations

Lecture 31 What is a SOC?

Lecture 32 SOC Tier Model

Lecture 33 Cyber Security Incident Response Process

Lecture 34 EDR, XDR, SIEM & SOAR

Lecture 35 Blue, Red & Purple Teaming

Lecture 36 What is a Threat?

Lecture 37 Intelligence, Threat Intelligence & Cyber Threat Intelligence (CTI)

Lecture 38 What is CTI?

Lecture 39 Threat, Vulnerability & Risk

Lecture 40 Threat-Informed Defense

Lecture 41 Tactics, Techniques & Procedures (TTPs)

Lecture 42 IOCs & IOAs

Lecture 43 Pyramid of Pain

Lecture 44 CTI Sources

Lecture 45 What is a Vulnerability?

Lecture 46 Common Vulnerabilities and Exposures (CVE)

Lecture 47 Common Vulnerability Scoring System (CVSS)

Lecture 48 Demo: Threat Analytics

Lecture 49 Demo: Intel Profiles

Lecture 50 Demo: Intel Explorer

Lecture 51 What is Microsoft Sentinel?

Lecture 52 Deployment Prerequisites

Lecture 53 Demo: Create a Log Analytics Workspace

Lecture 54 Demo: Create a Sentinel Workspace

Lecture 55 Sentinel RBAC

Lecture 56 Demo: Connect Sentinel with Defender XDR

Lecture 57 Typical data sources for a SIEM

Lecture 58 Demo: Content Hub

Lecture 59 Demo: Ingesting CTI into Sentinel

Lecture 60 Demo: Verify CTI Log Ingestion

Lecture 61 Demo: Ingesting Entra ID into Sentinel

Lecture 62 Demo: Verify Entra ID Ingestion

Lecture 63 AMA and DCR

Lecture 64 Demo: Ingesting Windows Security Event Logs with AMA and DCR

Lecture 65 Sentinel Workflow

Lecture 66 Analytic Rules

Lecture 67 Demo: Analytic Rules

Lecture 68 Scheduled Analytic Rules

Lecture 69 Demo: Scheduled Analytic Rules - Entra ID

Lecture 70 Demo: Scheduled Analytic Rules - Windows Security Events

Lecture 71 Near-Real-Time-Rules (NRT)

Lecture 72 Demo: Near-Real-Time-Rules (NRT)

Lecture 73 Fusion

Lecture 74 Demo: Fusion

Lecture 75 ML Behavior Analytics

Lecture 76 Demo: ML Behavior Analytics

Lecture 77 Threat Intelligence Rules

Lecture 78 Demo: Threat Intelligence Rules

Lecture 79 Microsoft Security Rules

Lecture 80 Demo: Microsoft Security Rules

Lecture 81 Demo: Incident Dashboard

Lecture 82 UEBA in Sentinel

Lecture 83 Demo: UEBA in Sentinel

Lecture 84 Automation Capabilities in Sentinel

Lecture 85 Automation Rules

Lecture 86 Demo: Automation Rules

Lecture 87 Playbooks

Lecture 88 Automation Rules vs. Playbooks

Lecture 89 Azure Logic Apps

Lecture 90 Demo: Playbooks & Azure Logic Apps

Lecture 91 Notebooks in Sentinel

Lecture 92 Demo: Notebooks with MSTICPy

Lecture 93 Pricing Models

Lecture 94 Commitment Tiers

Lecture 95 Log Types

Lecture 96 Archive and Restore Logs

Lecture 97 Demo: Cost Optimization Workbook

Lecture 98 KQL 101

Lecture 99 Demo: KQL 101

Lecture 100 What is Copilot for Security?

Lecture 101 From Prompt to Reponse

Lecture 102 Architecture

Lecture 103 Extending Copilot with Plugins & more

Lecture 104 Privacy Implications

Lecture 105 Authentication & RBAC

Lecture 106 Standalone vs. Embedded Experience

Lecture 107 Pricing

Lecture 108 IMPORTANT - DO NOT SKIP

Lecture 109 Onboarding Requirements

Lecture 110 Demo: Create Compute Capacities

Lecture 111 Demo: Setup Copilot for Security

Lecture 112 Creating Effective Prompts

Lecture 113 Demo: Prompt Usage Monitoring

Lecture 114 Demo: Incident Investigation Promptbook

Lecture 115 Demo: Suspicious Script Analysis Promptbook

Lecture 116 Demo: Vulnerability Impact Assessment Promptbook

Lecture 117 Demo: CTI Prompts

Lecture 118 Demo: Vulnerability Assessment Prompts

Lecture 119 What is ATT&CK?

Lecture 120 Mapping ATT&CK to the Pyramid of Pain

Lecture 121 Matrices

Lecture 122 Tactics

Lecture 123 Techniques

Lecture 124 Subtechniques

Lecture 125 Tactics, Techniques & Subtechniques

Lecture 126 Data Sources

Lecture 127 Detections

Lecture 128 Mitigations

Lecture 129 Groups

Lecture 130 Software

Lecture 131 Campaigns

Lecture 132 Relations

Lecture 133 Demo: ATT&CK Enterprise Matrix

Lecture 134 ATT&CK in Sentinel

Lecture 135 Demo: Playbook with MITRE ATT&CK & ChatGPT

Section 8: Design solutions for identity and access management

Lecture 136 Microsoft Entra

Lecture 137 Microsoft Entra ID

Lecture 138 User Identities

Lecture 139 Managed Identities

Lecture 140 Demo: Managed Identities

Lecture 141 Groups

Lecture 142 Demo: Groups

Lecture 143 Administrative Units (AU)

Lecture 144 Demo: AUs

Lecture 145 Authentication Methods

Lecture 146 External Identities

Lecture 147 Identity Protection

Lecture 148 Demo: Identity Protection

Lecture 149 Attacks on Passwords

Lecture 150 Multi-Factor Authentication (MFA)

Lecture 151 Passwordless Authentication

Lecture 152 Password Protection

Lecture 153 Single-Sign-on (SSO)

Lecture 154 Entra Verified ID

Lecture 155 Self-Service Password Reset (SSPR)

Lecture 156 Entra Connect

Lecture 157 Hybrid Authentication

Lecture 158 Entra Domain Services

Lecture 159 Entra ID Roles

Lecture 160 Azure Role-Based-Acces-Control (RBAC)

Lecture 161 Azure RBAC vs. Entra ID Roles

Lecture 162 Conditional Access

Lecture 163 Demo: Conditional Access

Lecture 164 What is Defender for Identity?

Lecture 165 Identities are the new security perimeter!

Lecture 166 NTLM

Lecture 167 Pass-the-Hash Attacks

Lecture 168 Kerberos

Lecture 169 Pass-The-Ticket Attacks

Lecture 170 Brute Force Attacks

Lecture 171 Remote Code Execution Attacks

Lecture 172 Application Identities & Application Registrations

Lecture 173 Demo: Create an Application Registration

Lecture 174 Entra Application Proxy

Section 9: Design solutions for securing privileged access

Lecture 175 Entra ID Governance

Lecture 176 Entra ID Entitlement Management

Lecture 177 PIM

Lecture 178 Access Reviews

Lecture 179 EPM

Section 10: Design solutions for regulatory compliance

Lecture 180 Microsoft Purview

Lecture 181 Sensitive Information Types

Lecture 182 Demo: Sensitive Information Types

Lecture 183 Sensitivity Labels

Lecture 184 Demo: Sensitivity Labels

Lecture 185 Data Loss Prevention (DLP)

Lecture 186 Demo: DLP

Lecture 187 Records Management

Lecture 188 Retention Policies, Retention Labels & Retention Label Policies

Lecture 189 Insider Risk Management

Lecture 190 Demo: Insider Risk Management

Lecture 191 eDiscovery

Lecture 192 Demo: eDiscovery

Section 11: Design solutions for security posture management in hybrid and multicloud

Lecture 193 What is Microsoft Defender for Cloud?

Lecture 194 CSPM & CWP

Lecture 195 Defender for Cloud RBAC

Lecture 196 Demo: Enable All Plans in Defender for Cloud

Lecture 197 What is CSPM?

Lecture 198 CSPM Plans

Lecture 199 Asset Inventory

Lecture 200 Demo: Asset Inventory

Lecture 201 Security Recommendations

Lecture 202 Demo: Security Recommendations

Lecture 203 Secure Score

Lecture 204 Demo: Secure Score

Lecture 205 Workbooks

Lecture 206 Demo: Azure Workbooks in Defender for Cloud

Lecture 207 Data Exporting

Lecture 208 Demo: Data Exporting

Lecture 209 Remediation

Lecture 210 Demo: Remediation

Lecture 211 Microsoft Cloud Security Benchmark

Lecture 212 Demo: Microsoft Cloud Security Benchmark

Lecture 213 Governance Management

Lecture 214 Demo: Governance Management

Lecture 215 Regulatory Compliance

Lecture 216 Demo: Regulatory Compliance

Lecture 217 Cloud Security Explorer

Lecture 218 Demo: Cloud Security Explorer

Lecture 219 Attack Path Analysis

Lecture 220 Agentless Vulnerability Scanning

Section 12: Specify requirements for securing server and client endpoints

Lecture 221 What is Defender for Endpoint?

Lecture 222 Demo: Management and Administration

Lecture 223 Demo: Vulnerability Management

Lecture 224 What is CWP?

Lecture 225 Demo: Create Resource Group

Lecture 226 Alert Queue

Lecture 227 Demo: Alert Queue

Lecture 228 What is Defender for Servers?

Lecture 229 Agents

Lecture 230 Defender for Servers Plans

Lecture 231 Defender for Endpoint Integration

Lecture 232 Licensing

Lecture 233 Threat Detection for OS-Level

Lecture 234 Alerts for Windows Machines

Lecture 235 Alerts for Linux Machines

Lecture 236 Demo: Create Virtual Machines

Lecture 237 Demo: Brute Force SSH

Lecture 238 Just-in-time VM access

Lecture 239 Demo: Just-in-time VM access

Section 13: Specify requirements for securing SaaS, PaaS, and IaaS services

Lecture 240 Azure Compute Services

Lecture 241 Azure Virtual Machines (VMs)

Lecture 242 Disk Encryption Options in Azure

Lecture 243 Azure Disk Encryption (ADE)

Lecture 244 Encryption at Host

Lecture 245 Confidential Disk Encryption

Lecture 246 Defender for Containers

Lecture 247 Demo: Defender for Containers

Lecture 248 Azure App Service

Lecture 249 Demo: Azure App Service

Lecture 250 Azure App Service Environments (ASE)

Lecture 251 Demo: ASE

Section 14: Evaluate solutions for network security and Security Service Edge (SSE)

Lecture 252 Azure Virtual Networks (VNets)

Lecture 253 Network Security Groups (NSGs)

Lecture 254 Application Security Groups (ASGs)

Lecture 255 Azure Resource Firewalls

Lecture 256 Routing in Azure

Lecture 257 User-Defined-Routes (UDRs)

Lecture 258 VNet Peering

Lecture 259 VPNs

Lecture 260 ExpressRoute

Lecture 261 Azure Firewall

Lecture 262 Demo: Azure Firewall

Lecture 263 Azure Firewall Manager

Lecture 264 Azure Load Balancer

Lecture 265 Demo: Azure Load Balancer

Lecture 266 Azure Application Gateway

Lecture 267 Demo: Application Gateway

Lecture 268 Azure Front Door

Lecture 269 Demo: Front Door

Lecture 270 Azure DDoS Protection

Lecture 271 Demo: DDoS Protection

Section 15: Evaluate solutions for securing Microsoft 365

Lecture 272 What is Defender for Office 365?

Lecture 273 Defender for Office 365 - Edge Protection

Lecture 274 Defender for Office 365 - Sender Intelligence

Lecture 275 Defender for Office 365 - Content Filtering

Lecture 276 Defender for Office 365 - Post Delivery Protection

Lecture 277 Demo: Preset Security Policies

Lecture 278 Demo: Anti-Phishing Policy

Lecture 279 Demo: Anti-Spam Policy

Lecture 280 Demo: Anti-Malware Policy

Lecture 281 Demo: Safe Attachments

Lecture 282 Demo: Safe Links

Lecture 283 Demo: Tenant Allow/Block Lists

Lecture 284 What is Defender for Cloud Apps?

Lecture 285 Demo: Cloud App Catalog

Lecture 286 Demo: Cloud App Policies

Section 16: Design solutions for securing applications

Lecture 287 What is OWASP?

Lecture 288 OWASP Top 10

Lecture 289 DevOps Security

Lecture 290 Design solutions that secure applications by using Azure WAF

Lecture 291 Demo: Azure WAF

Section 17: Design solutions for securing an organization's data

Lecture 292 Azure Storage

Lecture 293 Demo: Storage Accounts

Lecture 294 Authentication and Auhtorization for Storage

Lecture 295 Storage Account Access Keys

Lecture 296 Demo: Storage Account Access Keys

Lecture 297 Shared Access Signatures (SAS)

Lecture 298 Demo: SAS

Lecture 299 Defender for Storage

Lecture 300 Demo: Defender for Storage

Lecture 301 Azure SQL

Lecture 302 Demo: Azure SQL Database

Lecture 303 Azure SQL Transparent Data Encryption (TDE)

Lecture 304 Demo: TDE

Lecture 305 Azure SQL Always Encrypted

Lecture 306 Demo: SQL Always Encrypted

Lecture 307 Azure SQL Dynamic Data Masking

Lecture 308 Defender for Databases

Lecture 309 Defender for SQL Databases

Section 18: Bonus

Lecture 310 Bonus

SOC Analyst,Security Engineer,Security Consultant,Security Architect,Security Manager,Cloud Engineer,Cloud Architect,IT Manager,CISO