Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back to the M S ST 65 Security Administration course.
00:05
I'm your instructor, Jim Daniels,
00:08
and we're on module three Industry 65 Threat Protection
00:12
Lesson two.
00:13
Advanced Threat Protection Part four. As you're a TV
00:18
in this lesson, we're going to go over how azure 80 p. Advanced threat protection
00:23
helps identify, detect and investigate threats.
00:27
We'll also look at some of the configuration and management aspects of azure A teepee,
00:33
as your 80 p is a cloud based security solution that leverages your on premises Active directory to identify,
00:40
detect and investigate advanced threat
00:43
compromise identities and malicious insider actions directed at your organization.
00:50
As your 80 p detects multiple suspicious activities focusing on several phases of a cyberattack kill chain.
00:57
Some of these include lateral movement,
01:00
this one an attacker, invest time and effort
01:03
to spread increased their attacks service inside your network.
01:07
Reconnaissance
01:08
is when an attacker gathers information on how your environments built.
01:12
They're building their plan for their next phase of attack.
01:17
If you learn about your target,
01:19
you can plan your tax better. That's what reconnaissance is.
01:23
Domain dominance. Persistence
01:26
is where an attacker captures the information,
01:29
allowing them to resume their campaign using various sets of entry points, credentials and techniques.
01:36
This is pretty much the
01:38
embraced,
01:41
hopefully doesn't get to this. This is where, as your 80 p life will give you an alert and early detection if this will be your fate,
01:52
this lot describes how the full of azure 80 peace and network and invent capturing works
01:57
and how it drills down to describe the functionality. The main components.
02:01
The Azure 80 p portal azure 80 p sensor in the azure 80 p Cloud Service.
02:09
The azure 80 p sensor is a stone directly on your domain controller
02:15
and accesses the required events low directly from the demand controller is at the source of the logs
02:23
after the logs and network traffic or parsed by the sensor
02:27
as you're a teepee. Sins only the parsed information
02:30
to the azure 18 p. Cloud service.
02:34
Only a small percentage of all of the logs were sent
02:38
to configure azure. A teepee.
02:40
Enter your azure a TV portal.
02:44
80 p the 80 p dot after dot com
02:49
What do you really remember? All right, anyway,
02:53
as they advanced right protection. That's the euro.
02:57
Enter the after a TV portal as something in this screenshot.
03:00
Create your workspace. Provide a user name and password. You connect to your 80 forced.
03:07
Download the
03:08
sensor set up package,
03:10
install the sensor and configure the sensor settings.
03:14
I will say that
03:15
as you're a TV is not a free service.
03:20
It is a resource within azar,
03:23
so you will have your normal costs for your workspace
03:27
and you will have your normal costs for ingestion.
03:31
There's calculators is available to help you with that cost. Just one before disclosure. This is not one of those features, like GOP, as launch percent included with your MSV 65. Sweet or Subscription.
03:45
Here's an example of a suspected identity theft or past the tickets.
03:53
We have a graph that shows the different steps and different evidence.
03:57
It's time stand.
03:59
We have the users and the workstations. All that in play are blurred out in this example.
04:04
And as an event,
04:06
as administrators, we can have the option to re mediate so we can market as close.
04:13
We can suppress it
04:15
or we can close and exclude
04:16
Closing. Exclude is more for false positives
04:20
that you don't want to be notified about in the future. You can also download the details, So then you can send them up to personal question. You can send them to ah Sisa, consenting to whoever you need to.
04:33
I talked a little bit about how you can
04:36
mark each of them
04:39
open.
04:40
All suspicious activities appear in the list. If they're open, they're here.
04:45
Close
04:46
suppress is ignored.
04:47
Reopened. Once his clothes is suppressed
04:50
in, actually reopen it again.
04:53
Delete.
04:54
That's when it is dilated, and you will not be able to restore it.
04:59
Quiz the components of Azure 80 p. R. The azure 80 p portal
05:04
as your 80 p sensor
05:06
and the azure 80 p proxy relay.
05:10
True
05:11
or false? One of the components
05:16
you said. True, you're wrong.
05:20
The answer is false. As your 80 p proxy relay
05:25
does not exist,
05:27
the Azure 80 p clown service is the correct third component.
05:32
So to recap, today's very short lesson as your advanced right protection is a cloud based security solution that leverages your one premises active directory to identify, detect and investigate advance stress, compromise identities and malicious insider actions directed at your organization.
05:53
As part of the remediation and work Flynn
05:56
as you're a teepee, events could be more disclosed. You can suppress them,
06:00
reopen them or even deleting from the senseless.
06:04
Thank you for joining me for this lesson. Okecie for the next one.
06:09
Take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor