Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back, Siberians
00:02
to the M s 3 65 Security Administration. Course.
00:06
I'm your instructor, Jim Daniels.
00:08
We're on Model four in S 3 65. Information protection,
00:13
and we're going to go over Cloud at security.
00:16
In this lesson. We're gonna cover the framework of cloud at security Cast
00:20
cloud at security deployment, troubleshooting and best practices
00:25
Cloud Discovery dashboard
00:27
and a lark Management within cloud application security.
00:31
So the framework for calling AB security really revolves around four areas. Cyber threat protection, shadow I t
00:39
information protection and assess the compliance
00:43
of your organization.
00:46
Clot up security is a cloud access security broker, casby,
00:51
that supports various deployment models, including long collection, A PR connectors and reverse proxy.
00:58
Provides risk visibility, control over data travel.
01:02
Identifying combat cyber threats across all your Microsoft and third party cloud services.
01:07
CASS doesn't just work with Microsoft products. It helps you discover
01:14
the shadow I t. That your users are utilizing within your organization.
01:19
There are a few steps to implement. Calling up security.
01:23
Stem one.
01:25
Set up quality. Discovering
01:27
step two set instant visibility, protection and governance for your APS.
01:33
Step three, control cloud apse with policies that would create the policy.
01:38
Step four personalized the experience for your organization,
01:44
your organizations.
01:46
Threat, tolerance. Remember? Yeah, that threshold
01:49
over what is allowed and what isn't allowed. Maybe you're a consultant. One organization allows Facebook for recreational use of their boys. Another organization expressly did. For business.
02:00
Everything is different. Each organization has its own stance, policies and procedures.
02:07
Step five Organized data according to your needs.
02:12
Some of the prerequisite is for Claude up security license. You have to have the appropriate licence
02:17
you can do.
02:19
Call that security Allen Court
02:22
War. It's include automatically with the enterprise of building Security E five sleep
02:25
as well as the M s 3 65 e five. Sweet.
02:30
After the license or active,
02:31
you get activation. You know
02:35
you have to have incorrect admiralty implemented.
02:37
You have to be a global ad man or azure active directory security admin.
02:40
That's the role of the user that implements cast
02:46
for browser requirements. You got to use I 11.
02:51
Mm. I mean,
02:53
do what you want to do about.
02:53
I would never recommend using i e. Anything.
02:58
Use the latest versions off edge as chromium, fantastic browser, Chrome and Firefox.
03:04
Any modern browser will suffice for the cloud of security portal.
03:08
So Microsoft keeps a cannibal of third party
03:13
cloud services cloud applications
03:15
within that kind of log. They have various risk factors,
03:20
various compliance standards that those applications have.
03:23
Those were horse change as the services come out as the services evolved.
03:30
So whenever a and applications discovered in your cast, you actually have credible
03:37
information about that website.
03:39
As far as his support. TLS, Is it encrypted
03:43
here? Is it
03:45
hit? The compliant
03:46
has all of that information. So you, as a security professional, can either make the correct decision
03:52
or take the information that's given and give it to the person who does make that decision.
03:57
Applications are given metadata to use for filtering alerts. Categorization
04:01
tags
04:02
sanction. Unsanctioned custom
04:05
tags are your organization so you can help
04:10
filter and do reports
04:13
you can view based on application. I P addresses users and machines.
04:18
One important
04:19
thing I like to know with CASS
04:23
garbage in garbage out
04:25
policies association controls more flexible,
04:28
better data. You have
04:30
more organized, and the more tag that data is,
04:33
if you don't have applications telling to ask, compliant or non compliant,
04:38
what good does it do for you to do is start for compliant. APS
04:42
doesn't do any good. You have to take the time
04:45
to sit down and plan your strategy when your people may cast.
04:50
There are two times of discovery reports
04:54
snaps up.
04:55
This is at high visibility
04:57
when a set of traffic clogs air manually uploaded from firewalls and proxies.
05:01
This is for manually uploaded logs. Continuous reports is continual analysis of all logs they're afforded
05:09
automatically from your network by using Claude have security.
05:13
This is for automatically Ford a box. Of course, between those two, you want to try to get continuous reports
05:19
because you want the
05:21
breath of data over time so you can actually have legitimate and efficient analysis
05:30
process. For those reports,
05:31
you have to up one.
05:33
CASS processes it and then you assess it.
05:38
Upload manual automatic.
05:41
You know what if firewall
05:42
it even has built in integrations with Microsoft products like Defender 80 p
05:47
process it will Parson analyse and compare against the app cattle we told about. There's thousands of third party websites software as a service platform as a service type shadow. I see and third party applications assess
06:04
as your Discovery Area. Your reports in your alerts
06:09
we just had on Windows Defender 80 p integration.
06:14
To turn on that integration feature, go into the Defender security center
06:19
and Utah. Go on like herself, quite out security
06:23
that will automatically four defender a TV signals
06:27
que viene Claude have security a
06:29
deeper visibility.
06:30
Think about it if your user has a Windows 10 enterprise machine with
06:35
defender ESE P.
06:38
If you're just boarding viral logs,
06:41
you only get information on that machine when they're connected to your
06:46
network or your VPN the guests of your firewall.
06:48
If you allow people to work remote where you work from home, connect to another network.
06:54
You don't have this ability at that point in your car. That security module. So why you want to do is you actually want to integrate
07:00
defender ese thing. For that reason,
07:03
here's a screenshot of the dashboard.
07:06
You can actually see what applications of the most popular
07:11
and you're discovered after you console back home.
07:14
This allows a view of the highest traffic uses, transaction volume, users, machines, etcetera, etcetera.
07:19
So, in this particular example, we can see YouTube is being utilized quite frequently, depending on the policies we may want to go in and look at YouTube usage. Maybe there's one or two users that are spiking at.
07:33
Maybe they're violating the policy or maybe a sanctioned.
07:39
Why can that an app
07:41
caught up security? After you connect the APP, you can gain deeper visibility seeking and investigate activities, files and accounts
07:48
for the apse in your cloud environment.
07:51
One of the connectors that has is service now
07:55
so we can actually go in
07:57
connect cloud up security and the service now.
08:01
So when users utilise service now we can get those reports. We can get the whole entire visibility weaken, get where they're accessing it from what users are utilizing service. Now what users aren't what I P addresses
08:15
all source of information. We can go through by tagging
08:20
and cattle
08:20
to get various reports that may be useful for the services manager operations manager were even department Andrew for their employees.
08:31
AP connectors Use a P I of application providers like service Now to enable greater visibility and control about Microsoft, climbed up security over the actually connect to
08:41
some of the ones available. Now our office 3 65 Azure Box G suite service now and a few other. They are adding
08:50
more after Nectars on a regular basis.
08:54
You can use policies to help monitor trends, see security threats and generate customised reports with alerts.
09:01
With policies, you can create governance actions, set deal P
09:07
and file sharing controls.
09:09
There are multiple types of policies
09:11
that correlates to the different types of information. You want to gather about your environment,
09:15
and it's after remediation actions that you may want to take
09:18
process
09:20
that's needs to be followed to control risk policies.
09:24
Create the policy. Of course, you have to have a created either from a template for Macquarie custom.
09:30
Analyze it. You will find. Tune that
09:33
until you get the results you want,
09:35
and then
09:35
you add automated actions to respond to the risk automatically.
09:41
So if this happens
09:43
is turned,
09:43
you're pretty confident that when it says that happens, it actually happens. Then you can apply the automated action to it.
09:50
There are a few different types of cast policies
09:54
available. Policy times depend on the data sources and features you have enabled within your cloud app. Security environment
10:01
access policy requires conditional access at control,
10:05
so we have access policy activity,
10:07
anomaly detection
10:09
at Discovery,
10:11
Cloud Discovery, anomaly, final policy and session policy.
10:16
Each one of those policies has their own corresponding automated response.
10:22
To create a cast policy,
10:24
we go to control templates. We saw it in a policy template from the list and then choose create policy.
10:31
You can customize the policy so, like the filters, actions,
10:37
other settings and then choose create.
10:39
When a policy's tab, we're gonna choose the policy to see relevant mashes
10:43
such as activities. But I always alerts.
10:46
Cover all of your scenarios created policy for each risk
10:52
credit policy you're not applying the action
10:56
policy is your checking out your environment. You're seeing what's going on.
11:01
So if you create a policy that doesn't lead to an action for a user,
11:05
it just gives you visibility on those things that you want to track
11:11
to look at and analyze
11:13
Personalized cloud of security.
11:16
Some of the features work best when they're customized for your organisational needs
11:20
and provide a better experience for your users. Utilizing your own custom email templates,
11:28
you decide what notifications you receive and customize your risk or based on your organization's preference.
11:35
Washington You configure the organizational settings you wanna? You wanna have them organized? Remember
11:41
garbage in garbage out.
11:43
You want everything organizing special. If you have a massive amount of data,
11:48
the settings help give you better control over features in the console. With I p tanks, you create policies that fit your name
11:56
to accurately thoughts of data etcetera
12:00
you can use that have used to group your data in a logical categories.
12:03
I feed tags within our environment. We have multiple geo locations, so we actually have a tag based on the location.
12:11
You know, if you have an office in one city with certain i p scheme and another city with a start 90 scheme
12:16
you concerning that
12:18
so you can run and
12:20
filter your reports based on those tags
12:24
to create those ah p address ranges
12:26
from the settings
12:28
we select crowd club discovery settings.
12:31
From here we go to select off the address. Rangers were quickly the plus the ad arrange and then we enter the range details location. What kind of tired you want to call it?
12:41
And then when she was created
12:43
for these ranges, we do use cider notation,
12:48
cast policies and alerts can be associated with the fine risk
12:52
access control.
12:54
Access what from where in what
12:58
config control monitor changes
13:01
a lot of discovery as shadow I t. Application usage. Privileged accounts. You can even monitor
13:07
the activity of global admin is and other defined purpose accounts.
13:13
Sharing controlled GOP in compliance
13:15
can monitor permissions, final types content label sharing activities.
13:18
You can even get an alert whenever someone shares something externally with a user, not when your domain
13:26
threat detection machine Learning detection of misuse of data
13:31
Quiz
13:31
loss statement is true about CASS. Discovery reports.
13:37
Hey,
13:37
continuous reports require a manual upload of log fouls
13:41
be continues. Reports are based on automatically forded and ingested logs
13:48
see snatch up and continuous reports are based on automatically forded and ingested logs.
13:54
The snapshot reports are not generated from manually uploaded of all fouls. Why do you think I'll give you a few
14:03
moments
14:03
to ponder your choices?
14:07
The correct answer
14:09
to this multiple choice question
14:11
is either a, B, C or D.
14:16
See, I'm buying you a bit more time. Right now.
14:18
The correct answer is B
14:20
CASS Discovery Force Continuous reports. A basin automatically afforded an ingested logs.
14:28
So, for instance, within our environment with a pile of also firewall.
14:31
We have a UNIX
14:35
virtual machine
14:35
that collects
14:37
there's firewall afford of the events
14:39
and then uploads it securely into our clot AB security environment.
14:48
Continuous automatic Snapshot manual
14:52
to recap. The lesson
14:54
Microsoft clawed at security is a cloud access security broker that supports various deployment moves, including long collections. AP I connectors and reverse proxy.
15:05
More integrations. You add within, clawed at security them or of a complete picture you get of your organization.
15:13
You can use the Lord's End Claude have security to fine tune policies and initiate security activities.
15:20
Thank you for joining me in this lesson, which is the last of model for
15:24
hope to see you back for the beginning. The module five. Thank you.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor