SC-900: Microsoft Security, Compliance, and Identity Fundamentals Certification Video Training Course
The complete solution to prepare for for your exam with SC-900: Microsoft Security, Compliance, and Identity Fundamentals certification video training course. The SC-900: Microsoft Security, Compliance, and Identity Fundamentals certification video training course contains a complete set of videos that will provide you with thorough knowledge to understand the key concepts. Top notch prep including Microsoft Security SC-900 exam dumps, study guide & practice test questions and answers.
SC-900: Microsoft Security, Compliance, and Identity Fundamentals Certification Video Training Course Exam Curriculum
Course Introduction
-
1. Course Introduction4:00
Module 1 Describe the concepts of security, compliance, and identity
-
1. Chapter 1 : Security concepts and methodologies - Introduction1:00
-
2. Zero Trust - Guidelines3:00
-
3. Zero Trust - Six Foundational Pillars4:00
-
4. The Shared Responsibility Model6:00
-
5. Defence in Depth Strategy3:00
-
6. The CIA Triad6:00
-
7. Describe Common Threats6:00
-
8. Describe Encryption , hashing and Signing -I4:00
-
9. Describe Encryption , hashing and Signing - II4:00
-
10. Lesson Conclusion1:00
-
11. Microsoft security and compliance principles - Lesson Introduction1:00
-
12. Microsoft's Privacy Principles2:00
-
13. What is Service Trust Portal2:00
-
14. Azure Compliance Documentation1:00
-
15. Module 1 : Chapter Summary1:00
Module 2 Describe the concepts & capabilities of Microsoft identity and access
-
1. Describe Identity Concepts - Introduction1:00
-
2. Common Identity Attacks5:00
-
3. Identity As a Security perimeter4:00
-
4. Four Pillars of Identity6:00
-
5. Modern Authentication and the role of Identity provider3:00
-
6. SSO and the Concept of Federation4:00
-
7. The concept of directory services and Active Directory3:00
-
8. Describe the basic services and identity types - Introduction1:00
-
9. Describe Azure Active Directory3:00
-
10. Azure AD Editions4:00
-
11. Describe the Azure AD identity types8:00
-
12. Difference between System assigned and user assigned managed Identity3:00
-
13. Describe the types external identities5:00
-
14. Describe the concept of hybrid Identities4:00
-
15. Describe the authentication capabilities of Azure - Introduction1:00
-
16. Describe the different authentication methods3:00
-
17. Security defaults and MFA4:00
-
18. MFA in Azure AD - Part 12:00
-
19. MFA in Azure AD - Part 23:00
-
20. Windows Hello3:00
-
21. Why is Windows Hello safer than a password2:00
-
22. Self-service password reset in Azure AD5:00
-
23. Password protection and management capabilities of Azure AD5:00
-
24. Protecting against password spray2:00
-
25. Hybrid security2:00
-
26. Describe the access management capabilties of AzureAD1:00
-
27. Conditional access in Azure AD4:00
-
28. Conditional access in Azure AD - II6:00
-
29. Conditional access in Azure AD - III3:00
-
30. Azure AD Roles & Custom Roles3:00
-
31. Chapter Summary1:00
-
32. Describe the identity protection and governance capabilties of Azure AD1:00
-
33. What is Identity Governance1:00
-
34. What is Identity lifecycle4:00
-
35. Access Lifecycle2:00
-
36. Privileged access lifecycle2:00
-
37. What is Entitlement management3:00
-
38. Azure AD access reviews3:00
-
39. Azure AD terms of use2:00
-
40. Capabilities of Privileged identity Management2:00
Module 3 : Describe the capabilties of Microsoft security solutions
-
1. Module Introduction2:00
-
2. Network security groups3:00
-
3. Inbound and outbound security rules4:00
-
4. What is DDOS3:00
-
5. Azure DDOS protection plans and pricing3:00
-
6. Azure Firewall4:00
-
7. Azure Bastion Host4:00
-
8. Web Application Firewall2:00
-
9. Azure Encryption3:00
-
10. Azure Key Vault2:00
-
11. Lesson Summary2:00
-
12. Cloud Security Posture management4:00
-
13. Azure Security Center4:00
-
14. Azure Security Center - Features4:00
-
15. Azure Security Center - Security Score2:00
-
16. Azure defender6:00
-
17. Azure Security Benchmark5:00
-
18. Azure Security Center - Pricing Tier1:00
-
19. Chapter Summary1:00
-
20. Describe the security capabilities of Azure Sentinel2:00
-
21. Define the concepts of SIEM, SOAR and XDR6:00
-
22. Azure Sentinel2:00
-
23. Azure Sentinel Features6:00
-
24. Azure Sentinel - Pricing1:00
-
25. Chapter Summary1:00
-
26. Describe the threat protection capabilities of - Introduction2:00
-
27. Microsoft 365 Defender services - Introduction3:00
-
28. Microsoft Defender for Identity5:00
-
29. Microsoft Defender for O3655:00
-
30. Microsoft Defender for Endpoint4:00
-
31. What is CASB3:00
-
32. The Cloud App Security framework2:00
-
33. Microsoft Cloud App Security architecture3:00
-
34. O365 Cloud App security And Azure AD Cloud App Discovery1:00
-
35. Chapter Summary1:00
-
36. Security Management Capabilties of M365 - Introduction2:00
-
37. Microsoft 365 Security Center - Intro5:00
-
38. How to use Microsoft Secure Score3:00
-
39. Differences between the Azure and Microsoft Secure Score1:00
-
40. Managing Incidents2:00
-
41. Chapter Summary1:00
-
42. Describe endpoint security with Microsoft Intune - Introduction1:00
-
43. What is Intune2:00
-
44. MDM and MAM3:00
-
45. Endpoint Security with Intune7:00
-
46. Lesson Summary1:00
Module 4 : Describe the capabilities of Microsoft compliance solutions
-
1. Module 4 introduction1:00
-
2. Common Compliance Needs2:00
-
3. Common compliance regulations3:00
-
4. Compliance Center2:00
-
5. What is Compliance Manager2:00
-
6. What are Controls1:00
-
7. What are Assesments2:00
-
8. Understand Compliance score3:00
-
9. Chapter Summary1:00
-
10. The information protection and governance capabiliities of Microsoft 3651:00
-
11. Know your data, protect your data, and govern your data3:00
-
12. Data classification capabilities of compliance Center5:00
-
13. Content Explorer and Activity Explorer4:00
-
14. Sensitivity labels5:00
-
15. Label Policies3:00
-
16. Data Loss Prevention3:00
-
17. Data Loss Prevention on endpoints and teams2:00
-
18. Retention Polices and Retention Labels4:00
-
19. Records Management3:00
-
20. Chapter Summary1:00
-
21. The insider risk capabilities in Microsoft - Introduction1:00
-
22. Insider Risk management2:00
-
23. Insider Risk management Workflow3:00
-
24. Communications Compliance5:00
-
25. Information barriers in Microsoft Teams2:00
-
26. Privileged Access Management4:00
-
27. Customer Lockbox4:00
-
28. Lesson Summary1:00
-
29. eDiscovery capabilities of Microsoft M365 - Introduction1:00
-
30. The Purpose of eDiscovery2:00
-
31. The capabilities of the content search5:00
-
32. The Core eDiscovery Workflow6:00
-
33. The advanced eDiscovery workflow4:00
-
34. Lesson Summary1:00
-
35. The audit capabilities of Microsoft 365- introduction1:00
-
36. The core audit capabilities of M3654:00
-
37. What are the Advance Auditing Capabilities5:00
-
38. High Bandwidth for Office 365 API Activities2:00
-
39. Lesson Summary1:00
-
40. Describe the resource governance capabilities- introduction1:00
-
41. Resource Manager - Locks2:00
-
42. What is Azure Blueprints3:00
-
43. What is Azure Policy4:00
-
44. Difference between Azure Policy and RBAC2:00
-
45. Cloud Adoption Framework2:00
About SC-900: Microsoft Security, Compliance, and Identity Fundamentals Certification Video Training Course
SC-900: Microsoft Security, Compliance, and Identity Fundamentals certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass.
Module 2 Describe the concepts & capabilities of Microsoft identity and access
22. Self-service password reset in Azure AD
A key feature in this case is self-service password reset. I'm calling it important because this is changing the lives of the administrators of the Help Desk, people who are constantly helping employees change their passwords. Not anymore with this particular feature, because "self-service password reset" as a name itself says that users will be able to reset their passwords without the administrator's or Help Desk's involvement. So what happens if the user is logged out because they typed their password incorrectly? Or what happens if they forget the password because the user just came back from their wonderful vacation? Well, users can follow a prompt to reset their passwords and get back to work. There are several advantages to self-service password reset.
Let's talk about that. So it's increasing security. Yeah, it's a security feature as well. So we do not need to employ additional Help Desk guys. So there is a possibility of a "man in the middle" attack where an attacker is acting as Help Desk personnel. Right. SSPR also saves the organization money by reducing the number of calls and requests to the help desk staff, which increases productivity and allows the user to get back to work faster. What are the use cases here? What are the scenarios in which self-service password reset will be useful? Okay, so think about password changes, password resets, or account unlocks, right?
So when the user knows their password but wants to change it to something new, in the second case, when the user cannot sign in, such as because they forgot their password, maybe, and wants to reset their password, And the last one is account lockout, where this guy totally forgot his password and tried to login with multiple passwords, but then it didn't work. So the user cannot sign in because their account will be eventually logged out because they're just trying several times with passwords. That's not correct. Now, how do we use this self-service password reset? Now, in order to use the SSPR, the users must have an Azure Active Directory license. The SSPR must be enabled by the administrator, and the users must be registered with the authentication methods they want to use.
Well, there are several authentication methods. You're probably already aware of it; you're probably already aware of it. There is a mobile app notification where you can be authenticated using a code sent to your mobile app. Probably an email, a mobile phone, or a ring on your office phone, or perhaps some security questions that can be answered will assist you in resetting the password. So when a user resets their password using SSPR, that password can also be written back to on-premises Active Directory. Well, that's a very important thing and a very important feature as well. What happens is that when a user tries to reset their password, it is actually reset in the cloud-based Azure Active Directory, and it needs to be written back or updated on the on-premise domain controllers as well.
As a result, passwords are written back on premises. The technical terminology used here is called "writeback." So password writeback is allowing users to use their updated credentials on their on-premises devices and on-premises applications without any delay. Administrators can also configure email notifications to be sent when a self-service password event happens when users reset their credentials. Now, these notifications can cover both regular user accounts and admin accounts as well. So when somebody, a regular user, resets their password, a whole bunch of people get notified, or maybe just a single user gets notified, which can be configured by the admin for admin accounts.
This notification provides an additional layer of awareness. When a privileged administrator account password is reset using SSPR, you can have all the global admins notified when such a SSPR for a high-profile account gets reset. like an admin account. Right? Okay, so that was about self-service password reset, and by this time, you know all the good features of SSPR, right? So let's go ahead and talk more about the security features that Azure Active Directory has. For example, how Azure ActiveDirectory protects those passwords What are the management capabilities of Azure Active Directory? So we'll do this stunt of learning new features of Azure Active Directory in the next lesson. Thanks for watching so far. I hope this video or lesson has been informative to you. I'll see you there.
23. Password protection and management capabilities of Azure AD
There must be a way to reduce the risk of users setting weak passwords. So I would like to have my password as my pet's name or probably my kids' name, maybe with 1230nexclamation in the end, but that's still a weak password. I'm going to have my employees not choose a weak password. Fortunately, we have a feature called password protection.
This is a feature of Azure Active Directory that reduces the risk of users setting weaker passwords. So there is no way you can use your pet's name as a password. Now, what Azure Active Directory does is that it detects and blocks any known weak passwords or any of their variants, and it can also block additional weak passwords that are specific to your organization. With Azure Active Directional Protection, you can have two things. The first is a global band password, and the second is a custom band passwordless.
Let's go ahead and understand that. But before we get into these two options, I want to tell you that if you want to support your business and the security needs of your business, you can define different kinds of entries in the custom band password list. So when users change or reset their passwords, these band password lists are checked to ensure or enforce the use of strong passwords. And then on top of it, you can put multifactor authentication in place so that you do not rely on strong passwords, which are enforced by Azure AD password protection. Okay, so now let's get into the meat of this topic, which is the global band password list and custom band password lists. So what is a global band password list? Now, this is a list of known weak passwords that is automatically updated and enforced not by your organization but by Microsoft. This is maintained by Microsoft teams.
There's a special task force called the Azure Active Directory Identity Protection Team that will be analysing the security telemetry data to find weak passwords, compromised passwords, etc. There are several blogged passwords and variations on that theme. And the variations are created using an algorithm that will transpose text, case, and letters to a number, such that l is changed to one variation on a password. One will be like a password, with the letter O transformed or transposed as zero. These passwords are then checked and added to the global band password list and made available to all Azure Active Directory users. This global band password list is automatically applied, and you cannot disable it.
So if you're an Azure Active Directory user trying to set your password to one of the weak ones, you will receive a notification to choose a more secure one. The global ban password list is sourced from actual real-world password spray attacks. Now, password-spray attacks are something that the attackers will be doing with a well-known list of passwords. Now, this approach will improve the overall security and effectiveness of the password validation algorithm, which uses something called "smart fuzzy matching" techniques. Now, as a result of all of these algorithms, Azure Active Directory password protection efficiently detects and blocks millions of common weak passwords from being used in your enterprise. I hope that's clear when it comes to the global band password list. Let's go. Get on to the next topic. custom banned password list. So, what's that? Administrators in your organisation can now create a custom band password list to meet specific business security requirements. Now, what is that?
What is a "custom ban password list"? This is something that will prohibit passwords such as an organization's name or location. Passwords can be added to the custom band password list for organisation-specific terms. For example, no employee should use company-specific brand names, product names, locations such as company headquarters, company-specific internal terms, or abbreviations. So this custom banned password list is then combined with what we just spoke of, the global band password list, to block the variations of all the passwords. Do you need to pay something for this? Is there an additional cost? Well, the band password list is a feature that comes from the Premium One and Premium Two versions of Azure Active Directory.
24. Protecting against password spray
You might have heard of brute-force attacks. Well, password spraying is a variant of a brute-force attack. Now, what happens in a traditional brute force attack is that the perpetrator attempts to gain unauthorised access to a single account by guessing the password repeatedly in a very short period of time. Most organisations have employed quite a lot of countermeasures, most commonly a lockout or something called an account lockout.
After a couple of attempts, mostly three or five, what's going on in the password spray attack is that the attacker circumvents any kind of common countermeasure, for example, account lockouts, by spraying the same password across multiple accounts before trying another password. So that way, the attacker gets enough time and the account doesn't get locked out as well. So this person, this attacker, is employing the same password across multiple accounts. Azure Active Directory password protection helps you defend against password spray attacks. Most of these "password spray" attacks submit a small number of known weak passwords against each of the accounts in an enterprise.
This technique will allow the attacker to quickly search for an easily compromised account and avoid potential detection thresholds. Azure Active Directory password protection will efficiently block all known weak passwords that are possibly likely to be used in password attacks. And then this protection is based on the real-world security telemetry data from Azure Active Directory, which is then used to build the global band password list. Let's talk about hybrid security in the next lesson. Thanks for watching so far. I hope you found this information useful. I'll see you in the next lesson.
25. Hybrid security
For hybrid security, administrators will be integrating Azure Active Directory password protection with an on-premises Active Directory environment. A component installed in the on-premises environment receives the global band password list and also the custom password protection policies from Azure Active Directory. The domain controller will then use them to process password change events.
This hybrid approach will make sure that whenever a user changes their password, the Azure ActiveDirectory password protection is applied as well. Although password protection improves the overall strength of passwords, you should still take advantage of new features of Azure ActiveDirectory like multi-factor authentication. Passwords alone, even strong ones, are not as secure as multiple layers of security. So we just bumped into a new terminology here: multiple layers of security, also known as multiple layers of defense. Absolutely. So we need to have multiple layers of defence mechanisms to protect our identities. First and foremost, we have passwords.
Of course, we've been using it for a very long time, but then we make sure they're complex, and that's not enough. You also need to have multifactor authentication with at least one of the mechanisms. As previously discussed, you will most likely want to use a mobile app notification, a mobile app code, or something that you receive via email, mobile phone, or office phone, or you will most likely use security questions, Windows Hello, or a feeder to possibly use biometrics.
So there are numerous options that you have on your display that Azure Active Directory supports to make sure that your identities are secure. Thanks for watching so far. I'll see you in the next lesson. We'll be talking about more security features that Azure Active Directory provides, like conditional access controls and the areas around role-based access controls, like built-in roles and custom roles, and how you grant access to users to the resources that they need. So there's a lot coming up in the next lesson. Stay connected.
26. Describe the access management capabilties of AzureAD
By this time, you already know that Azure Active Directory is doing a lot of things, including authentication, authorization, and auditing. But one of the main purposes of Azure Active Directory is to manage access. The security perimeter today has shifted away from organisation boundaries to user, device, and service identities. In this particular module, we'll learn about Azure Active Directory and how that uses intelligent mechanisms and intelligent access capabilities to protect your organisational assets. We'll also talk about conditional access, which will help you improve security, and how to use Azure Active Directory roles to control access to Azure Active Directory resources in the Directory. So you know about two main things: conditional access and its benefits, and Azure Active Directory roles in the upcoming lessons. Thanks for watching so far. I'll see you in the next lesson.
Prepaway's SC-900: Microsoft Security, Compliance, and Identity Fundamentals video training course for passing certification exams is the only solution which you need.
Pass Microsoft Security SC-900 Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers As Seen in the Actual Exam!
30 Days Free Updates, Instant Download!
SC-900 Premium Bundle
- Premium File 219 Questions & Answers. Last update: Dec 12, 2024
- Training Course 147 Video Lectures
- Study Guide 413 Pages
Free SC-900 Exam Questions & Microsoft SC-900 Dumps | ||
---|---|---|
Microsoft.pass4sure.sc-900.v2024-10-17.by.finley.57q.ete |
Views: 398
Downloads: 610
|
Size: 58.61 KB
|
Microsoft.actualtests.sc-900.v2021-11-02.by.lucia.53q.ete |
Views: 172
Downloads: 1245
|
Size: 51.23 KB
|
Microsoft.pass4sure.sc-900.v2021-10-01.by.clara.51q.ete |
Views: 224
Downloads: 1303
|
Size: 48.5 KB
|
Microsoft.selftestengine.sc-900.v2021-08-13.by.rose.30q.ete |
Views: 241
Downloads: 1336
|
Size: 29.53 KB
|
Microsoft.test4prep.sc-900.v2021-06-08.by.greyson.27q.ete |
Views: 341
Downloads: 1479
|
Size: 28 KB
|
Student Feedback
Can View Online Video Courses
Please fill out your email address below in order to view Online Courses.
Registration is Free and Easy, You Simply need to provide an email address.
- Trusted By 1.2M IT Certification Candidates Every Month
- Hundreds Hours of Videos
- Instant download After Registration
A confirmation link will be sent to this email address to verify your login.
Please Log In to view Online Course
Registration is free and easy - just provide your E-mail address.
Click Here to Register