Category: Zero trust

Azure AD Privileged Identity Management and new features

What is PIM? PIM has and will be a backbone for permission Just In Time access in Microsoft based environments. You can easily assign Permanent roles but also Eligible roles for admins and define timeout for the roles. They either…

Continue Reading Azure AD Privileged Identity Management and new features

Section 4 – Mitigate identity threats part 2 of 2

Identity protecting is challenging if you don’t know what you should protect and when you do, you should know how to protect it. In the second part we will be discovering more on Conditional Access as a dynamic boundary in…

Continue Reading Section 4 – Mitigate identity threats part 2 of 2

Number matching and Authentication methods why you should enable them?

Two upcoming changes coming to the tenant near you! Number matching will be enforced. Also SSPR and legacy MFA policies will be deprecated (phased). Don’t act too late on either of them. If you need to educate users, you can…

Continue Reading Number matching and Authentication methods why you should enable them?

Conditional Access templates (Preview) and other tips on the side

First, I want to mention Microsoft Entra admin center and the announcement Microsoft made about it. You should care about it because starting from 2023 new capabilities will be rolled out to Entra. Also in December Microsoft started redirects when…

Continue Reading Conditional Access templates (Preview) and other tips on the side

Section 6 – Design security for infrastructure – Design a strategy for securing SaaS, PaaS, and IaaS services

Time for the next section to my SC-100 study guide: Specify security baselines for SaaS, PaaS, and IaaS services Specify security requirements for IoT workloads Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse and Azure…

Continue Reading Section 6 – Design security for infrastructure – Design a strategy for securing SaaS, PaaS, and IaaS services

Section 5 – Design security for infrastructure – Design a strategy for securing server and client endpoints

Wednesday is here and time for the next post to my SC-100 exam cram. NOTE: includes hybrid and multi-cloud Specify security baselines for server and client endpoints Specify security requirements for servers, including multiple platforms and operating systems Specify security…

Continue Reading Section 5 – Design security for infrastructure – Design a strategy for securing server and client endpoints

Section 2 – Design a Zero Trust strategy and architecture – Design a security operations strategy

And time for the second section for my SC-100 study guide: Design a logging and auditing strategy to support security operations Develop security operations to support a hybrid or multi-cloud environment Design a strategy for SIEM and SOAR Evaluate security…

Continue Reading Section 2 – Design a Zero Trust strategy and architecture – Design a security operations strategy

Exam cram for Cybersecurity Architect exam

When I wrote the study guide for AZ-500, I was planning to write a study guide for MS-500, SC-400 or AZ-104 but when I saw the contents of SC-100, I decided differently. For AZ-500 I counted 12 parts but now…

Continue Reading Exam cram for Cybersecurity Architect exam