Everything you need to know about the new Microsoft Security Tracks

Most of us are impacted by the new challenges for businesses as we adapt to an operating model in which working from home has become the "new normal", and companies everywhere are needing to accelerate our digital transformation, making security a more pressing concern now, than ever.

So what is new with the Microsoft Security Tracks? Jens Gilges, who has been working with IT since 2001, shares his insights. Jens is recognized around the world as a subject matter expert in Cloud and infrastructure Security and is currently the Senior Instructor and Head of Learning Technologies with Readynez.

The background

Until recently the Microsoft Cloud Technology Security certifications consisted of these:

Microsoft 365 Security Administrator Associate (MS-500)

Covering the following main subjects:

• Compliance
• eDiscovery
• DLP
• Endpoint Manger
• Windows Defender ATP
• Azure ATP
• Conditional Access
• On-Premise Connectivity and Security

Microsoft Azure Security Engineer Associate (AZ-500)

Covering the following main subjects:

• Network Security
• VPN
• Backup / Restore
• Azure Firewall
• Azure Bastion
• Container Security
• Database Security
• Identity
• Security

Those are all very relevant subjects, but there were also a few concerns:

One certification to cover all security-related aspects in Microsoft 365 or Azure in depth is a very ambitious task indeed:

A few things to note:

• Not ideal for Beginners or non-technical roles to get an overview of technologies
• Covers around 14 security technologies in 3 days!
• Good to get an intermediate introduction to all current security products and technologies but due to the number of technologies covered not really in-depth.
• Good for Administrators but not enough in-depth for Architects
• Does not include some recent technologies (Advanced DLP, Azure Sentinel, Tools detecting malicious insiders, advanced archiving strategies)

What’s New

What we have on our hands now are 4 new In-depth and more focused Microsoft Security training and certification tracks.

• SC-900 Microsoft Security, Compliance and Identity Fundamentals
• SC-200 Microsoft Security Operations Analyst
• SC-300 Microsoft Identity and Access Administrator
• SC-400 Microsoft Information Protection Administrator

Microsoft Security, Compliance and Identity Fundamentals (SC-900)

This 1-day training- and certification track gives you a good introduction to all available security and compliance features in Microsoft 365 and Azure. When you’ve completed this course you will be able to identify core technologies to provide identity and service security and understand basic concepts for compliance for Microsoft 365 and Azure products.

The following subjects are covered:

• Describe security methodologies and concepts
• The Microsoft Service Trust Portal and Microsoft’s service principals
• Identity as the security perimeters. What is Azure AD and what tools are there to audit and protect
• Multi-Factor and Conditional Access, who do smart secure your identity
• Introduction to Privileged Identity Management (PIM)
• Tor, Anonymous VPN, Password Spray! How to mitigate using Azure AD Identity Protection
• Understand security features in Azure: Network Security Groups (NSG), Azure Firewall, Web Application Firewall, Azure Bastion
• Introduction to Azure Security Centre and define concepts of SIEM, SOR and XDR
• What is Azure Sentinel?
• What is Microsoft Defender for Identity and Microsoft Defender for Endpoint
• What is Endpoint Manager (Intune), an introduction to MDM and MAM
• What is DLP, eDiscovery and what tools can provide advanced auditing and application security for cloud apps
• Introduction to insider risk management

Many of these subjects are included in the MS-500 also, but the new SC-900 gives you an introduction to each technology on the technology – and sales level.

This is the ideal training for:

• Sales and Management need an overview and what technologies are there and what cases exist on a high level
• Beginners in the Microsoft cloud universe who need an introduction to Microsoft 365 and Azure security and compliance features
• Microsoft 365 administrators who need an overview and introduction to Azure security features
• Azure administrators who need an overview and introduction to Microsoft 365 security features
• Delegates with an MS-900 or AZ-900 certification

Learn more about the training & certification track here

Microsoft Security Operations Analyst (SC-200)

This 3-day training- and certification track focuses on the required skills to provide log analysis, threat hunting and incident response using Microsoft technologies. It also provides you with all the skills to implement endpoint and network protection as well as an introduction to the Kusto Query Language.

The following subjects are covered:

• Detect, investigate, respond and remediate threats in SharePoint, OneDrive, Teams and business email using Defender for Office 365
• Manage DLP security alerts
• Assess and recommend sensitivity labels and insider risk policies
• Manage data retention, alert notification and advanced features in Microsoft Defender for Endpoint
• Configure device surface reduction rules and manage custom alerts in Microsoft Defender for Endpoint
• Configure Microsoft Defender for Endpoint to perform vulnerability scans
• Using advanced threat analytics and manage threat indicators using Windows Defender for Identity
• Detect, investigate, respond and remediate threats related to Azure AD, conditional access, Azure AD Domain Services, Azure AD Identity Protection and PIM.
• Configuring advanced audit and security features in Cloud App Security
• Design and configure a Sentinel workspace
• Plan, implement and use data connectors for investigating sources with Azure Sentinel
• Using Sentinel analytics rules
• Security automation and orchestration in Sentinel
• Managing incidents with Sentinel
• Using Workbooks with Sentinel
• Advanced Threat Hunting using Sentinel

This is a very comprehensive curriculum covering threat detection, incident response, security automation and implementing the hottest SIEM on the market:

This certification focuses on the following technologies: Microsoft 365 Defender, Azure Defender and Sentinel. It teaches you how to use the above technologies to implement advanced auditing not only for Azure services but also for AWS and Google. You will learn to implement the technologies as well as get an introduction to the programming language to create your own dashboard, analytic queries and automated responses.

This is the ideal class for:

• Experienced Azure and Microsoft 365 administrators who are looking forward to implementing and administering Sentinel and advanced security operations tools.
• Security Architects
• Security Analysts, Incident Responders and Network Operations
• Experienced Security analysts coming from another SIEM solution and are interested to see the best of the Microsoft SIEM solution

Learn more about the training- and certification track here

Microsoft Identity and Access Administrator (SC-300)

This 3-day training- and certification track focuses on the required skills to administer, audit and secure applications and identities in a Microsoft 365 and Azure cloud-only and hybrid environment. You will learn how to manage and secure internal, external and hybrid identities. You will also learn how to implement cloud and hybrid MFA solutions and advanced authentication concepts. The knowledge to onboard and secure on-premise Active Directory as well as implementing advanced authentication scenarios such as PTA, SSO and ADFS is covered. Lastly, we’ll cover the design and implementation of publishing and auditing of cloud and hybrid apps.

The following subjects are covered:

• Roles, custom domains, device registration and administrative units in Azure AD
• Create users, groups and manage licenses
• Manage external collaboration settings and external user accounts in Azure AD
• Implement hybrid identity using Azure AD Connect
• Implement PHS, PTA and SSO with ADFS
• Plan and implement advanced authentication using MFA, MFA Server and Windows Hello for Business
• Securing Identities using advanced conditional access and Azure AD Identity Protection
• Publish and secure Apps using the Azure Application Proxy
• Plan and implement entitlement and management using catalogues, access packages and terms of use
• Define and implement an access strategy using Privileged Identity Management (PIM) and Access Reviews
• Analyze Azure AD activity using Azure Log Analytics

These are all the subjects related to securing and managing identities, connecting on-premise and manage cloud and hybrid apps

This certification focuses on the following technologies: Microsoft Azure AD, Azure AD Connect, Privileged Identity Management, Conditional Access, Azure Application Proxy, MFA Server and Azure Log Analytics.

You will learn how to manage and secure identities and Azure and on-premise AD. Plus, you’ll learn how to design and implement hybrid identity synchronization together with all advanced authentication scenarios such as PHS, PTA and ADFS. This certification also covers advanced permission and auditing concepts as well as how to publish and secure hybrid apps using the Application Proxy.

This is the ideal class for:

• Experienced Azure and Microsoft 365 administrators who are looking forward to getting an update on Azure AD Connect and the up-to-date features to secure identities and apps.
• Administrators who are looking forward to designing and implementing identity synchronization with on-premise active directory
• Administrators who are looking forward to learning about the possibilities to audit and provide compliance for identities in Azure AD
• Delegates holding an MS-100 or MS-101 certification

Learn more about the training- and certification track here

Microsoft Information Protection Administrator SC-400

This 2-day training- and certification track focuses on all the important technologies to provide compliance and security for applications and company data in Microsoft 365. You will not only learn how to design archiving strategies, protect data at rest using DLP and eDiscovery, but also how to protect data in transit using DLP and onboard clients to implement advanced client security to ensure data compliance.

This is covered:

• Create and manage sensitive information types
• Create and manage trainable classifies
• Implement and manage sensitivity labels
• Create and configure advanced data loss prevention policies (DLP)
• Protection corporate apps and data using Cloud App Security
• Implement Microsoft Information Protection
• Monitoring file access and user activities
• Create and configure retention labels and policies
• Recover content in Teams, SharePoint, Exchange and OneDrive
• Deploy and configure Records Management

This certification focuses on the following technologies: eDiscovery, DLP, Sensitive Information Types, Data Classifiers, Azure Information Protection.

In this class, you will learn how to implement the latest features for security and audit data in Microsoft 365. You will also learn the latest technologies to secure data in transit as well as analysis techniques to perform eDiscovery searches and use tools to detect insider threats.

This is the ideal class for:

• Experienced Azure and Microsoft 365 administrators who are looking forward to getting an update on the latest security and compliance tools
• Administrators responsible to design and implement archiving and compliances tools
• Microsoft 365 auditors and security administrators
• Delegates holding an MS-500 or MS-101 certification

Learn more about the training- and certification track here

Are you ready to pick your ideal track? Se all available dates and prices on the links:

Microsoft Security, Compliance and Identity Fundamentals (SC-900)

Microsoft Security Operations Analyst (SC-200)

Microsoft Identity and Access Administrator (SC-300)

Microsoft Information Protection Administrator (SC-400)

If you have any questions at all, please don’t hesitate to get in touch with us.