Microsoft Azure AZ-500 info David Papkin

This David Papkin page has info about Microsoft Azure AZ-500 course

License requirements to use Privileged Identity Management (PIM)

Administrator role permissions in Azure Active Directory

Multi-Factor Authentication pricing

How to get Azure Multi-Factor Authentication

Dynamic membership rules for groups in Azure Active Directory

Custom roles for Azure resources

Azure Active Directory Connect FAQ

Azure Active Directory documentation

Identity Synchronization to Azure Active Directory – Is It Secret? Is It Safe?

Announcing the preview of Microsoft Azure Bastion

Privileged Access Workstations

AZURE FUNCTIONS AND SERVERLESS PLATFORM SECURITY

Azure Blueprints

Azure Blueprints Overview

Quickstart: Define and assign a blueprint in the portal

Tutorial: Create an environment from a blueprint sample

Development

Secure development best practices on Azure

Develop a secure web app

Azure Front Door

Azure Front Door Overview

Quickstart: Create a Front Door for a highly available global web application

Azure Key Vault

Manage storage account keys with Key Vault and the Azure CLI

Import HSM-protected keys to Key Vault

Azure Key Vault soft-delete overview

Azure Security Center

Secure your management ports with just-in-time access (with Demos)

JIT explained

Microsoft Azure – Just-in-time (JIT) Deep Dive

Azure Sentinel

Azure Sentinel Overview

Quickstart: On-board Azure Sentinel (1)

Quickstart: Get started with Azure Sentinel (2)

Tools

Microsoft Security Code Analysis

Threat Modeling Tool

Exercises

Add or remove group members using Azure Active Directory

Create a basic group and add members using Azure Active Directory

Add or update a user’s profile information using Azure Active Directory

Grant a user access to Azure resources using RBAC and the Azure portal

Manage access to Azure resources using RBAC and the Azure portal

Create a custom role for Azure resources using Azure PowerShell

Create, change, or delete a virtual network

Create a policy assignment to identify non-compliant resources

Get compliance data of Azure resources

Quickstart: Create Apache Hadoop cluster in Azure HDInsight using Azure portal

Security Playbook in Azure Security Center

SQL

Quickstart: Create a single database in Azure SQL Database using the Azure portal, PowerShell, and Azure CLI

Quickstart: Create a server-level firewall rule for single and pooled databases using the Azure portal

Configure and manage Azure Active Directory authentication with SQL

Azure SQL Database and Azure SQL Data Warehouse IP firewall rules

Get started with SQL database auditing

Advanced data security for Azure SQL Database

 

AZ-500 Labfiles

Azure lab setup procedure

1) Create NEW email account  xxxaz500ddmmyy@outlook.com suggested password Pa55w.rd1234 where ddmmyy = starting date of your course and xxx = your initials at https://outlook.live.com/owa/

Ex: cyfaz500240521@outlook.com

The new Microsoft account is needed for the Azure Pass used for the labs in this course. The use of any other account is not supported for this class.  Appreciate your understanding.

2) Make a new folder C:\Labfiles using File Explorer

or from Powershell or Cmd prompt

Md C:\Labfiles (command line)

3) Download and extract into C:\Labfiles

AZ500-AzureSecurityTechnologies-master

4 ) Download and install Visual Studio Code  Visual Studio Code

Make sure you are logged out of all other email accounts (except the new email account you have created) in ALL browsers before proceding to #5

5)Redeem Azure pass   https://www.microsoftazurepass.com/

Lab13 Azure Monitor

title: ’13 – Azure Monitor’
    module: ‘Module 04 – Manage security operations’
# Lab 13: Azure Monitor
# Student lab manual
## Lab scenario
You have been asked to create a proof of concept of monitoring virtual machine performance. Specifically, you want to:
– Configure a virtual machine such that telemetry and logs can be collected.
– Show what telemetry and logs can be collected.
– Show how the data can be used and queried.
> For all the resources in this lab, we are using the **East US** region. Verify with your instructor this is the region to use for class.
## Lab objectives
In this lab, you will complete the following exercise:
– Exercise 1: Collect data from an Azure virtual machine with Azure Monitor
### Exercise 1: Collect data from an Azure virtual machine with Azure Monitor
### Exercise timing: 20 minutes
In this exercise, you will complete the following tasks:
– Task 1: Deploy an Azure virtual machine
– Task 2: Create a Log Analytics workspace
– Task 3: Enable the Log Analytics virtual machine extension
– Task 4: Collect virtual machine event and performance data
– Task 5: View and query collected data
#### Task 1: Deploy an Azure virtual machine
1. Sign-in to the Azure portal **`https://portal.azure.com/`**.
    >**Note**: Sign in to the Azure portal using an account that has the Owner or Contributor role in the Azure subscription you are using for this lab.
1. Open the Cloud Shell by clicking the first icon in the top right of the Azure Portal. If prompted, select **PowerShell** and **Create storage**.
1. Ensure **PowerShell** is selected in the drop-down menu in the upper-left corner of the Cloud Shell pane.
1. In the PowerShell session within the Cloud Shell pane, run the following to create a resource group that will be used in this lab:
    “`powershell
    New-AzResourceGroup -Name AZ500LAB131415 -Location ‘EastUS’
    “`
    >**Note**: This resource group will be used for labs 13, 14, and 15.
1. In the PowerShell session within the Cloud Shell pane, run the following to create a new Azure virtual machine.
    “`powershell
    New-AzVm -ResourceGroupName “AZ500LAB131415” -Name “myVM” -Location ‘EastUS’ -VirtualNetworkName “myVnet” -SubnetName “mySubnet” -SecurityGroupName   “myNetworkSecurityGroup” -PublicIpAddressName “myPublicIpAddress” -OpenPorts 80,3389
    “`
1.  When prompted for credentials:
    |Setting|Value|
    |—|—|
    |User name|**localadmin**|
    |Password|**Pa55w.rd1234**|
    >**Note**: Wait for the deployment to complete.
1. In the PowerShell session within the Cloud Shell pane, run the following to confirm that the virtual machine named **myVM** was created and its **ProvisioningState** is **Succeeded**.
    “`powershell
    Get-AzVM -Name ‘myVM’ -ResourceGroupName ‘AZ500LAB131415’ | Format-Table
    “`
1. Close the Cloud Shell pane.
#### Task 2: Create a Log Analytics workspace
In this task, you will create a Log Analytics workspace.
1. In the Azure portal, in the **Search resources, services, and docs** text box at the top of the Azure portal page, type **Log Analytics workspaces** and press the **Enter** key.
1. On the **Log Analytics workspaces** blade, click **+ New**.
1. On the **Basics** tab of the **Create Log Analytics workspace** blade, specify the following settings (leave others with their default values):
    |Setting|Value|
    |—|—|
    |Subscription|the name of the Azure subscription you are using in this lab|
    |Resource group|**AZ500LAB131415**|
    |Name|any valid, globally unique name|
    |Region|**(US) East US**|
1. Click **Next: Pricing tier >**, on the **Pricing tier** tab of the **Create Log Analytics workspace** blade, accept the default **Pay-as-yougo (Per GB 2018)** pricing tier, and click **Review + create**.
1. On the **Review + create** tab of the **Create Log Analytics workspace** blade, click **Create**.
#### Task 3: Enable the Log Analytics virtual machine extension
In this task, you will enable the Log Analytics virtual machine extension. This extension installs the Log Analytics agent on Windows and Linux virtual machines. This agent collects data from the virtual machine and transfers it to the Log Analytics workspace that you designate. Once the agent is installed it will be automatically upgraded ensuring you always have the latest features and fixes.
1. In the Azure portal, navigate back to the **Log Analytics workspaces** blade, and, in the list of workspaces, click the entry representing the workspace you created in the previous task.
1. On the Log Analytics workspace blade, in the **Workspace Data Sources** section, click the **Virtual machines** entry.
    >**Note**: For the agent to be successfully installed, the virtual machine must be running.
1. In the list of virtual machines, locate the entry representing the Azure VM **myVM** you deployed in the first task of this exercise and note that it is listed as **Not connected**.
1. Click the **myVM** entry and then, on the **myVM** blade, click **Connect**.
1. Wait for the virtual machine to connect to the Log Analytics workspace.
    >**Note**: This may take a few minutes. The **Status** displayed on the **myVM** blade, will change from **Connecting** to **This workspace**.
#### Task 4: Collect virtual machine event and performance data
In this task, you will configure collection of the Windows System log and several common performance counters. You will also review other sources that are available.
1. In the Azure portal, navigate back to the Log Analytics workspace you created earlier in this exercise.
1. On the Log Analytics workspace blade, in the **Settings** section, click **Agents configuration**.
1. On the **Agents configuration** blade, review the configurable settings including Windows Evnt Logs, Windows Performance Counters, Linux Performance Counters, IIS Logs, and Syslog.
1. Ensure that **Windows Event Logs** is selected, click **+ Add windows event log**, in the listing of event log types, select **System** and then click **+**.
    >**Note**: This is how you add event logs to the workspace. Other choices include, for example, **Hardware events** or **Key Management Service**.
1. Deselect the **Information** checkbox, leaving the **Error** and **Warning** check boxes selected.
1. Click **Windows Performance Counters**, click **+ Add performance counter**, review the listing of available performance counters, and add the following ones:
    – Process(\*)\%Processor Time
    – Event Tracing for Windows\Total Memory Usage — Non-Paged Pool
    – Event Tracing for Windows\Total Memory Usage — Paged Pool
    >**Note**: The counters are added and configured with 60 second collection sample interval.
1. On the **Agents configuration** blade, click **Apply**.
#### Task 5: View and query collected data
In this task, you will run a log search on your data collection.
1. In the Azure portal, navigate back to the Log Analytics workspace you created earlier in this exercise.
1. On the Log Analytics workspace blade, in the **General** section, click **Logs**.

Click the Category Drop-down box underneath Queries, selected Query type, Example Queries is selected underneath All Queries , and typed “cpu” in the search query and click on Run on “Memory and CPU usage” query.

 

    >**Note**: Since this virtual machine was just created, there may not be any data yet.

image

)

In another Portal window (You can right click the Portal Window and select “Duplicate tab” if using Edge) , select myVM from Virtual Machines, in the Operations section, click on Run command . Click on “RunPowershellScript” and paste the following and click Run:

cmd
:loop
dir c:\ /s > SWAP
goto loop

image

The script will eventually timeout but will generate some load,

Switch back to the Log Analytics window and Click on Run again

If there is no data, wait several minutes, at least 10 until you see some data

image

1. The query will automatically open in a new query tab.
    >**Note**: Log Analytics uses the Kusto query language. You can customize the existing queries or create your own.
    >**Note**: The results of the query you selected are automatically displayed below the query pane. To re-run the query, click **Run**.
    >**Note**: You have the option of displaying data in different formats. You also have the option of creating an alert rule based on the results of the query.
> Results: You used a Log Analytics workspace to configure data sources and query logs.
**Clean up resources**
>**Note**: Do not remove the resources from this lab as they are needed for the Azure Security Center lab and the Azure Sentinel lab.

 

End of David Papkin page info about Microsoft AZ-500 course

Helpful Azure  learning links

Microsoft Azure Forums  The Azure forums are very active. You can search the threads for a
specific area of interest. You can also browse categories like Azure Storage, Pricing
and Billing, Azure Virtual Machines, and Azure Migrate.

Azure Architecture Center  Gain access to the Azure Application Architecture Guide,
Azure Reference Architectures, and the Cloud Design Patterns.

Microsoft Learning Community Blog  Get the latest information the certification
tests and exam study groups.

https://channel9.msdn.com/  Channel 9 provides a wealth of informational videos, shows, and
events.

Azure Tuesdays With Corey  Corey Sanders answers your questions about
Microsoft Azure – Virtual Machines, Web Sites, Mobile Services, Dev/Test etc.

Azure Fridays  Join Scott Hanselman as he engages one-on-one with the engineers
who build the services that power Microsoft Azure as they demo capabilities,
answer Scott’s questions, and share their insights.

Microsoft Azure Blog  Keep current on what’s happening in Azure, including what’s
now in preview, generally available, news & updates, and more.

End of David Papkin Microsoft Azure AZ-500 page.