This David Papkin page has info about Microsoft Azure AZ-500 course
License requirements to use Privileged Identity Management (PIM)
Administrator role permissions in Azure Active Directory
Multi-Factor Authentication pricing
How to get Azure Multi-Factor Authentication
Dynamic membership rules for groups in Azure Active Directory
Custom roles for Azure resources
Azure Active Directory Connect FAQ
Azure Active Directory documentation
Identity Synchronization to Azure Active Directory – Is It Secret? Is It Safe?
Announcing the preview of Microsoft Azure Bastion
Privileged Access Workstations
AZURE FUNCTIONS AND SERVERLESS PLATFORM SECURITY
Azure Blueprints Overview
Quickstart: Define and assign a blueprint in the portal
Tutorial: Create an environment from a blueprint sample
Secure development best practices on Azure
Develop a secure web app
Azure Front Door
Azure Front Door Overview
Quickstart: Create a Front Door for a highly available global web application
Azure Key Vault
Manage storage account keys with Key Vault and the Azure CLI
Import HSM-protected keys to Key Vault
Azure Key Vault soft-delete overview
Azure Security Center
Secure your management ports with just-in-time access (with Demos)
Microsoft Azure – Just-in-time (JIT) Deep Dive
Azure Sentinel Overview
Quickstart: On-board Azure Sentinel (1)
Quickstart: Get started with Azure Sentinel (2)
Microsoft Security Code Analysis
Threat Modeling Tool
Add or remove group members using Azure Active Directory
Create a basic group and add members using Azure Active Directory
Add or update a user’s profile information using Azure Active Directory
Grant a user access to Azure resources using RBAC and the Azure portal
Manage access to Azure resources using RBAC and the Azure portal
Create a custom role for Azure resources using Azure PowerShell
Create, change, or delete a virtual network
Create a policy assignment to identify non-compliant resources
Get compliance data of Azure resources
Quickstart: Create Apache Hadoop cluster in Azure HDInsight using Azure portal
Security Playbook in Azure Security Center
Quickstart: Create a single database in Azure SQL Database using the Azure portal, PowerShell, and Azure CLI
Quickstart: Create a server-level firewall rule for single and pooled databases using the Azure portal
Configure and manage Azure Active Directory authentication with SQL
Azure SQL Database and Azure SQL Data Warehouse IP firewall rules
Get started with SQL database auditing
Advanced data security for Azure SQL Database
Azure lab setup procedure
1) Create NEW email account firstname.lastname@example.org suggested password Pa55w.rd1234 where ddmmyy = starting date of your course and xxx = your initials at https://outlook.live.com/owa/
The new Microsoft account is needed for the Azure Pass used for the labs in this course. The use of any other account is not supported for this class. Appreciate your understanding.
2) Make a new folder C:\Labfiles using File Explorer
or from Powershell or Cmd prompt
Md C:\Labfiles (command line)
3) Download and extract into C:\Labfiles
4 ) Download and install Visual Studio Code Visual Studio Code
Make sure you are logged out of all other email accounts (except the new email account you have created) in ALL browsers before proceding to #5
5)Redeem Azure pass https://www.microsoftazurepass.com/
Lab13 Azure Monitor
title: ’13 – Azure Monitor’
module: ‘Module 04 – Manage security operations’
# Lab 13: Azure Monitor
# Student lab manual
## Lab scenario
You have been asked to create a proof of concept of monitoring virtual machine performance. Specifically, you want to:
– Configure a virtual machine such that telemetry and logs can be collected.
– Show what telemetry and logs can be collected.
– Show how the data can be used and queried.
> For all the resources in this lab, we are using the **East US** region. Verify with your instructor this is the region to use for class.
## Lab objectives
In this lab, you will complete the following exercise:
– Exercise 1: Collect data from an Azure virtual machine with Azure Monitor
### Exercise 1: Collect data from an Azure virtual machine with Azure Monitor
### Exercise timing: 20 minutes
In this exercise, you will complete the following tasks:
– Task 1: Deploy an Azure virtual machine
– Task 2: Create a Log Analytics workspace
– Task 3: Enable the Log Analytics virtual machine extension
– Task 4: Collect virtual machine event and performance data
– Task 5: View and query collected data
#### Task 1: Deploy an Azure virtual machine
1. Sign-in to the Azure portal **`https://portal.azure.com/`**.
>**Note**: Sign in to the Azure portal using an account that has the Owner or Contributor role in the Azure subscription you are using for this lab.
1. Open the Cloud Shell by clicking the first icon in the top right of the Azure Portal. If prompted, select **PowerShell** and **Create storage**.
1. Ensure **PowerShell** is selected in the drop-down menu in the upper-left corner of the Cloud Shell pane.
1. In the PowerShell session within the Cloud Shell pane, run the following to create a resource group that will be used in this lab:
New-AzResourceGroup -Name AZ500LAB131415 -Location ‘EastUS’
>**Note**: This resource group will be used for labs 13, 14, and 15.
1. In the PowerShell session within the Cloud Shell pane, run the following to create a new Azure virtual machine.
New-AzVm -ResourceGroupName “AZ500LAB131415” -Name “myVM” -Location ‘EastUS’ -VirtualNetworkName “myVnet” -SubnetName “mySubnet” -SecurityGroupName “myNetworkSecurityGroup” -PublicIpAddressName “myPublicIpAddress” -OpenPorts 80,3389
1. When prompted for credentials:
>**Note**: Wait for the deployment to complete.
1. In the PowerShell session within the Cloud Shell pane, run the following to confirm that the virtual machine named **myVM** was created and its **ProvisioningState** is **Succeeded**.
Get-AzVM -Name ‘myVM’ -ResourceGroupName ‘AZ500LAB131415’ | Format-Table
1. Close the Cloud Shell pane.
#### Task 2: Create a Log Analytics workspace
In this task, you will create a Log Analytics workspace.
1. In the Azure portal, in the **Search resources, services, and docs** text box at the top of the Azure portal page, type **Log Analytics workspaces** and press the **Enter** key.
1. On the **Log Analytics workspaces** blade, click **+ New**.
1. On the **Basics** tab of the **Create Log Analytics workspace** blade, specify the following settings (leave others with their default values):
|Subscription|the name of the Azure subscription you are using in this lab|
|Name|any valid, globally unique name|
|Region|**(US) East US**|
1. Click **Next: Pricing tier >**, on the **Pricing tier** tab of the **Create Log Analytics workspace** blade, accept the default **Pay-as-yougo (Per GB 2018)** pricing tier, and click **Review + create**.
1. On the **Review + create** tab of the **Create Log Analytics workspace** blade, click **Create**.
#### Task 3: Enable the Log Analytics virtual machine extension
In this task, you will enable the Log Analytics virtual machine extension. This extension installs the Log Analytics agent on Windows and Linux virtual machines. This agent collects data from the virtual machine and transfers it to the Log Analytics workspace that you designate. Once the agent is installed it will be automatically upgraded ensuring you always have the latest features and fixes.
1. In the Azure portal, navigate back to the **Log Analytics workspaces** blade, and, in the list of workspaces, click the entry representing the workspace you created in the previous task.
1. On the Log Analytics workspace blade, in the **Workspace Data Sources** section, click the **Virtual machines** entry.
>**Note**: For the agent to be successfully installed, the virtual machine must be running.
1. In the list of virtual machines, locate the entry representing the Azure VM **myVM** you deployed in the first task of this exercise and note that it is listed as **Not connected**.
1. Click the **myVM** entry and then, on the **myVM** blade, click **Connect**.
1. Wait for the virtual machine to connect to the Log Analytics workspace.
>**Note**: This may take a few minutes. The **Status** displayed on the **myVM** blade, will change from **Connecting** to **This workspace**.
#### Task 4: Collect virtual machine event and performance data
In this task, you will configure collection of the Windows System log and several common performance counters. You will also review other sources that are available.
1. In the Azure portal, navigate back to the Log Analytics workspace you created earlier in this exercise.
1. On the Log Analytics workspace blade, in the **Settings** section, click **Agents configuration**.
1. On the **Agents configuration** blade, review the configurable settings including Windows Evnt Logs, Windows Performance Counters, Linux Performance Counters, IIS Logs, and Syslog.
1. Ensure that **Windows Event Logs** is selected, click **+ Add windows event log**, in the listing of event log types, select **System** and then click **+**.
>**Note**: This is how you add event logs to the workspace. Other choices include, for example, **Hardware events** or **Key Management Service**.
1. Deselect the **Information** checkbox, leaving the **Error** and **Warning** check boxes selected.
1. Click **Windows Performance Counters**, click **+ Add performance counter**, review the listing of available performance counters, and add the following ones:
– Process(\*)\%Processor Time
– Event Tracing for Windows\Total Memory Usage — Non-Paged Pool
– Event Tracing for Windows\Total Memory Usage — Paged Pool
>**Note**: The counters are added and configured with 60 second collection sample interval.
1. On the **Agents configuration** blade, click **Apply**.
#### Task 5: View and query collected data
In this task, you will run a log search on your data collection.
1. In the Azure portal, navigate back to the Log Analytics workspace you created earlier in this exercise.
1. On the Log Analytics workspace blade, in the **General** section, click **Logs**.
Click the Category Drop-down box underneath Queries, selected Query type, Example Queries is selected underneath All Queries , and typed “cpu” in the search query and click on Run on “Memory and CPU usage” query.
>**Note**: Since this virtual machine was just created, there may not be any data yet.
In another Portal window (You can right click the Portal Window and select “Duplicate tab” if using Edge) , select myVM from Virtual Machines, in the Operations section, click on Run command . Click on “RunPowershellScript” and paste the following and click Run:
dir c:\ /s > SWAP
The script will eventually timeout but will generate some load,
Switch back to the Log Analytics window and Click on Run again
If there is no data, wait several minutes, at least 10 until you see some data
1. The query will automatically open in a new query tab.
>**Note**: Log Analytics uses the Kusto query language. You can customize the existing queries or create your own.
>**Note**: The results of the query you selected are automatically displayed below the query pane. To re-run the query, click **Run**.
>**Note**: You have the option of displaying data in different formats. You also have the option of creating an alert rule based on the results of the query.
> Results: You used a Log Analytics workspace to configure data sources and query logs.
**Clean up resources**
>**Note**: Do not remove the resources from this lab as they are needed for the Azure Security Center lab and the Azure Sentinel lab.
End of David Papkin page info about Microsoft AZ-500 course
Helpful Azure learning links
Microsoft Azure Forums The Azure forums are very active. You can search the threads for a
specific area of interest. You can also browse categories like Azure Storage, Pricing
and Billing, Azure Virtual Machines, and Azure Migrate.
Azure Architecture Center Gain access to the Azure Application Architecture Guide,
Azure Reference Architectures, and the Cloud Design Patterns.
Microsoft Learning Community Blog Get the latest information the certification
tests and exam study groups.
https://channel9.msdn.com/ Channel 9 provides a wealth of informational videos, shows, and
Azure Tuesdays With Corey Corey Sanders answers your questions about
Microsoft Azure – Virtual Machines, Web Sites, Mobile Services, Dev/Test etc.
Azure Fridays Join Scott Hanselman as he engages one-on-one with the engineers
who build the services that power Microsoft Azure as they demo capabilities,
answer Scott’s questions, and share their insights.
Microsoft Azure Blog Keep current on what’s happening in Azure, including what’s
now in preview, generally available, news & updates, and more.
End of David Papkin Microsoft Azure AZ-500 page.