Exam tips: SC-200

Microsoft has recently announced a new series of certifications, the SC series which are the following :

SC-200Microsoft Security Operations Analyst
SC-300Microsoft Identity and Access Administrator
SC-400Microsoft Information Protection Administrator
SC-900Microsoft Security, Compliance, and Identity Fundamentals

The above certifications are focusing on Microsoft Security products.In this article we are going to review the SC-200 exam, I will share with you my experience and some useful tips.

Skills Measured

Microsoft Security Operations Analyst exam is about :

Microsoft 365 Defender25-30%
Azure Defender 25-30%
Azure Sentinel40-45%

Microsoft 365 Defender

It contains all Microsoft 365 Defender products and some more security products and services like:

  • Defender for endpoint
  • Defender for Identity
  • Defender for Office 365
  • Cloud App Security
  • Identity Protection
  • Data Loss Prevention

For each one of those you have to know how to deploy and configure them.You also have to know the whole cycle of detect,investigate,respond and remediate the alerts.Be very familiar with the portals,available options and the integration between them.

Some examples:

  • Differences between risk policies
  • Alerts configuration
  • Threat investigation steps
  • Creating Policies
  • Log Analytics Tables
  • Security event types

Azure Defender

It contains all the functions of Azure Security Center.You have to know how to deploy and configure it.You also have to know the types of resources that can be on-boarded and the remediation steps for the alerts.

Some examples:

  • Alert settings
  • Auto-remediation
  • Multi-Cloud environments
  • Data sources
  • Key vault alerts

Azure Sentinel

This part have the higher number of questions.You have to know how to deploy and configure the workspace,collecting logs and manage data connectors.You also have to know every component of Sentinel,how to create rules and alerts,create incidents,manage and investigate them.Off course KQL (Kusto Query Language) is a requirement, it does not demand expert knowledge of the language but you will need the basic operators.

Some examples:

  • Multiple Workspaces
  • On-premise logs
  • Playbooks
  • KQL Queries (sum,bin,top,extend)
  • Bookmarks creation
  • Understanding workbooks and notebooks

Very Important

Because it is a Security exam you have to keep in mind all the security principles for all your answers.Least privilege to every solution is one of them so it is mandatory to know the different roles that these products have.

Resources

All of the above are including in the exam skills outline.The only material that I used was from Microsoft Learn.The SC-200 Learning path contains all the necessary theory that you need.

You can find the exam skills outline and the learning path here .

Conclusion

In my personal opinion you must have hands-on experience in order to take this exam.It is very difficult to answer all these questions without hands-on.So, if you do not have hands-on experience at all the products try at least to gain some through a lab environment.

This was all about my experience for this exam.I hope that the above information will help you!

Windows Virtual Desktop Review

During the last two months Ι am using Windows Virtual Desktop for my primary workstation.So, I think that it is an opportunity to share my thoughts with you about this product at the article below.

What exactly is Windows Virtual Desktop ?

Windows Virtual Desktop is a desktop and app virtualization service that runs on the cloud.More specifically we can deliver to the end users a full desktop experience (personal or pooled , we will analyze this later) or specific applications that will run virtual on Azure.

What is the main difference between Windows Virtual Desktop and Remote Desktop Services (RDS) ? Is there a good reason for migration?

A lot of Companies were using RDS to deliver a virtual desktop infrastructure (vdi) or virtual applications. Of course you will find a lot of comparisons with pros and cons but I think that there are two main reasons for these companies to start thinking the migration:

  1. Operating System – You can now use Windows 10
  2. Service Management – It is a PaaS offered by Microsoft.

How can I start using Widows Virtual Desktop ?

It depends from your current infrastructure. Active Directory and Azure Active Directory are required for a Windows Virtual Desktop deployment. There are two main cases:

  1. You have an on-premises domain – So you have to sync your users with AD Connect and extend your domain to Azure
  2. You have only Office 365 users – So you can use Azure AD DS to sync your users

This can change according to your infrastructure and requirements, there are many solutions and different setups which you can proceed.We will not analyze those at this article.

What about licenses and subscriptions?

You will need an Azure subscription and one of the following licenses for each user:

Microsoft 365 E3, E5, A3, A5, F3, Business Premium
Windows E3, E5, A3, A5

What the available images options?

You can use the following operating systems:

  • Windows 10 Enterprise multi-session, version 1809 or later
  • Windows 10 Enterprise, version 1809 or later
  • Windows 7 Enterprise
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2

But we will focus on Windows 10 and these two image options:

  1. Windows 10 Multi-Session (Pooled) – More than one users will join to one Virtual machine
  2. Windows 10 Single Session (Personal) – Only one user will join to the virtual machine

There is of course and the custom image option in case that you want.

After the initial setup, how can I manage my Infrastructure?

As we have already mentioned Windows Virtual Desktop is a Platform as a Service. So we have to care only about our virtual machines and not for the availability of the initial service.

We have to manage two things:

  1. Virtual machines and Application deployments,assignments etc – Using Azure portal with Windows Virtual Desktop service
  2. Virtual machines operating system,security,policies etc – Traditional Group policies or Intune in case that our virtual machines are Hybrid Joined

What about the local printers,USB devices , microphone and camera ?

You can use the Azure portal to enable the redirection of all these devices,you can print browse your drives and join meetings with audio and video normally.

More specifically about audio and video,audio is very good with no delays.For the video I recommend to use Remote Desktop WebRTC Service in order to have the same results.

How can users join the virtual desktop or Apps? Do I have to open ports in Public? What platforms are supported?

Of course not, every user can access the available resources through the Web or the Remote Desktop Client.The client is available on Windows,Mac,iOS and Android.

After the user logs in to the client the available resources will showed up.It is very important to mention that MFA is supported.

When should I use Windows Virtual Desktop?

In my personal opinion they can be used almost at every case.Of course there are some cases that we can not apply this solution like field engineers, offline workers or where multiple vpn connections are required for clients.

The best use cases could be companies that have multiple clients for specific jobs like call centers,retail stores,data entry,secretaries etc .

What are the advantages?

Let’s say that you replace your desktops with thin clients and you build a windows virtual desktop infrastructure.

My calculations reveal to me that probably you will not save money , that is not the motive.Your infrastructure costs will almost be the same (based on my calculations,it is not a rule , of course it depends on your case).

Of course remote working is one of the biggest advantages,but except from that you will have a more secure infrastructure with better management,visibility,availability and less complexity.That will lead to less first level support ( hardware and software) and less troubleshooting.

The most important is that you will be able to start using all the Azure ecosystem, modern security,automation and other solutions will now be available.Your transform journey has already began..

The next article will be a tutorial about how to apply all these and start using the service.

AzureRM Templates with Visual Studio

Arm templates

AzureRM Templates with Visual Studio!
Customize your template and deploy multiple resources,as many times as you want in a few minutes!

AzreRM templates are a very efficient and easy way in order to deploy resources on azure cloud.You can find these templates on every Azure resource, download and start using them immediately!

At the following video you will see how easy and fast a deployment of a virtual machine can be with the use of these templates.

Infrastructure as Code :Intro to Terraform on Azure Part 1

Infrastructure as Code is the management and provisioning of infrastructure through configuration files.But why we have to get into all this trouble to learn how to use all these new technologies?

Unfortunately there are some things at Legacy Infrastructure that i like to call as “Infrastructure Pain..!”

So high costs,complexity on the deployments,the management and of all these stuff in combination of Scalability and Availability are creating the Infrastructure Pain..!

I used to call it Pain not because you can not achieve all these, but it is very hard to do it correctly and to maintain.

In order to solve some of this problems we can use Cloud! Cloud can help us to achieve better results on the following areas:

We can be very flexible using all the new cloud technologies so scalability will not be a very big problem anymore.Also a very high percentage of Availability with an SLA of 99.5% can be achieved with just one virtual machine!And of course hardware maintenance is not at our responsibility anymore.

But still some problems still exists..:

Still we have to consider Management and Complexity because we will administrative all these resources and administration cost is still there and we have to keep it low.

At this point we will remember the Infrastructure as Code that we said at the beginning.What are the benefits of these technology?

Version Control:We can have tools like Git to control our Infrastructure.We can revert,save all the changes and have a very good history of our Infrastructure.

Clear Documentation:There is no better way to present the current state of your Infrastructure than the code itself.

Repeatable deployments and Fast Changes:Deploy resources in minuets as many times you want without the fear of human error.

How can We achieve all these?

Terraform is a very nice way to proceed.

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.

At the second part we will see the fundamentals of Terraform and how we can deploy resources directly on Azure!

Logic App – Image Recognition

See below how you can integrate logic app with Artificial Intelligence.

At the following video I have created a Logic App that is triggered when a file ( a picture in our example) is uploaded to my one drive account.So after the picture has been uploaded azure cognitive services takes on the wheel.The face recognition service grabs the image and start to analyze the gender of any person that the image contains.When the analysis has finished the service exports the data in a Microsoft Excel file.

Manage Azure virtual machines with Ansible Tower

Moving your IaaS infrastructure to Azure does not mean that you have done with servers maintenance and management.There are a lot of tools that you can use to deploy your configurations and Ansible is one of the most powerful.

Ansible has the three following characteristics that i like most:

  • Agent-less – The only thing that you need is to enable winrm on windows and ssh for linux .
  • Multi-platform – Ansible contain modules for all the known platforms like azure,aws,linux,windows etc
  • Open Source

Ansible works with yaml files that include the task that you want to execute.A playbook can be a set of tasks that can run at once.

We will see with a simple example how we can deploy ansible tower and start managing our IaaS infrastructure at a very short time.

I did not write a tutorial, it is just a small deployment that i have made.

What you will need:

  • Azure Subscription
  • Ansible Tower Virtual Machine
  • Windows or Linux virtual machine to test
  • Azure Virtual Network with at least two subnets

Azure Subscription

You can create an Azure Subscription for free here .

Virtual Machine that runs Ansible Tower

You will need a linux virtual machine to deploy Ansbile tower. In our example i have used the ansible tower redhat image from Azure Marketplace.If you go with this deployment you will need a redhat ansible tower license.You can request one trial license for free but only for evaluation purposes from here .

Windows or Linux virtual machine to test

You will need to deploy a windows or linux virtual machine in order to make a little test for our deployment.I have used a windows server 2016 virtual machine from azure marketplace.

Azure Virtual Network with at least two subnets

You will need to deploy an Azure virtual network with at least two subnets, one for Ansible tower and another one for the hosts.

At the end of the deployment you will be able to login at your Ansible tower with it’s public ip.

Ansible Tower Web Interface

As you can see i have done a lot of failed jobs until i understand how it is working.I have done a major mistake at virtual networks and there was no communication between the tower and the virtual machine .

Deploy your first playbook

The minimum things that you have to do to deploy your first playbook are :

  • Inventory – You have to declare your connection variables and Hosts.
  • Project – You have to create a project that contains your playbook code and yes you can use Git to provide the code!
  • Credentials – You have to specify every credential for your deployment ( host and github for our example )
  • Templates – You have to create a template that contains all the information above and run it.

Here you can see an image form my template

No alt text provided for this image

So when i click launch it will connect to the windows server with Winrm using the variables and the credentials that i have provide and it will execute my playbook.

My playbook contains a very simple command to start the windows print spooler service.Obviously you can write a set of tasks in your playbook and you can also specify the order that the tasks will execute.

You can find the specific playbook at my github repository here.

I will close this small article with a very sort video of the deployment

My task was very simple.But imagine what would you do if you had 10,100 or 1000 hosts.Even the most simple task can take you a lot of time to be completed without management tools.