diff --git a/Solutions/TEST PB DODZERO/DoDZeroTrustWorkbook.json b/Solutions/TEST PB DODZERO/DoDZeroTrustWorkbook.json
index 79ea8d573c3..98374075a4f 100644
--- a/Solutions/TEST PB DODZERO/DoDZeroTrustWorkbook.json
+++ b/Solutions/TEST PB DODZERO/DoDZeroTrustWorkbook.json
@@ -189,7 +189,7 @@
},
{
"id": "2b573101-8841-45a7-ac7a-7139c7d321a5",
- "cellValue": "https://www.microsoft.com/en-us/security/blog/2022/11/22/microsoft-supports-the-dods-zero-trust-strategy/",
+ "cellValue": "https://www.microsoft.com/security/blog/2022/11/22/microsoft-supports-the-dods-zero-trust-strategy/",
"linkTarget": "Url",
"linkLabel": "Microsoft supports the DoD’s Zero Trust strategy",
"style": "link"
@@ -1464,7 +1464,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Microsoft Identity Platform Entra (formerly AAD)](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-overview)
\r\n💡 [Microsoft Hybrid Identity with Entra/AAD/AD](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/)
\r\n💡 [Using the Inventory in Secure Score - Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/asset-inventory)
\r\n💡 [Identity Decision Guide](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/identity/)
\r\n💡 [Microsoft Cloud Identity for Enterprise Architects](https://www.microsoft.com/en-us/download/details.aspx?id=54431)
\r\n💡 [Identity Security Monitoring](https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/IdentitySecurityMonitoring.md#identity-security-monitoring-in-a-hybrid-environment)
\r\n💡 [Collect Azure Active Directory (Azure AD) Logs](https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics#send-logs-to-azure-monitor)
\r\n💡 [Enable User Entity Behavorial Analytics](https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics#how-to-enable-user-and-entity-behavior-analytics)
\r\n💡 [Deploy Microsoft Defender for Identity](https://learn.microsoft.com/en-us/defender-for-identity/deploy-defender-identity)
\r\n💡 [Secure with Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/secure-with-azure-ad-introduction)
\r\n💡 [AAD Hybrid Identity](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/plan-hybrid-identity-design-considerations-overview?WT.mc_id=DT-MVP-5001664)
\r\n💡 [Azure AD Reports](https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-reports?WT.mc_id=DT-MVP-5001664)
\r\n💡 [B2B Collaboration](https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b?WT.mc_id=DT-MVP-5001664)
\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Microsoft Identity Platform Entra (formerly AAD)](https://learn.microsoft.com/azure/active-directory/develop/v2-overview)
\r\n💡 [Microsoft Hybrid Identity with Entra/AAD/AD](https://learn.microsoft.com/azure/active-directory/hybrid/)
\r\n💡 [Using the Inventory in Secure Score - Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/asset-inventory)
\r\n💡 [Identity Decision Guide](https://learn.microsoft.com/azure/cloud-adoption-framework/decision-guides/identity/)
\r\n💡 [Microsoft Cloud Identity for Enterprise Architects](https://www.microsoft.com/download/details.aspx?id=54431)
\r\n💡 [Identity Security Monitoring](https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/IdentitySecurityMonitoring.md#identity-security-monitoring-in-a-hybrid-environment)
\r\n💡 [Collect Azure Active Directory (Azure AD) Logs](https://learn.microsoft.com/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics#send-logs-to-azure-monitor)
\r\n💡 [Enable User Entity Behavorial Analytics](https://learn.microsoft.com/azure/sentinel/enable-entity-behavior-analytics#how-to-enable-user-and-entity-behavior-analytics)
\r\n💡 [Deploy Microsoft Defender for Identity](https://learn.microsoft.com/defender-for-identity/deploy-defender-identity)
\r\n💡 [Secure with Azure Active Directory](https://learn.microsoft.com/azure/active-directory/fundamentals/secure-with-azure-ad-introduction)
\r\n💡 [AAD Hybrid Identity](https://learn.microsoft.com/azure/active-directory/hybrid/connect/plan-hybrid-identity-design-considerations-overview?WT.mc_id=DT-MVP-5001664)
\r\n💡 [Azure AD Reports](https://learn.microsoft.com/azure/active-directory/reports-monitoring/overview-reports?WT.mc_id=DT-MVP-5001664)
\r\n💡 [B2B Collaboration](https://learn.microsoft.com/azure/active-directory/external-identities/what-is-b2b?WT.mc_id=DT-MVP-5001664)
\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -1812,7 +1812,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [What is Conditional Access](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
\r\n💡 [Conditional Access Learning Path](https://learn.microsoft.com/en-us/training/modules/plan-implement-administer-conditional-access/)
\r\n💡 [Conditional Access Licensing- Need at least AADP1](https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-pricing?rtc=1)
\r\n💡 [Conditional Access Design Principles](https://learn.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-design)
\r\n💡 [Templates -Secure Foundation & Work Toward ZT](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common)
\r\n💡 [Conditional Access Trends and Changes](https://github.com/Cyberlorians/Workbooks/blob/main/ConditionalAccessTrendsandChanges.json)
\r\n💡 [Implement Authentication Strengths](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/authentication-strength-choose-the-right-auth-method-for-your/ba-p/2365674)
\r\n💡 [Intune Conditional Access](https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access)
\r\n💡 [Using Locations in Conditional Access Policies](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition)
\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [What is Conditional Access](https://learn.microsoft.com/azure/active-directory/conditional-access/overview)
\r\n💡 [Conditional Access Learning Path](https://learn.microsoft.com/training/modules/plan-implement-administer-conditional-access/)
\r\n💡 [Conditional Access Licensing- Need at least AADP1](https://www.microsoft.com/security/business/identity-access/azure-active-directory-pricing?rtc=1)
\r\n💡 [Conditional Access Design Principles](https://learn.microsoft.com/azure/architecture/guide/security/conditional-access-design)
\r\n💡 [Templates -Secure Foundation & Work Toward ZT](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policy-common)
\r\n💡 [Conditional Access Trends and Changes](https://github.com/Cyberlorians/Workbooks/blob/main/ConditionalAccessTrendsandChanges.json)
\r\n💡 [Implement Authentication Strengths](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/authentication-strength-choose-the-right-auth-method-for-your/ba-p/2365674)
\r\n💡 [Intune Conditional Access](https://learn.microsoft.com/mem/intune/protect/conditional-access)
\r\n💡 [Using Locations in Conditional Access Policies](https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition)
\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -2108,7 +2108,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [How MFA Works](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks)
\r\n💡 [Setup Multifactor Authenication for Users M365](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)
\r\n💡 [Configure the MFA Azure Active Directrory Registration Policies](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)
\r\n💡 [Deploy Passwordless Solution](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-deployment)
\r\n💡 [Configure Azure AD CBA](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication)
\r\n💡 [Conditional Access Policy - MFA](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?WT.mc_id=DT-MVP-5001664)
\r\n💡 [Plan AAD MFA](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted?WT.mc_id=DT-MVP-5001664)
"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [How MFA Works](https://learn.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks)
\r\n💡 [Setup Multifactor Authenication for Users M365](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)
\r\n💡 [Configure the MFA Azure Active Directrory Registration Policies](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)
\r\n💡 [Deploy Passwordless Solution](https://learn.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-deployment)
\r\n💡 [Configure Azure AD CBA](https://learn.microsoft.com/azure/active-directory/authentication/how-to-certificate-based-authentication)
\r\n💡 [Conditional Access Policy - MFA](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?WT.mc_id=DT-MVP-5001664)
\r\n💡 [Plan AAD MFA](https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted?WT.mc_id=DT-MVP-5001664)
"
},
"customWidth": "33",
"name": "text - 9"
@@ -2379,7 +2379,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Plan a Privileged Identity Management Deployment](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan)
\r\n💡 [privileged Identity Management - Why use it with Defender for O365?](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-worldwide)
\r\n💡 [Implementing PIM - Micrsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started)
\r\n💡 [Secure Roadmap - PIM](https://learn.microsoft.com/en-us/azure/active-directory/roles/security-planning#use-azure-ad-privileged-identity-management)
\r\n💡 [PIM for Groups](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/concept-pim-for-groups)
\r\n💡 [PIM Compliancy with Sentinel](https://learnsentinel.blog/2021/07/26/enforce-pim-compliance-with-azure-sentinel-and-playbooks/)
\r\n💡 [Configure Approve or Deny Request for AD Roles in PIM](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-approval-workflow)
\r\n💡 [Azure Security Benchmark Defender for Identity](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/defender-for-identity-security-baseline)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Plan a Privileged Identity Management Deployment](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-deployment-plan)
\r\n💡 [privileged Identity Management - Why use it with Defender for O365?](https://learn.microsoft.com/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-worldwide)
\r\n💡 [Implementing PIM - Micrsoft Entra](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-getting-started)
\r\n💡 [Secure Roadmap - PIM](https://learn.microsoft.com/azure/active-directory/roles/security-planning#use-azure-ad-privileged-identity-management)
\r\n💡 [PIM for Groups](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/concept-pim-for-groups)
\r\n💡 [PIM Compliancy with Sentinel](https://learnsentinel.blog/2021/07/26/enforce-pim-compliance-with-azure-sentinel-and-playbooks/)
\r\n💡 [Configure Approve or Deny Request for AD Roles in PIM](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-approval-workflow)
\r\n💡 [Azure Security Benchmark Defender for Identity](https://learn.microsoft.com/security/benchmark/azure/baselines/defender-for-identity-security-baseline)
\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -2553,7 +2553,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Azure Governement - Planning Identity for Azure Government Apps](https://learn.microsoft.com/en-us/azure/azure-government/documentation-government-plan-identity)
\r\n💡 [Federated Identity Credentials](https://learn.microsoft.com/en-us/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-1.0)
\r\n💡 [What is Hybrid Identity](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity)
\r\n💡 [Azure AD Certificate Based Authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-certificate-based-authentication)
\r\n💡 [Azure AD SCIM](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups)
\r\n💡 [Provisioning with Google Cloud](https://cloud.google.com/architecture/identity/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on)
\r\n💡 [Provisioning with Amazon Cloud](https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial)
\r\n💡 [Azure AD Application Roles](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps)
\r\n💡 [What is Identity Governace?](https://learn.microsoft.com/en-us/azure/active-directory/governance/identity-governance-overview)
\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Azure Governement - Planning Identity for Azure Government Apps](https://learn.microsoft.com/azure/azure-government/documentation-government-plan-identity)
\r\n💡 [Federated Identity Credentials](https://learn.microsoft.com/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-1.0)
\r\n💡 [What is Hybrid Identity](https://learn.microsoft.com/azure/active-directory/hybrid/whatis-hybrid-identity)
\r\n💡 [Azure AD Certificate Based Authentication](https://learn.microsoft.com/azure/active-directory/authentication/concept-certificate-based-authentication)
\r\n💡 [Azure AD SCIM](https://learn.microsoft.com/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups)
\r\n💡 [Provisioning with Google Cloud](https://cloud.google.com/architecture/identity/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on)
\r\n💡 [Provisioning with Amazon Cloud](https://learn.microsoft.com/azure/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial)
\r\n💡 [Azure AD Application Roles](https://learn.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps)
\r\n💡 [What is Identity Governace?](https://learn.microsoft.com/azure/active-directory/governance/identity-governance-overview)
\r\n\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -2853,7 +2853,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [User Entity Behavorial Analytics - What is it?](https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics)
\r\n💡 [Windows Hello Biometrics](https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise)
\r\n💡 [Identify Advanced Threats with UEBA](https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics)
\r\n💡 [UEBA Reference](https://learn.microsoft.com/en-us/azure/sentinel/ueba-reference?WT.mc_id=AZ-MVP-5004810#ueba-enrichments)
\r\n💡 [UEBA Sentinel Content Hub](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/ueba-essentials-solution-now-available-in-content-hub/ba-p/3651074)
\r\n💡 [Guided UEBA Investigation Scenarios](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/guided-ueba-investigation-scenarios-to-empower-your-soc/ba-p/1857100)
\r\n💡 [Combatting Risky Sign-ins in Azure Active Directory](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/combatting-risky-sign-ins-in-azure-active-directory/ba-p/3724786)
\r\n💡 [Securing Workload Identities](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-workload-identity-risk)
\r\n💡 [Reprise99 UEBA](https://github.com/reprise99/Sentinel-Queries/tree/main/UEBA)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [User Entity Behavorial Analytics - What is it?](https://learn.microsoft.com/azure/sentinel/identify-threats-with-entity-behavior-analytics)
\r\n💡 [Windows Hello Biometrics](https://learn.microsoft.com/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise)
\r\n💡 [Identify Advanced Threats with UEBA](https://learn.microsoft.com/azure/sentinel/identify-threats-with-entity-behavior-analytics)
\r\n💡 [UEBA Reference](https://learn.microsoft.com/azure/sentinel/ueba-reference?WT.mc_id=AZ-MVP-5004810#ueba-enrichments)
\r\n💡 [UEBA Sentinel Content Hub](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/ueba-essentials-solution-now-available-in-content-hub/ba-p/3651074)
\r\n💡 [Guided UEBA Investigation Scenarios](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/guided-ueba-investigation-scenarios-to-empower-your-soc/ba-p/1857100)
\r\n💡 [Combatting Risky Sign-ins in Azure Active Directory](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/combatting-risky-sign-ins-in-azure-active-directory/ba-p/3724786)
\r\n💡 [Securing Workload Identities](https://learn.microsoft.com/azure/active-directory/identity-protection/concept-workload-identity-risk)
\r\n💡 [Reprise99 UEBA](https://github.com/reprise99/Sentinel-Queries/tree/main/UEBA)
\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -3281,7 +3281,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Implementing Least-privileged Administrative Models](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models)
\r\n💡 [enhance Application Security with Lease Privilege Access Controls](https://learn.microsoft.com/en-us/azure/active-directory/develop/secure-least-privileged-access)
\r\n💡 [Identity Protection](https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-active-directory-identity/ba-p/1320887?WT.mc_id=itopstalk-newsletter-abartolo)
\r\n💡 [Continuous Access Evaluation Monitoring](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-continuous-access-evaluation-troubleshoot#continuous-access-evaluation-sign-in-reporting)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Implementing Least-privileged Administrative Models](https://learn.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models)
\r\n💡 [enhance Application Security with Lease Privilege Access Controls](https://learn.microsoft.com/azure/active-directory/develop/secure-least-privileged-access)
\r\n💡 [Identity Protection](https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-active-directory-identity/ba-p/1320887?WT.mc_id=itopstalk-newsletter-abartolo)
\r\n💡 [Continuous Access Evaluation Monitoring](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-continuous-access-evaluation-troubleshoot#continuous-access-evaluation-sign-in-reporting)
\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -3552,7 +3552,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Implement Continuous Access Evaluation Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation)
\r\n💡 [Implementing Primary Refresh Token](https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token)
\r\n💡 [Privileged Identity Management Insights](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-security-wizard#discovery-and-insights-preview)
\r\n💡 [Entra Permissions Managment](https://learn.microsoft.com/en-us/azure/active-directory/cloud-infrastructure-entitlement-management/permissions-management-trial-user-guide)
\r\n💡 [Session Management with Conditional Access](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Implement Continuous Access Evaluation Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation)
\r\n💡 [Implementing Primary Refresh Token](https://learn.microsoft.com/azure/active-directory/devices/concept-primary-refresh-token)
\r\n💡 [Privileged Identity Management Insights](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-security-wizard#discovery-and-insights-preview)
\r\n💡 [Entra Permissions Managment](https://learn.microsoft.com/azure/active-directory/cloud-infrastructure-entitlement-management/permissions-management-trial-user-guide)
\r\n💡 [Session Management with Conditional Access](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime)
\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -3755,7 +3755,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Microsoft Integrated Identity Platform Entra](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-overview)
\r\n💡 [Implement Passwordless Auth with Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-passwordless)
\r\n💡 [Configure Passwordless Key with Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key)
\r\n💡 [Entra Certificate Based Authorization](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-certificate-based-authentication)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Microsoft Integrated Identity Platform Entra](https://learn.microsoft.com/azure/active-directory/develop/v2-overview)
\r\n💡 [Implement Passwordless Auth with Microsoft Entra](https://learn.microsoft.com/azure/active-directory/fundamentals/auth-passwordless)
\r\n💡 [Configure Passwordless Key with Microsoft Entra](https://learn.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key)
\r\n💡 [Entra Certificate Based Authorization](https://learn.microsoft.com/azure/active-directory/authentication/concept-certificate-based-authentication)
\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -4823,7 +4823,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [M365 Defender Device inventory](https://learn.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-1.0%22%20%EF%BF%BDHYPERLINK%20%22https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-worldwide)
\r\n💡 [What is a device identity (Azure Active Directory)?](https://learn.microsoft.com/en-us/azure/active-directory/devices/overview)
\r\n💡 [Manage device identities by using the Azure portal](https://learn.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal)
\r\n💡 [Manage your devices and control features with Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/manage-devices)
\r\n💡 [Hybrid Azure AD joined devices](https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid)
\r\n💡 [Conditional Access policy: Device Compliancy](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
\r\n💡 [ZT Guide: Endpoint Zero Trust Deployment Objectives](https://learn.microsoft.com/en-us/security/zero-trust/deploy/endpoints#endpoint-zero-trust-deployment-objectives)
\r\n💡 [Intune Reporting](https://learn.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor) ** not yet availble in DoD cloud
\r\n💡 [Provide Additional Intune Reporting](https://www.linkedin.com/pulse/provide-additional-intune-reporting-data-wmi-iren%C3%A4us-becker/)
\r\n💡 [Working with Intune in Microsoft Graph](https://learn.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-1.0)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [M365 Defender Device inventory](https://learn.microsoft.com/graph/api/resources/intune-graph-overview?view=graph-rest-1.0%22%20%EF%BF%BDHYPERLINK%20%22https://learn.microsoft.com/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-worldwide)
\r\n💡 [What is a device identity (Azure Active Directory)?](https://learn.microsoft.com/azure/active-directory/devices/overview)
\r\n💡 [Manage device identities by using the Azure portal](https://learn.microsoft.com/azure/active-directory/devices/device-management-azure-portal)
\r\n💡 [Manage your devices and control features with Microsoft Intune](https://learn.microsoft.com/mem/intune/fundamentals/manage-devices)
\r\n💡 [Hybrid Azure AD joined devices](https://learn.microsoft.com/azure/active-directory/devices/concept-azure-ad-join-hybrid)
\r\n💡 [Conditional Access policy: Device Compliancy](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
\r\n💡 [ZT Guide: Endpoint Zero Trust Deployment Objectives](https://learn.microsoft.com/security/zero-trust/deploy/endpoints#endpoint-zero-trust-deployment-objectives)
\r\n💡 [Intune Reporting](https://learn.microsoft.com/mem/intune/fundamentals/review-logs-using-azure-monitor) ** not yet availble in DoD cloud
\r\n💡 [Provide Additional Intune Reporting](https://www.linkedin.com/pulse/provide-additional-intune-reporting-data-wmi-iren%C3%A4us-becker/)
\r\n💡 [Working with Intune in Microsoft Graph](https://learn.microsoft.com/graph/api/resources/intune-graph-overview?view=graph-rest-1.0)
\r\n"
},
"customWidth": "33",
"name": "text - 6"
@@ -5123,7 +5123,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Device compliance policies in Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started)
\r\n💡 [Configure Microsoft Defender for Endpoint in Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure)
\r\n💡 [Configure Conditional Access in Microsoft Defender for Endpoint | Microsoft Learn](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide)
\r\n💡 [Scenarios for using Conditional Access with Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access-intune-common-ways-use?source=recommendations)\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Device compliance policies in Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/mem/intune/protect/device-compliance-get-started)
\r\n💡 [Configure Microsoft Defender for Endpoint in Intune | Microsoft Learn](https://learn.microsoft.com/mem/intune/protect/advanced-threat-protection-configure)
\r\n💡 [Configure Conditional Access in Microsoft Defender for Endpoint | Microsoft Learn](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide)
\r\n💡 [Scenarios for using Conditional Access with Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/mem/intune/protect/conditional-access-intune-common-ways-use?source=recommendations)\r\n\r\n"
},
"customWidth": "33",
"name": "text - 6"
@@ -5276,7 +5276,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n## Resources\r\n\r\n💡 [Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure)
\r\n💡 [Device discovery overview](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide)
\r\n💡 [Learn about Conditional Access and Intune](https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access)
\r\n💡 [Device compliance policies in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started)
\r\n💡 [Configure compliance policies with actions for noncompliance in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance)
\r\n💡 [Require compliant, hybrid joined devices, or MFA - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
\r\n💡 [Conditional Access insights and reporting workbook - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting)
\r\n💡 [Plan an Azure Active Directory Conditional Access deployment - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access)
\r\n💡 [Azure Samples for Conditional Access (PowerShell) - GitHub](https://github.com/Azure-Samples/azure-ad-conditional-access-apis/tree/main/01-configure/powershell)
\r\n
\r\n#### Additional References:
\r\n💡 [Track changes to system files and registry keys](https://learn.microsoft.com/en-us/azure/defender-for-cloud/file-integrity-monitoring-overview)
\r\n💡 [Connect Microsoft Defender for Cloud alerts to Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/connect-defender-for-cloud)
\r\n💡 [Deploying and Managing Microsoft Defender for Cloud as Code](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/deploying-and-managing-microsoft-defender-for-cloud-as-code/ba-p/3649653)
\r\n💡 [Collect data in custom log formats to Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/connect-custom-logs?tabs=DCG)
\r\n💡 [Azure Monitor Agent overview - Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview)
\r\n💡 [Use entity behavior analytics to detect advanced threats](https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics)
"
+ "json": "
\r\n## Resources\r\n\r\n💡 [Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/mem/intune/protect/advanced-threat-protection-configure)
\r\n💡 [Device discovery overview](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide)
\r\n💡 [Learn about Conditional Access and Intune](https://learn.microsoft.com/mem/intune/protect/conditional-access)
\r\n💡 [Device compliance policies in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/device-compliance-get-started)
\r\n💡 [Configure compliance policies with actions for noncompliance in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/actions-for-noncompliance)
\r\n💡 [Require compliant, hybrid joined devices, or MFA - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
\r\n💡 [Conditional Access insights and reporting workbook - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting)
\r\n💡 [Plan an Azure Active Directory Conditional Access deployment - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access)
\r\n💡 [Azure Samples for Conditional Access (PowerShell) - GitHub](https://github.com/Azure-Samples/azure-ad-conditional-access-apis/tree/main/01-configure/powershell)
\r\n
\r\n#### Additional References:
\r\n💡 [Track changes to system files and registry keys](https://learn.microsoft.com/azure/defender-for-cloud/file-integrity-monitoring-overview)
\r\n💡 [Connect Microsoft Defender for Cloud alerts to Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/connect-defender-for-cloud)
\r\n💡 [Deploying and Managing Microsoft Defender for Cloud as Code](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/deploying-and-managing-microsoft-defender-for-cloud-as-code/ba-p/3649653)
\r\n💡 [Collect data in custom log formats to Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/connect-custom-logs?tabs=DCG)
\r\n💡 [Azure Monitor Agent overview - Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/agents/agents-overview)
\r\n💡 [Use entity behavior analytics to detect advanced threats](https://learn.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)
"
},
"customWidth": "33",
"name": "text - 6"
@@ -5531,7 +5531,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Require compliant, hybrid joined devices, or MFA - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
\r\n💡 [Conditional Access APIs and PowerShell - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-apis)
\r\n💡 [Device compliance policies in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started)
\r\n💡 [Configure compliance policies with actions for noncompliance in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance)
\r\n💡 [Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure)
\r\n💡 [Configure Conditional Access in Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide)
\r\n💡 [Enhance security with the principle of least privilege](https://learn.microsoft.com/en-us/azure/active-directory/develop/secure-least-privileged-access)
\r\n💡 [Best practices for Azure AD roles](https://learn.microsoft.com/en-us/azure/active-directory/roles/best-practices)
\r\n💡 [Least privileged roles by task in Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task)
\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Require compliant, hybrid joined devices, or MFA - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
\r\n💡 [Conditional Access APIs and PowerShell - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-apis)
\r\n💡 [Device compliance policies in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/device-compliance-get-started)
\r\n💡 [Configure compliance policies with actions for noncompliance in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/actions-for-noncompliance)
\r\n💡 [Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/mem/intune/protect/advanced-threat-protection-configure)
\r\n💡 [Configure Conditional Access in Microsoft Defender for Endpoint](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide)
\r\n💡 [Enhance security with the principle of least privilege](https://learn.microsoft.com/azure/active-directory/develop/secure-least-privileged-access)
\r\n💡 [Best practices for Azure AD roles](https://learn.microsoft.com/azure/active-directory/roles/best-practices)
\r\n💡 [Least privileged roles by task in Azure Active Directory](https://learn.microsoft.com/azure/active-directory/roles/delegate-by-task)
\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 6"
@@ -5625,7 +5625,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [What is Windows Update for Business?](https://learn.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb)
\r\n💡 [Microsoft Configuration Manager MECEM](https://learn.microsoft.com/en-us/mem/configmgr/core/understand/introduction)
\r\n💡 [Update rings for Windows 10 and later policy in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-update-rings?source=recommendations)
\r\n💡 [Manage Windows 10 and Windows 11 software updates in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure)
\r\n💡 [Deploy software updates with Configuration Manager](https://learn.microsoft.com/en-us/mem/configmgr/sum/deploy-use/deploy-software-updates)
\r\n💡 [Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/mem/intune/protect/atp-manage-vulnerabilities)
\r\n💡 [Remediate vulnerabilities (Defender for Endpoint)](https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-remediation?view=o365-worldwide)
\r\n💡 [Choose how to deliver updates for the Microsoft 365 Apps](https://learn.microsoft.com/en-us/deployoffice/fieldnotes/choose-how-to-deliver-updates)
\r\n💡 [Windows Release Health](https://learn.microsoft.com/en-us/windows/release-health/)
\r\n💡 [Manage updates and patches for your VMs](https://learn.microsoft.com/en-us/azure/automation/update-management/manage-updates-for-vm)
\r\n💡 [Automate your patching using Azure Arc and Azure Automation](https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [What is Windows Update for Business?](https://learn.microsoft.com/windows/deployment/update/waas-manage-updates-wufb)
\r\n💡 [Microsoft Configuration Manager MECEM](https://learn.microsoft.com/mem/configmgr/core/understand/introduction)
\r\n💡 [Update rings for Windows 10 and later policy in Intune](https://learn.microsoft.com/mem/intune/protect/windows-10-update-rings?source=recommendations)
\r\n💡 [Manage Windows 10 and Windows 11 software updates in Intune](https://learn.microsoft.com/mem/intune/protect/windows-update-for-business-configure)
\r\n💡 [Deploy software updates with Configuration Manager](https://learn.microsoft.com/mem/configmgr/sum/deploy-use/deploy-software-updates)
\r\n💡 [Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint](https://learn.microsoft.com/mem/intune/protect/atp-manage-vulnerabilities)
\r\n💡 [Remediate vulnerabilities (Defender for Endpoint)](https://learn.microsoft.com/microsoft-365/security/defender-vulnerability-management/tvm-remediation?view=o365-worldwide)
\r\n💡 [Choose how to deliver updates for the Microsoft 365 Apps](https://learn.microsoft.com/deployoffice/fieldnotes/choose-how-to-deliver-updates)
\r\n💡 [Windows Release Health](https://learn.microsoft.com/windows/release-health/)
\r\n💡 [Manage updates and patches for your VMs](https://learn.microsoft.com/azure/automation/update-management/manage-updates-for-vm)
\r\n💡 [Automate your patching using Azure Arc and Azure Automation](https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141)
\r\n"
},
"customWidth": "33",
"name": "text - 6"
@@ -5767,7 +5767,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [What is Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune)
\r\n💡 [Manage your devices and control device features in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/manage-devices)
\r\n💡 [Zero Trust with Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/zero-trust-with-microsoft-intune)
\r\n💡 [Supported operating systems and browsers in Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers)
\r\n💡 [Enrollment guide: Microsoft Intune enrollment](https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment)
\r\n💡 [Manage iOS/iPadOS software update policies in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/software-updates-ios)
\r\n💡 [Manage macOS software update policies in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/software-updates-macos)
\r\n💡 [Microsoft Intune How-To Guides](https://learn.microsoft.com/en-us/mem/intune/#how-to-guides)
\r\n💡 [What is Azure Arc-enabled servers?](https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview)
\r\n💡 [Automate your patching using Azure Arc and Azure Automation](https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141)
\r\n\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [What is Microsoft Intune](https://learn.microsoft.com/mem/intune/fundamentals/what-is-intune)
\r\n💡 [Manage your devices and control device features in Microsoft Intune](https://learn.microsoft.com/mem/intune/fundamentals/manage-devices)
\r\n💡 [Zero Trust with Microsoft Intune](https://learn.microsoft.com/mem/intune/fundamentals/zero-trust-with-microsoft-intune)
\r\n💡 [Supported operating systems and browsers in Intune](https://learn.microsoft.com/mem/intune/fundamentals/supported-devices-browsers)
\r\n💡 [Enrollment guide: Microsoft Intune enrollment](https://learn.microsoft.com/mem/intune/fundamentals/deployment-guide-enrollment)
\r\n💡 [Manage iOS/iPadOS software update policies in Intune](https://learn.microsoft.com/mem/intune/protect/software-updates-ios)
\r\n💡 [Manage macOS software update policies in Intune](https://learn.microsoft.com/mem/intune/protect/software-updates-macos)
\r\n💡 [Microsoft Intune How-To Guides](https://learn.microsoft.com/mem/intune/#how-to-guides)
\r\n💡 [What is Azure Arc-enabled servers?](https://learn.microsoft.com/azure/azure-arc/servers/overview)
\r\n💡 [Automate your patching using Azure Arc and Azure Automation](https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141)
\r\n\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 6"
@@ -5911,7 +5911,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [What is Microsoft Defender for Endpoint?](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide)
\r\n💡 [Zero Trust with Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/zero-trust-with-microsoft-defender-endpoint?view=o365-worldwide)
\r\n💡 [What is Microsoft 365 Defender?](https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide)
\r\n💡 [Zero Trust with Microsoft 365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender/zero-trust-with-microsoft-365-defender?view=o365-worldwide)
\r\n💡 [Overview of endpoint detection and response (EDR) with Microsoft 365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response?view=o365-worldwide)
\r\n💡 [Implement Microsoft Sentinel and Microsoft 365 Defender for Zero Trust](https://learn.microsoft.com/en-us/security/operations/siem-xdr-overview)
\r\n💡 [Manage endpoint detection and response (EDR) policy for endpoint security in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-edr-policy)
\r\n💡 [Set up your XDR tools](https://learn.microsoft.com/en-us/security/operations/setup-xdr-tools)
\r\n💡 [Architect your Microsoft Sentinel workspace](https://learn.microsoft.com/en-us/security/operations/siem-workspace)
\r\n💡 [Ingest data sources and configure incident detection in Sentinel](https://learn.microsoft.com/en-us/security/operations/ingest-data-sources)
\r\n💡 [Respond to an incident using Microsoft Sentinel and Microsoft 365 Defender](https://learn.microsoft.com/en-us/security/operations/respond-incident)
\r\n\r\n\r\n\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [What is Microsoft Defender for Endpoint?](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide)
\r\n💡 [Zero Trust with Microsoft Defender for Endpoint](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/zero-trust-with-microsoft-defender-endpoint?view=o365-worldwide)
\r\n💡 [What is Microsoft 365 Defender?](https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide)
\r\n💡 [Zero Trust with Microsoft 365 Defender](https://learn.microsoft.com/microsoft-365/security/defender/zero-trust-with-microsoft-365-defender?view=o365-worldwide)
\r\n💡 [Overview of endpoint detection and response (EDR) with Microsoft 365 Defender](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response?view=o365-worldwide)
\r\n💡 [Implement Microsoft Sentinel and Microsoft 365 Defender for Zero Trust](https://learn.microsoft.com/security/operations/siem-xdr-overview)
\r\n💡 [Manage endpoint detection and response (EDR) policy for endpoint security in Intune](https://learn.microsoft.com/mem/intune/protect/endpoint-security-edr-policy)
\r\n💡 [Set up your XDR tools](https://learn.microsoft.com/security/operations/setup-xdr-tools)
\r\n💡 [Architect your Microsoft Sentinel workspace](https://learn.microsoft.com/security/operations/siem-workspace)
\r\n💡 [Ingest data sources and configure incident detection in Sentinel](https://learn.microsoft.com/security/operations/ingest-data-sources)
\r\n💡 [Respond to an incident using Microsoft Sentinel and Microsoft 365 Defender](https://learn.microsoft.com/security/operations/respond-incident)
\r\n\r\n\r\n\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 6"
@@ -6699,7 +6699,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Cloud Discovery Setup](https://learn.microsoft.com/en-us/defender-cloud-apps/set-up-cloud-discovery)
\r\n💡 [Deploy Intune Softare inventory & Security Policies](https://learn.microsoft.com/en-us/answers/questions/67892/can-we-use-intune-to-inventory-software-on-devices)
\r\n💡 [Configure Blocking Unwanted or Unapproved Applications](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide)
\r\n💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
\r\n💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
\r\n💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool)
\r\n💡 [Active Directory Federation Services Health](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-health-adfs)
\r\n💡 [Azure Active Directory Application Audit](https://github.com/jsa2/AADAppAudit#azure-ad-application-analytics-solution)
\r\n💡 [Azure Active Directory Application Proxy](https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy)
\r\n💡 [Using Microsoft Defender for Cloud Asset Inventory](https://learn.microsoft.com/en-us/azure/defender-for-cloud/asset-inventory)
\r\n💡 [Working with Discovered Apps](https://learn.microsoft.com/en-us/defender-cloud-apps/discovered-apps)
\r\n💡 [Software Inventory](https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-worldwide)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Cloud Discovery Setup](https://learn.microsoft.com/defender-cloud-apps/set-up-cloud-discovery)
\r\n💡 [Deploy Intune Softare inventory & Security Policies](https://learn.microsoft.com/answers/questions/67892/can-we-use-intune-to-inventory-software-on-devices)
\r\n💡 [Configure Blocking Unwanted or Unapproved Applications](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide)
\r\n💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
\r\n💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
\r\n💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool)
\r\n💡 [Active Directory Federation Services Health](https://learn.microsoft.com/azure/active-directory/hybrid/connect/how-to-connect-health-adfs)
\r\n💡 [Azure Active Directory Application Audit](https://github.com/jsa2/AADAppAudit#azure-ad-application-analytics-solution)
\r\n💡 [Azure Active Directory Application Proxy](https://learn.microsoft.com/azure/active-directory/app-proxy/what-is-application-proxy)
\r\n💡 [Using Microsoft Defender for Cloud Asset Inventory](https://learn.microsoft.com/azure/defender-for-cloud/asset-inventory)
\r\n💡 [Working with Discovered Apps](https://learn.microsoft.com/defender-cloud-apps/discovered-apps)
\r\n💡 [Software Inventory](https://learn.microsoft.com/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-worldwide)
\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -6810,7 +6810,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [DoD CIO DevSecOps with IaC & Microsoft](https://dodcio.defense.gov/Portals/0/Documents/Library/DoDRefDesignCloudGithub.pdf?ver=zXJ_uO5LfouVaysHo5Ejsw%3d%3d)
\r\n💡 [Microsoft Secure DevSecOps](https://www.microsoft.com/en-us/securityengineering/sdl/)
\r\n💡 [Application Security & DevSecOps Security](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/organize/cloud-security-application-security-devsecops?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=eb8cd3d8eb27486d87bbb4d96d996220)
\r\n💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
\r\n💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
\r\n💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool)
\r\n💡 [Azure AI Content Moderator API Security](https://learn.microsoft.com/en-us/azure/ai-services/content-moderator/overview)\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [DoD CIO DevSecOps with IaC & Microsoft](https://dodcio.defense.gov/Portals/0/Documents/Library/DoDRefDesignCloudGithub.pdf?ver=zXJ_uO5LfouVaysHo5Ejsw%3d%3d)
\r\n💡 [Microsoft Secure DevSecOps](https://www.microsoft.com/securityengineering/sdl/)
\r\n💡 [Application Security & DevSecOps Security](https://learn.microsoft.com/azure/cloud-adoption-framework/organize/cloud-security-application-security-devsecops?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=eb8cd3d8eb27486d87bbb4d96d996220)
\r\n💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
\r\n💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
\r\n💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool)
\r\n💡 [Azure AI Content Moderator API Security](https://learn.microsoft.com/azure/ai-services/content-moderator/overview)\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -6982,7 +6982,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Manage and Secure Apps In Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/manage-apps)
\r\n💡 [App Protection Policies in Intune](https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy)
\r\n💡 [Microsoft Container Registry](https://mcr.microsoft.com/)
\r\n💡 [GitHub Actaion For Vulnerability Scanning](https://github.com/marketplace/actions/anchore-container-scan)
\r\n💡 [Code Scanning with CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)
\r\n💡 [Keeping your supply chain secure with Dependabot](https://docs.github.com/en/code-security/dependabot)
\r\n💡 [Secure Supply Chain Consumption Framework](https://www.microsoft.com/en-us/securityengineering/opensource/osssscframeworkguide)
\r\n💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
\r\n💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
\r\n💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool)
\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Manage and Secure Apps In Intune](https://learn.microsoft.com/mem/intune/fundamentals/manage-apps)
\r\n💡 [App Protection Policies in Intune](https://learn.microsoft.com/mem/intune/apps/app-protection-policy)
\r\n💡 [Microsoft Container Registry](https://mcr.microsoft.com/)
\r\n💡 [GitHub Actaion For Vulnerability Scanning](https://github.com/marketplace/actions/anchore-container-scan)
\r\n💡 [Code Scanning with CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)
\r\n💡 [Keeping your supply chain secure with Dependabot](https://docs.github.com/en/code-security/dependabot)
\r\n💡 [Secure Supply Chain Consumption Framework](https://www.microsoft.com/securityengineering/opensource/osssscframeworkguide)
\r\n💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
\r\n💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
\r\n💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool)
\r\n\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -7117,7 +7117,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Deploy Microsoft Defender for Cloud - Enterprise Cloud Application Protection](https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction)
\r\n💡 [Configure Microsoft Cloud Identity for Enterprise Architects](https://www.microsoft.com/en-us/download/details.aspx?id=54431)
\r\n💡 [Deploying Application & Authorization Azure App Services](https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization)
\r\n💡 [How to create and deploy a custome Authorization Manager](https://learn.microsoft.com/en-us/dotnet/framework/wcf/extending/how-to-create-a-custom-authorization-manager-for-a-service)
\r\n💡 [Configure with Entra Identity Platform](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow)
\r\n💡 [How-to Manage Apps Remove User Access with Entra](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/methods-for-removing-user-access)
\r\n💡 [Setup Protecting Apps w. Entra Conditional Access](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps)
\r\n💡 [Role Based Access Control Configuration with Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control)
\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Deploy Microsoft Defender for Cloud - Enterprise Cloud Application Protection](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction)
\r\n💡 [Configure Microsoft Cloud Identity for Enterprise Architects](https://www.microsoft.com/download/details.aspx?id=54431)
\r\n💡 [Deploying Application & Authorization Azure App Services](https://learn.microsoft.com/azure/app-service/overview-authentication-authorization)
\r\n💡 [How to create and deploy a custome Authorization Manager](https://learn.microsoft.com/dotnet/framework/wcf/extending/how-to-create-a-custom-authorization-manager-for-a-service)
\r\n💡 [Configure with Entra Identity Platform](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow)
\r\n💡 [How-to Manage Apps Remove User Access with Entra](https://learn.microsoft.com/azure/active-directory/manage-apps/methods-for-removing-user-access)
\r\n💡 [Setup Protecting Apps w. Entra Conditional Access](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps)
\r\n💡 [Role Based Access Control Configuration with Intune](https://learn.microsoft.com/mem/intune/fundamentals/role-based-access-control)
\r\n\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -7302,7 +7302,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [How-to-Build a Successful App Security Program](https://www.microsoft.com/en-us/security/blog/2021/03/29/how-to-build-a-successful-application-security-program/)
\r\n💡 [Setting up Hybrid Continuous Monitoring with Sentinel](https://learn.microsoft.com/en-us/azure/architecture/hybrid/hybrid-security-monitoring)
\r\n💡 [Deploy Adaptive Appliation Conrols Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls)
\r\n💡 [Configure Azure Security Management & Monitoring](https://learn.microsoft.com/en-us/azure/security/fundamentals/management-monitoring-overview)
\r\n💡 [Leverage Security Baselines for M365 Apps Enterprise](https://learn.microsoft.com/en-us/deployoffice/security/security-baseline)
\r\n💡 [Utilize Application Control for Windows](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/wdac)
\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [How-to-Build a Successful App Security Program](https://www.microsoft.com/security/blog/2021/03/29/how-to-build-a-successful-application-security-program/)
\r\n💡 [Setting up Hybrid Continuous Monitoring with Sentinel](https://learn.microsoft.com/azure/architecture/hybrid/hybrid-security-monitoring)
\r\n💡 [Deploy Adaptive Appliation Conrols Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/adaptive-application-controls)
\r\n💡 [Configure Azure Security Management & Monitoring](https://learn.microsoft.com/azure/security/fundamentals/management-monitoring-overview)
\r\n💡 [Leverage Security Baselines for M365 Apps Enterprise](https://learn.microsoft.com/deployoffice/security/security-baseline)
\r\n💡 [Utilize Application Control for Windows](https://learn.microsoft.com/windows/security/application-security/application-control/windows-defender-application-control/wdac)
\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 9"
@@ -8540,7 +8540,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Create a Azrure Data Catalog](https://learn.microsoft.com/en-us/azure/data-catalog/data-catalog-get-started)
\r\n💡 [Use the Service Catalog](https://learn.microsoft.com/en-us/system-center/scsm/service-catalog?view=sc-sm-2022)
\r\n💡 [Azure Data Catalog FAQ](https://learn.microsoft.com/en-us/azure/data-catalog/data-catalog-frequently-asked-questions)
\r\n💡 [Establishing Sensitivity Labels](https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide)
\r\n💡 [Create and Publish Sensitivity Labels](https://learn.microsoft.com/en-us/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide)
\r\n💡 [Get Started with Trainable Classifiers](https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
\r\n💡 [Set up Azure Rights Management](https://learn.microsoft.com/en-us/azure/information-protection/what-is-azure-rms)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
\r\n💡 [Sentinel Data Connectors](https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources)
\r\n💡 [Discover Data & Apply Sensitivity Labels Automatically](https://learn.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide)
\r\n\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Create a Azrure Data Catalog](https://learn.microsoft.com/azure/data-catalog/data-catalog-get-started)
\r\n💡 [Use the Service Catalog](https://learn.microsoft.com/system-center/scsm/service-catalog?view=sc-sm-2022)
\r\n💡 [Azure Data Catalog FAQ](https://learn.microsoft.com/azure/data-catalog/data-catalog-frequently-asked-questions)
\r\n💡 [Establishing Sensitivity Labels](https://learn.microsoft.com/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide)
\r\n💡 [Create and Publish Sensitivity Labels](https://learn.microsoft.com/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide)
\r\n💡 [Get Started with Trainable Classifiers](https://learn.microsoft.com/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
\r\n💡 [Set up Azure Rights Management](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
\r\n💡 [Sentinel Data Connectors](https://learn.microsoft.com/azure/sentinel/connect-data-sources)
\r\n💡 [Discover Data & Apply Sensitivity Labels Automatically](https://learn.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide)
\r\n\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 6"
@@ -8737,7 +8737,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Implement Microsoft Purview - IRM & Compliance - DoD Deployments](https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/plan-for-microsoft-purview-dod-deployments)
\r\n💡 [Implement a Data Governance Maturity Model Framework](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/govern)
\r\n💡 [Deploy Azure Data Governance](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/govern)
\r\n💡 [Leverage Microsoft Defender for For Cloud Goverance Rules](https://learn.microsoft.com/en-us/azure/defender-for-cloud/governance-rules)
\r\n💡 [Implement Purview Data Governance](https://learn.microsoft.com/en-us/purview/?view=o365-worldwide)
\r\n💡 [Purview Data Lineage Machine Learning](https://learn.microsoft.com/en-us/samples/microsoft/purview-machine-learning-lineage-solution-accelerator/purview-machine-learning-lineage-solution-accelerator/)
\r\n💡 [Get Started with Trainable Classifiers](https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
\r\n💡 [Azure Collaboration Governance](https://learn.microsoft.com/en-us/microsoft-365/solutions/collaboration-governance-overview?view=o365-worldwide)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
\r\n💡 [Configure Sentinel Data Connectors](https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources)
\r\n💡 [Monitor Your SQL Deployments](https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-insights-overview?view=azuresql)
\r\n💡 [Apply Sensitivity Labels Automatically](https://learn.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide)
\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Implement Microsoft Purview - IRM & Compliance - DoD Deployments](https://learn.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/plan-for-microsoft-purview-dod-deployments)
\r\n💡 [Implement a Data Governance Maturity Model Framework](https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/govern)
\r\n💡 [Deploy Azure Data Governance](https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/govern)
\r\n💡 [Leverage Microsoft Defender for For Cloud Goverance Rules](https://learn.microsoft.com/azure/defender-for-cloud/governance-rules)
\r\n💡 [Implement Purview Data Governance](https://learn.microsoft.com/purview/?view=o365-worldwide)
\r\n💡 [Purview Data Lineage Machine Learning](https://learn.microsoft.com/samples/microsoft/purview-machine-learning-lineage-solution-accelerator/purview-machine-learning-lineage-solution-accelerator/)
\r\n💡 [Get Started with Trainable Classifiers](https://learn.microsoft.com/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
\r\n💡 [Azure Collaboration Governance](https://learn.microsoft.com/microsoft-365/solutions/collaboration-governance-overview?view=o365-worldwide)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
\r\n💡 [Configure Sentinel Data Connectors](https://learn.microsoft.com/azure/sentinel/connect-data-sources)
\r\n💡 [Monitor Your SQL Deployments](https://learn.microsoft.com/azure/azure-sql/database/sql-insights-overview?view=azuresql)
\r\n💡 [Apply Sensitivity Labels Automatically](https://learn.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide)
\r\n\r\n"
},
"customWidth": "33",
"name": "text - 2"
@@ -8945,7 +8945,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Create Sensitivity Labels](https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide)
\r\n💡 [Create and Publish Sensitivity Labels](https://learn.microsoft.com/en-us/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide)
\r\n💡 [Deploy with Trainable Classifiers](https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
\r\n💡 [Utilize Rights Management](https://learn.microsoft.com/en-us/azure/information-protection/what-is-azure-rms)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
\r\n💡 [Apply Sensitivity Labels Automatically](https://learn.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide)
\r\n💡 [Use the Service Catalog](https://learn.microsoft.com/en-us/system-center/scsm/service-catalog?view=sc-sm-2022)
\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Create Sensitivity Labels](https://learn.microsoft.com/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide)
\r\n💡 [Create and Publish Sensitivity Labels](https://learn.microsoft.com/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide)
\r\n💡 [Deploy with Trainable Classifiers](https://learn.microsoft.com/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
\r\n💡 [Utilize Rights Management](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
\r\n💡 [Apply Sensitivity Labels Automatically](https://learn.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide)
\r\n💡 [Use the Service Catalog](https://learn.microsoft.com/system-center/scsm/service-catalog?view=sc-sm-2022)
\r\n"
},
"customWidth": "33",
"name": "text - 2"
@@ -9067,7 +9067,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Leverage Data Monitoring & Self Healing](https://learn.microsoft.com/en-us/compliance/assurance/assurance-monitoring-and-self-healing)
\r\n💡 [Deploy Microsoft 365 Monitorning](https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-monitoring?view=o365-worldwide)
\r\n💡 [Senitnel Data Collection Best Practices](https://learn.microsoft.com/en-us/azure/sentinel/best-practices-data)
\r\n💡 [Deploy Microsoft Purview](https://learn.microsoft.com/en-us/purview/purview)
\r\n💡 [Utilze Azure Rights Management](https://learn.microsoft.com/en-us/azure/information-protection/what-is-azure-rms)
\r\n💡 [Configure Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
\r\n💡 [Configure Sentinel Data Connectors](https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources)
\r\n💡 [Monitor Your SQL Deployments](https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-insights-overview?view=azuresql)
\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Leverage Data Monitoring & Self Healing](https://learn.microsoft.com/compliance/assurance/assurance-monitoring-and-self-healing)
\r\n💡 [Deploy Microsoft 365 Monitorning](https://learn.microsoft.com/microsoft-365/enterprise/microsoft-365-monitoring?view=o365-worldwide)
\r\n💡 [Senitnel Data Collection Best Practices](https://learn.microsoft.com/azure/sentinel/best-practices-data)
\r\n💡 [Deploy Microsoft Purview](https://learn.microsoft.com/purview/purview)
\r\n💡 [Utilze Azure Rights Management](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms)
\r\n💡 [Configure Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
\r\n💡 [Configure Sentinel Data Connectors](https://learn.microsoft.com/azure/sentinel/connect-data-sources)
\r\n💡 [Monitor Your SQL Deployments](https://learn.microsoft.com/azure/azure-sql/database/sql-insights-overview?view=azuresql)
\r\n\r\n"
},
"customWidth": "33",
"name": "text - 2"
@@ -9258,7 +9258,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Utilize Azure Encrption](https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview)
\r\n💡 [Deploy Azure Rights Management](https://learn.microsoft.com/en-us/azure/information-protection/what-is-azure-rms)
\r\n💡 [Deploy Purview Information Protection](https://learn.microsoft.com/en-us/purview/information-protection)
\r\n💡 [Configure Dynamic Key & Encrption Delivery](https://learn.microsoft.com/en-us/azure/media-services/latest/drm-content-protection-concept)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
\r\n\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Utilize Azure Encrption](https://learn.microsoft.com/azure/security/fundamentals/encryption-overview)
\r\n💡 [Deploy Azure Rights Management](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms)
\r\n💡 [Deploy Purview Information Protection](https://learn.microsoft.com/purview/information-protection)
\r\n💡 [Configure Dynamic Key & Encrption Delivery](https://learn.microsoft.com/azure/media-services/latest/drm-content-protection-concept)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
\r\n\r\n\r\n"
},
"customWidth": "33",
"name": "text - 2"
@@ -9326,7 +9326,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Implement Data Loss & Prevention (DLP)](https://learn.microsoft.com/en-us/purview/dlp-learn-about-dlp)
\r\n💡 [Informaiton Protection & Data Loss and Prevention- GITHUB LAB](https://microsoft.github.io/ComplianceCxE/dag/mip-dlp/)
\r\n💡 [Deploy Adaptive Protection- Data Loss & Protections](https://learn.microsoft.com/en-us/purview/dlp-adaptive-protection-learn)
\r\n💡 [Apply Rules for DLP Exchange Online](https://learn.microsoft.com/en-us/exchange/security-and-compliance/data-loss-prevention/dlp-rule-application)
\r\n💡 [Utilize Trainable Classifiers](https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Implement Data Loss & Prevention (DLP)](https://learn.microsoft.com/purview/dlp-learn-about-dlp)
\r\n💡 [Informaiton Protection & Data Loss and Prevention- GITHUB LAB](https://microsoft.github.io/ComplianceCxE/dag/mip-dlp/)
\r\n💡 [Deploy Adaptive Protection- Data Loss & Protections](https://learn.microsoft.com/purview/dlp-adaptive-protection-learn)
\r\n💡 [Apply Rules for DLP Exchange Online](https://learn.microsoft.com/exchange/security-and-compliance/data-loss-prevention/dlp-rule-application)
\r\n💡 [Utilize Trainable Classifiers](https://learn.microsoft.com/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
\r\n💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
\r\n\r\n"
},
"customWidth": "33",
"name": "text - 2"
@@ -9472,7 +9472,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Configure Conditional Access in Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
\r\n💡 [Use Conditional Access Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access)
\r\n💡 [Use Conditional Access APIs](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-apis)
\r\n💡 [Deploy Conditional Access Policies](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access#deploy-conditional-access-policies)
\r\n💡 [Use Conditional Access With Data Explorer](https://learn.microsoft.com/en-us/azure/data-explorer/security-conditional-access)
\r\n💡 [Deploy Common Conditional Access Policies](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation)
\r\n💡 [Build Conditional Access](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policies)
\r\n\r\n"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Configure Conditional Access in Azure Active Directory](https://learn.microsoft.com/azure/active-directory/conditional-access/overview)
\r\n💡 [Use Conditional Access Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/conditional-access)
\r\n💡 [Use Conditional Access APIs](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-apis)
\r\n💡 [Deploy Conditional Access Policies](https://learn.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access#deploy-conditional-access-policies)
\r\n💡 [Use Conditional Access With Data Explorer](https://learn.microsoft.com/azure/data-explorer/security-conditional-access)
\r\n💡 [Deploy Common Conditional Access Policies](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation)
\r\n💡 [Build Conditional Access](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policies)
\r\n\r\n"
},
"customWidth": "33",
"name": "text - 4"
@@ -10430,7 +10430,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Use Data Flow Mapping Power Platform](https://learn.microsoft.com/en-us/power-query/dataflows/create-use)
\r\n💡 [User Azure Network Traffic Analytics](https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics)
\r\n💡 [Azure Blue Print ](https://learn.microsoft.com/en-us/azure/governance/blueprints/overview)
\r\n💡 [Leverage Azure Data Visualization with Data Explorer](https://learn.microsoft.com/en-us/azure/data-explorer/viz-overview)
\r\n💡 [Use Power Automate for Event Tagging](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api-microsoft-flow?view=o365-worldwide)
\r\n💡 [Secure & Govern Workloads with Network-level Segmentation](https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/network-level-segmentation)
\r\n💡 [Deploy Software Defined Netoworking](https://learn.microsoft.com/en-us/azure-stack/hci/concepts/plan-software-defined-networking-infrastructure)
\r\n💡 [Manage Software Defined Netoworking](https://learn.microsoft.com/en-us/windows-server/networking/sdn/manage/manage-sdn)
\r\n💡 [Key Components of Software Defined Networking Data Sheet](https://learn.microsoft.com/en-us/windows-server/networking/sdn/technologies/Software-Defined-Networking-Technologies)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Use Data Flow Mapping Power Platform](https://learn.microsoft.com/power-query/dataflows/create-use)
\r\n💡 [User Azure Network Traffic Analytics](https://learn.microsoft.com/azure/network-watcher/traffic-analytics)
\r\n💡 [Azure Blue Print ](https://learn.microsoft.com/azure/governance/blueprints/overview)
\r\n💡 [Leverage Azure Data Visualization with Data Explorer](https://learn.microsoft.com/azure/data-explorer/viz-overview)
\r\n💡 [Use Power Automate for Event Tagging](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/api-microsoft-flow?view=o365-worldwide)
\r\n💡 [Secure & Govern Workloads with Network-level Segmentation](https://learn.microsoft.com/azure/architecture/reference-architectures/hybrid-networking/network-level-segmentation)
\r\n💡 [Deploy Software Defined Netoworking](https://learn.microsoft.com/azure-stack/hci/concepts/plan-software-defined-networking-infrastructure)
\r\n💡 [Manage Software Defined Netoworking](https://learn.microsoft.com/windows-server/networking/sdn/manage/manage-sdn)
\r\n💡 [Key Components of Software Defined Networking Data Sheet](https://learn.microsoft.com/windows-server/networking/sdn/technologies/Software-Defined-Networking-Technologies)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -10592,7 +10592,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Use Secure Access Service Edge SASE - Software Defined Networking Zero Trust](https://www.microsoft.com/en-us/security/business/security-101/what-is-sase)
\r\n💡 [Software Defined Network Monitoring using Sentinel](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/software-defined-monitoring-using-automated-notebooks-and-azure/ba-p/2587775)
\r\n💡 [Plan Software Defined Netoworking](https://learn.microsoft.com/en-us/azure-stack/hci/concepts/plan-software-defined-networking-infrastructure)
\r\n💡 [Implementing Software Defined Networking](https://learn.microsoft.com/en-us/windows-server/networking/sdn/)
\r\n💡 [Manage Software Detined Netoworking](https://learn.microsoft.com/en-us/windows-server/networking/sdn/manage/manage-sdn)
\r\n💡 [Deploy Software Defined Networking](https://learn.microsoft.com/en-us/windows-server/networking/sdn/deploy/deploy-a-software-defined-network-infrastructure-using-scripts)
\r\n💡 [Secure the Network Controller](https://learn.microsoft.com/en-us/azure-stack/hci/manage/nc-security)
\r\n💡 [SDN for Win Server 2019 and 2022](https://learn.microsoft.com/en-us/windows-server/networking/sdn/sdn-whats-new)
\r\n💡 [Key Components of Software Defined Networking Data Sheet](https://learn.microsoft.com/en-us/windows-server/networking/sdn/technologies/Software-Defined-Networking-Technologies)
\r\n💡 [IPV6 Config Interface](https://learn.microsoft.com/en-us/javascript/api/%40azure/arm-databoxedge-profile-2020-09-01-hybrid/ipv6config?view=azure-node-latest&wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Leverage IPV6 for Azure Virtual Networks](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/ipv6-overview?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Segementation Security Strategies](https://learn.microsoft.com/en-us/azure/well-architected/security/design-segmentation)
\r\n💡 [Implement Network Segmentation Paterns On Azure](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation)
\r\n💡 [Utilize Microsoft Packet Monitor](https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Use Secure Access Service Edge SASE - Software Defined Networking Zero Trust](https://www.microsoft.com/security/business/security-101/what-is-sase)
\r\n💡 [Software Defined Network Monitoring using Sentinel](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/software-defined-monitoring-using-automated-notebooks-and-azure/ba-p/2587775)
\r\n💡 [Plan Software Defined Netoworking](https://learn.microsoft.com/azure-stack/hci/concepts/plan-software-defined-networking-infrastructure)
\r\n💡 [Implementing Software Defined Networking](https://learn.microsoft.com/windows-server/networking/sdn/)
\r\n💡 [Manage Software Detined Netoworking](https://learn.microsoft.com/windows-server/networking/sdn/manage/manage-sdn)
\r\n💡 [Deploy Software Defined Networking](https://learn.microsoft.com/windows-server/networking/sdn/deploy/deploy-a-software-defined-network-infrastructure-using-scripts)
\r\n💡 [Secure the Network Controller](https://learn.microsoft.com/azure-stack/hci/manage/nc-security)
\r\n💡 [SDN for Win Server 2019 and 2022](https://learn.microsoft.com/windows-server/networking/sdn/sdn-whats-new)
\r\n💡 [Key Components of Software Defined Networking Data Sheet](https://learn.microsoft.com/windows-server/networking/sdn/technologies/Software-Defined-Networking-Technologies)
\r\n💡 [IPV6 Config Interface](https://learn.microsoft.com/javascript/api/%40azure/arm-databoxedge-profile-2020-09-01-hybrid/ipv6config?view=azure-node-latest&wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Leverage IPV6 for Azure Virtual Networks](https://learn.microsoft.com/azure/virtual-network/ip-services/ipv6-overview?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Segementation Security Strategies](https://learn.microsoft.com/azure/well-architected/security/design-segmentation)
\r\n💡 [Implement Network Segmentation Paterns On Azure](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation)
\r\n💡 [Utilize Microsoft Packet Monitor](https://learn.microsoft.com/windows-server/networking/technologies/pktmon/pktmon)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -10708,7 +10708,7 @@
{
"type": 1,
"content": {
- "json": "# 5.3 Macro Segmentation\r\n\r\n## Microsoft Portals Department of Defense\r\n🔀 [Impletment Network Segmentation](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation)
\r\n🔀 [Azure Features for Segmentation](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation#azure-features-for-segmentation)
\r\n🔀 [Network Service](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
\r\n🔀 [Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)"
+ "json": "# 5.3 Macro Segmentation\r\n\r\n## Microsoft Portals Department of Defense\r\n🔀 [Impletment Network Segmentation](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation)
\r\n🔀 [Azure Features for Segmentation](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation#azure-features-for-segmentation)
\r\n🔀 [Network Service](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
\r\n🔀 [Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)"
},
"customWidth": "33",
"name": "LT-1"
@@ -10716,7 +10716,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n## Microsoft Portals Government\r\n🔀 [Impletment Network Segmentation](https://learn.microsoft.us/en-us/azure/well-architected/security/design-network-segmentation)
\r\n🔀 [Segementation Security Strategies](https://learn.microsoft.us/en-us/azure/well-architected/security/design-segmentation)
\r\n🔀 [Network Service](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
\r\n🔀 [Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)
\r\n"
+ "json": "
\r\n## Microsoft Portals Government\r\n🔀 [Impletment Network Segmentation](https://learn.microsoft.us/azure/well-architected/security/design-network-segmentation)
\r\n🔀 [Segementation Security Strategies](https://learn.microsoft.us/azure/well-architected/security/design-segmentation)
\r\n🔀 [Network Service](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
\r\n🔀 [Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)
\r\n"
},
"customWidth": "33",
"name": "LT-1 - Copy"
@@ -10724,7 +10724,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n\r\n💡 [Impletment Network Segmentation](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation)
\r\n💡 [Azure Features for Segmentation](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation#azure-features-for-segmentation)
\r\n💡 [Segementation Security Strategies](https://learn.microsoft.com/en-us/azure/well-architected/security/design-segmentation)
\r\n💡 [Network Service Designs](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
\r\n💡 [Network Watcher](https://portal.azure.com/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n\r\n💡 [Impletment Network Segmentation](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation)
\r\n💡 [Azure Features for Segmentation](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation#azure-features-for-segmentation)
\r\n💡 [Segementation Security Strategies](https://learn.microsoft.com/azure/well-architected/security/design-segmentation)
\r\n💡 [Network Service Designs](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
\r\n💡 [Network Watcher](https://portal.azure.com/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -10976,7 +10976,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Enabling JIT Access Controls](https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Conditional Access Block Access by Location](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-location?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Secure Networks with Zero Trust](https://learn.microsoft.com/en-us/security/zero-trust/deploy/networks)
\r\n💡 [Implement Network Segmentation Paterns On Azure](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation?wtmc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Microsoft Packet Monitor](https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Enabling JIT Access Controls](https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-usage?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Conditional Access Block Access by Location](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-location?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Secure Networks with Zero Trust](https://learn.microsoft.com/security/zero-trust/deploy/networks)
\r\n💡 [Implement Network Segmentation Paterns On Azure](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation?wtmc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
\r\n💡 [Microsoft Packet Monitor](https://learn.microsoft.com/windows-server/networking/technologies/pktmon/pktmon)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -12535,7 +12535,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Visibility,Automation and Orchestration with Zero Trust](https://learn.microsoft.com/en-us/)
\r\n💡 [Azure Orchestration for Azure Security Policy](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/azure-policy-security-baseline)
\r\n💡 [Configuration Analyzer for Security Policies](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-worldwide)
\r\n💡 [Azure Automation Overview](https://learn.microsoft.com/en-us/azure/automation/overview)
\r\n💡 [Azure Security Baseline for Automation](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/automation-security-baseline)
\r\n💡 [Azure Policy](https://learn.microsoft.com/en-us/azure/governance/policy/overview)
\r\n💡 [What is Azure Firewall?](https://learn.microsoft.com/en-us/azure/firewall/overview)
\r\n💡 [Apply Zero Trust principles to a hub virtual network in Azure](https://learn.microsoft.com/en-us/security/zero-trust/azure-infrastructure-networking)
\r\n💡 [Management of Role Permissions and Automation](https://learn.microsoft.com/en-us/azure/automation/automation-role-based-access-control)
\r\n💡 [Using Azure Machine Learning to assign roles](https://learn.microsoft.com/en-us/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=labeler)
\r\n💡 [Azure AD Seccurity Groups ML](https://learn.microsoft.com/en-us/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=labeler#use-azure-ad-security-groups-to-manage-workspace-access)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Visibility,Automation and Orchestration with Zero Trust](https://learn.microsoft.com/)
\r\n💡 [Azure Orchestration for Azure Security Policy](https://learn.microsoft.com/security/benchmark/azure/baselines/azure-policy-security-baseline)
\r\n💡 [Configuration Analyzer for Security Policies](https://learn.microsoft.com/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-worldwide)
\r\n💡 [Azure Automation Overview](https://learn.microsoft.com/azure/automation/overview)
\r\n💡 [Azure Security Baseline for Automation](https://learn.microsoft.com/security/benchmark/azure/baselines/automation-security-baseline)
\r\n💡 [Azure Policy](https://learn.microsoft.com/azure/governance/policy/overview)
\r\n💡 [What is Azure Firewall?](https://learn.microsoft.com/azure/firewall/overview)
\r\n💡 [Apply Zero Trust principles to a hub virtual network in Azure](https://learn.microsoft.com/security/zero-trust/azure-infrastructure-networking)
\r\n💡 [Management of Role Permissions and Automation](https://learn.microsoft.com/azure/automation/automation-role-based-access-control)
\r\n💡 [Using Azure Machine Learning to assign roles](https://learn.microsoft.com/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=labeler)
\r\n💡 [Azure AD Seccurity Groups ML](https://learn.microsoft.com/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=labeler#use-azure-ad-security-groups-to-manage-workspace-access)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -12738,7 +12738,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Azure Automation Overview](https://learn.microsoft.com/en-us/azure/automation/overview)
\r\n💡 [Azure Security Baseline for Automation](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/automation-security-baseline)
\r\n💡 [Visibility, Automation, and Orchestration with Zero Trust](https://learn.microsoft.com/en-us/)
\r\n💡 [Automation in Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/automation)
\r\n💡 [Automate Threat Response with Playbooks](https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks)
\r\n💡 [Automated Investigation & Response M365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide)
\r\n💡 [Power Automate U.S Government](https://learn.microsoft.com/en-us/power-automate/us-govt)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Azure Automation Overview](https://learn.microsoft.com/azure/automation/overview)
\r\n💡 [Azure Security Baseline for Automation](https://learn.microsoft.com/security/benchmark/azure/baselines/automation-security-baseline)
\r\n💡 [Visibility, Automation, and Orchestration with Zero Trust](https://learn.microsoft.com/)
\r\n💡 [Automation in Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/automation)
\r\n💡 [Automate Threat Response with Playbooks](https://learn.microsoft.com/azure/sentinel/automate-responses-with-playbooks)
\r\n💡 [Automated Investigation & Response M365 Defender](https://learn.microsoft.com/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide)
\r\n💡 [Power Automate U.S Government](https://learn.microsoft.com/power-automate/us-govt)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -12909,7 +12909,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Advanced multistage attack detection in Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/fusion)
\r\n💡 [Bring your own Machine Learning (ML) into Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/bring-your-own-ml)
\r\n💡 [Azure Machine Learning](https://learn.microsoft.com/en-us/azure/machine-learning/?view=azureml-api-2)
\r\n💡 [Enterprise Security & Governance w. Machine Learning](https://learn.microsoft.com/en-us/azure/machine-learning/concept-enterprise-security?view=azureml-api-2)
\r\n💡 [Azure Government Isolaiton Guidelines using AI & ML](https://learn.microsoft.com/en-us/azure/azure-government/documentation-government-impact-level-5)
\r\n💡 [Quick Start Azure Machine Learning](https://learn.microsoft.com/en-us/azure/machine-learning/tutorial-azure-ml-in-a-day?view=azureml-api-2)
\r\n💡 [Azure security baseline for Azure Machine Learning](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/machine-learning-security-baseline)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Advanced multistage attack detection in Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/fusion)
\r\n💡 [Bring your own Machine Learning (ML) into Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/bring-your-own-ml)
\r\n💡 [Azure Machine Learning](https://learn.microsoft.com/azure/machine-learning/?view=azureml-api-2)
\r\n💡 [Enterprise Security & Governance w. Machine Learning](https://learn.microsoft.com/azure/machine-learning/concept-enterprise-security?view=azureml-api-2)
\r\n💡 [Azure Government Isolaiton Guidelines using AI & ML](https://learn.microsoft.com/azure/azure-government/documentation-government-impact-level-5)
\r\n💡 [Quick Start Azure Machine Learning](https://learn.microsoft.com/azure/machine-learning/tutorial-azure-ml-in-a-day?view=azureml-api-2)
\r\n💡 [Azure security baseline for Azure Machine Learning](https://learn.microsoft.com/security/benchmark/azure/baselines/machine-learning-security-baseline)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -13142,7 +13142,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [AI Security Services](https://learn.microsoft.com/en-us/azure/ai-services/security-features)
\r\n💡 [Senintel Automation](https://learn.microsoft.com/en-us/azure/sentinel/automation)
\r\n💡 [AI ID & Access Risk Based Controls](https://azure.microsoft.com/en-us/products/category/identity/)
\r\n💡 [Implement Sentinel & M365 Defender for XDR - AI Driven Zero Trust ](https://learn.microsoft.com/en-us/security/operations/siem-xdr-overview)
\r\n💡 [Become a Sentinel Automation Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [AI Security Services](https://learn.microsoft.com/azure/ai-services/security-features)
\r\n💡 [Senintel Automation](https://learn.microsoft.com/azure/sentinel/automation)
\r\n💡 [AI ID & Access Risk Based Controls](https://azure.microsoft.com/products/category/identity/)
\r\n💡 [Implement Sentinel & M365 Defender for XDR - AI Driven Zero Trust ](https://learn.microsoft.com/security/operations/siem-xdr-overview)
\r\n💡 [Become a Sentinel Automation Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -13232,7 +13232,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Security Ochestration, Automation & Response (SOAR) In Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/automation)
\r\n💡 [Sentinel SOAR](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-use-azure-sentinel-for-incident-response-orchestration/ba-p/2242397)
\r\n💡 [Microsoft Sentinel SOAR Content Catalog](https://learn.microsoft.com/en-us/azure/sentinel/sentinel-soar-content)
\r\n💡 [Automate Threat Response with Playbooks in Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks)
\r\n💡 [Automated investigation and response in Microsoft 365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide)
\r\n💡 [Workflow Automation in Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation)
\r\n💡 [SOAR Best Practices](https://www.microsoft.com/en-us/security/business/security-101/what-is-soar#SOARbestpractices)
\r\n💡 [Become a Sentinel Automation Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Security Ochestration, Automation & Response (SOAR) In Sentinel](https://learn.microsoft.com/azure/sentinel/automation)
\r\n💡 [Sentinel SOAR](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-use-azure-sentinel-for-incident-response-orchestration/ba-p/2242397)
\r\n💡 [Microsoft Sentinel SOAR Content Catalog](https://learn.microsoft.com/azure/sentinel/sentinel-soar-content)
\r\n💡 [Automate Threat Response with Playbooks in Sentinel](https://learn.microsoft.com/azure/sentinel/automate-responses-with-playbooks)
\r\n💡 [Automated investigation and response in Microsoft 365 Defender](https://learn.microsoft.com/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide)
\r\n💡 [Workflow Automation in Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/workflow-automation)
\r\n💡 [SOAR Best Practices](https://www.microsoft.com/security/business/security-101/what-is-soar#SOARbestpractices)
\r\n💡 [Become a Sentinel Automation Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -13308,7 +13308,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Microsft API Management & Security](https://azure.microsoft.com/en-us/products/api-management/)
\r\n💡 [Mitigate OWASP Top 10 Security Threats Using Microsoft API Management](https://learn.microsoft.com/en-us/azure/api-management/mitigate-owasp-api-threats)
\r\n💡 [Security Baselines for API Management](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/api-management-security-baseline)
\r\n💡 [Secure and Compliant APIs for a Hybrid and Multi Cloud World](https://azure.microsoft.com/en-us/blog/secure-and-compliant-apis-for-a-hybrid-and-multi-cloud-world/)
\r\n💡 [Web API Design Best Practice](https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-design)
\r\n💡 [Monitor & Protect Your APIs](https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Microsft API Management & Security](https://azure.microsoft.com/products/api-management/)
\r\n💡 [Mitigate OWASP Top 10 Security Threats Using Microsoft API Management](https://learn.microsoft.com/azure/api-management/mitigate-owasp-api-threats)
\r\n💡 [Security Baselines for API Management](https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline)
\r\n💡 [Secure and Compliant APIs for a Hybrid and Multi Cloud World](https://azure.microsoft.com/blog/secure-and-compliant-apis-for-a-hybrid-and-multi-cloud-world/)
\r\n💡 [Web API Design Best Practice](https://learn.microsoft.com/azure/architecture/best-practices/api-design)
\r\n💡 [Monitor & Protect Your APIs](https://learn.microsoft.com/azure/api-management/api-management-howto-use-azure-monitor)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -13389,7 +13389,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Security Operations In Azure](https://learn.microsoft.com/en-us/azure/well-architected/security/monitor-security-operations)
\r\n💡 [Microsoft SOC Best Practices Landing Page](https://www.microsoft.com/en-us/security/business/security-101/what-is-a-security-operations-center-soc?ef_id=_k_ce7dcd6e8f2d1919667ca9a72f733870_k_&OCID=AIDcmmdamuj0pc_SEM__k_ce7dcd6e8f2d1919667ca9a72f733870_k_&msclkid=ce7dcd6e8f2d1919667ca9a72f733870)
\r\n💡 [Playbook for Modernizing Security Operations Centers](https://www.microsoft.com/en-us/security/blog/2021/02/11/a-playbook-for-modernizing-security-operations/)
\r\n💡 [CISO Series Lessons Learned from Microsoft's SOC](https://www.microsoft.com/en-us/security/blog/2019/10/07/ciso-series-lessons-learned-from-the-microsoft-soc-part-3a-choosing-soc-tools/)
\r\n💡 [Integrating Microsoft 365 Defender into your security operations](https://learn.microsoft.com/en-us/microsoft-365/security/defender/integrate-microsoft-365-defender-secops?view=o365-worldwide)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Security Operations In Azure](https://learn.microsoft.com/azure/well-architected/security/monitor-security-operations)
\r\n💡 [Microsoft SOC Best Practices Landing Page](https://www.microsoft.com/security/business/security-101/what-is-a-security-operations-center-soc?ef_id=_k_ce7dcd6e8f2d1919667ca9a72f733870_k_&OCID=AIDcmmdamuj0pc_SEM__k_ce7dcd6e8f2d1919667ca9a72f733870_k_&msclkid=ce7dcd6e8f2d1919667ca9a72f733870)
\r\n💡 [Playbook for Modernizing Security Operations Centers](https://www.microsoft.com/security/blog/2021/02/11/a-playbook-for-modernizing-security-operations/)
\r\n💡 [CISO Series Lessons Learned from Microsoft's SOC](https://www.microsoft.com/security/blog/2019/10/07/ciso-series-lessons-learned-from-the-microsoft-soc-part-3a-choosing-soc-tools/)
\r\n💡 [Integrating Microsoft 365 Defender into your security operations](https://learn.microsoft.com/microsoft-365/security/defender/integrate-microsoft-365-defender-secops?view=o365-worldwide)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -14344,7 +14344,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Azure Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview)
\r\n💡 [Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/overview)
\r\n💡 [Audit Logging and Monitoring](https://learn.microsoft.com/en-us/compliance/assurance/assurance-audit-logging)
\r\n💡 [Maturity Model for Log Management M2131](https://techcommunity.microsoft.com/t5/public-sector-blog/microsoft-sentinel-maturity-model-for-event-log-management-m-21/ba-p/3074336)
\r\n💡 [Device Log Capture - Intune](https://learn.microsoft.com/en-us/mem/intune/remote-actions/collect-diagnostics)
\r\n💡 [Application Logging](https://learn.microsoft.com/en-us/sql/relational-databases/performance/view-the-windows-application-log-windows-10?view=sql-server-ver16)
\r\n💡 [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging)
\r\n💡 [Azure Infrastructure Logs](https://learn.microsoft.com/en-us/azure/well-architected/scalability/monitor-infrastructure)
\r\n💡 [Network Logging](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-network-trace)
\r\n💡 [Supported Logs for Network](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-logs/microsoft-network-networkmanagers-logs)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Azure Log Analytics](https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-overview)
\r\n💡 [Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/overview)
\r\n💡 [Audit Logging and Monitoring](https://learn.microsoft.com/compliance/assurance/assurance-audit-logging)
\r\n💡 [Maturity Model for Log Management M2131](https://techcommunity.microsoft.com/t5/public-sector-blog/microsoft-sentinel-maturity-model-for-event-log-management-m-21/ba-p/3074336)
\r\n💡 [Device Log Capture - Intune](https://learn.microsoft.com/mem/intune/remote-actions/collect-diagnostics)
\r\n💡 [Application Logging](https://learn.microsoft.com/sql/relational-databases/performance/view-the-windows-application-log-windows-10?view=sql-server-ver16)
\r\n💡 [User Access Logging](https://learn.microsoft.com/windows-server/administration/user-access-logging/get-started-with-user-access-logging)
\r\n💡 [Azure Infrastructure Logs](https://learn.microsoft.com/azure/well-architected/scalability/monitor-infrastructure)
\r\n💡 [Network Logging](https://learn.microsoft.com/azure/azure-web-pubsub/howto-troubleshoot-network-trace)
\r\n💡 [Supported Logs for Network](https://learn.microsoft.com/azure/azure-monitor/reference/supported-logs/microsoft-network-networkmanagers-logs)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -14830,7 +14830,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/overview)
\r\n💡 [Implement Sentinel & M365](https://learn.microsoft.com/en-us/security/operations/siem-xdr-overview)
\r\n💡 [Unified SIEM & XDR](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-unified-microsoft-siem-and-xdr-github-community/ba-p/3249533)
\r\n💡 [Stream Alerts Defender for Cloud to SIEM](https://learn.microsoft.com/en-us/azure/defender-for-cloud/export-to-siem#stream-alerts-to-azure-sentinel)
\r\n💡 [Azure Sentinel Github Repo](https://github.com/Azure/Azure-Sentinel)
\r\n💡 [Sentinel & SOC Analysis Process](https://learn.microsoft.com/en-us/azure/sentinel/migration-security-operations-center-processes)
\r\n💡 [Microsoft Sentinel Skill Up Training](https://learn.microsoft.com/en-us/azure/sentinel/skill-up-resources)
"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/overview)
\r\n💡 [Implement Sentinel & M365](https://learn.microsoft.com/security/operations/siem-xdr-overview)
\r\n💡 [Unified SIEM & XDR](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-unified-microsoft-siem-and-xdr-github-community/ba-p/3249533)
\r\n💡 [Stream Alerts Defender for Cloud to SIEM](https://learn.microsoft.com/azure/defender-for-cloud/export-to-siem#stream-alerts-to-azure-sentinel)
\r\n💡 [Azure Sentinel Github Repo](https://github.com/Azure/Azure-Sentinel)
\r\n💡 [Sentinel & SOC Analysis Process](https://learn.microsoft.com/azure/sentinel/migration-security-operations-center-processes)
\r\n💡 [Microsoft Sentinel Skill Up Training](https://learn.microsoft.com/azure/sentinel/skill-up-resources)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -14994,7 +14994,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Microsoft Security Response Center Security Updates Guide](https://msrc.microsoft.com/update-guide)
\r\n💡 [Explore Risks to Sensitive Data Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/data-security-review-risks)
\r\n💡 [Identify & Analyze Risks Across Your Environment](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-attack-path)
\r\n💡 [Cloud Security Posture Management](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management)
\r\n💡 [Microsoft Cloud Security Benchmark](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-regulatory-compliance)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Microsoft Security Response Center Security Updates Guide](https://msrc.microsoft.com/update-guide)
\r\n💡 [Explore Risks to Sensitive Data Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/data-security-review-risks)
\r\n💡 [Identify & Analyze Risks Across Your Environment](https://learn.microsoft.com/azure/defender-for-cloud/concept-attack-path)
\r\n💡 [Cloud Security Posture Management](https://learn.microsoft.com/azure/defender-for-cloud/concept-cloud-security-posture-management)
\r\n💡 [Microsoft Cloud Security Benchmark](https://learn.microsoft.com/azure/defender-for-cloud/concept-regulatory-compliance)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -15267,7 +15267,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [ID Threats with User and Entity Behavior Analytics](https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics)
\r\n💡 [Enable Entity Behavior Analytics to Detect Threats](https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics)
\r\n💡 [Microsoft Sentinel UEBA Reference](https://learn.microsoft.com/en-us/azure/sentinel/ueba-reference)
\r\n💡 [Investigate Incidents with UEBA](https://learn.microsoft.com/en-us/azure/sentinel/investigate-with-ueba)
\r\n💡 [Discover and Protect Sensitive Information in your Organization](https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-dlp)
\r\n💡 [Purview Insider Risk Management](https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/plan-for-microsoft-purview-dod-deployments)
"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [ID Threats with User and Entity Behavior Analytics](https://learn.microsoft.com/azure/sentinel/identify-threats-with-entity-behavior-analytics)
\r\n💡 [Enable Entity Behavior Analytics to Detect Threats](https://learn.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)
\r\n💡 [Microsoft Sentinel UEBA Reference](https://learn.microsoft.com/azure/sentinel/ueba-reference)
\r\n💡 [Investigate Incidents with UEBA](https://learn.microsoft.com/azure/sentinel/investigate-with-ueba)
\r\n💡 [Discover and Protect Sensitive Information in your Organization](https://learn.microsoft.com/defender-cloud-apps/tutorial-dlp)
\r\n💡 [Purview Insider Risk Management](https://learn.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/plan-for-microsoft-purview-dod-deployments)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -15471,7 +15471,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Microsoft Threat Intelligence](https://learn.microsoft.com/en-us/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti)
\r\n💡 [Microsoft Security Graph API](https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-beta)
\r\n💡 [Create Threat Intelligence Indicators](https://learn.microsoft.com/en-us/graph/api/tiindicators-post?view=graph-rest-beta&tabs=http)
\r\n💡 [Threat intelligence integration in Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/threat-intelligence-integration)
\r\n💡 [Bring Your Own Threat Intelligence Feeds](https://learn.microsoft.com/en-us/defender-cloud-apps/additional-integrations)
\r\n💡 [Accessing the Threat Intelligence Portal](https://learn.microsoft.com/en-us/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal)
"
+ "json": "
\r\n
\r\n## Resources\r\n\r\n💡 [Microsoft Threat Intelligence](https://learn.microsoft.com/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti)
\r\n💡 [Microsoft Security Graph API](https://learn.microsoft.com/graph/api/resources/security-api-overview?view=graph-rest-beta)
\r\n💡 [Create Threat Intelligence Indicators](https://learn.microsoft.com/graph/api/tiindicators-post?view=graph-rest-beta&tabs=http)
\r\n💡 [Threat intelligence integration in Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/threat-intelligence-integration)
\r\n💡 [Bring Your Own Threat Intelligence Feeds](https://learn.microsoft.com/defender-cloud-apps/additional-integrations)
\r\n💡 [Accessing the Threat Intelligence Portal](https://learn.microsoft.com/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -15597,7 +15597,7 @@
{
"type": 1,
"content": {
- "json": "
\r\n
\r\n## Resources\r\n💡 [Automate Threat Response with Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks)
\r\n💡 [Adaptive Protection - Microsoft Purview](https://www.microsoft.com/en-us/security/blog/2023/02/06/introducing-adaptive-protection-in-microsoft-purview-people-centric-data-protection-for-a-multiplatform-world/#:~:text=With%20Adaptive%20Protection%2C%20DLP%20policies%20become%20dynamic%2C%20ensuring,efficient%20and%20empowered%20to%20do%20more%20with%20less.)
\r\n💡 [Adaptive Policy Scopes M365](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/using-adaptive-policy-scopes-to-apply-m365-retention-to-shared/ba-p/3053641#:~:text=Back%20in%20October,in%20Microsoft%20365.)
\r\n💡 [Adaptive Application Controls](https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls)
\r\n💡 [AI-Driven Adaptive Device Controls Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/ai-driven-adaptive-protection-in-microsoft-defender-for-endpoint/ba-p/2966491)
\r\n💡 [AI-Driven Adaptive Protection Against Human Operated Ransomeware](https://www.microsoft.com/en-us/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/)
\r\n💡 [Microsoft Defender for Cloud Automated Security Posture Management](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management)
\r\n💡 [Improve your network security posture with adaptive network hardening](https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-network-hardening)
\r\n💡 [What is Microsoft Entra ID Protection?](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection)
\r\n💡 [Azure Automation update management](https://learn.microsoft.com/en-us/azure/architecture/hybrid/azure-update-mgmt)
\r\n💡 [Manage Windows 10 and Windows 11 software updates in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure)
"
+ "json": "
\r\n
\r\n## Resources\r\n💡 [Automate Threat Response with Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/automate-responses-with-playbooks)
\r\n💡 [Adaptive Protection - Microsoft Purview](https://www.microsoft.com/security/blog/2023/02/06/introducing-adaptive-protection-in-microsoft-purview-people-centric-data-protection-for-a-multiplatform-world/#:~:text=With%20Adaptive%20Protection%2C%20DLP%20policies%20become%20dynamic%2C%20ensuring,efficient%20and%20empowered%20to%20do%20more%20with%20less.)
\r\n💡 [Adaptive Policy Scopes M365](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/using-adaptive-policy-scopes-to-apply-m365-retention-to-shared/ba-p/3053641#:~:text=Back%20in%20October,in%20Microsoft%20365.)
\r\n💡 [Adaptive Application Controls](https://learn.microsoft.com/azure/defender-for-cloud/adaptive-application-controls)
\r\n💡 [AI-Driven Adaptive Device Controls Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/ai-driven-adaptive-protection-in-microsoft-defender-for-endpoint/ba-p/2966491)
\r\n💡 [AI-Driven Adaptive Protection Against Human Operated Ransomeware](https://www.microsoft.com/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/)
\r\n💡 [Microsoft Defender for Cloud Automated Security Posture Management](https://learn.microsoft.com/azure/defender-for-cloud/concept-cloud-security-posture-management)
\r\n💡 [Improve your network security posture with adaptive network hardening](https://learn.microsoft.com/azure/defender-for-cloud/adaptive-network-hardening)
\r\n💡 [What is Microsoft Entra ID Protection?](https://learn.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection)
\r\n💡 [Azure Automation update management](https://learn.microsoft.com/azure/architecture/hybrid/azure-update-mgmt)
\r\n💡 [Manage Windows 10 and Windows 11 software updates in Intune](https://learn.microsoft.com/mem/intune/protect/windows-update-for-business-configure)
"
},
"customWidth": "33",
"name": "LT-1 - Copy - Copy"
@@ -19391,7 +19391,7 @@
{
"type": 1,
"content": {
- "json": "## DoD Zero Trust Strategy Workbook Workbook FAQ \r\n\r\n
\r\n### What will this workbook do for my organization? \r\n\r\nThis workbook provides structure, guidance, and simplification of the DoD Zero Trust Strategy to make it easier to track, prioritize, and improve Zero Trust Target (and Advanced) level Capabilities/Activities that are required to be implemented by 2027. \r\n\r\n
\r\n### Does this workbook only pertain to Microsoft-specific capabiltiies?\r\n\r\nNo, the out-of-the-box content of this Sentinel workbook includes references to Microsoft-specific capabilities/solutions. However, the workbook has been designed to account for \"Alternate Implementations\" (non-Microsoft), which may also meet the Target (and Advanced)-level Zero Trust Capabilities and Activities. In addition, Microsoft Sentinel supports custom log formats and multiple third-party [data connectors](\"https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference\") that can provide visibility for non-Microsoft solutions. \r\n\r\n
\r\n### How will this workbook help with deployment and maturity of the DoD Zero Trust Strategy Capabilities & Activities? \r\n\r\n* Provides Zero Trust roll-up of organizational maturity and situational awareness as it relates directly to the 2027 Zero Trust Target-level deadline. \r\n\r\n* Provides DoD Zero Trust Activity simplification and improved awareness, allowing responsible parties for each pillar(s) to report which capabilities are planned, implemented, or not applicable. \r\n\r\n* Provides guidance and recommendations to meet the 45 capabilities (and supporting 152 activities) \r\n\r\n* Provides a working (and evolving) organized method of orchestrating and managing/tracking efforts around the Zero Trust Capabilities and Activities covered in the DoD Zero Trust Strategy. \r\n\r\n
\r\n### Why are some of the visualizations not working in my workbook? \r\n\r\nThe visualizations within this workbook are simply examples and rely on specific logs to populate accordingly. We realize that not every organization leverages the same solution logs used to build/populate this workbook. In addition, we also realize that many customers leverage third-party solutions for their needs. Every implementation of this workbook is unique to the respective environment in which it is installed. It is intended to be a starting point and can be further customized to better meet the needs of each customer. Please contact your Account Representative if your team requires further assistance and/or customizations. \r\n\r\nVisualizations can be used to show examples of the DoD Zero Trust Activities in use/or configurations themselves. They can also be used to further develop automations related to improving cyber hygiene through deploying Zero Trust principals. \r\n\r\n
\r\n### Who should use this workbook? \r\n\r\nThis workbook is designed for both executives and individuals who are directly responsible for implementing the respective Capabilities/Activities due by 2027 outlined in the DoD Zero Trust Strategy. \r\n\r\nThis workbook derives language and terminology specific to the DoD Zero Trust Strategy. However, many non-DoD organizations can also leverage this guidance for their needs. \r\n\r\n
\r\n### Where does the Zero Trust Maturity (Percentage) score come from? \r\n\r\nThe Zero Trust Maturity score is calculated based on the interactive capabilities sections contained within each of the pillars. When updated, the drop-down boxes labeled, “Implementation Status” directly contribute to the overall level of maturity reported under the “Zero Trust Essentials” → \"DoD Zero Trust Assessment Tracker\". \r\n\r\n
\r\n### How can I make recommendations to improve this workbook? \r\n\r\nPlease utilize the link in the opening screen labeled, “Please take some time to take a quick survey”. Our team values these responses and takes them very seriously. Any feedback that you can provide is greatly appreciated. \r\n\r\n
\r\n### Can this workbook be customized? \r\n\r\nYes! This workbook has been created with additional customization in mind. Please contact your Account Representative if you would to like to inquire about any additional assistance with customizing this workbook to suit your organizational goals related to DoD Zero Trust Strategy maturity. \r\n\r\n
\r\n### Do other customers outside the DoD utilize this workbook? \r\n\r\nYes, many customers outside the DoD have also gravitated toward the DoD Zero Trust Strategy because it focuses on an outcomes-focused methodology and includes specific \"Capabilities and Activities\" that apply to core Zero Trust principals. \r\n\r\n
\r\n### Who created this workbook? \r\n\r\nThis workbook was created by a collaboration of Microsoft teams and subject matter experts along with our pilot customers. \r\n\r\n
\r\n### Does this workbook cover all 152 “Activities” defined in the Strategy? \r\n\r\nYes, the recommendations, visualizations, and guidance, while centered around the 45 capabilities, will still apply to all 152 activities. This workbook aims to simplify the Target (and Advanced)-level Zero Trust Capabilities and Activities. Based on prior feedback, this workbook may be updated in the future to include further guidance, reporting, and relevant information. ",
+ "json": "## DoD Zero Trust Strategy Workbook Workbook FAQ \r\n\r\n
\r\n### What will this workbook do for my organization? \r\n\r\nThis workbook provides structure, guidance, and simplification of the DoD Zero Trust Strategy to make it easier to track, prioritize, and improve Zero Trust Target (and Advanced) level Capabilities/Activities that are required to be implemented by 2027. \r\n\r\n
\r\n### Does this workbook only pertain to Microsoft-specific capabiltiies?\r\n\r\nNo, the out-of-the-box content of this Sentinel workbook includes references to Microsoft-specific capabilities/solutions. However, the workbook has been designed to account for \"Alternate Implementations\" (non-Microsoft), which may also meet the Target (and Advanced)-level Zero Trust Capabilities and Activities. In addition, Microsoft Sentinel supports custom log formats and multiple third-party [data connectors](\"https://learn.microsoft.com/azure/sentinel/data-connectors-reference\") that can provide visibility for non-Microsoft solutions. \r\n\r\n
\r\n### How will this workbook help with deployment and maturity of the DoD Zero Trust Strategy Capabilities & Activities? \r\n\r\n* Provides Zero Trust roll-up of organizational maturity and situational awareness as it relates directly to the 2027 Zero Trust Target-level deadline. \r\n\r\n* Provides DoD Zero Trust Activity simplification and improved awareness, allowing responsible parties for each pillar(s) to report which capabilities are planned, implemented, or not applicable. \r\n\r\n* Provides guidance and recommendations to meet the 45 capabilities (and supporting 152 activities) \r\n\r\n* Provides a working (and evolving) organized method of orchestrating and managing/tracking efforts around the Zero Trust Capabilities and Activities covered in the DoD Zero Trust Strategy. \r\n\r\n
\r\n### Why are some of the visualizations not working in my workbook? \r\n\r\nThe visualizations within this workbook are simply examples and rely on specific logs to populate accordingly. We realize that not every organization leverages the same solution logs used to build/populate this workbook. In addition, we also realize that many customers leverage third-party solutions for their needs. Every implementation of this workbook is unique to the respective environment in which it is installed. It is intended to be a starting point and can be further customized to better meet the needs of each customer. Please contact your Account Representative if your team requires further assistance and/or customizations. \r\n\r\nVisualizations can be used to show examples of the DoD Zero Trust Activities in use/or configurations themselves. They can also be used to further develop automations related to improving cyber hygiene through deploying Zero Trust principals. \r\n\r\n
\r\n### Who should use this workbook? \r\n\r\nThis workbook is designed for both executives and individuals who are directly responsible for implementing the respective Capabilities/Activities due by 2027 outlined in the DoD Zero Trust Strategy. \r\n\r\nThis workbook derives language and terminology specific to the DoD Zero Trust Strategy. However, many non-DoD organizations can also leverage this guidance for their needs. \r\n\r\n
\r\n### Where does the Zero Trust Maturity (Percentage) score come from? \r\n\r\nThe Zero Trust Maturity score is calculated based on the interactive capabilities sections contained within each of the pillars. When updated, the drop-down boxes labeled, “Implementation Status” directly contribute to the overall level of maturity reported under the “Zero Trust Essentials” → \"DoD Zero Trust Assessment Tracker\". \r\n\r\n
\r\n### How can I make recommendations to improve this workbook? \r\n\r\nPlease utilize the link in the opening screen labeled, “Please take some time to take a quick survey”. Our team values these responses and takes them very seriously. Any feedback that you can provide is greatly appreciated. \r\n\r\n
\r\n### Can this workbook be customized? \r\n\r\nYes! This workbook has been created with additional customization in mind. Please contact your Account Representative if you would to like to inquire about any additional assistance with customizing this workbook to suit your organizational goals related to DoD Zero Trust Strategy maturity. \r\n\r\n
\r\n### Do other customers outside the DoD utilize this workbook? \r\n\r\nYes, many customers outside the DoD have also gravitated toward the DoD Zero Trust Strategy because it focuses on an outcomes-focused methodology and includes specific \"Capabilities and Activities\" that apply to core Zero Trust principals. \r\n\r\n
\r\n### Who created this workbook? \r\n\r\nThis workbook was created by a collaboration of Microsoft teams and subject matter experts along with our pilot customers. \r\n\r\n
\r\n### Does this workbook cover all 152 “Activities” defined in the Strategy? \r\n\r\nYes, the recommendations, visualizations, and guidance, while centered around the 45 capabilities, will still apply to all 152 activities. This workbook aims to simplify the Target (and Advanced)-level Zero Trust Capabilities and Activities. Based on prior feedback, this workbook may be updated in the future to include further guidance, reporting, and relevant information. ",
"style": "info"
},
"conditionalVisibility": {
@@ -19404,7 +19404,7 @@
{
"type": 1,
"content": {
- "json": "| DoD Zero Trust Pillar | DoD Zero Trust Capability | Recommended Microsoft Solution(s) | Recommended DoD Portal(s) | Recommended Resources |\r\n|--------------------------------|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\r\n| User 1.x | | | | |\r\n| | 1.1 User Inventory | Entra ID
Microsoft Sentinel UEBA
Microsoft Defender for Cloud (MDfC) | 🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Microsoft Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [Microsoft Identity Platform Entra (formerly AAD)](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-overview)
💡 [Microsoft Hybrid Identity with Entra/AAD/AD](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/)
💡 [Using the Inventory in Secure Score - Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/asset-inventory)
💡 [Identity Decision Guide](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/identity/)
💡 [Microsoft Cloud Identity for Enterprise Architects](https://www.microsoft.com/en-us/download/details.aspx?id=54431)
💡 [Identity Security Monitoring](https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/IdentitySecurityMonitoring.md#identity-security-monitoring-in-a-hybrid-environment)
💡 [Collect Azure Active Directory (Azure AD) Logs](https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics#send-logs-to-azure-monitor)
💡 [Enable User Entity Behavorial Analytics](https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics#how-to-enable-user-and-entity-behavior-analytics)
💡 [Deploy Microsoft Defender for Identity](https://learn.microsoft.com/en-us/defender-for-identity/deploy-defender-identity)
💡 [Secure with Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/secure-with-azure-ad-introduction)
💡 [AAD Hybrid Identity](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/plan-hybrid-identity-design-considerations-overview?WT.mc_id=DT-MVP-5001664)
💡 [Azure AD Reports](https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-reports?WT.mc_id=DT-MVP-5001664)
💡 [B2B Collaboration](https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b?WT.mc_id=DT-MVP-5001664) |\r\n| | 1.2 Conditional User Access | Entra ID Conditional Access (CA)
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel
Microsoft 365 Defender
Microsoft Intune | 🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies)
🔀 [Conditional Access Policy Templates](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/CaTemplates.ReactView)
🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Microsoft Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [What is Conditional Access](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
💡 [Conditional Access Learning Path](https://learn.microsoft.com/en-us/training/modules/plan-implement-administer-conditional-access/)
💡 [Conditional Access Licensing- Need at least AADP1](https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-pricing?rtc=1)
💡 [Conditional Access Design Principles](https://learn.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-design)
💡 [Templates -Secure Foundation & Work Toward ZT](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common)
💡 [Conditional Access Trends and Changes](https://github.com/Cyberlorians/Workbooks/blob/main/ConditionalAccessTrendsandChanges.json)
💡 [Implement Authentication Strengths](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/authentication-strength-choose-the-right-auth-method-for-your/ba-p/2365674)
💡 [Intune Conditional Access](https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access)
💡 [Using Locations in Conditional Access Policies](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition) |\r\n| | 1.3 Multi-Factor Authentication (MFA) | Entra ID
Entra ID - Certificate Based Authorization (CBA) | 🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Entra ID - AuthN Methods Activity](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthMethodsActivity/menuId/AuthMethodsActivity)
🔀 [Entra ID - AuthN Methods Policies](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods)
🔀 [Entra ID - AuthN Strengths](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthStrengths)
🔀 [Defender for Cloud Recommendations](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_Security/SecurityMenuBlade/~/5) | 💡 [How MFA Works](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks)
💡 [Setup Multifactor Authenication for Users M365](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)
💡 [Configure the MFA Azure Active Directrory Registration Policies](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)
💡 [Deploy Passwordless Solution](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-deployment)
💡 [Configure Azure AD CBA](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication)
💡 [Conditional Access Policy - MFA](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?WT.mc_id=DT-MVP-5001664)
💡 [Plan AAD MFA](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted?WT.mc_id=DT-MVP-5001664) |\r\n| | 1.4 Privileged Access Management (PAM) | Entra ID
Entra ID - Privileged Identity Management (PIM) | 🔀 [Entra ID DiagnosticSettings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Entra ID - PIM](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_PIMCommon/CommonMenuBlade/~/quickStart)
🔀 [AAD PIM - Audit History](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_PIMCommon/MyAuditsMenuBlade/~/aadmigratedroles) | 💡 [Plan a Privileged Identity Management Deployment](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan)
💡 [Privileged Identity Management - Why use it with Defender for O365?](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-worldwide)
💡 [Implementing PIM - Micrsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started)
💡 [Secure Roadmap - PIM](https://learn.microsoft.com/en-us/azure/active-directory/roles/security-planning#use-azure-ad-privileged-identity-management)
💡 [PIM for Groups](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/concept-pim-for-groups)
💡 [Configure Approve or Deny Request for AD Roles in PIM](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-approval-workflow)
💡 [Azure Security Benchmark Defender for Identity](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/defender-for-identity-security-baseline) |\r\n| | 1.5 Identity Federation & User Credentialing | Entra ID - Certificate-Based Authorization (CBA)
Entra ID - Guest Access | 🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Entra ID - AAD Connect](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_Connect_Provisioning/AADConnectMenuBlade/~/GetStarted)
🔀 [Entra ID - Enterprise Apps](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null)
🔀 [Entra ID - Identity Governance](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_ERM/DashboardBlade/~/GettingStarted) | 💡 [Azure Governement - Planning Identity for Azure Government Apps](https://learn.microsoft.com/en-us/azure/azure-government/documentation-government-plan-identity)
💡 [Federated Identity Credentials](https://learn.microsoft.com/en-us/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-1.0)
💡 [What is Hybrid Identity](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity)
💡 [Azure AD Certificate Based Authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-certificate-based-authentication)
💡 [Azure AD SCIM](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups)
💡 [Provisioning with Google Cloud](https://cloud.google.com/architecture/identity/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on)
💡 [Provisioning with Amazon Cloud](https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial)
💡 [Azure AD Application Roles](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps)
💡 [What is Identity Governace?](https://learn.microsoft.com/en-us/azure/active-directory/governance/identity-governance-overview) |\r\n| | 1.6 Behavioral, Contextual ID, and Biometrics | Microsoft Sentinel UEBA
Entra ID - Identity Protection | 🔀 [Azure Face APIs](https://portal.azure.us/#view/Microsoft_Azure_ProjectOxford/CognitiveServicesHub/~/Face)
🔀 [Sentinel - UEBA](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Verified ID](https://portal.azure.us/#view/Microsoft_AAD_DecentralizedIdentity/InitialMenuBlade/~/setupBlade) | 💡 [User Entity Behavorial Analytics - What is it?](https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics)
💡 [Windows Hello Biometrics](https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise)
💡 [Identify Advanced Threats with UEBA](https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics)
💡 [UEBA Reference](https://learn.microsoft.com/en-us/azure/sentinel/ueba-reference?WT.mc_id=AZ-MVP-5004810#ueba-enrichments)
💡 [UEBA Sentinel Content Hub](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/ueba-essentials-solution-now-available-in-content-hub/ba-p/3651074)
💡 [Guided UEBA Investigation Scenarios](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/guided-ueba-investigation-scenarios-to-empower-your-soc/ba-p/1857100)
💡 [Combatting Risky Sign-ins in Azure Active Directory](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/combatting-risky-sign-ins-in-azure-active-directory/ba-p/3724786)
💡 [Securing Workload Identities](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-workload-identity-risk)
💡 [Reprise99 UEBA](https://github.com/reprise99/Sentinel-Queries/tree/main/UEBA) |\r\n| | 1.7 Least Privileged Access | Entra ID - Permissions
Azure Policy
Entra ID - Privileged Identity Management (PIM) | 🔀 [Entra ID - Enterprise Apps](https://portal.azure.us/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null)
🔀 [Entra ID - Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/CaTemplates.ReactView)
🔀 [Entra ID - Identity Protection](https://portal.azure.us/#view/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/~/Overview)
🔀 [Microsoft Defender for Cloud Apps](https://security.microsoft.us/cloudapps/)
🔀 [Application Security Groupss](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FapplicationSecurityGroups) | 💡 [Implementing Least-Privileged Administrative Models](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models)
💡 [Enhance Application Security with Lease Privilege Access Controls](https://learn.microsoft.com/en-us/azure/active-directory/develop/secure-least-privileged-access)
💡 [Identity Protection](https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-active-directory-identity/ba-p/1320887?WT.mc_id=itopstalk-newsletter-abartolo)
💡 [Continuous Access Evaluation Monitoring](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-continuous-access-evaluation-troubleshoot#continuous-access-evaluation-sign-in-reporting) |\r\n| | 1.8 Continuous Authentication | Entra ID - Continuous Access Evaluation (CAE)
Entra ID - Privileged Identity Management (PIM)
Entra ID - Identity Protection | 🔀 [Entra ID - Device Inventory](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Entra ID - Connect Sync (Hybrid Join)](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_Connect_Provisioning/AADConnectMenuBlade/~/ConnectSync)
🔀 [Entra ID - Enterprise Apps](https://portal.azure.us/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null)
🔀 [Entra ID - Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/CaTemplates.ReactView)
🔀 [Entra ID - Identity Governance](https://portal.azure.us/#view/Microsoft_AAD_ERM/DashboardBlade/~/GettingStarted)
🔀 [Entra ID - PIM Insights](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_PIMCommon/ResourceMenuBlade/~/aaddiscovery/resourceId//resourceType/tenant/provider/aadroles) | 💡 [Implement Continuous Access Evaluation Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation)
💡 [Implementing Primary Refresh Token](https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token)
💡 [Privileged Identity Management Insights](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-security-wizard#discovery-and-insights-preview)
💡 [Entra Permissions Managment](https://learn.microsoft.com/en-us/azure/active-directory/cloud-infrastructure-entitlement-management/permissions-management-trial-user-guide)
💡 [Session Management with Conditional Access](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime) |\r\n| | 1.9 Integrated ICAM Platform | Entra Entitlement Management
Entra ID Certificate Based Authentication (CBA) | 🔀 [Entra ID - AuthN Methods](https://portal.azure.us/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods)
🔀 [Entra ID - AuthN Strengths](https://portal.azure.us/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthStrengths)
🔀 [Entra ID - AuthN Insights](https://portal.azure.us/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthMethodsActivity)
🔀 [Entra ID - Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/CaTemplates.ReactView) | 💡 [Microsoft Integrated Identity Platform Entra](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-overview)
💡 [Implement Passwordless Auth with Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-passwordless)
💡 [Configure Passwordless Key with Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key)
💡 [Entra Certificate Based Authorization](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-certificate-based-authentication) |\r\n| Device 2.x | | | | |\r\n| | 2.1 Device Inventory | Microsft Entra ID
Microsft Entra ID Conditional Access (CA)
Microsoft Defender for Endpoint (MDE)
Microsoft Defender for Cloud (MDfC)
Microsoft Defender for Identity (MDI)
Microsoft Intune | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/overview)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡[M365 Defender Device inventory](https://learn.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-1.0%22%20%EF%BF%BDHYPERLINK%20%22https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-worldwide)
💡[What is a device identity (Azure Active Directory)?](https://learn.microsoft.com/en-us/azure/active-directory/devices/overview)
💡[Manage device identities by using the Azure portal](https://learn.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal)
💡[Manage your devices and control features with Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/manage-devices)
💡[Hybrid Azure AD joined devices](https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid)
💡[Conditional Access policy: Device Compliancy](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
💡[ZT Guide: Endpoint Zero Trust Deployment Objectives](https://learn.microsoft.com/en-us/security/zero-trust/deploy/endpoints#endpoint-zero-trust-deployment-objectives)
💡[Intune Reporting](https://learn.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor) ** not yet availble in DoD cloud
💡[Provide Additional Intune Reporting](https://www.linkedin.com/pulse/provide-additional-intune-reporting-data-wmi-iren%C3%A4us-becker/)
💡[Working with Intune in Microsoft Graph](https://learn.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-1.0) |\r\n| | 2.2 Device Detection and Compliance | Entra ID Conditional Access (CA)
Microsoft Defender for Endpoint (MDE)
Microsoft Intune | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints) | 💡[Device compliance policies in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started)
💡[Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure)
💡[Configure Conditional Access in Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide)
💡[Scenarios for using Conditional Access with Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access-intune-common-ways-use?source=recommendations) |\r\n| | 2.3 Device Authorization w/ Real Time Inspection | Microsft Entra ID
Microsoft Intune
Microsoft Defender for Endpoint (MDE)
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡[Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure)
💡[Device discovery overview](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide)
💡[Learn about Conditional Access and Intune](https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access)
💡[Device compliance policies in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started)
💡[Configure compliance policies with actions for noncompliance in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance)
💡[Require compliant, hybrid joined devices, or MFA - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
💡[Conditional Access insights and reporting workbook - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting)
💡[Plan an Azure Active Directory Conditional Access deployment - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access)
💡[Azure Samples for Conditional Access (PowerShell) - GitHub](https://github.com/Azure-Samples/azure-ad-conditional-access-apis/tree/main/01-configure/powershell)
Additional References:
💡[Track changes to system files and registry keys](https://learn.microsoft.com/en-us/azure/defender-for-cloud/file-integrity-monitoring-overview)
💡[Connect Microsoft Defender for Cloud alerts to Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/connect-defender-for-cloud)
💡[Deploying and Managing Microsoft Defender for Cloud as Code](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/deploying-and-managing-microsoft-defender-for-cloud-as-code/ba-p/3649653)
💡[Collect data in custom log formats to Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/connect-custom-logs?tabs=DCG)
💡[Azure Monitor Agent overview - Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview)
💡[Use entity behavior analytics to detect advanced threats](https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics) |\r\n| | 2.4 Remote Access | Microsft Entra ID
Microsft Entra ID Conditional Access (CA)
Microsoft Intune
Microsoft Defender for Endpoint (MDE) | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints) | 💡[Require compliant, hybrid joined devices, or MFA - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
💡[Conditional Access APIs and PowerShell - Microsoft Entra](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-apis)
💡[Device compliance policies in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started)
💡[Configure compliance policies with actions for noncompliance in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance)
💡[Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure)
💡[Configure Conditional Access in Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide)
💡[Enhance security with the principle of least privilege](https://learn.microsoft.com/en-us/azure/active-directory/develop/secure-least-privileged-access)
💡[Best practices for Azure AD roles](https://learn.microsoft.com/en-us/azure/active-directory/roles/best-practices)
💡[Least privileged roles by task in Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task) |\r\n| | 2.5 Partially & Fully Automated Asset, Vulnerability and Patch | Microsoft Intune
Microsoft Endpoint Configuration Manager (MECM)
Mircosoft Defender for Endpoint (MDE) Threat & Vulnerability Management (TVM)
Azure Arc-enabled Servers
Azure Automation | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Azure Arc](https://portal.azure.us/#view/Microsoft_Azure_HybridCompute/AzureArcCenterBlade/~/overview) | 💡 [What is Windows Update for Business?](https://learn.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb)
💡 [Microsoft Configuration Manager MECEM](https://learn.microsoft.com/en-us/mem/configmgr/core/understand/introduction)
💡 [Update rings for Windows 10 and later policy in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-update-rings?source=recommendations)
💡 [Manage Windows 10 and Windows 11 software updates in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure)
💡 [Deploy software updates with Configuration Manager](https://learn.microsoft.com/en-us/mem/configmgr/sum/deploy-use/deploy-software-updates)
💡 [Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/mem/intune/protect/atp-manage-vulnerabilities)
💡 [Remediate vulnerabilities (Defender for Endpoint)](https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-remediation?view=o365-worldwide)
💡 [Choose how to deliver updates for the Microsoft 365 Apps](https://learn.microsoft.com/en-us/deployoffice/fieldnotes/choose-how-to-deliver-updates)
💡 [Windows Release Health](https://learn.microsoft.com/en-us/windows/release-health/)
💡 [Manage updates and patches for your VMs](https://learn.microsoft.com/en-us/azure/automation/update-management/manage-updates-for-vm)
💡 [Automate your patching using Azure Arc and Azure Automation](https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141)
|\r\n| | 2.6 Unified Endpoint Management (UEM) & Mobile Device Management (MDM) | Microsoft Intune
Azure Arc-enabled Servers
Azure Autiomation | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Azure Arc](https://portal.azure.us/#view/Microsoft_Azure_HybridCompute/AzureArcCenterBlade/~/overview) | 💡[What is Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune)
💡[Manage your devices and control device features in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/manage-devices)
💡[Zero Trust with Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/zero-trust-with-microsoft-intune)
💡[Supported operating systems and browsers in Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers)
💡[Enrollment guide: Microsoft Intune enrollment](https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment)
💡[Manage iOS/iPadOS software update policies in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/software-updates-ios)
💡[Manage macOS software update policies in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/software-updates-macos)
💡[Microsoft Intune How-To Guides](https://learn.microsoft.com/en-us/mem/intune/#how-to-guides)
💡[What is Azure Arc-enabled servers?](https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview)
💡[Automate your patching using Azure Arc and Azure Automation](https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141) |\r\n| | 2.7 Endpoint & Extended Detection & Response (EDR & XDR) | Microsoft 365 Defender
Microsoft Defender for Endpoint (MDE)
Microsoft Defednder for Identity (MDI)
Microsoft Defender for Office 365 (MDO)
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel | 🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [M365 Defender Portal](https://security.microsoft.us) | 💡[What is Microsoft Defender for Endpoint?](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide)
💡[Zero Trust with Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/zero-trust-with-microsoft-defender-endpoint?view=o365-worldwide)
💡[What is Microsoft 365 Defender?](https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide)
💡[Zero Trust with Microsoft 365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender/zero-trust-with-microsoft-365-defender?view=o365-worldwide)
💡[Overview of endpoint detection and response (EDR) with Microsoft 365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response?view=o365-worldwide)
💡[Implement Microsoft Sentinel and Microsoft 365 Defender for Zero Trust](https://learn.microsoft.com/en-us/security/operations/siem-xdr-overview)
💡[Manage endpoint detection and response (EDR) policy for endpoint security in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-edr-policy)
💡[Set up your XDR tools](https://learn.microsoft.com/en-us/security/operations/setup-xdr-tools)
💡[Architect your Microsoft Sentinel workspace](https://learn.microsoft.com/en-us/security/operations/siem-workspace)
💡[Ingest data sources and configure incident detection in Sentinel](https://learn.microsoft.com/en-us/security/operations/ingest-data-sources)
💡[Respond to an incident using Microsoft Sentinel and Microsoft 365 Defender](https://learn.microsoft.com/en-us/security/operations/respond-incident) |\r\n| Application & Workload 3.x | | | | |\r\n| | 3.1 Application Inventory | Entra ID
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Endpoint (MDE)
Microsoft Intune | 🔀 [Entra ID Applications - Useage & Insights](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/EnterpriseApplicationsInsightsMenuBlade/~/ApplicationActivity)
🔀 [Application Security Groups](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FapplicationSecurityGroups)
🔀 [Microsoft Defender for Cloud Apps - Discovery](https://security.microsoft.us/cloudapps/discovery)
🔀 [Virtual Network Gateways](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Network%2FvirtualNetworkGateways)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [Cloud Discovery Setup](https://learn.microsoft.com/en-us/defender-cloud-apps/set-up-cloud-discovery)
💡 [Deploy Intune Softare inventory & Security Policies](https://learn.microsoft.com/en-us/answers/questions/67892/can-we-use-intune-to-inventory-software-on-devices)
💡 [Configure Blocking Unwanted or Unapproved Applications](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide)
💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool)
💡 [Active Directory Federation Services Health](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-health-adfs)
💡 [Azure Active Directory Application Audit](https://github.com/jsa2/AADAppAudit#azure-ad-application-analytics-solution)
💡 [Azure Active Directory Application Proxy](https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy)
💡 [Using Microsoft Defender for Cloud Asset Inventory](https://learn.microsoft.com/en-us/azure/defender-for-cloud/asset-inventory)
💡 [Working with Discovered Apps](https://learn.microsoft.com/en-us/defender-cloud-apps/discovered-apps)
💡 [Software Inventory](https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-worldwide) |\r\n| | 3.2 Secure Software Development & Integration | Azure Policy
Microsoft Defender for Cloud (MDfC)
Microsoft Defender for Endpoint (MDE) | 🔀 [Azure DevOps](https://portal.azure.us/#view/AzureTfsExtension/OrganizationsTemplateBlade)
🔀 [Azure Dev Test Center](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.DevTestLab%2Flabs)
🔀 [Azure DevTest Lab](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.DevTestLab%2Flabs)
🔀 [Intune App Security](https://endpoint.microsoft.us)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | |\r\n| | 3.3 Software Risk Management | Microsoft Defender for Cloud Apps (MDA)
Mircosoft Defender for Endpoint (MDE) Threat & Vulnerability Management (TVM)
Microsoft Intune | 🔀 [Azure Enterprise Apps Portal](https://portal.azure.us/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview)
🔀 [Intune Application Security](https://endpoint.microsoft.us/#view/Microsoft_Intune_DeviceSettings/AppsMenu/~/overview)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Manage and Secure Apps In Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/manage-apps)
💡 [App Protection Policies in Intune](https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy)
💡 [Microsoft Container Registry](https://mcr.microsoft.com/)
💡 [GitHub Actaion For Vulnerability Scanning](https://github.com/marketplace/actions/anchore-container-scan)
💡 [Code Scanning with CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)
💡 [Keeping your supply chain secure with Dependabot](https://docs.github.com/en/code-security/dependabot)
💡 [Secure Supply Chain Consumption Framework](https://www.microsoft.com/en-us/securityengineering/opensource/osssscframeworkguide)
💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool) |\r\n| | 3.4 Resource Authorization & Integration | Entra ID Conditional Access (CA)
Entra ID Application Proxy
Azure Policy
Entra ID Privilleged Identity Management (PIM)
Microsoft 365 Defender
Microsoft Intune
Microsoft Defender for Cloud (MDfC) | 🔀 [Azure Identity Governance](https://portal.azure.us/#blade/Microsoft_AAD_ERM/DashboardBlade)
🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Azure Application Proxy](https://portal.azure.us/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppProxy)
🔀 [Managed Service Identity](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/6f3afa5d-4b81-4f10-8806-fb75689672da/appId/c75517e9-05c9-49e9-9990-94f68b04ffc4)
🔀 [Intune Application Security](https://endpoint.microsoft.us/#view/Microsoft_Intune_DeviceSettings/AppsMenu/~/overview)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Deploy Microsoft Defender for Cloud - Enterprise Cloud Application Protection](https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction)
💡 [Configure Microsoft Cloud Identity for Enterprise Architects](https://www.microsoft.com/en-us/download/details.aspx?id=54431)
💡 [Deploying Application & Authorization Azure App Services](https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization)
💡 [How to create and deploy a custome Authorization Manager](https://learn.microsoft.com/en-us/dotnet/framework/wcf/extending/how-to-create-a-custom-authorization-manager-for-a-service)
💡 [Configure with Entra Identity Platform](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow)
💡 [How-to Manage Apps Remove User Access with Entra](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/methods-for-removing-user-access)
💡 [Setup Protecting Apps w. Entra Conditional Access](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps)
💡 [Role Based Access Control Configuration with Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control) |\r\n| | 3.5 Continuous Monitoring and Ongoing Authorizations | Entra ID - Conditional Access (CA)
Microsoft Defender for Cloud Apps (MDA)
Microsoft Senitnel Playbooks
Entra ID - Privileged Identity Management (PIM) | 🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [Application Insights](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.insights%2Fcomponents)
🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Application Security Groups Portal](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FapplicationSecurityGroups)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel) | 💡 [How-to-Build a Successful App Security Program](https://www.microsoft.com/en-us/security/blog/2021/03/29/how-to-build-a-successful-application-security-program/)
💡 [Setting up Hybrid Continuous Monitoring with Sentinel](https://learn.microsoft.com/en-us/azure/architecture/hybrid/hybrid-security-monitoring)
💡 [Deploy Adaptive Appliation Conrols Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls)
💡 [Configure Azure Security Management & Monitoring](https://learn.microsoft.com/en-us/azure/security/fundamentals/management-monitoring-overview)
💡 [Leverage Security Baselines for M365 Apps Enterprise](https://learn.microsoft.com/en-us/deployoffice/security/security-baseline)
💡 [Utilize Application Control for Windows](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/wdac) |\r\n| Data 4.x | | | | |\r\n| | 4.1 Data Catalog Risk Alignment | Purview Data Catalog
Purview Data Map
Microsoft Sentinel | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Azure Data Classification Service](https://portal.azure.us/#view/Microsoft_AAD_IAM/ManagedAppMenuBlade/~/Overview/objectId/30ea52ed-e5a7-4e51-a4ea-6c3b96a8be36/appId/7c99d979-3b9c-4342-97dd-3239678fb300) | 💡 [Create a Azrure Data Catalog](https://learn.microsoft.com/en-us/azure/data-catalog/data-catalog-get-started)
💡 [Use the Service Catalog](https://learn.microsoft.com/en-us/system-center/scsm/service-catalog?view=sc-sm-2022)
💡 [Azure Data Catalog FAQ](https://learn.microsoft.com/en-us/azure/data-catalog/data-catalog-frequently-asked-questions)
💡 [Establishing Sensitivity Labels](https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide)
💡 [Create and Publish Sensitivity Labels](https://learn.microsoft.com/en-us/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide)
💡 [Get Started with Trainable Classifiers](https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
💡 [Set up Azure Rights Management](https://learn.microsoft.com/en-us/azure/information-protection/what-is-azure-rms)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
💡 [Sentinel Data Connectors](https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources)
💡 [Discover Data & Apply Sensitivity Labels Automatically](https://learn.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) |\r\n| | 4.2 DoD Enterprise Data Governance | Purview Data Governance
Purview Data Estate Insights
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [Implement Microsoft Purview - IRM & Compliance - DoD Deployments](https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/plan-for-microsoft-purview-dod-deployments)
💡 [Implement a Data Governance Maturity Model Framework](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/govern)
💡 [Deploy Azure Data Governance](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/govern)
💡 [Leverage Microsoft Defender for For Cloud Goverance Rules](https://learn.microsoft.com/en-us/azure/defender-for-cloud/governance-rules)
💡 [Implement Purview Data Governance](https://learn.microsoft.com/en-us/purview/?view=o365-worldwide)
💡 [Purview Data Lineage Machine Learning](https://learn.microsoft.com/en-us/samples/microsoft/purview-machine-learning-lineage-solution-accelerator/purview-machine-learning-lineage-solution-accelerator/)
💡 [Get Started with Trainable Classifiers](https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
💡 [Azure Collaboration Governance](https://learn.microsoft.com/en-us/microsoft-365/solutions/collaboration-governance-overview?view=o365-worldwide)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
💡 [Configure Sentinel Data Connectors](https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources)
💡 [Monitor Your SQL Deployments](https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-insights-overview?view=azuresql)
💡 [Apply Sensitivity Labels Automatically](https://learn.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) |\r\n| | 4.3 Data Labeling and Tagging | Purview Information Protection | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [Create Sensitivity Labels](https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide)
💡 [Create and Publish Sensitivity Labels](https://learn.microsoft.com/en-us/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide)
💡 [Deploy with Trainable Classifiers](https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
💡 [Utilize Rights Management](https://learn.microsoft.com/en-us/azure/information-protection/what-is-azure-rms)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
💡 [Apply Sensitivity Labels Automatically](https://learn.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide)
💡 [Use the Service Catalog](https://learn.microsoft.com/en-us/system-center/scsm/service-catalog?view=sc-sm-2022) |\r\n| | 4.4 Data Monitoring and Sensing | Purview Data Loss Protection (DLP)
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Endpoint (MDE)
Microsoft Sentinel | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Azure Monitor Control Service](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/512ba5b8-8ced-42b9-8a94-c93befaf66a1/appId/e933bd07-d2ee-4f1d-933c-3752b819567b) | 💡 [Leverage Data Monitoring & Self Healing](https://learn.microsoft.com/en-us/compliance/assurance/assurance-monitoring-and-self-healing)
💡 [Deploy Microsoft 365 Monitorning](https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-monitoring?view=o365-worldwide)
💡 [Senitnel Data Collection Best Practices](https://learn.microsoft.com/en-us/azure/sentinel/best-practices-data)
💡 [Deploy Microsoft Purview](https://learn.microsoft.com/en-us/purview/purview)
💡 [Utilze Azure Rights Management](https://learn.microsoft.com/en-us/azure/information-protection/what-is-azure-rms)
💡 [Configure Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection)
💡 [Configure Sentinel Data Connectors](https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources)
💡 [Monitor Your SQL Deployments](https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-insights-overview?view=azuresql) |\r\n| | 4.5 Data Encryption & Rights Management | Purview Data Loss Protection (DLP)
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Endpoint (MDE) | 🔀 [Azure Encryption](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/21426118-88fd-4b5e-b106-3bd5f098f31a/appId/dbc36ae1-c097-4df9-8d94-343c3d091a76)
🔀 [Azure Rights Management Service](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/5f0c1df8-5bab-4fb3-b1a5-19bdba46c704/appId/00000012-0000-0000-c000-000000000000)
🔀 [M365 Data At Rest Encryption](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/882ab41e-90f7-4f4e-8b24-3503495a83e6/appId/c066d759-24ae-40e7-a56f-027002b5d3e4)
🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Utilize Azure Encrption](https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview)
💡 [Deploy Azure Rights Management](https://learn.microsoft.com/en-us/azure/information-protection/what-is-azure-rms)
💡 [Deploy Purview Information Protection](https://learn.microsoft.com/en-us/purview/information-protection)
💡 [Configure Dynamic Key & Encrption Delivery](https://learn.microsoft.com/en-us/azure/media-services/latest/drm-content-protection-concept)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection) |\r\n| | 4.6 Data Loss Prevention (DLP) | Purview Data Loss Protection (DLP)
Purview Information Protection | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Endpoint DLP](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/780e77f3-df11-4525-b201-973a1b691cab/appId/c98e5057-edde-4666-b301-186a01b4dc58)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Implement Data Loss & Prevention (DLP)](https://learn.microsoft.com/en-us/purview/dlp-learn-about-dlp)
💡 [Informaiton Protection & Data Loss and Prevention- GITHUB LAB](https://microsoft.github.io/ComplianceCxE/dag/mip-dlp/)
💡 [Deploy Adaptive Protection- Data Loss & Protections](https://learn.microsoft.com/en-us/purview/dlp-adaptive-protection-learn)
💡 [Apply Rules for DLP Exchange Online](https://learn.microsoft.com/en-us/exchange/security-and-compliance/data-loss-prevention/dlp-rule-application)
💡 [Utilize Trainable Classifiers](https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/en-us/azure/information-protection/aip-classification-and-protection) |\r\n| | 4.7 Data Access Control | Microsoft Defender for Cloud Apps (MDA)
Entra ID Conditional Access (CA)
Purview Insider Risk Management
Purview Information Protection
Purview Data Loss Prevention (DLP)
Microsoft Intune | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Entra ID Privileged Identity Management](https://portal.azure.us/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade)
🔀 [Entra ID Conditional Access](https://portal.azure.us/#blade/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade)
🔀 [Azure Internal Access Scope Portal](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/a0779651-4c07-4392-a11f-a1694cb497b1/appId/c29427db-9ecc-4750-ad93-d256863f2e37)
🔀 [Virtual Network Terminal Access Points](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.network%2Fvirtualnetworktaps)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Azure Data Explorer](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Kusto%2Fclusters) | 💡 [Configure Conditional Access in Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
💡 [Use Conditional Access Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access)
💡 [Use Conditional Access APIs](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-apis)
💡 [Deploy Conditional Access Policies](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access#deploy-conditional-access-policies)
💡 [Use Conditional Access With Data Explorer](https://learn.microsoft.com/en-us/azure/data-explorer/security-conditional-access)
💡 [Deploy Common Conditional Access Policies](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation)
💡 [Build Conditional Access](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policies) |\r\n| Network & Environment 5.x | | | | |\r\n| | 5.1 Data Flow Mapping | Azure Monitor Net Insights
Network Watcher
Microsoft Defender for Endpoint (MDE) | 🔀 [Network Security Perimeters](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FnetworkSecurityPerimeters)
🔀 [Network Interfaces](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2Fnetworkinterfaces)
🔀 [Azure Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)
🔀 [Azure Firewall](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FazureFirewalls)
🔀 [Web Application Firewall](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FFrontDoorWebApplicationFirewallPolicies)
🔀 [DDoS Protection Plans](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FddosProtectionPlans)
🔀 [Firewall Manager](https://portal.azure.us/#view/Microsoft_Azure_HybridNetworking/FirewallManagerMenuBlade/~/firewallManagerOverview)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
| 💡 [Use Data Flow Mapping Power Platform](https://learn.microsoft.com/en-us/power-query/dataflows/create-use)
💡 [User Azure Network Traffic Analytics](https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics)
💡 [Azure Blue Print ](https://learn.microsoft.com/en-us/azure/governance/blueprints/overview)
💡 [Leverage Azure Data Visualization with Data Explorer](https://learn.microsoft.com/en-us/azure/data-explorer/viz-overview)
💡 [Use Power Automate for Event Tagging](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api-microsoft-flow?view=o365-worldwide)
💡 [Secure & Govern Workloads with Network-level Segmentation](https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/network-level-segmentation)
💡 [Deploy Software Defined Netoworking](https://learn.microsoft.com/en-us/azure-stack/hci/concepts/plan-software-defined-networking-infrastructure)
💡 [Manage Software Defined Netoworking](https://learn.microsoft.com/en-us/windows-server/networking/sdn/manage/manage-sdn)
💡 [Key Components of Software Defined Networking Data Sheet](https://learn.microsoft.com/en-us/windows-server/networking/sdn/technologies/Software-Defined-Networking-Technologies) |\r\n| | 5.2 Software Defined Networking (SDN) | Secure Access Service Edge (SASE)
Microsoft Network Secuirty Groups (NSG)
Entra ID App Proxy | 🔀 [Manage Virtual Network](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FvirtualNetworks)
🔀 [Network Security Groups](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FNetworkSecurityGroups)
🔀 [Network Managers](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FnetworkManagers)
🔀 [Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)
🔀 [Network Security Perimeters](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FnetworkSecurityPerimeters)
🔀 [Entra App Proxy](https://portal.azure.us/#view/Microsoft_AAD_IAM/AppProxyOverviewBlade) | 💡 [Use Secure Access Service Edge SASE - Software Defined Networking Zero Trust](https://www.microsoft.com/en-us/security/business/security-101/what-is-sase)
💡 [Software Defined Network Monitoring using Sentinel](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/software-defined-monitoring-using-automated-notebooks-and-azure/ba-p/2587775)
💡 [Plan Software Defined Netoworking](https://learn.microsoft.com/en-us/azure-stack/hci/concepts/plan-software-defined-networking-infrastructure)
💡 [Implementing Software Defined Networking](https://learn.microsoft.com/en-us/windows-server/networking/sdn/)
💡 [Manage Software Detined Netoworking](https://learn.microsoft.com/en-us/windows-server/networking/sdn/manage/manage-sdn)
💡 [Deploy Software Defined Networking](https://learn.microsoft.com/en-us/windows-server/networking/sdn/deploy/deploy-a-software-defined-network-infrastructure-using-scripts)
💡 [Secure the Network Controller](https://learn.microsoft.com/en-us/azure-stack/hci/manage/nc-security)
💡 [SDN for Win Server 2019 and 2022](https://learn.microsoft.com/en-us/windows-server/networking/sdn/sdn-whats-new)
💡 [Key Components of Software Defined Networking Data Sheet](https://learn.microsoft.com/en-us/windows-server/networking/sdn/technologies/Software-Defined-Networking-Technologies)
💡 [IPV6 Config Interface](https://learn.microsoft.com/en-us/javascript/api/%40azure/arm-databoxedge-profile-2020-09-01-hybrid/ipv6config?view=azure-node-latest&wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Leverage IPV6 for Azure Virtual Networks](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/ipv6-overview?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Segementation Security Strategies](https://learn.microsoft.com/en-us/azure/well-architected/security/design-segmentation)
💡 [Implement Network Segmentation Paterns On Azure](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation)
💡 [Utilize Microsoft Packet Monitor](https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon) |\r\n| | 5.3 Macro Segmentation | Azure Subscription
Azure VNet(s)
Azure VNet Manager
Network Security Groups (NSG)
Azure Firewall | 🔀 [Impletment Network Segmentation](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation)
🔀 [Azure Features for Segmentation](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation#azure-features-for-segmentation)
🔀 [Network Service](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
🔀 [Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview) | 💡 [Impletment Network Segmentation](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation)
💡 [Azure Features for Segmentation](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation#azure-features-for-segmentation)
💡 [Segementation Security Strategies](https://learn.microsoft.com/en-us/azure/well-architected/security/design-segmentation)
💡 [Network Service Designs](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
💡 [Network Watcher](https://portal.azure.com/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview) |\r\n| | 5.4 Micro Segmentation | Azure Security Groups (ASG)
Entra ID App Proxy
Microsoft Tunnel | 🔀 [Virtual Networks Termal Access Points](https://portal.azure.us/#view/HubsExtension/BrowseResourceBlade/resourceType/microsoft.network%2Fvirtualnetworktaps)
🔀 [Conditional Access](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Overview)
🔀 [Cloud Access Routers](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Orbital%2FcloudAccessRouters)
🔀 [Entra ID Conditional Access](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Overview)
🔀 [Azure Monitor Networks](https://portal.azure.us/#view/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/~/networkInsights)
🔀 [Azure Connection Monitor](https://portal.azure.us/#view/Microsoft_Azure_FlowLog/ConnectionMonitorV2ViewModel)
🔀 [Azure Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview/menuId~/%7B%22target%22%3A%7B%7D%7D) | 💡 [Enabling JIT Access Controls](https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Conditional Access Block Access by Location](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-location?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Secure Networks with Zero Trust](https://learn.microsoft.com/en-us/security/zero-trust/deploy/networks)
💡 [Implement Network Segmentation Paterns On Azure](https://learn.microsoft.com/en-us/azure/well-architected/security/design-network-segmentation?wtmc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Microsoft Packet Monitor](https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon) |\r\n| Automation & Orchestration 6.x | | | | |\r\n| | 6.1 Policy Decision Point (PDP) & Policy Orchestration | Entra ID Conditional Access (CA)
Azure Policy
Azure Automation
Azure ML
Azure Firewall
Microsoft Sentinel | 🔀 [Azure Automation](https://portal.azure.us/#view/Microsoft_AAD_IAM/ManagedAppMenuBlade/~/Overview/objectId/d2175af3-6958-4008-83ac-ac2b81eafac7/appId/fc75330b-179d-49af-87dd-3b1acf6827fa)
🔀 [Azure Machine Learning](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.MachineLearningServices%2Fworkspaces)
🔀 [Azure Policy](https://portal.azure.us/#blade/Microsoft_Azure_Policy/PolicyMenuBlade)
🔀 [Azure Virtual Desktop](https://portal.azure.us/#view/Microsoft_Azure_WVD/WvdManagerMenuBlade/~/overview)
🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null) | 💡 [Visibility,Automation and Orchestration with Zero Trust](https://learn.microsoft.com/en-us/)
💡 [Azure Orchestration for Azure Security Policy](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/azure-policy-security-baseline)
💡 [Configuration Analyzer for Security Policies](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-worldwide)
💡 [Azure Automation Overview](https://learn.microsoft.com/en-us/azure/automation/overview)
💡 [Azure Security Baseline for Automation](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/automation-security-baseline)
💡 [Azure Policy](https://learn.microsoft.com/en-us/azure/governance/policy/overview)
💡 [What is Azure Firewall?](https://learn.microsoft.com/en-us/azure/firewall/overview)
💡 [Apply Zero Trust principles to a hub virtual network in Azure](https://learn.microsoft.com/en-us/security/zero-trust/azure-infrastructure-networking)
💡 [Management of Role Permissions and Automation](https://learn.microsoft.com/en-us/azure/automation/automation-role-based-access-control)
💡 [Using Azure Machine Learning to assign roles](https://learn.microsoft.com/en-us/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=labeler)
💡 [Azure AD Seccurity Groups ML](https://learn.microsoft.com/en-us/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=labeler#use-azure-ad-security-groups-to-manage-workspace-access) |\r\n| | 6.2 Critical Process Automation | Microsoft Power Automate
Azure Logic Apps
Microsoft Sentinel Playbooks
Microsoft 365 Defender Automated Investigation & Response | 🔀 [Azure Automation](https://portal.azure.us/#view/Microsoft_AAD_IAM/ManagedAppMenuBlade/~/Overview/objectId/d2175af3-6958-4008-83ac-ac2b81eafac7/appId/fc75330b-179d-49af-87dd-3b1acf6827fa)
🔀 [Microsoft Sentinel Automation Blade](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_Security_Insights/MainMenuBlade/~/Automationl)
🔀 [Azure Logic Apps Blade](https://portal.azure.us/?feature.msaljs=true#view/HubsExtension/BrowseResource/resourceType/Microsoft.Logic%2Fworkflows)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Azure Automation Overview](https://learn.microsoft.com/en-us/azure/automation/overview)
💡 [Azure Security Baseline for Automation](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/automation-security-baseline)
💡 [Visibility, Automation, and Orchestration with Zero Trust](https://learn.microsoft.com/en-us/)
💡 [Automation in Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/automation)
💡 [Automate Threat Response with Playbooks](https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks)
💡 [Automated Investigation & Response M365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide)
💡 [Power Automate U.S Government](https://learn.microsoft.com/en-us/power-automate/us-govt) |\r\n| | 6.3 Machine Learning | Microsoft Sentinel Fusion ML
Microsoft Sentinel Bring Your Own Machine Learning (BYOML)
Microsoft Defender for Cloud (MDfC)
Azure ML | 🔀 [Azure Machine Learning](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.MachineLearningServices%2Fworkspaces)
🔀 [Power Automate](https://make.gov.powerautomate.us/)
🔀 [Power Platform Admin Center](https://admin.appsplatform.us/)
🔀 [Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Defender for Cloud](https://portal.azure.us/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0) | 💡 [Advanced multistage attack detection in Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/fusion)
💡 [Bring your own Machine Learning (ML) into Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/bring-your-own-ml)
💡 [Azure Machine Learning](https://learn.microsoft.com/en-us/azure/machine-learning/?view=azureml-api-2)
💡 [Enterprise Security & Governance w. Machine Learning](https://learn.microsoft.com/en-us/azure/machine-learning/concept-enterprise-security?view=azureml-api-2)
💡 [Azure Government Isolaiton Guidelines using AI & ML](https://learn.microsoft.com/en-us/azure/azure-government/documentation-government-impact-level-5)
💡 [Quick Start Azure Machine Learning](https://learn.microsoft.com/en-us/azure/machine-learning/tutorial-azure-ml-in-a-day?view=azureml-api-2)
💡 [Azure security baseline for Azure Machine Learning](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/machine-learning-security-baseline) |\r\n| | 6.4 Artificial Intelligence | Microsoft Sentinel Fusion ML
Microsoft Sentinel Tailored AI
Azure ML | 🔀 [Azure AI Services](https://portal.azure.us/#blade/Microsoft_Azure_ProjectOxford/CognitiveServicesHub)
🔀 [Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Defender for Cloud](https://portal.azure.us/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0) | 💡 [AI Security Services](https://learn.microsoft.com/en-us/azure/ai-services/security-features)
💡 [Senintel Automation](https://learn.microsoft.com/en-us/azure/sentinel/automation)
💡 [AI ID & Access Risk Based Controls](https://azure.microsoft.com/en-us/products/category/identity/)
💡 [Implement Sentinel & M365 Defender for XDR - AI Driven Zero Trust ](https://learn.microsoft.com/en-us/security/operations/siem-xdr-overview)
💡 [Become a Sentinel Automation Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377) |\r\n| | 6.5 Security Orchestration, Automation & Response (SOAR) | Microsoft 365 Defender Automated investigation and response
Microsoft Sentinel Playbooks
Microsoft Defender for Cloud (MDfC)
Azure Logic Apps | 🔀 [Sentinel SIEM-SOAR](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Logic Apps](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows)
🔀 [Microsoft Defender for Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null) | 💡 [Security Ochestration, Automation & Response (SOAR) In Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/automation)
💡 [Sentinel SOAR](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-use-azure-sentinel-for-incident-response-orchestration/ba-p/2242397)
💡 [Microsoft Sentinel SOAR Content Catalog](https://learn.microsoft.com/en-us/azure/sentinel/sentinel-soar-content)
💡 [Automate Threat Response with Playbooks in Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks)
💡 [Automated investigation and response in Microsoft 365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide)
💡 [Workflow Automation in Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation)
💡 [SOAR Best Practices](https://www.microsoft.com/en-us/security/business/security-101/what-is-soar#SOARbestpractices)
💡 [Become a Sentinel Automation Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377) |\r\n| | 6.6 API Standardization | Azure API Management
Azure Monitor Log Analytics
Azure Logic Apps
Azure Policy | 🔀 [API Management Services](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.ApiManagement%2Fservice)
🔀 [API Connections](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Web%2Fconnections)
🔀 [API Playground](https://portal.azure.us/#blade/Microsoft_Azure_Resources/ArmPlayground)
🔀 [Azure Logic Apps](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Logic%2Fworkflows) | 💡 [Microsft API Management & Security](https://azure.microsoft.com/en-us/products/api-management/)
💡 [Mitigate OWASP Top 10 Security Threats Using Microsoft API Management](https://learn.microsoft.com/en-us/azure/api-management/mitigate-owasp-api-threats)
💡 [Security Baselines for API Management](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/api-management-security-baseline)
💡 [Secure and Compliant APIs for a Hybrid and Multi Cloud World](https://azure.microsoft.com/en-us/blog/secure-and-compliant-apis-for-a-hybrid-and-multi-cloud-world/)
💡 [Web API Design Best Practice](https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-design)
💡 [Monitor & Protect Your APIs](https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor) |\r\n| | 6.7 Security Operations Center (SOC) & Incident Response (IR) | Microsoft Sentinel Microsoft Defender for Cloud (MDfC)
Microsoft 365 Defender | 🔀 [Sentinel SIEM-SOAR](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Logic Apps](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows)
🔀 [Microsoft Defender for Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Security Operations In Azure](https://learn.microsoft.com/en-us/azure/well-architected/security/monitor-security-operations)
💡 [Microsoft SOC Best Practices Landing Page](https://www.microsoft.com/en-us/security/business/security-101/what-is-a-security-operations-center-soc?ef_id=_k_ce7dcd6e8f2d1919667ca9a72f733870_k_&OCID=AIDcmmdamuj0pc_SEM__k_ce7dcd6e8f2d1919667ca9a72f733870_k_&msclkid=ce7dcd6e8f2d1919667ca9a72f733870)
💡 [Playbook for Modernizing Security Operations Centers](https://www.microsoft.com/en-us/security/blog/2021/02/11/a-playbook-for-modernizing-security-operations/)
💡 [CISO Series Lessons Learned from Microsoft's SOC](https://www.microsoft.com/en-us/security/blog/2019/10/07/ciso-series-lessons-learned-from-the-microsoft-soc-part-3a-choosing-soc-tools/)
💡 [Integrating Microsoft 365 Defender into your security operations](https://learn.microsoft.com/en-us/microsoft-365/security/defender/integrate-microsoft-365-defender-secops?view=o365-worldwide) |\r\n| Visibility & Analytics 7.x | | | | |\r\n| | 7.1 Log All Traffic (Network, Data, Apps, Users) | Azure Monitor Log Analytics
Microsoft Sentinel | 🔀 [Log Analytics Workspace](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fworkspaces)
🔀 [Log Query Packs](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fquerypacks)
🔀 [Sign-in Activity Logs](https://portal.azure.us/#blade/Microsoft_AAD_IAM/SignInEventsV3Blade)
🔀 [Activity Logs](https://portal.azure.us/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/activityLog)
🔀 [Audit Log](https://portal.azure.us/#blade/Microsoft_AAD_IAM/AuditEventsV2PillsBlade)
🔀 [Operation Log](https://portal.azure.us/#blade/Microsoft_Azure_Resources/OperationLogsBlade)
🔀 [Microsoft Azure Log Search Alerts](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/c134d63b-957f-4cf7-8a34-d744aa8804df/appId/f6b60513-f290-450e-a2f3-9930de61c5e7) | 💡 [Azure Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview)
💡 [Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/overview)
💡 [Audit Logging and Monitoring](https://learn.microsoft.com/en-us/compliance/assurance/assurance-audit-logging)
💡 [Maturity Model for Log Management M2131](https://techcommunity.microsoft.com/t5/public-sector-blog/microsoft-sentinel-maturity-model-for-event-log-management-m-21/ba-p/3074336)
💡 [Device Log Capture - Intune](https://learn.microsoft.com/en-us/mem/intune/remote-actions/collect-diagnostics)
💡 [Application Logging](https://learn.microsoft.com/en-us/sql/relational-databases/performance/view-the-windows-application-log-windows-10?view=sql-server-ver16)
💡 [User Access Logging](https://learn.microsoft.com/en-us/windows-server/administration/user-access-logging/get-started-with-user-access-logging)
💡 [Azure Infrastructure Logs](https://learn.microsoft.com/en-us/azure/well-architected/scalability/monitor-infrastructure)
💡 [Network Logging](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-network-trace)
💡 [Supported Logs for Network](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-logs/microsoft-network-networkmanagers-logs) |\r\n| | 7.2 Security Information and Event Management (SIEM) | Microsoft Sentinel
Microsoft Defender for Cloud (MDfC)
Microsoft 365 Defender | 🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Microsoft Defender for Cloud](https://portal.azure.us/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0) | 💡[Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/overview)
💡[Implement Sentinel & M365](https://learn.microsoft.com/en-us/security/operations/siem-xdr-overview)
💡[Unified SIEM & XDR](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-unified-microsoft-siem-and-xdr-github-community/ba-p/3249533)
💡[Stream Alerts Defender for Cloud to SIEM](https://learn.microsoft.com/en-us/azure/defender-for-cloud/export-to-siem#stream-alerts-to-azure-sentinel)
💡[Azure Sentinel Github Repo](https://github.com/Azure/Azure-Sentinel)
💡[Sentinel & SOC Analysis Process](https://learn.microsoft.com/en-us/azure/sentinel/migration-security-operations-center-processes)
💡[Microsoft Sentinel Skill Up Training](https://learn.microsoft.com/en-us/azure/sentinel/skill-up-resources) |\r\n| | 7.3 Common Security and Risk Analytics | Microsoft Sentinel
Microsoft Defender for Cloud (MDfC) | 🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinell)
🔀 [Defender For Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Security Baselines](https://endpoint.microsoft.us/#home) | 💡[Microsoft Security Response Center Security Updates Guide](https://msrc.microsoft.com/update-guide)
💡[Explore Risks to Sensitive Data Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/data-security-review-risks)
💡[Identify & Analyze Risks Across Your Environment](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-attack-path)
💡[Cloud Security Posture Management](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management)
💡[Microsoft Cloud Security Benchmark](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-regulatory-compliance) |\r\n| | 7.4 User and Entity Behavior Analytics | Microsoft Sentinel UEBA
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Identity (MDI)
Entra ID Conditional Access (CA)
Purview Insider Risk Management | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinell)
🔀 [Defender For Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [ID Threats with User and Entity Behavior Analytics](https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics)
💡 [Enable Entity Behavior Analytics to Detect Threats](https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics)
💡 [Microsoft Sentinel UEBA Reference](https://learn.microsoft.com/en-us/azure/sentinel/ueba-reference)
💡 [Investigate Incidents with UEBA](https://learn.microsoft.com/en-us/azure/sentinel/investigate-with-ueba)
💡 [Discover and Protect Sensitive Information in your Organization](https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-dlp)
💡 [Purview Insider Risk Management](https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/plan-for-microsoft-purview-dod-deployments) |\r\n| | 7.5 Threat Intelligence Integration | Microsoft Sentinel Threat Intelligence (TI)
Microsoft Graph Security Indicators
Microsoft Defender Threat Intelligence (MDTI) | 🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinell)
🔀 [Defender For Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Microsoft Threat Intelligence Portal](https://ti.defender.microsoft.com/) | 💡[Microsoft Threat Intelligence](https://learn.microsoft.com/en-us/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti)
💡[Microsoft Security Graph API](https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-beta)
💡[Create Threat Intelligence Indicators](https://learn.microsoft.com/en-us/graph/api/tiindicators-post?view=graph-rest-beta&tabs=http)
💡[Threat intelligence integration in Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/threat-intelligence-integration)
💡[Bring Your Own Threat Intelligence Feeds](https://learn.microsoft.com/en-us/defender-cloud-apps/additional-integrations)
💡[Accessing the Threat Intelligence Portal](https://learn.microsoft.com/en-us/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal) |\r\n| | 7.6 Automated Dynamic Policies | Entra ID Protection
Microsoft Defender for Endpoint (MDE)
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel Fusion ML
Microsoft Sentinel Bring Your Own Machine Learning (BYOML)
Microsoft Sentinel Playbooks
Microsoft Intune
Azure Automation
Purview Insider Risk Management | 🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinell)
🔀 [Defender For Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Logic Apps](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows)
🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Azure Automation](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/d2175af3-6958-4008-83ac-ac2b81eafac7/appId/fc75330b-179d-49af-87dd-3b1acf6827fa)
🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance) | 💡[Automate Threat Response with Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks)
💡[Adaptive Protection - Microsoft Purview](https://www.microsoft.com/en-us/security/blog/2023/02/06/introducing-adaptive-protection-in-microsoft-purview-people-centric-data-protection-for-a-multiplatform-world/#:~:text=With%20Adaptive%20Protection%2C%20DLP%20policies%20become%20dynamic%2C%20ensuring,efficient%20and%20empowered%20to%20do%20more%20with%20less.)
💡[Adaptive Policy Scopes M365](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/using-adaptive-policy-scopes-to-apply-m365-retention-to-shared/ba-p/3053641#:~:text=Back%20in%20October,in%20Microsoft%20365.)
💡[Adaptive Application Controls](https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls)
💡[AI-Driven Adaptive Device Controls Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/ai-driven-adaptive-protection-in-microsoft-defender-for-endpoint/ba-p/2966491)
💡[AI-Driven Adaptive Protection Against Human Operated Ransomeware](https://www.microsoft.com/en-us/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/)
💡[Microsoft Defender for Cloud Automated Security Posture Management](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management)
💡[Improve your network security posture with adaptive network hardening](https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-network-hardening)
💡[What is Microsoft Entra ID Protection?](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection)
💡[Azure Automation update management](https://learn.microsoft.com/en-us/azure/architecture/hybrid/azure-update-mgmt)
💡[Manage Windows 10 and Windows 11 software updates in Intune](https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure) |"
+ "json": "| DoD Zero Trust Pillar | DoD Zero Trust Capability | Recommended Microsoft Solution(s) | Recommended DoD Portal(s) | Recommended Resources |\r\n|--------------------------------|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\r\n| User 1.x | | | | |\r\n| | 1.1 User Inventory | Entra ID
Microsoft Sentinel UEBA
Microsoft Defender for Cloud (MDfC) | 🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Microsoft Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [Microsoft Identity Platform Entra (formerly AAD)](https://learn.microsoft.com/azure/active-directory/develop/v2-overview)
💡 [Microsoft Hybrid Identity with Entra/AAD/AD](https://learn.microsoft.com/azure/active-directory/hybrid/)
💡 [Using the Inventory in Secure Score - Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/asset-inventory)
💡 [Identity Decision Guide](https://learn.microsoft.com/azure/cloud-adoption-framework/decision-guides/identity/)
💡 [Microsoft Cloud Identity for Enterprise Architects](https://www.microsoft.com/download/details.aspx?id=54431)
💡 [Identity Security Monitoring](https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/IdentitySecurityMonitoring.md#identity-security-monitoring-in-a-hybrid-environment)
💡 [Collect Azure Active Directory (Azure AD) Logs](https://learn.microsoft.com/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics#send-logs-to-azure-monitor)
💡 [Enable User Entity Behavorial Analytics](https://learn.microsoft.com/azure/sentinel/enable-entity-behavior-analytics#how-to-enable-user-and-entity-behavior-analytics)
💡 [Deploy Microsoft Defender for Identity](https://learn.microsoft.com/defender-for-identity/deploy-defender-identity)
💡 [Secure with Azure Active Directory](https://learn.microsoft.com/azure/active-directory/fundamentals/secure-with-azure-ad-introduction)
💡 [AAD Hybrid Identity](https://learn.microsoft.com/azure/active-directory/hybrid/connect/plan-hybrid-identity-design-considerations-overview?WT.mc_id=DT-MVP-5001664)
💡 [Azure AD Reports](https://learn.microsoft.com/azure/active-directory/reports-monitoring/overview-reports?WT.mc_id=DT-MVP-5001664)
💡 [B2B Collaboration](https://learn.microsoft.com/azure/active-directory/external-identities/what-is-b2b?WT.mc_id=DT-MVP-5001664) |\r\n| | 1.2 Conditional User Access | Entra ID Conditional Access (CA)
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel
Microsoft 365 Defender
Microsoft Intune | 🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies)
🔀 [Conditional Access Policy Templates](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/CaTemplates.ReactView)
🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Microsoft Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [What is Conditional Access](https://learn.microsoft.com/azure/active-directory/conditional-access/overview)
💡 [Conditional Access Learning Path](https://learn.microsoft.com/training/modules/plan-implement-administer-conditional-access/)
💡 [Conditional Access Licensing- Need at least AADP1](https://www.microsoft.com/security/business/identity-access/azure-active-directory-pricing?rtc=1)
💡 [Conditional Access Design Principles](https://learn.microsoft.com/azure/architecture/guide/security/conditional-access-design)
💡 [Templates -Secure Foundation & Work Toward ZT](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policy-common)
💡 [Conditional Access Trends and Changes](https://github.com/Cyberlorians/Workbooks/blob/main/ConditionalAccessTrendsandChanges.json)
💡 [Implement Authentication Strengths](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/authentication-strength-choose-the-right-auth-method-for-your/ba-p/2365674)
💡 [Intune Conditional Access](https://learn.microsoft.com/mem/intune/protect/conditional-access)
💡 [Using Locations in Conditional Access Policies](https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition) |\r\n| | 1.3 Multi-Factor Authentication (MFA) | Entra ID
Entra ID - Certificate Based Authorization (CBA) | 🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Entra ID - AuthN Methods Activity](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthMethodsActivity/menuId/AuthMethodsActivity)
🔀 [Entra ID - AuthN Methods Policies](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods)
🔀 [Entra ID - AuthN Strengths](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthStrengths)
🔀 [Defender for Cloud Recommendations](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_Security/SecurityMenuBlade/~/5) | 💡 [How MFA Works](https://learn.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks)
💡 [Setup Multifactor Authenication for Users M365](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)
💡 [Configure the MFA Azure Active Directrory Registration Policies](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)
💡 [Deploy Passwordless Solution](https://learn.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-deployment)
💡 [Configure Azure AD CBA](https://learn.microsoft.com/azure/active-directory/authentication/how-to-certificate-based-authentication)
💡 [Conditional Access Policy - MFA](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?WT.mc_id=DT-MVP-5001664)
💡 [Plan AAD MFA](https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted?WT.mc_id=DT-MVP-5001664) |\r\n| | 1.4 Privileged Access Management (PAM) | Entra ID
Entra ID - Privileged Identity Management (PIM) | 🔀 [Entra ID DiagnosticSettings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Entra ID - PIM](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_PIMCommon/CommonMenuBlade/~/quickStart)
🔀 [AAD PIM - Audit History](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_PIMCommon/MyAuditsMenuBlade/~/aadmigratedroles) | 💡 [Plan a Privileged Identity Management Deployment](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-deployment-plan)
💡 [Privileged Identity Management - Why use it with Defender for O365?](https://learn.microsoft.com/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-worldwide)
💡 [Implementing PIM - Micrsoft Entra](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-getting-started)
💡 [Secure Roadmap - PIM](https://learn.microsoft.com/azure/active-directory/roles/security-planning#use-azure-ad-privileged-identity-management)
💡 [PIM for Groups](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/concept-pim-for-groups)
💡 [Configure Approve or Deny Request for AD Roles in PIM](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-approval-workflow)
💡 [Azure Security Benchmark Defender for Identity](https://learn.microsoft.com/security/benchmark/azure/baselines/defender-for-identity-security-baseline) |\r\n| | 1.5 Identity Federation & User Credentialing | Entra ID - Certificate-Based Authorization (CBA)
Entra ID - Guest Access | 🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Entra ID - AAD Connect](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_Connect_Provisioning/AADConnectMenuBlade/~/GetStarted)
🔀 [Entra ID - Enterprise Apps](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null)
🔀 [Entra ID - Identity Governance](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_ERM/DashboardBlade/~/GettingStarted) | 💡 [Azure Governement - Planning Identity for Azure Government Apps](https://learn.microsoft.com/azure/azure-government/documentation-government-plan-identity)
💡 [Federated Identity Credentials](https://learn.microsoft.com/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-1.0)
💡 [What is Hybrid Identity](https://learn.microsoft.com/azure/active-directory/hybrid/whatis-hybrid-identity)
💡 [Azure AD Certificate Based Authentication](https://learn.microsoft.com/azure/active-directory/authentication/concept-certificate-based-authentication)
💡 [Azure AD SCIM](https://learn.microsoft.com/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups)
💡 [Provisioning with Google Cloud](https://cloud.google.com/architecture/identity/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on)
💡 [Provisioning with Amazon Cloud](https://learn.microsoft.com/azure/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial)
💡 [Azure AD Application Roles](https://learn.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps)
💡 [What is Identity Governace?](https://learn.microsoft.com/azure/active-directory/governance/identity-governance-overview) |\r\n| | 1.6 Behavioral, Contextual ID, and Biometrics | Microsoft Sentinel UEBA
Entra ID - Identity Protection | 🔀 [Azure Face APIs](https://portal.azure.us/#view/Microsoft_Azure_ProjectOxford/CognitiveServicesHub/~/Face)
🔀 [Sentinel - UEBA](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Verified ID](https://portal.azure.us/#view/Microsoft_AAD_DecentralizedIdentity/InitialMenuBlade/~/setupBlade) | 💡 [User Entity Behavorial Analytics - What is it?](https://learn.microsoft.com/azure/sentinel/identify-threats-with-entity-behavior-analytics)
💡 [Windows Hello Biometrics](https://learn.microsoft.com/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise)
💡 [Identify Advanced Threats with UEBA](https://learn.microsoft.com/azure/sentinel/identify-threats-with-entity-behavior-analytics)
💡 [UEBA Reference](https://learn.microsoft.com/azure/sentinel/ueba-reference?WT.mc_id=AZ-MVP-5004810#ueba-enrichments)
💡 [UEBA Sentinel Content Hub](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/ueba-essentials-solution-now-available-in-content-hub/ba-p/3651074)
💡 [Guided UEBA Investigation Scenarios](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/guided-ueba-investigation-scenarios-to-empower-your-soc/ba-p/1857100)
💡 [Combatting Risky Sign-ins in Azure Active Directory](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/combatting-risky-sign-ins-in-azure-active-directory/ba-p/3724786)
💡 [Securing Workload Identities](https://learn.microsoft.com/azure/active-directory/identity-protection/concept-workload-identity-risk)
💡 [Reprise99 UEBA](https://github.com/reprise99/Sentinel-Queries/tree/main/UEBA) |\r\n| | 1.7 Least Privileged Access | Entra ID - Permissions
Azure Policy
Entra ID - Privileged Identity Management (PIM) | 🔀 [Entra ID - Enterprise Apps](https://portal.azure.us/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null)
🔀 [Entra ID - Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/CaTemplates.ReactView)
🔀 [Entra ID - Identity Protection](https://portal.azure.us/#view/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/~/Overview)
🔀 [Microsoft Defender for Cloud Apps](https://security.microsoft.us/cloudapps/)
🔀 [Application Security Groupss](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FapplicationSecurityGroups) | 💡 [Implementing Least-Privileged Administrative Models](https://learn.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models)
💡 [Enhance Application Security with Lease Privilege Access Controls](https://learn.microsoft.com/azure/active-directory/develop/secure-least-privileged-access)
💡 [Identity Protection](https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-active-directory-identity/ba-p/1320887?WT.mc_id=itopstalk-newsletter-abartolo)
💡 [Continuous Access Evaluation Monitoring](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-continuous-access-evaluation-troubleshoot#continuous-access-evaluation-sign-in-reporting) |\r\n| | 1.8 Continuous Authentication | Entra ID - Continuous Access Evaluation (CAE)
Entra ID - Privileged Identity Management (PIM)
Entra ID - Identity Protection | 🔀 [Entra ID - Device Inventory](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Entra ID - Connect Sync (Hybrid Join)](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_Connect_Provisioning/AADConnectMenuBlade/~/ConnectSync)
🔀 [Entra ID - Enterprise Apps](https://portal.azure.us/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null)
🔀 [Entra ID - Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/CaTemplates.ReactView)
🔀 [Entra ID - Identity Governance](https://portal.azure.us/#view/Microsoft_AAD_ERM/DashboardBlade/~/GettingStarted)
🔀 [Entra ID - PIM Insights](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_PIMCommon/ResourceMenuBlade/~/aaddiscovery/resourceId//resourceType/tenant/provider/aadroles) | 💡 [Implement Continuous Access Evaluation Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation)
💡 [Implementing Primary Refresh Token](https://learn.microsoft.com/azure/active-directory/devices/concept-primary-refresh-token)
💡 [Privileged Identity Management Insights](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-security-wizard#discovery-and-insights-preview)
💡 [Entra Permissions Managment](https://learn.microsoft.com/azure/active-directory/cloud-infrastructure-entitlement-management/permissions-management-trial-user-guide)
💡 [Session Management with Conditional Access](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime) |\r\n| | 1.9 Integrated ICAM Platform | Entra Entitlement Management
Entra ID Certificate Based Authentication (CBA) | 🔀 [Entra ID - AuthN Methods](https://portal.azure.us/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods)
🔀 [Entra ID - AuthN Strengths](https://portal.azure.us/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthStrengths)
🔀 [Entra ID - AuthN Insights](https://portal.azure.us/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthMethodsActivity)
🔀 [Entra ID - Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/CaTemplates.ReactView) | 💡 [Microsoft Integrated Identity Platform Entra](https://learn.microsoft.com/azure/active-directory/develop/v2-overview)
💡 [Implement Passwordless Auth with Microsoft Entra](https://learn.microsoft.com/azure/active-directory/fundamentals/auth-passwordless)
💡 [Configure Passwordless Key with Microsoft Entra](https://learn.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key)
💡 [Entra Certificate Based Authorization](https://learn.microsoft.com/azure/active-directory/authentication/concept-certificate-based-authentication) |\r\n| Device 2.x | | | | |\r\n| | 2.1 Device Inventory | Microsft Entra ID
Microsft Entra ID Conditional Access (CA)
Microsoft Defender for Endpoint (MDE)
Microsoft Defender for Cloud (MDfC)
Microsoft Defender for Identity (MDI)
Microsoft Intune | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/overview)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡[M365 Defender Device inventory](https://learn.microsoft.com/graph/api/resources/intune-graph-overview?view=graph-rest-1.0%22%20%EF%BF%BDHYPERLINK%20%22https://learn.microsoft.com/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-worldwide)
💡[What is a device identity (Azure Active Directory)?](https://learn.microsoft.com/azure/active-directory/devices/overview)
💡[Manage device identities by using the Azure portal](https://learn.microsoft.com/azure/active-directory/devices/device-management-azure-portal)
💡[Manage your devices and control features with Microsoft Intune](https://learn.microsoft.com/mem/intune/fundamentals/manage-devices)
💡[Hybrid Azure AD joined devices](https://learn.microsoft.com/azure/active-directory/devices/concept-azure-ad-join-hybrid)
💡[Conditional Access policy: Device Compliancy](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
💡[ZT Guide: Endpoint Zero Trust Deployment Objectives](https://learn.microsoft.com/security/zero-trust/deploy/endpoints#endpoint-zero-trust-deployment-objectives)
💡[Intune Reporting](https://learn.microsoft.com/mem/intune/fundamentals/review-logs-using-azure-monitor) ** not yet availble in DoD cloud
💡[Provide Additional Intune Reporting](https://www.linkedin.com/pulse/provide-additional-intune-reporting-data-wmi-iren%C3%A4us-becker/)
💡[Working with Intune in Microsoft Graph](https://learn.microsoft.com/graph/api/resources/intune-graph-overview?view=graph-rest-1.0) |\r\n| | 2.2 Device Detection and Compliance | Entra ID Conditional Access (CA)
Microsoft Defender for Endpoint (MDE)
Microsoft Intune | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints) | 💡[Device compliance policies in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/device-compliance-get-started)
💡[Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/mem/intune/protect/advanced-threat-protection-configure)
💡[Configure Conditional Access in Microsoft Defender for Endpoint](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide)
💡[Scenarios for using Conditional Access with Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/conditional-access-intune-common-ways-use?source=recommendations) |\r\n| | 2.3 Device Authorization w/ Real Time Inspection | Microsft Entra ID
Microsoft Intune
Microsoft Defender for Endpoint (MDE)
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡[Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/mem/intune/protect/advanced-threat-protection-configure)
💡[Device discovery overview](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide)
💡[Learn about Conditional Access and Intune](https://learn.microsoft.com/mem/intune/protect/conditional-access)
💡[Device compliance policies in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/device-compliance-get-started)
💡[Configure compliance policies with actions for noncompliance in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/actions-for-noncompliance)
💡[Require compliant, hybrid joined devices, or MFA - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
💡[Conditional Access insights and reporting workbook - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting)
💡[Plan an Azure Active Directory Conditional Access deployment - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access)
💡[Azure Samples for Conditional Access (PowerShell) - GitHub](https://github.com/Azure-Samples/azure-ad-conditional-access-apis/tree/main/01-configure/powershell)
Additional References:
💡[Track changes to system files and registry keys](https://learn.microsoft.com/azure/defender-for-cloud/file-integrity-monitoring-overview)
💡[Connect Microsoft Defender for Cloud alerts to Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/connect-defender-for-cloud)
💡[Deploying and Managing Microsoft Defender for Cloud as Code](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/deploying-and-managing-microsoft-defender-for-cloud-as-code/ba-p/3649653)
💡[Collect data in custom log formats to Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/connect-custom-logs?tabs=DCG)
💡[Azure Monitor Agent overview - Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/agents/agents-overview)
💡[Use entity behavior analytics to detect advanced threats](https://learn.microsoft.com/azure/sentinel/enable-entity-behavior-analytics) |\r\n| | 2.4 Remote Access | Microsft Entra ID
Microsft Entra ID Conditional Access (CA)
Microsoft Intune
Microsoft Defender for Endpoint (MDE) | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints) | 💡[Require compliant, hybrid joined devices, or MFA - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device)
💡[Conditional Access APIs and PowerShell - Microsoft Entra](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-apis)
💡[Device compliance policies in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/device-compliance-get-started)
💡[Configure compliance policies with actions for noncompliance in Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/actions-for-noncompliance)
💡[Configure Microsoft Defender for Endpoint in Intune](https://learn.microsoft.com/mem/intune/protect/advanced-threat-protection-configure)
💡[Configure Conditional Access in Microsoft Defender for Endpoint](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide)
💡[Enhance security with the principle of least privilege](https://learn.microsoft.com/azure/active-directory/develop/secure-least-privileged-access)
💡[Best practices for Azure AD roles](https://learn.microsoft.com/azure/active-directory/roles/best-practices)
💡[Least privileged roles by task in Azure Active Directory](https://learn.microsoft.com/azure/active-directory/roles/delegate-by-task) |\r\n| | 2.5 Partially & Fully Automated Asset, Vulnerability and Patch | Microsoft Intune
Microsoft Endpoint Configuration Manager (MECM)
Mircosoft Defender for Endpoint (MDE) Threat & Vulnerability Management (TVM)
Azure Arc-enabled Servers
Azure Automation | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Azure Arc](https://portal.azure.us/#view/Microsoft_Azure_HybridCompute/AzureArcCenterBlade/~/overview) | 💡 [What is Windows Update for Business?](https://learn.microsoft.com/windows/deployment/update/waas-manage-updates-wufb)
💡 [Microsoft Configuration Manager MECEM](https://learn.microsoft.com/mem/configmgr/core/understand/introduction)
💡 [Update rings for Windows 10 and later policy in Intune](https://learn.microsoft.com/mem/intune/protect/windows-10-update-rings?source=recommendations)
💡 [Manage Windows 10 and Windows 11 software updates in Intune](https://learn.microsoft.com/mem/intune/protect/windows-update-for-business-configure)
💡 [Deploy software updates with Configuration Manager](https://learn.microsoft.com/mem/configmgr/sum/deploy-use/deploy-software-updates)
💡 [Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint](https://learn.microsoft.com/mem/intune/protect/atp-manage-vulnerabilities)
💡 [Remediate vulnerabilities (Defender for Endpoint)](https://learn.microsoft.com/microsoft-365/security/defender-vulnerability-management/tvm-remediation?view=o365-worldwide)
💡 [Choose how to deliver updates for the Microsoft 365 Apps](https://learn.microsoft.com/deployoffice/fieldnotes/choose-how-to-deliver-updates)
💡 [Windows Release Health](https://learn.microsoft.com/windows/release-health/)
💡 [Manage updates and patches for your VMs](https://learn.microsoft.com/azure/automation/update-management/manage-updates-for-vm)
💡 [Automate your patching using Azure Arc and Azure Automation](https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141)
|\r\n| | 2.6 Unified Endpoint Management (UEM) & Mobile Device Management (MDM) | Microsoft Intune
Azure Arc-enabled Servers
Azure Autiomation | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Azure Arc](https://portal.azure.us/#view/Microsoft_Azure_HybridCompute/AzureArcCenterBlade/~/overview) | 💡[What is Microsoft Intune](https://learn.microsoft.com/mem/intune/fundamentals/what-is-intune)
💡[Manage your devices and control device features in Microsoft Intune](https://learn.microsoft.com/mem/intune/fundamentals/manage-devices)
💡[Zero Trust with Microsoft Intune](https://learn.microsoft.com/mem/intune/fundamentals/zero-trust-with-microsoft-intune)
💡[Supported operating systems and browsers in Intune](https://learn.microsoft.com/mem/intune/fundamentals/supported-devices-browsers)
💡[Enrollment guide: Microsoft Intune enrollment](https://learn.microsoft.com/mem/intune/fundamentals/deployment-guide-enrollment)
💡[Manage iOS/iPadOS software update policies in Intune](https://learn.microsoft.com/mem/intune/protect/software-updates-ios)
💡[Manage macOS software update policies in Intune](https://learn.microsoft.com/mem/intune/protect/software-updates-macos)
💡[Microsoft Intune How-To Guides](https://learn.microsoft.com/mem/intune/#how-to-guides)
💡[What is Azure Arc-enabled servers?](https://learn.microsoft.com/azure/azure-arc/servers/overview)
💡[Automate your patching using Azure Arc and Azure Automation](https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141) |\r\n| | 2.7 Endpoint & Extended Detection & Response (EDR & XDR) | Microsoft 365 Defender
Microsoft Defender for Endpoint (MDE)
Microsoft Defednder for Identity (MDI)
Microsoft Defender for Office 365 (MDO)
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel | 🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [M365 Defender Portal](https://security.microsoft.us) | 💡[What is Microsoft Defender for Endpoint?](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide)
💡[Zero Trust with Microsoft Defender for Endpoint](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/zero-trust-with-microsoft-defender-endpoint?view=o365-worldwide)
💡[What is Microsoft 365 Defender?](https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide)
💡[Zero Trust with Microsoft 365 Defender](https://learn.microsoft.com/microsoft-365/security/defender/zero-trust-with-microsoft-365-defender?view=o365-worldwide)
💡[Overview of endpoint detection and response (EDR) with Microsoft 365 Defender](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response?view=o365-worldwide)
💡[Implement Microsoft Sentinel and Microsoft 365 Defender for Zero Trust](https://learn.microsoft.com/security/operations/siem-xdr-overview)
💡[Manage endpoint detection and response (EDR) policy for endpoint security in Intune](https://learn.microsoft.com/mem/intune/protect/endpoint-security-edr-policy)
💡[Set up your XDR tools](https://learn.microsoft.com/security/operations/setup-xdr-tools)
💡[Architect your Microsoft Sentinel workspace](https://learn.microsoft.com/security/operations/siem-workspace)
💡[Ingest data sources and configure incident detection in Sentinel](https://learn.microsoft.com/security/operations/ingest-data-sources)
💡[Respond to an incident using Microsoft Sentinel and Microsoft 365 Defender](https://learn.microsoft.com/security/operations/respond-incident) |\r\n| Application & Workload 3.x | | | | |\r\n| | 3.1 Application Inventory | Entra ID
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Endpoint (MDE)
Microsoft Intune | 🔀 [Entra ID Applications - Useage & Insights](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_AAD_IAM/EnterpriseApplicationsInsightsMenuBlade/~/ApplicationActivity)
🔀 [Application Security Groups](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FapplicationSecurityGroups)
🔀 [Microsoft Defender for Cloud Apps - Discovery](https://security.microsoft.us/cloudapps/discovery)
🔀 [Virtual Network Gateways](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Network%2FvirtualNetworkGateways)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [Cloud Discovery Setup](https://learn.microsoft.com/defender-cloud-apps/set-up-cloud-discovery)
💡 [Deploy Intune Softare inventory & Security Policies](https://learn.microsoft.com/answers/questions/67892/can-we-use-intune-to-inventory-software-on-devices)
💡 [Configure Blocking Unwanted or Unapproved Applications](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide)
💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool)
💡 [Active Directory Federation Services Health](https://learn.microsoft.com/azure/active-directory/hybrid/connect/how-to-connect-health-adfs)
💡 [Azure Active Directory Application Audit](https://github.com/jsa2/AADAppAudit#azure-ad-application-analytics-solution)
💡 [Azure Active Directory Application Proxy](https://learn.microsoft.com/azure/active-directory/app-proxy/what-is-application-proxy)
💡 [Using Microsoft Defender for Cloud Asset Inventory](https://learn.microsoft.com/azure/defender-for-cloud/asset-inventory)
💡 [Working with Discovered Apps](https://learn.microsoft.com/defender-cloud-apps/discovered-apps)
💡 [Software Inventory](https://learn.microsoft.com/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-worldwide) |\r\n| | 3.2 Secure Software Development & Integration | Azure Policy
Microsoft Defender for Cloud (MDfC)
Microsoft Defender for Endpoint (MDE) | 🔀 [Azure DevOps](https://portal.azure.us/#view/AzureTfsExtension/OrganizationsTemplateBlade)
🔀 [Azure Dev Test Center](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.DevTestLab%2Flabs)
🔀 [Azure DevTest Lab](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.DevTestLab%2Flabs)
🔀 [Intune App Security](https://endpoint.microsoft.us)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | |\r\n| | 3.3 Software Risk Management | Microsoft Defender for Cloud Apps (MDA)
Mircosoft Defender for Endpoint (MDE) Threat & Vulnerability Management (TVM)
Microsoft Intune | 🔀 [Azure Enterprise Apps Portal](https://portal.azure.us/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview)
🔀 [Intune Application Security](https://endpoint.microsoft.us/#view/Microsoft_Intune_DeviceSettings/AppsMenu/~/overview)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Manage and Secure Apps In Intune](https://learn.microsoft.com/mem/intune/fundamentals/manage-apps)
💡 [App Protection Policies in Intune](https://learn.microsoft.com/mem/intune/apps/app-protection-policy)
💡 [Microsoft Container Registry](https://mcr.microsoft.com/)
💡 [GitHub Actaion For Vulnerability Scanning](https://github.com/marketplace/actions/anchore-container-scan)
💡 [Code Scanning with CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)
💡 [Keeping your supply chain secure with Dependabot](https://docs.github.com/en/code-security/dependabot)
💡 [Secure Supply Chain Consumption Framework](https://www.microsoft.com/securityengineering/opensource/osssscframeworkguide)
💡 [Generating Software Bill of Materials (SBOM)](https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/)
💡 [Microsoft Open Source Software Bill of Materials SBOM](https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-software-bill-of-materials-sbom-generation-tool/)
💡 [Github Software Bill of Materials - SBOM-Tool](https://github.com/microsoft/sbom-tool) |\r\n| | 3.4 Resource Authorization & Integration | Entra ID Conditional Access (CA)
Entra ID Application Proxy
Azure Policy
Entra ID Privilleged Identity Management (PIM)
Microsoft 365 Defender
Microsoft Intune
Microsoft Defender for Cloud (MDfC) | 🔀 [Azure Identity Governance](https://portal.azure.us/#blade/Microsoft_AAD_ERM/DashboardBlade)
🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Azure Application Proxy](https://portal.azure.us/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppProxy)
🔀 [Managed Service Identity](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/6f3afa5d-4b81-4f10-8806-fb75689672da/appId/c75517e9-05c9-49e9-9990-94f68b04ffc4)
🔀 [Intune Application Security](https://endpoint.microsoft.us/#view/Microsoft_Intune_DeviceSettings/AppsMenu/~/overview)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Deploy Microsoft Defender for Cloud - Enterprise Cloud Application Protection](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction)
💡 [Configure Microsoft Cloud Identity for Enterprise Architects](https://www.microsoft.com/download/details.aspx?id=54431)
💡 [Deploying Application & Authorization Azure App Services](https://learn.microsoft.com/azure/app-service/overview-authentication-authorization)
💡 [How to create and deploy a custome Authorization Manager](https://learn.microsoft.com/dotnet/framework/wcf/extending/how-to-create-a-custom-authorization-manager-for-a-service)
💡 [Configure with Entra Identity Platform](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow)
💡 [How-to Manage Apps Remove User Access with Entra](https://learn.microsoft.com/azure/active-directory/manage-apps/methods-for-removing-user-access)
💡 [Setup Protecting Apps w. Entra Conditional Access](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps)
💡 [Role Based Access Control Configuration with Intune](https://learn.microsoft.com/mem/intune/fundamentals/role-based-access-control) |\r\n| | 3.5 Continuous Monitoring and Ongoing Authorizations | Entra ID - Conditional Access (CA)
Microsoft Defender for Cloud Apps (MDA)
Microsoft Senitnel Playbooks
Entra ID - Privileged Identity Management (PIM) | 🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)
🔀 [Application Insights](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.insights%2Fcomponents)
🔀 [Entra ID](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)
🔀 [Application Security Groups Portal](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FapplicationSecurityGroups)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel) | 💡 [How-to-Build a Successful App Security Program](https://www.microsoft.com/security/blog/2021/03/29/how-to-build-a-successful-application-security-program/)
💡 [Setting up Hybrid Continuous Monitoring with Sentinel](https://learn.microsoft.com/azure/architecture/hybrid/hybrid-security-monitoring)
💡 [Deploy Adaptive Appliation Conrols Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/adaptive-application-controls)
💡 [Configure Azure Security Management & Monitoring](https://learn.microsoft.com/azure/security/fundamentals/management-monitoring-overview)
💡 [Leverage Security Baselines for M365 Apps Enterprise](https://learn.microsoft.com/deployoffice/security/security-baseline)
💡 [Utilize Application Control for Windows](https://learn.microsoft.com/windows/security/application-security/application-control/windows-defender-application-control/wdac) |\r\n| Data 4.x | | | | |\r\n| | 4.1 Data Catalog Risk Alignment | Purview Data Catalog
Purview Data Map
Microsoft Sentinel | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Azure Data Classification Service](https://portal.azure.us/#view/Microsoft_AAD_IAM/ManagedAppMenuBlade/~/Overview/objectId/30ea52ed-e5a7-4e51-a4ea-6c3b96a8be36/appId/7c99d979-3b9c-4342-97dd-3239678fb300) | 💡 [Create a Azrure Data Catalog](https://learn.microsoft.com/azure/data-catalog/data-catalog-get-started)
💡 [Use the Service Catalog](https://learn.microsoft.com/system-center/scsm/service-catalog?view=sc-sm-2022)
💡 [Azure Data Catalog FAQ](https://learn.microsoft.com/azure/data-catalog/data-catalog-frequently-asked-questions)
💡 [Establishing Sensitivity Labels](https://learn.microsoft.com/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide)
💡 [Create and Publish Sensitivity Labels](https://learn.microsoft.com/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide)
💡 [Get Started with Trainable Classifiers](https://learn.microsoft.com/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
💡 [Set up Azure Rights Management](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
💡 [Sentinel Data Connectors](https://learn.microsoft.com/azure/sentinel/connect-data-sources)
💡 [Discover Data & Apply Sensitivity Labels Automatically](https://learn.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) |\r\n| | 4.2 DoD Enterprise Data Governance | Purview Data Governance
Purview Data Estate Insights
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/machines?category=endpoints)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [Implement Microsoft Purview - IRM & Compliance - DoD Deployments](https://learn.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/plan-for-microsoft-purview-dod-deployments)
💡 [Implement a Data Governance Maturity Model Framework](https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/govern)
💡 [Deploy Azure Data Governance](https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/govern)
💡 [Leverage Microsoft Defender for For Cloud Goverance Rules](https://learn.microsoft.com/azure/defender-for-cloud/governance-rules)
💡 [Implement Purview Data Governance](https://learn.microsoft.com/purview/?view=o365-worldwide)
💡 [Purview Data Lineage Machine Learning](https://learn.microsoft.com/samples/microsoft/purview-machine-learning-lineage-solution-accelerator/purview-machine-learning-lineage-solution-accelerator/)
💡 [Get Started with Trainable Classifiers](https://learn.microsoft.com/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
💡 [Azure Collaboration Governance](https://learn.microsoft.com/microsoft-365/solutions/collaboration-governance-overview?view=o365-worldwide)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
💡 [Configure Sentinel Data Connectors](https://learn.microsoft.com/azure/sentinel/connect-data-sources)
💡 [Monitor Your SQL Deployments](https://learn.microsoft.com/azure/azure-sql/database/sql-insights-overview?view=azuresql)
💡 [Apply Sensitivity Labels Automatically](https://learn.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) |\r\n| | 4.3 Data Labeling and Tagging | Purview Information Protection | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5) | 💡 [Create Sensitivity Labels](https://learn.microsoft.com/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide)
💡 [Create and Publish Sensitivity Labels](https://learn.microsoft.com/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide)
💡 [Deploy with Trainable Classifiers](https://learn.microsoft.com/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
💡 [Utilize Rights Management](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
💡 [Apply Sensitivity Labels Automatically](https://learn.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide)
💡 [Use the Service Catalog](https://learn.microsoft.com/system-center/scsm/service-catalog?view=sc-sm-2022) |\r\n| | 4.4 Data Monitoring and Sensing | Purview Data Loss Protection (DLP)
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Endpoint (MDE)
Microsoft Sentinel | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Azure Monitor Control Service](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/512ba5b8-8ced-42b9-8a94-c93befaf66a1/appId/e933bd07-d2ee-4f1d-933c-3752b819567b) | 💡 [Leverage Data Monitoring & Self Healing](https://learn.microsoft.com/compliance/assurance/assurance-monitoring-and-self-healing)
💡 [Deploy Microsoft 365 Monitorning](https://learn.microsoft.com/microsoft-365/enterprise/microsoft-365-monitoring?view=o365-worldwide)
💡 [Senitnel Data Collection Best Practices](https://learn.microsoft.com/azure/sentinel/best-practices-data)
💡 [Deploy Microsoft Purview](https://learn.microsoft.com/purview/purview)
💡 [Utilze Azure Rights Management](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms)
💡 [Configure Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection)
💡 [Configure Sentinel Data Connectors](https://learn.microsoft.com/azure/sentinel/connect-data-sources)
💡 [Monitor Your SQL Deployments](https://learn.microsoft.com/azure/azure-sql/database/sql-insights-overview?view=azuresql) |\r\n| | 4.5 Data Encryption & Rights Management | Purview Data Loss Protection (DLP)
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Endpoint (MDE) | 🔀 [Azure Encryption](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/21426118-88fd-4b5e-b106-3bd5f098f31a/appId/dbc36ae1-c097-4df9-8d94-343c3d091a76)
🔀 [Azure Rights Management Service](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/5f0c1df8-5bab-4fb3-b1a5-19bdba46c704/appId/00000012-0000-0000-c000-000000000000)
🔀 [M365 Data At Rest Encryption](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/882ab41e-90f7-4f4e-8b24-3503495a83e6/appId/c066d759-24ae-40e7-a56f-027002b5d3e4)
🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Utilize Azure Encrption](https://learn.microsoft.com/azure/security/fundamentals/encryption-overview)
💡 [Deploy Azure Rights Management](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms)
💡 [Deploy Purview Information Protection](https://learn.microsoft.com/purview/information-protection)
💡 [Configure Dynamic Key & Encrption Delivery](https://learn.microsoft.com/azure/media-services/latest/drm-content-protection-concept)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection) |\r\n| | 4.6 Data Loss Prevention (DLP) | Purview Data Loss Protection (DLP)
Purview Information Protection | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Endpoint DLP](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/780e77f3-df11-4525-b201-973a1b691cab/appId/c98e5057-edde-4666-b301-186a01b4dc58)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Implement Data Loss & Prevention (DLP)](https://learn.microsoft.com/purview/dlp-learn-about-dlp)
💡 [Informaiton Protection & Data Loss and Prevention- GITHUB LAB](https://microsoft.github.io/ComplianceCxE/dag/mip-dlp/)
💡 [Deploy Adaptive Protection- Data Loss & Protections](https://learn.microsoft.com/purview/dlp-adaptive-protection-learn)
💡 [Apply Rules for DLP Exchange Online](https://learn.microsoft.com/exchange/security-and-compliance/data-loss-prevention/dlp-rule-application)
💡 [Utilize Trainable Classifiers](https://learn.microsoft.com/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide)
💡 [Deploy Azure Information Protection](https://learn.microsoft.com/azure/information-protection/aip-classification-and-protection) |\r\n| | 4.7 Data Access Control | Microsoft Defender for Cloud Apps (MDA)
Entra ID Conditional Access (CA)
Purview Insider Risk Management
Purview Information Protection
Purview Data Loss Prevention (DLP)
Microsoft Intune | 🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Entra ID Privileged Identity Management](https://portal.azure.us/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade)
🔀 [Entra ID Conditional Access](https://portal.azure.us/#blade/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade)
🔀 [Azure Internal Access Scope Portal](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/a0779651-4c07-4392-a11f-a1694cb497b1/appId/c29427db-9ecc-4750-ad93-d256863f2e37)
🔀 [Virtual Network Terminal Access Points](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.network%2Fvirtualnetworktaps)
🔀 [Microsoft Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Entra ID - Diagnostic Settings](https://portal.azure.us/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings)
🔀 [Conditional Access Policies](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Azure Data Explorer](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Kusto%2Fclusters) | 💡 [Configure Conditional Access in Azure Active Directory](https://learn.microsoft.com/azure/active-directory/conditional-access/overview)
💡 [Use Conditional Access Microsoft Intune](https://learn.microsoft.com/mem/intune/protect/conditional-access)
💡 [Use Conditional Access APIs](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-apis)
💡 [Deploy Conditional Access Policies](https://learn.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access#deploy-conditional-access-policies)
💡 [Use Conditional Access With Data Explorer](https://learn.microsoft.com/azure/data-explorer/security-conditional-access)
💡 [Deploy Common Conditional Access Policies](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation)
💡 [Build Conditional Access](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policies) |\r\n| Network & Environment 5.x | | | | |\r\n| | 5.1 Data Flow Mapping | Azure Monitor Net Insights
Network Watcher
Microsoft Defender for Endpoint (MDE) | 🔀 [Network Security Perimeters](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FnetworkSecurityPerimeters)
🔀 [Network Interfaces](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2Fnetworkinterfaces)
🔀 [Azure Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)
🔀 [Azure Firewall](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FazureFirewalls)
🔀 [Web Application Firewall](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FFrontDoorWebApplicationFirewallPolicies)
🔀 [DDoS Protection Plans](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FddosProtectionPlans)
🔀 [Firewall Manager](https://portal.azure.us/#view/Microsoft_Azure_HybridNetworking/FirewallManagerMenuBlade/~/firewallManagerOverview)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
| 💡 [Use Data Flow Mapping Power Platform](https://learn.microsoft.com/power-query/dataflows/create-use)
💡 [User Azure Network Traffic Analytics](https://learn.microsoft.com/azure/network-watcher/traffic-analytics)
💡 [Azure Blue Print ](https://learn.microsoft.com/azure/governance/blueprints/overview)
💡 [Leverage Azure Data Visualization with Data Explorer](https://learn.microsoft.com/azure/data-explorer/viz-overview)
💡 [Use Power Automate for Event Tagging](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/api-microsoft-flow?view=o365-worldwide)
💡 [Secure & Govern Workloads with Network-level Segmentation](https://learn.microsoft.com/azure/architecture/reference-architectures/hybrid-networking/network-level-segmentation)
💡 [Deploy Software Defined Netoworking](https://learn.microsoft.com/azure-stack/hci/concepts/plan-software-defined-networking-infrastructure)
💡 [Manage Software Defined Netoworking](https://learn.microsoft.com/windows-server/networking/sdn/manage/manage-sdn)
💡 [Key Components of Software Defined Networking Data Sheet](https://learn.microsoft.com/windows-server/networking/sdn/technologies/Software-Defined-Networking-Technologies) |\r\n| | 5.2 Software Defined Networking (SDN) | Secure Access Service Edge (SASE)
Microsoft Network Secuirty Groups (NSG)
Entra ID App Proxy | 🔀 [Manage Virtual Network](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FvirtualNetworks)
🔀 [Network Security Groups](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FNetworkSecurityGroups)
🔀 [Network Managers](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FnetworkManagers)
🔀 [Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview)
🔀 [Network Security Perimeters](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FnetworkSecurityPerimeters)
🔀 [Entra App Proxy](https://portal.azure.us/#view/Microsoft_AAD_IAM/AppProxyOverviewBlade) | 💡 [Use Secure Access Service Edge SASE - Software Defined Networking Zero Trust](https://www.microsoft.com/security/business/security-101/what-is-sase)
💡 [Software Defined Network Monitoring using Sentinel](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/software-defined-monitoring-using-automated-notebooks-and-azure/ba-p/2587775)
💡 [Plan Software Defined Netoworking](https://learn.microsoft.com/azure-stack/hci/concepts/plan-software-defined-networking-infrastructure)
💡 [Implementing Software Defined Networking](https://learn.microsoft.com/windows-server/networking/sdn/)
💡 [Manage Software Detined Netoworking](https://learn.microsoft.com/windows-server/networking/sdn/manage/manage-sdn)
💡 [Deploy Software Defined Networking](https://learn.microsoft.com/windows-server/networking/sdn/deploy/deploy-a-software-defined-network-infrastructure-using-scripts)
💡 [Secure the Network Controller](https://learn.microsoft.com/azure-stack/hci/manage/nc-security)
💡 [SDN for Win Server 2019 and 2022](https://learn.microsoft.com/windows-server/networking/sdn/sdn-whats-new)
💡 [Key Components of Software Defined Networking Data Sheet](https://learn.microsoft.com/windows-server/networking/sdn/technologies/Software-Defined-Networking-Technologies)
💡 [IPV6 Config Interface](https://learn.microsoft.com/javascript/api/%40azure/arm-databoxedge-profile-2020-09-01-hybrid/ipv6config?view=azure-node-latest&wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Leverage IPV6 for Azure Virtual Networks](https://learn.microsoft.com/azure/virtual-network/ip-services/ipv6-overview?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Segementation Security Strategies](https://learn.microsoft.com/azure/well-architected/security/design-segmentation)
💡 [Implement Network Segmentation Paterns On Azure](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation)
💡 [Utilize Microsoft Packet Monitor](https://learn.microsoft.com/windows-server/networking/technologies/pktmon/pktmon) |\r\n| | 5.3 Macro Segmentation | Azure Subscription
Azure VNet(s)
Azure VNet Manager
Network Security Groups (NSG)
Azure Firewall | 🔀 [Impletment Network Segmentation](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation)
🔀 [Azure Features for Segmentation](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation#azure-features-for-segmentation)
🔀 [Network Service](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
🔀 [Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview) | 💡 [Impletment Network Segmentation](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation)
💡 [Azure Features for Segmentation](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation#azure-features-for-segmentation)
💡 [Segementation Security Strategies](https://learn.microsoft.com/azure/well-architected/security/design-segmentation)
💡 [Network Service Designs](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.HybridNetwork%2Fpublishers%2Fnetworkservicedesigngroups)
💡 [Network Watcher](https://portal.azure.com/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview) |\r\n| | 5.4 Micro Segmentation | Azure Security Groups (ASG)
Entra ID App Proxy
Microsoft Tunnel | 🔀 [Virtual Networks Termal Access Points](https://portal.azure.us/#view/HubsExtension/BrowseResourceBlade/resourceType/microsoft.network%2Fvirtualnetworktaps)
🔀 [Conditional Access](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Overview)
🔀 [Cloud Access Routers](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Orbital%2FcloudAccessRouters)
🔀 [Entra ID Conditional Access](https://portal.azure.us/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Overview)
🔀 [Azure Monitor Networks](https://portal.azure.us/#view/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/~/networkInsights)
🔀 [Azure Connection Monitor](https://portal.azure.us/#view/Microsoft_Azure_FlowLog/ConnectionMonitorV2ViewModel)
🔀 [Azure Network Watcher](https://portal.azure.us/#view/Microsoft_Azure_Network/NetworkWatcherMenuBlade/~/overview/menuId~/%7B%22target%22%3A%7B%7D%7D) | 💡 [Enabling JIT Access Controls](https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-usage?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Conditional Access Block Access by Location](https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-location?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Secure Networks with Zero Trust](https://learn.microsoft.com/security/zero-trust/deploy/networks)
💡 [Implement Network Segmentation Paterns On Azure](https://learn.microsoft.com/azure/well-architected/security/design-network-segmentation?wtmc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=a3b01375fbf840fe9b8065377eabbd7d)
💡 [Microsoft Packet Monitor](https://learn.microsoft.com/windows-server/networking/technologies/pktmon/pktmon) |\r\n| Automation & Orchestration 6.x | | | | |\r\n| | 6.1 Policy Decision Point (PDP) & Policy Orchestration | Entra ID Conditional Access (CA)
Azure Policy
Azure Automation
Azure ML
Azure Firewall
Microsoft Sentinel | 🔀 [Azure Automation](https://portal.azure.us/#view/Microsoft_AAD_IAM/ManagedAppMenuBlade/~/Overview/objectId/d2175af3-6958-4008-83ac-ac2b81eafac7/appId/fc75330b-179d-49af-87dd-3b1acf6827fa)
🔀 [Azure Machine Learning](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.MachineLearningServices%2Fworkspaces)
🔀 [Azure Policy](https://portal.azure.us/#blade/Microsoft_Azure_Policy/PolicyMenuBlade)
🔀 [Azure Virtual Desktop](https://portal.azure.us/#view/Microsoft_Azure_WVD/WvdManagerMenuBlade/~/overview)
🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null) | 💡 [Visibility,Automation and Orchestration with Zero Trust](https://learn.microsoft.com/)
💡 [Azure Orchestration for Azure Security Policy](https://learn.microsoft.com/security/benchmark/azure/baselines/azure-policy-security-baseline)
💡 [Configuration Analyzer for Security Policies](https://learn.microsoft.com/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-worldwide)
💡 [Azure Automation Overview](https://learn.microsoft.com/azure/automation/overview)
💡 [Azure Security Baseline for Automation](https://learn.microsoft.com/security/benchmark/azure/baselines/automation-security-baseline)
💡 [Azure Policy](https://learn.microsoft.com/azure/governance/policy/overview)
💡 [What is Azure Firewall?](https://learn.microsoft.com/azure/firewall/overview)
💡 [Apply Zero Trust principles to a hub virtual network in Azure](https://learn.microsoft.com/security/zero-trust/azure-infrastructure-networking)
💡 [Management of Role Permissions and Automation](https://learn.microsoft.com/azure/automation/automation-role-based-access-control)
💡 [Using Azure Machine Learning to assign roles](https://learn.microsoft.com/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=labeler)
💡 [Azure AD Seccurity Groups ML](https://learn.microsoft.com/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=labeler#use-azure-ad-security-groups-to-manage-workspace-access) |\r\n| | 6.2 Critical Process Automation | Microsoft Power Automate
Azure Logic Apps
Microsoft Sentinel Playbooks
Microsoft 365 Defender Automated Investigation & Response | 🔀 [Azure Automation](https://portal.azure.us/#view/Microsoft_AAD_IAM/ManagedAppMenuBlade/~/Overview/objectId/d2175af3-6958-4008-83ac-ac2b81eafac7/appId/fc75330b-179d-49af-87dd-3b1acf6827fa)
🔀 [Microsoft Sentinel Automation Blade](https://portal.azure.us/?feature.msaljs=true#view/Microsoft_Azure_Security_Insights/MainMenuBlade/~/Automationl)
🔀 [Azure Logic Apps Blade](https://portal.azure.us/?feature.msaljs=true#view/HubsExtension/BrowseResource/resourceType/Microsoft.Logic%2Fworkflows)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Azure Automation Overview](https://learn.microsoft.com/azure/automation/overview)
💡 [Azure Security Baseline for Automation](https://learn.microsoft.com/security/benchmark/azure/baselines/automation-security-baseline)
💡 [Visibility, Automation, and Orchestration with Zero Trust](https://learn.microsoft.com/)
💡 [Automation in Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/automation)
💡 [Automate Threat Response with Playbooks](https://learn.microsoft.com/azure/sentinel/automate-responses-with-playbooks)
💡 [Automated Investigation & Response M365 Defender](https://learn.microsoft.com/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide)
💡 [Power Automate U.S Government](https://learn.microsoft.com/power-automate/us-govt) |\r\n| | 6.3 Machine Learning | Microsoft Sentinel Fusion ML
Microsoft Sentinel Bring Your Own Machine Learning (BYOML)
Microsoft Defender for Cloud (MDfC)
Azure ML | 🔀 [Azure Machine Learning](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.MachineLearningServices%2Fworkspaces)
🔀 [Power Automate](https://make.gov.powerautomate.us/)
🔀 [Power Platform Admin Center](https://admin.appsplatform.us/)
🔀 [Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Defender for Cloud](https://portal.azure.us/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0) | 💡 [Advanced multistage attack detection in Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/fusion)
💡 [Bring your own Machine Learning (ML) into Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/bring-your-own-ml)
💡 [Azure Machine Learning](https://learn.microsoft.com/azure/machine-learning/?view=azureml-api-2)
💡 [Enterprise Security & Governance w. Machine Learning](https://learn.microsoft.com/azure/machine-learning/concept-enterprise-security?view=azureml-api-2)
💡 [Azure Government Isolaiton Guidelines using AI & ML](https://learn.microsoft.com/azure/azure-government/documentation-government-impact-level-5)
💡 [Quick Start Azure Machine Learning](https://learn.microsoft.com/azure/machine-learning/tutorial-azure-ml-in-a-day?view=azureml-api-2)
💡 [Azure security baseline for Azure Machine Learning](https://learn.microsoft.com/security/benchmark/azure/baselines/machine-learning-security-baseline) |\r\n| | 6.4 Artificial Intelligence | Microsoft Sentinel Fusion ML
Microsoft Sentinel Tailored AI
Azure ML | 🔀 [Azure AI Services](https://portal.azure.us/#blade/Microsoft_Azure_ProjectOxford/CognitiveServicesHub)
🔀 [Sentinel](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Defender for Cloud](https://portal.azure.us/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0) | 💡 [AI Security Services](https://learn.microsoft.com/azure/ai-services/security-features)
💡 [Senintel Automation](https://learn.microsoft.com/azure/sentinel/automation)
💡 [AI ID & Access Risk Based Controls](https://azure.microsoft.com/products/category/identity/)
💡 [Implement Sentinel & M365 Defender for XDR - AI Driven Zero Trust ](https://learn.microsoft.com/security/operations/siem-xdr-overview)
💡 [Become a Sentinel Automation Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377) |\r\n| | 6.5 Security Orchestration, Automation & Response (SOAR) | Microsoft 365 Defender Automated investigation and response
Microsoft Sentinel Playbooks
Microsoft Defender for Cloud (MDfC)
Azure Logic Apps | 🔀 [Sentinel SIEM-SOAR](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Logic Apps](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows)
🔀 [Microsoft Defender for Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null) | 💡 [Security Ochestration, Automation & Response (SOAR) In Sentinel](https://learn.microsoft.com/azure/sentinel/automation)
💡 [Sentinel SOAR](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-use-azure-sentinel-for-incident-response-orchestration/ba-p/2242397)
💡 [Microsoft Sentinel SOAR Content Catalog](https://learn.microsoft.com/azure/sentinel/sentinel-soar-content)
💡 [Automate Threat Response with Playbooks in Sentinel](https://learn.microsoft.com/azure/sentinel/automate-responses-with-playbooks)
💡 [Automated investigation and response in Microsoft 365 Defender](https://learn.microsoft.com/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide)
💡 [Workflow Automation in Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/workflow-automation)
💡 [SOAR Best Practices](https://www.microsoft.com/security/business/security-101/what-is-soar#SOARbestpractices)
💡 [Become a Sentinel Automation Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377) |\r\n| | 6.6 API Standardization | Azure API Management
Azure Monitor Log Analytics
Azure Logic Apps
Azure Policy | 🔀 [API Management Services](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.ApiManagement%2Fservice)
🔀 [API Connections](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Web%2Fconnections)
🔀 [API Playground](https://portal.azure.us/#blade/Microsoft_Azure_Resources/ArmPlayground)
🔀 [Azure Logic Apps](https://portal.azure.us/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Logic%2Fworkflows) | 💡 [Microsft API Management & Security](https://azure.microsoft.com/products/api-management/)
💡 [Mitigate OWASP Top 10 Security Threats Using Microsoft API Management](https://learn.microsoft.com/azure/api-management/mitigate-owasp-api-threats)
💡 [Security Baselines for API Management](https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline)
💡 [Secure and Compliant APIs for a Hybrid and Multi Cloud World](https://azure.microsoft.com/blog/secure-and-compliant-apis-for-a-hybrid-and-multi-cloud-world/)
💡 [Web API Design Best Practice](https://learn.microsoft.com/azure/architecture/best-practices/api-design)
💡 [Monitor & Protect Your APIs](https://learn.microsoft.com/azure/api-management/api-management-howto-use-azure-monitor) |\r\n| | 6.7 Security Operations Center (SOC) & Incident Response (IR) | Microsoft Sentinel Microsoft Defender for Cloud (MDfC)
Microsoft 365 Defender | 🔀 [Sentinel SIEM-SOAR](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [Logic Apps](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows)
🔀 [Microsoft Defender for Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [Security Operations In Azure](https://learn.microsoft.com/azure/well-architected/security/monitor-security-operations)
💡 [Microsoft SOC Best Practices Landing Page](https://www.microsoft.com/security/business/security-101/what-is-a-security-operations-center-soc?ef_id=_k_ce7dcd6e8f2d1919667ca9a72f733870_k_&OCID=AIDcmmdamuj0pc_SEM__k_ce7dcd6e8f2d1919667ca9a72f733870_k_&msclkid=ce7dcd6e8f2d1919667ca9a72f733870)
💡 [Playbook for Modernizing Security Operations Centers](https://www.microsoft.com/security/blog/2021/02/11/a-playbook-for-modernizing-security-operations/)
💡 [CISO Series Lessons Learned from Microsoft's SOC](https://www.microsoft.com/security/blog/2019/10/07/ciso-series-lessons-learned-from-the-microsoft-soc-part-3a-choosing-soc-tools/)
💡 [Integrating Microsoft 365 Defender into your security operations](https://learn.microsoft.com/microsoft-365/security/defender/integrate-microsoft-365-defender-secops?view=o365-worldwide) |\r\n| Visibility & Analytics 7.x | | | | |\r\n| | 7.1 Log All Traffic (Network, Data, Apps, Users) | Azure Monitor Log Analytics
Microsoft Sentinel | 🔀 [Log Analytics Workspace](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fworkspaces)
🔀 [Log Query Packs](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fquerypacks)
🔀 [Sign-in Activity Logs](https://portal.azure.us/#blade/Microsoft_AAD_IAM/SignInEventsV3Blade)
🔀 [Activity Logs](https://portal.azure.us/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/activityLog)
🔀 [Audit Log](https://portal.azure.us/#blade/Microsoft_AAD_IAM/AuditEventsV2PillsBlade)
🔀 [Operation Log](https://portal.azure.us/#blade/Microsoft_Azure_Resources/OperationLogsBlade)
🔀 [Microsoft Azure Log Search Alerts](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/c134d63b-957f-4cf7-8a34-d744aa8804df/appId/f6b60513-f290-450e-a2f3-9930de61c5e7) | 💡 [Azure Log Analytics](https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-overview)
💡 [Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/overview)
💡 [Audit Logging and Monitoring](https://learn.microsoft.com/compliance/assurance/assurance-audit-logging)
💡 [Maturity Model for Log Management M2131](https://techcommunity.microsoft.com/t5/public-sector-blog/microsoft-sentinel-maturity-model-for-event-log-management-m-21/ba-p/3074336)
💡 [Device Log Capture - Intune](https://learn.microsoft.com/mem/intune/remote-actions/collect-diagnostics)
💡 [Application Logging](https://learn.microsoft.com/sql/relational-databases/performance/view-the-windows-application-log-windows-10?view=sql-server-ver16)
💡 [User Access Logging](https://learn.microsoft.com/windows-server/administration/user-access-logging/get-started-with-user-access-logging)
💡 [Azure Infrastructure Logs](https://learn.microsoft.com/azure/well-architected/scalability/monitor-infrastructure)
💡 [Network Logging](https://learn.microsoft.com/azure/azure-web-pubsub/howto-troubleshoot-network-trace)
💡 [Supported Logs for Network](https://learn.microsoft.com/azure/azure-monitor/reference/supported-logs/microsoft-network-networkmanagers-logs) |\r\n| | 7.2 Security Information and Event Management (SIEM) | Microsoft Sentinel
Microsoft Defender for Cloud (MDfC)
Microsoft 365 Defender | 🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinel)
🔀 [M365 Defender Portal](https://security.microsoft.us/)
🔀 [Microsoft Defender for Cloud](https://portal.azure.us/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0) | 💡[Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/overview)
💡[Implement Sentinel & M365](https://learn.microsoft.com/security/operations/siem-xdr-overview)
💡[Unified SIEM & XDR](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-unified-microsoft-siem-and-xdr-github-community/ba-p/3249533)
💡[Stream Alerts Defender for Cloud to SIEM](https://learn.microsoft.com/azure/defender-for-cloud/export-to-siem#stream-alerts-to-azure-sentinel)
💡[Azure Sentinel Github Repo](https://github.com/Azure/Azure-Sentinel)
💡[Sentinel & SOC Analysis Process](https://learn.microsoft.com/azure/sentinel/migration-security-operations-center-processes)
💡[Microsoft Sentinel Skill Up Training](https://learn.microsoft.com/azure/sentinel/skill-up-resources) |\r\n| | 7.3 Common Security and Risk Analytics | Microsoft Sentinel
Microsoft Defender for Cloud (MDfC) | 🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinell)
🔀 [Defender For Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Security Baselines](https://endpoint.microsoft.us/#home) | 💡[Microsoft Security Response Center Security Updates Guide](https://msrc.microsoft.com/update-guide)
💡[Explore Risks to Sensitive Data Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/data-security-review-risks)
💡[Identify & Analyze Risks Across Your Environment](https://learn.microsoft.com/azure/defender-for-cloud/concept-attack-path)
💡[Cloud Security Posture Management](https://learn.microsoft.com/azure/defender-for-cloud/concept-cloud-security-posture-management)
💡[Microsoft Cloud Security Benchmark](https://learn.microsoft.com/azure/defender-for-cloud/concept-regulatory-compliance) |\r\n| | 7.4 User and Entity Behavior Analytics | Microsoft Sentinel UEBA
Microsoft Defender for Cloud Apps (MDA)
Microsoft Defender for Identity (MDI)
Entra ID Conditional Access (CA)
Purview Insider Risk Management | 🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinell)
🔀 [Defender For Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [M365 Defender Portal](https://security.microsoft.us/) | 💡 [ID Threats with User and Entity Behavior Analytics](https://learn.microsoft.com/azure/sentinel/identify-threats-with-entity-behavior-analytics)
💡 [Enable Entity Behavior Analytics to Detect Threats](https://learn.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)
💡 [Microsoft Sentinel UEBA Reference](https://learn.microsoft.com/azure/sentinel/ueba-reference)
💡 [Investigate Incidents with UEBA](https://learn.microsoft.com/azure/sentinel/investigate-with-ueba)
💡 [Discover and Protect Sensitive Information in your Organization](https://learn.microsoft.com/defender-cloud-apps/tutorial-dlp)
💡 [Purview Insider Risk Management](https://learn.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/plan-for-microsoft-purview-dod-deployments) |\r\n| | 7.5 Threat Intelligence Integration | Microsoft Sentinel Threat Intelligence (TI)
Microsoft Graph Security Indicators
Microsoft Defender Threat Intelligence (MDTI) | 🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinell)
🔀 [Defender For Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Microsoft Threat Intelligence Portal](https://ti.defender.microsoft.com/) | 💡[Microsoft Threat Intelligence](https://learn.microsoft.com/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti)
💡[Microsoft Security Graph API](https://learn.microsoft.com/graph/api/resources/security-api-overview?view=graph-rest-beta)
💡[Create Threat Intelligence Indicators](https://learn.microsoft.com/graph/api/tiindicators-post?view=graph-rest-beta&tabs=http)
💡[Threat intelligence integration in Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/threat-intelligence-integration)
💡[Bring Your Own Threat Intelligence Feeds](https://learn.microsoft.com/defender-cloud-apps/additional-integrations)
💡[Accessing the Threat Intelligence Portal](https://learn.microsoft.com/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal) |\r\n| | 7.6 Automated Dynamic Policies | Entra ID Protection
Microsoft Defender for Endpoint (MDE)
Microsoft Defender for Cloud (MDfC)
Microsoft Sentinel Fusion ML
Microsoft Sentinel Bring Your Own Machine Learning (BYOML)
Microsoft Sentinel Playbooks
Microsoft Intune
Azure Automation
Purview Insider Risk Management | 🔀 [Sentinel](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.securityinsightsarg%2Fsentinell)
🔀 [Defender For Cloud](https://portal.azure.us/#blade/Microsoft_Azure_Security/SecurityMenuBlade)
🔀 [Logic Apps](https://portal.azure.us/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Logic%2Fworkflows)
🔀 [Entra ID](https://portal.azure.us/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null)
🔀 [Azure Automation](https://portal.azure.us/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Overview/objectId/d2175af3-6958-4008-83ac-ac2b81eafac7/appId/fc75330b-179d-49af-87dd-3b1acf6827fa)
🔀 [Microsoft Purview Portal](https://compliance.microsoft.us)
🔀 [Microsoft Intune](https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/ReportingMenu/~/deviceCompliance) | 💡[Automate Threat Response with Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/automate-responses-with-playbooks)
💡[Adaptive Protection - Microsoft Purview](https://www.microsoft.com/security/blog/2023/02/06/introducing-adaptive-protection-in-microsoft-purview-people-centric-data-protection-for-a-multiplatform-world/#:~:text=With%20Adaptive%20Protection%2C%20DLP%20policies%20become%20dynamic%2C%20ensuring,efficient%20and%20empowered%20to%20do%20more%20with%20less.)
💡[Adaptive Policy Scopes M365](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/using-adaptive-policy-scopes-to-apply-m365-retention-to-shared/ba-p/3053641#:~:text=Back%20in%20October,in%20Microsoft%20365.)
💡[Adaptive Application Controls](https://learn.microsoft.com/azure/defender-for-cloud/adaptive-application-controls)
💡[AI-Driven Adaptive Device Controls Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/ai-driven-adaptive-protection-in-microsoft-defender-for-endpoint/ba-p/2966491)
💡[AI-Driven Adaptive Protection Against Human Operated Ransomeware](https://www.microsoft.com/security/blog/2021/11/15/ai-driven-adaptive-protection-against-human-operated-ransomware/)
💡[Microsoft Defender for Cloud Automated Security Posture Management](https://learn.microsoft.com/azure/defender-for-cloud/concept-cloud-security-posture-management)
💡[Improve your network security posture with adaptive network hardening](https://learn.microsoft.com/azure/defender-for-cloud/adaptive-network-hardening)
💡[What is Microsoft Entra ID Protection?](https://learn.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection)
💡[Azure Automation update management](https://learn.microsoft.com/azure/architecture/hybrid/azure-update-mgmt)
💡[Manage Windows 10 and Windows 11 software updates in Intune](https://learn.microsoft.com/mem/intune/protect/windows-update-for-business-configure) |"
},
"conditionalVisibility": {
"parameterName": "isess3Visible",