I would have loved to have found this video 18 months ago where I did not know nothing about domains. These first 43 minutes are the simplest yet fullest way I have seen domains explained
It took me to my old days where we used to insert 35 floppies to install a Windows OS. No MS office but only Wordstar. It was a story well explained in lay mans terms. Now things have changed drastically. We need to cope up with new technologies. But experience matters. IT operations, People Management and Risk analysis, all needs experience. Being an SME is good but the more videos we watch or inputs we get the better it prepares for Project implementations. Kudos.
This video training is absolutely outstanding. I don't think I have had a better or more thorough training than this before. I have digested every single thing you taught and can regurgitate it back to anyone now. Phenomenal!
This is a major help if you are taking the SC-300 exam but good to know if you do just about anything with in Entra ID! Awesome video will be watching this one a few times for sure.
Amazing video explaining the basics in #IT is very important so new students can join and understand in a better way. Your method of teaching is wonderful kudos for your help 🙏☺️🖥️🥇🚀
Nice Sharing..!! But had an question regarding "Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" - lets say suppose for this azure recommendation i want to turn off scanning of old images images and only with the latest tag should be scanned and rest all should be ignored - How can i do it soo ?? Need to Improve my Azure secure score
To focus vulnerability scanning on only the latest images or specific tags within your Azure Container Registry and improve your Azure secure score, you'll need to customize the scanning policies. Microsoft Defender for Cloud, formerly known as Azure Security Center, provides a way to manage and enforce security policies across your Azure resources, including the Container Registry. Here's how you might approach this: Access Microsoft Defender for Cloud: Go to the Azure portal. Open Microsoft Defender for Cloud. Navigate to the 'Environment settings' under the 'Management' section. Select the Subscription and Container Registry: Choose the subscription where your container registry is located. Select the specific container registry you want to configure. Configure the Security Policy: Find the policy related to container image scanning (like "Vulnerabilities in Azure Container Registry images should be remediated"). Modify the policy to specify that only images with the 'latest' tag or images newer than a certain age should be scanned. This might involve setting custom parameters or exclusions. Implement Tagging Strategies: Ensure your image deployment process is tagging images correctly. Consistently use the 'latest' tag for the most recent and relevant images you want to be scanned. Older or less critical images should have different tags that don't get picked up by the policy. Automation and Scripting: Consider using Azure CLI or PowerShell scripts to automate the process of tagging and untagging images. You can write scripts to retag older images and ensure only the latest images retain the 'latest' tag. Monitor and Review: Regularly monitor the results of the scans and the security recommendations in Microsoft Defender for Cloud. Review and adjust your policies and tagging strategies as needed to ensure that only the desired images are being scanned. Consult Documentation and Support: Azure's documentation and support channels can provide specific guidance and best practices for setting up and customizing your vulnerability scanning policies. By effectively managing your scanning policies and image tags, you can focus security resources on the most relevant container images and improve your Azure secure score. Keep in mind that while focusing on the latest images can reduce noise and overhead, it's also crucial to ensure that all deployed images, not just the latest, are secure and compliant. Regularly review and update your policies and practices to balance security with efficiency.
Microsoft has not released anything new. Please understand that the deprecated section is a VERY small section. Everything else is still very much up to date
It is 3 small videos in the course. Everything else is fine. I have left them in the course to show the demonstrations. As soon as Microsoft releases an updated lab, I will update the content with something better.
Unfortunately it’s hard now that they took the lab away. But I plan to update with a solution when I can. Once solution is to setup a virtual machine and join it, then inject it with malware. By the way, this is just a sample of my full course. The full course goes deeper into defender. See description for details
Great, well I am hoping A) Microsoft will provide a solution soon. B) I can find my own solution. For now, I would recommend you move on. This is really just a small part of the course anyway. It only involves 3 videos in the whole course. Also, you can also message me on udemy as opposed to here. I respond just as quick there as I do here ;)
At the moment, no. I'm VERY frustrated about it. Microsoft gave the training industry almost no warning about this. Hopefully they'll come out with something to replace it soon because there isn't really any way for someone to test anything out on your own without trial by fire
Hi John and whoever is in the know, I will refrain from claiming expertise in Microsoft security technologies and but do have some (20y +) security experience. I attended to a company which just moved many reasonably complex systems to Azure and deployed Defender and Sentinel. They engaged Microsoft partner company which had done everything ‘rather quickly’… I looked at findings and proved that 80% of what Microsoft calls ‘incidents’ while everyone else uses term ‘security events’ were false positives. Nobody investigated anything at all. I failed to figure out what remaining 20% was all about. ‘Partner company’ pointed me to Microsoft website. Microsoft promised to send somebody in a month or so.. I don’t want to blame anybody except myself. So, what went wrong there? Is it possible to get it to work? If yes, than how?
It sounds like a combination of several issues might have contributed to the situation: Rushed Deployment: Moving complex systems to Azure and deploying Defender and Sentinel quickly may have caused configuration issues. Security technologies like Microsoft Defender and Sentinel require careful tuning to match the specific environment, which takes time. Lack of Tuning and Customization: Microsoft Sentinel and Defender come with default settings, which can often generate a high number of alerts. These "incidents" are typically based on predefined rules and might not account for the nuances of your environment. If the deployment was rushed, it’s likely that the security rules weren't properly tuned, leading to a high number of false positives. No Incident Triage Process: Not having a process in place to investigate and triage alerts might have led to those incidents being neglected. Even if the tools work, human oversight is crucial to filtering out false positives and focusing on real threats. Lack of Expertise in Investigation: If the partner company didn't have enough expertise or resources for detailed investigations, that might explain why they pointed you to general Microsoft documentation instead of offering tailored assistance. Steps to Improve Tuning Sentinel and Defender: You can significantly reduce false positives by tuning Sentinel’s analytics rules and creating custom detection rules that align with your environment. This involves: Reviewing Default Rules: Disable or modify rules that generate too many false positives. Threshold Adjustments: Adjust thresholds or conditions for specific detection rules. Adding Whitelists: Set up exclusions for known and trusted traffic or behaviors to avoid redundant alerts. Machine Learning & User Behavior Analytics: Use more advanced features in Defender and Sentinel to adapt to typical behaviors and detect true anomalies. Incident Response Playbooks: Implement automatic playbooks for handling certain types of incidents. For example, if a certain pattern of behavior is always a false positive, you can automate a response to mark it as such and focus on higher-priority alerts. Train or Involve Your Security Team: A well-trained internal security team should manage the investigation of the remaining 20% of alerts. They will need access to detailed log data and will need to know how to use the tools. Leverage Microsoft’s Security Experts: Since Microsoft has promised assistance, work with them to conduct a proper assessment of your configuration and guide you through improving the alerting system. Their experience in tuning Sentinel for specific environments can be valuable. Engage a Better-Qualified Partner: If you feel the current partner didn't provide adequate support, it might be worth engaging another partner with proven expertise in Sentinel/Defender and Azure security best practices. The key to success is ongoing tuning, automation, and having a dedicated team to analyze incidents. With proper configuration, both Defender and Sentinel can become effective tools in identifying and responding to real threats.
@@examlabpractice Thanks a lot John.. I am sure it is a pleasure working with you. I agree with you 100%. My approach was quite similar.. I wanted to start from scratch and do everything properly or alternatively use battle proven Palo Alto. The second option was purely theoretical. As for the first one I honestly didn’t know how long it could take and whether it would deliver any value by the end of the day. Your message kind of indicates that it is possible and my good friends from Palo, CRWD and Thales just had to be ‘loyal to their flags’. So, is there a reference site where things just work’?? (I am seeking YES or NO to that.).. I mean two months of password spray investigation cannot be considered as a reference site particularly when it was done by folks who thought that executive email accounts could be protected by ordinary passwords and environments segregation was an unnecessary luxury.. (I assume it is well-known story)
pls help onthis You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled. You need to identify all the changes made to sensitivity labels during the past seven days. What should you use? A. the Incidents blade of the Microsoft 365 Defender portal B. the Alerts settings on the Data Loss Prevention blade of the Microsoft 365 compliance center C. Activity explorer in the Microsoft 365 compliance center D. the Explorer settings on the Email & collaboration blade of the Microsoft 365 Defender portal @@examlabpractice
Get access to all my courses for a discount here:
examlabpractice.com/courses
I would have loved to have found this video 18 months ago where I did not know nothing about domains. These first 43 minutes are the simplest yet fullest way I have seen domains explained
God blessed you for this wonderful gift I had zaro knowledge but now I am so knowledgeable after this video am so happy thank you
J Christopher i dont hv words i wanted to appriciate you for such video. I am working as soc analyst still your video helped me to clear my basics ...
Thank for video. Currently i work as soc analyst and my daily task is analyze with microsoft defender
please provide your instagram id bro.. I also working as an soc analyst
It took me to my old days where we used to insert 35 floppies to install a Windows OS. No MS office but only Wordstar. It was a story well explained in lay mans terms. Now things have changed drastically. We need to cope up with new technologies. But experience matters. IT operations, People Management and Risk analysis, all needs experience. Being an SME is good but the more videos we watch or inputs we get the better it prepares for Project implementations. Kudos.
This video training is absolutely outstanding. I don't think I have had a better or more thorough training than this before. I have digested every single thing you taught and can regurgitate it back to anyone now. Phenomenal!
Excellent video John, very well explained. 👋👋👋
great video explains all core concepts of IT, easy to understand
Wow.... I will encourage the new IT folks to listen to the begning IT concepts explained in the video... ❤ best video
For real
WoW this is absolutely Awesome how clear you explain all these concepts!!! Thank you for the video!!
Awesome training sessions. Thanks John.
This is a major help if you are taking the SC-300 exam but good to know if you do just about anything with in Entra ID! Awesome video will be watching this one a few times for sure.
an hour into this video and I can say your teaching style is very easy to grasp and helpful! thank you and keep doing what you're doing
You are so knowledgeable. Great video. TY!
thank you for your video , very useful training video.
Great Content!!
Great explanation.
Thank you
Amazing content, thank you for everything.
Amazing video explaining the basics in #IT is very important so new students can join and understand in a better way. Your method of teaching is wonderful kudos for your help 🙏☺️🖥️🥇🚀
Thank you!!!!
Nice Sharing..!!
But had an question regarding "Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" - lets say suppose for this azure recommendation i want to turn off scanning of old images images and only with the latest tag should be scanned and rest all should be ignored - How can i do it soo ?? Need to Improve my Azure secure score
To focus vulnerability scanning on only the latest images or specific tags within your Azure Container Registry and improve your Azure secure score, you'll need to customize the scanning policies. Microsoft Defender for Cloud, formerly known as Azure Security Center, provides a way to manage and enforce security policies across your Azure resources, including the Container Registry. Here's how you might approach this:
Access Microsoft Defender for Cloud:
Go to the Azure portal.
Open Microsoft Defender for Cloud.
Navigate to the 'Environment settings' under the 'Management' section.
Select the Subscription and Container Registry:
Choose the subscription where your container registry is located.
Select the specific container registry you want to configure.
Configure the Security Policy:
Find the policy related to container image scanning (like "Vulnerabilities in Azure Container Registry images should be remediated").
Modify the policy to specify that only images with the 'latest' tag or images newer than a certain age should be scanned. This might involve setting custom parameters or exclusions.
Implement Tagging Strategies:
Ensure your image deployment process is tagging images correctly. Consistently use the 'latest' tag for the most recent and relevant images you want to be scanned.
Older or less critical images should have different tags that don't get picked up by the policy.
Automation and Scripting:
Consider using Azure CLI or PowerShell scripts to automate the process of tagging and untagging images. You can write scripts to retag older images and ensure only the latest images retain the 'latest' tag.
Monitor and Review:
Regularly monitor the results of the scans and the security recommendations in Microsoft Defender for Cloud.
Review and adjust your policies and tagging strategies as needed to ensure that only the desired images are being scanned.
Consult Documentation and Support:
Azure's documentation and support channels can provide specific guidance and best practices for setting up and customizing your vulnerability scanning policies.
By effectively managing your scanning policies and image tags, you can focus security resources on the most relevant container images and improve your Azure secure score. Keep in mind that while focusing on the latest images can reduce noise and overhead, it's also crucial to ensure that all deployed images, not just the latest, are secure and compliant. Regularly review and update your policies and practices to balance security with efficiency.
Thank you!
What else can we use as evaluations and tutorials have been deprecated as of 18/01/2023
Microsoft has not released anything new. Please understand that the deprecated section is a VERY small section. Everything else is still very much up to date
Does your udemy course linked in the description depend on using the deprecated evaluation lab feature?
It is 3 small videos in the course. Everything else is fine. I have left them in the course to show the demonstrations. As soon as Microsoft releases an updated lab, I will update the content with something better.
Anyone know how I can generate alerts in the new defender (XDR), not sure how to complete this training without looking at incidents
Unfortunately it’s hard now that they took the lab away. But I plan to update with a solution when I can. Once solution is to setup a virtual machine and join it, then inject it with malware. By the way, this is just a sample of my full course. The full course goes deeper into defender. See description for details
@@examlabpractice I’ve got the full training on udemy
Great, well I am hoping A) Microsoft will provide a solution soon. B) I can find my own solution. For now, I would recommend you move on. This is really just a small part of the course anyway. It only involves 3 videos in the whole course. Also, you can also message me on udemy as opposed to here. I respond just as quick there as I do here ;)
Do you need an E5 license to perform the lab? I have an E3 and do not see it.
E5 to do everything. I would recommend you get a free Microsoft E5 developer account. Do a google search and you can learn how to open one
The evaluation lab is deprecated, any idea of a workaround?
At the moment, no. I'm VERY frustrated about it. Microsoft gave the training industry almost no warning about this. Hopefully they'll come out with something to replace it soon because there isn't really any way for someone to test anything out on your own without trial by fire
@@examlabpractice Thanks for your response, I'm trying to learn, almost losing my mind searching everywhere for a workaround 😀
Hi John and whoever is in the know,
I will refrain from claiming expertise in Microsoft security technologies and but do have some (20y +) security experience. I attended to a company which just moved many reasonably complex systems to Azure and deployed Defender and Sentinel. They engaged Microsoft partner company which had done everything ‘rather quickly’…
I looked at findings and proved that 80% of what Microsoft calls ‘incidents’ while everyone else uses term ‘security events’ were false positives. Nobody investigated anything at all. I failed to figure out what remaining 20% was all about. ‘Partner company’ pointed me to Microsoft website. Microsoft promised to send somebody in a month or so.. I don’t want to blame anybody except myself. So, what went wrong there? Is it possible to get it to work? If yes, than how?
It sounds like a combination of several issues might have contributed to the situation:
Rushed Deployment: Moving complex systems to Azure and deploying Defender and Sentinel quickly may have caused configuration issues. Security technologies like Microsoft Defender and Sentinel require careful tuning to match the specific environment, which takes time.
Lack of Tuning and Customization: Microsoft Sentinel and Defender come with default settings, which can often generate a high number of alerts. These "incidents" are typically based on predefined rules and might not account for the nuances of your environment. If the deployment was rushed, it’s likely that the security rules weren't properly tuned, leading to a high number of false positives.
No Incident Triage Process: Not having a process in place to investigate and triage alerts might have led to those incidents being neglected. Even if the tools work, human oversight is crucial to filtering out false positives and focusing on real threats.
Lack of Expertise in Investigation: If the partner company didn't have enough expertise or resources for detailed investigations, that might explain why they pointed you to general Microsoft documentation instead of offering tailored assistance.
Steps to Improve
Tuning Sentinel and Defender: You can significantly reduce false positives by tuning Sentinel’s analytics rules and creating custom detection rules that align with your environment. This involves:
Reviewing Default Rules: Disable or modify rules that generate too many false positives.
Threshold Adjustments: Adjust thresholds or conditions for specific detection rules.
Adding Whitelists: Set up exclusions for known and trusted traffic or behaviors to avoid redundant alerts.
Machine Learning & User Behavior Analytics: Use more advanced features in Defender and Sentinel to adapt to typical behaviors and detect true anomalies.
Incident Response Playbooks: Implement automatic playbooks for handling certain types of incidents. For example, if a certain pattern of behavior is always a false positive, you can automate a response to mark it as such and focus on higher-priority alerts.
Train or Involve Your Security Team: A well-trained internal security team should manage the investigation of the remaining 20% of alerts. They will need access to detailed log data and will need to know how to use the tools.
Leverage Microsoft’s Security Experts: Since Microsoft has promised assistance, work with them to conduct a proper assessment of your configuration and guide you through improving the alerting system. Their experience in tuning Sentinel for specific environments can be valuable.
Engage a Better-Qualified Partner: If you feel the current partner didn't provide adequate support, it might be worth engaging another partner with proven expertise in Sentinel/Defender and Azure security best practices.
The key to success is ongoing tuning, automation, and having a dedicated team to analyze incidents. With proper configuration, both Defender and Sentinel can become effective tools in identifying and responding to real threats.
@@examlabpractice Thanks a lot John.. I am sure it is a pleasure working with you. I agree with you 100%. My approach was quite similar.. I wanted to start from scratch and do everything properly or alternatively use battle proven Palo Alto. The second option was purely theoretical. As for the first one I honestly didn’t know how long it could take and whether it would deliver any value by the end of the day. Your message kind of indicates that it is possible and my good friends from Palo, CRWD and Thales just had to be ‘loyal to their flags’. So, is there a reference site where things just work’?? (I am seeking YES or NO to that.).. I mean two months of password spray investigation cannot be considered as a reference site particularly when it was done by folks who thought that executive email accounts could be protected by ordinary passwords and environments segregation was an unnecessary luxury.. (I assume it is well-known story)
Thanks for this training however, it seems like intro sound is way too loud - had a jump scare haha.
lol sorry for the jump scare
pls help onthis You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled.
You need to identify all the changes made to sensitivity labels during the past seven days.
What should you use?
A. the Incidents blade of the Microsoft 365 Defender portal
B. the Alerts settings on the Data Loss Prevention blade of the Microsoft 365 compliance center
C. Activity explorer in the Microsoft 365 compliance center
D. the Explorer settings on the Email & collaboration blade of the Microsoft 365 Defender portal @@examlabpractice
i am unable to install defender agent getting error on all windows 2012R2 servers 2012 R2 - MpAsDesc.dll 310
My understanding of defender agent is that it does not natively support 2012 R2. It natively supports 2016 and higher
l we have more than 500 servers and customers don't want to upgrade. Do you have any troubleshooting steps which I can follow?