| Use this to security feature to secure identities to reach zero trust. This is the bedrock upon which a secure digital estate is built. | Identity and access management |
| This security feature helps to stop damaging attacks with integrated and automated security. | Threat protection |
| Use this security feature to Locate and classify information anywhere it lives | Information Protection |
| Use this security feature to strenthen your security posture with insights and guidance | Security Management |
| In Windows 10 for business, this feature replaces passwords with strong two-factor authentication on PCs and mobile devices - a new type of user credential that's tied to a device and uses a biometric or PIN. This lets users authenticate to an Active Directory or Azure Active Directory account. | What is Windows Hello |
| This application uses 2 security features:
-Two-factor verification. The standard verification method, where one of the factors is your password. After you sign in to a device, app, or site using your username and password, you can use Microsoft Authenticator to approve a notification or enter a provided verification code.
-Phone sign-in. A version of two-factor verification that lets you sign in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN. | WHat are 2 ways to use the Microsoft Authenticator application?. |
| This helps you identify attempts to compromise accounts, possibly by a hacker or other malicious person. It detects unusual account behavior, it can block account access, or perhaps require additional authentication options. It help to identify unusual account behavior. | What is Azure AD Identity Protection? |
| These are Analytics for your cloud apps and services, helping security teams better understand the protections for critical data across cloud apps. | What is Microsoft Cloud app security? |
| This is A cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. | What is Azure Advanced Threat Protection (ATP)? |
| Name of windows service that covers: Identities, endpoints, user data, Cloud apps, Infrastructure | Microsoft Threat Protection covers these five areas |
| These 3 reports are in which security app?
Risky users
Risky sign-ins
Risk detections | 3 key Reports available in Azure Identity protections |
| Atypical travel Sign in from an atypical location based on the user's recent sign-ins.
Anonymous IP address Sign in from an anonymous IP address (for example: Tor browser, anonymizer VPNs).
Unfamiliar sign-in properties Sign in with properties we've not seen recently for the given user.
Malware linked IP address Sign in from a malware linked IP address
Leaked Credentials This risk detection indicates that the user's valid credentials have been leaked
Azure AD threat intelligence Microsoft's internal and external threat intelligence sources have identified a known attack pattern | What different risk dection types are in Azure Identity protection? |
| THis protection requires users be a Security Reader, Security Operator, Security Administrator, Global Reader, or Global Administrator in order to access. | What security roles allow for Azure identity protection? |
| These are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to perform multi-factor authentication to access it.
THis is the tool to bring signals together, to make decisions, and enforce organizational policies. It is at the heart of the new identity driven control plane. | What is conditional access in AAD |
| AAD Identity protectinon monitors Sign in from an atypical location based on the user's recent sign-ins. What is it called? | What is and which security tool monitors this risk protection type: Atypical travel? |
| AAD Identity protectinon monitors this? Sign in from an anonymous IP address (for example: Tor browser, anonymizer VPNs). What is it called? | What is and which security tool monitors this risk protection type: Anonymous IP address? |
| AAD Identity protectinon monitors this? Sign in with properties What is and which security tool monitors this risk protection type: we've not seen recently for the given user. | What is and which security tool monitors this risk protection type: Unfamiliar sign-in properties |
| AAD Identity protectinon monitors this? Malware linked IP address Sign in from a malware linked IP address | What is and which security tool monitors this risk protection type: Malware linked IP address |
| AAD Identity protectinon monitors this? This risk detection indicates that the user's valid credentials have been leaked | What is and which security tool monitors this risk protection type: Leaked Credentials |
| Microsoft's internal and external threat intelligence sources have identified a known attack pattern | What is and which security tool monitors this risk protection type: Azure AD threat intelligence |
| THis tool monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user. It then identifies anomalies with adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization. Its proprietary sensors monitor organizational domain controllers, providing a comprehensive view for all user activities from every device. | Azure ATP Monitor users, entity behavior, and activities with learning-based analytics |
| This tool Protects user identities and credentials stored in Active Directory | Azure ATP |
| This tool Identify and investigate suspicious user activities and advanced attacks throughout the kill chain | Azure ATP |
| Which tool Provides clear incident information on a simple timeline for fast triage | Azure ATP |
| This security tool gives you visibility into your cloud apps and services, provides analytics to identify and combat cyberthreats, and enables you to control how your data travels. The cloud app security framework helps you:
Discover and control the use of Shadow IT
Protect your sensitive information anywhere in the cloud
Protect against cyberthreats and anomalies
Assess the compliance of your cloud apps | What is Microsoft Cloud App Security? |
| This tool is a cloud-based email filtering service that helps protect against spam and malware and includes features to safeguard against messaging-policy violations. It can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware and software. | What is Microsoft Exchange Online Protection (EOP) |
| This helps to identify threats before they land in a user’s mailbox. This feature, included in Microsoft 365 E5 subscriptions, provides protection by scanning email and URLs, identifying malicious files, and detecting when someone tries to impersonate one of your users to access your organization's data. | What is Office 365 Advanced Threat Protection |
| THis is a collection of insights and information available in the Microsoft 365 security center. It monitors signals and gathers data from multiple sources, such as user activity, authentication, email, compromised PCs, and security incidents. You can use this information to understand and respond to threats against users and intellectual property. | what is Office 365 Threat Intelligence |
| This helps you prevent, detect, investigate, and respond to advanced threats. It uses technologies built into Windows 10 that connect to Microsoft's cloud services. Endpoint behavior sensors collect data and send it to cloud security analytics, Microsoft optics that use big data and machine learning to turn behavioral data into insights, detections, and recommended responses. IT also uses threat intelligence collected from Microsoft hunters, security teams, and partners to identify attacker tools and generate alerts when it detects them in data from the endpoint sensors. | What is Windows Defender Advanced Threat Protection (ATP)? |
| BitLocker and credential guard help protect the integrity of the boot process and user credentials.
Windows Hello uses biometric authentication (fingerprints and facial recognition) to guard against potential spoofing.
Windows Information Protection (WIP) helps protect enterprise apps and data against accidental data leaks on both enterprise-owned and personal devices. | What are 3 built-in security protections to help safeguard against viruses, phishing, and malware in windows 10? |
| This matches, false positives and overrides, and links to create or edit policies | What is Data loss prevention? |
| Information about sent and received email messages, recent alerts, top senders and recipients, email forwarding reports, and more | What is information protection Mail flow.? |
| Information about how labels are applied, labels classified as records, label trends, and more | what is information protection Data governance? |
| Tools and guidance to facilitate ease in discovering, governing, protecting, and monitoring the personal data in your organization. | what is information protection Data privacy? |
| Information about Microsoft 365 activities, users, files or folders, and more | what do you see in the information protection Audit log.? |
| FedRAMP reports, governance, risk and compliance reports, ISO information security management reports, and Service Organization Controls audit and assessment reports | what are in the information protection Compliance reports? |
| where can you find Real-time reports to help you keep on top of issues with users, devices, apps, and infrastructure? | microsoft security centre |
| where you can find A Secure Score centralized dashboard where you can monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure. | microsoft security centre |
| where you can find Insights and recommendations to help you improve your security posture and take advantage of Microsoft 365 security features. | microsoft security centre |
| where you configure device and data policies to help you better manage your organization. | microsoft security centre |
| When a user makes a data request under GDPR. | When does a user make a DSR (data subject) Request? |
