Silos are the Bane of SecOps
Modern Security Operations w/ Microsoft Reference Architecture
Azure Sentinel: What is it?
Guide to Training Resources for Microsoft 365 Security/ Compliance (+Azure Sentinel and Azure Security Center)
I sound like a broken record all the time when I say “technical readiness is the most important thing you’ll do in your IT career”. If you focus on Microsoft technology, specifically the security and compliance suite of products, there are many resources available to help you learn and grow enabling you to advance in your career.
The purpose of this blog post is to share resources that I use frequently to maintain my technical readiness with Microsoft security and compliance and use as a reference. Now, this is not an exhaustive list – I am sure there’s more out there that I am not aware of, but use this post to get started. Please subscribe and bookmark this page as I will update it frequently.
Note: You are more than welcome to stay up to date on Microsoft Security & Compliance by following my YouTube channel http://aka.ms/SosemanTV, follow me on Twitter @SosemanMatt and follow me on LinkedIn. I try to post as much as I can to help you!
Is there something I missed in this blog? Leave a comment and I’ll add it!
***START HERE -> Technical Documentation
The technical documentation for all Microsoft IT products and services can be found at docs.microsoft.com and is available at no charge to the public. The website is built on GitHub which allows the content to be updated frequently, post comments, see who updated it, download the article as a PDF and more! This is not your father’s TechNet!
Whenever I get asked a question I don’t know, or I want to learn about a new feature that was just released, the first place I go is the product’s technical documentation. I promise you, there is ahigh probability you will find your answer if you check the documentation first 🙂
If you want to get started with a product that you know nothing about, reading the documentation will bring you up to speed pretty fast. The downside, is you need to invest your time in reading it!
Before I share links to the documentation, consider taking advantage of these three features of the website:
Subscribe for updates to the product so you know when things change
Most of the products’ technical documentation will have a “What’s New” section that will show you all the latest changes/updates to the product. They will usually contain an RSS feed too. I use Microsoft PowerAutomate to subscribe to the RSS feed and receive email notifications whenever there are changes to specific products I want to follow.
Download as PDF
Most of the products technical documentation will have a “Download PDF’ option in the lower left corner of the pages. Clicking this will download ALL documentation for that product to a PDF! This makes it super easy to search, share with a customer, etc. I use this frequently and like to save the PDFs to my tablet and read on the couch, or wherever I find a comfy nook!
Save as Bookmark
A feature I use frequently is saving specific articles from docs.microsoft.com for a product to my bookmarks – not my browser bookmarks but bookmarks in the website itself. This way I can access it later for reference. If you see a article you want to save, click “Bookmark” in the upper right corner (requires you to sign in). You can access your bookmarks by clicking on your profile in the upper right corner.
Okay, let’s get to some links!
Direct links to Technical Documentation
(I’m not going to post ALL links, but here’s the major products. If there’s something not on this list, performing an internet search for the product name and appending documentation to the end of the search string will often return the documentation website for that product).
Identity & Access Management
Microsoft 365 Defender (formerly Microsoft Threat Protection)
Microsoft Defender for Office 365 (formerly Office 365 ATP)
Microsoft Defender for Identity (formerly Azure ATP)
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
Microsoft Information Protection (formerly Azure Information Protection)
Unified Endpoint Management
Microsoft Endpoint Configuration Manager
Microsoft Security Response Center
Cyber Defense Operations Center
Microsoft Detection and Response Team
Azure Virtual Machine Scale Sets
Getting Started in Microsoft Security
Chief Information Security Officer (CISO) Workshop Training The Chief Information Security Office (CISO) workshop contains a collection of security learnings, principles, and recommendations for modernizing security in your organization. This training workshop is a combination of experiences from Microsoft security teams and learnings from customers.
Microsoft Security Best Practices is a collection of best practices that provide clear actionable guidance for security related decisions. This is designed to help you increase your security posture and reduce risk whether your environment is cloud-only, or a hybrid enterprise spanning cloud(s) and on-premises data centers. This guidance was formerly referred to as Azure Security Compass and is now increasing in scope to encompass all Microsoft security guidance and capabilities, including Microsoft 365.
Azure security benchmark introduction Microsoft has found that using security benchmarks can help you quickly secure cloud deployments. Benchmark recommendations from your cloud service provider give you a starting point for selecting specific security configuration settings in your environment and allow you to quickly reduce risk to your organization.
Microsoft security engineering documentation This collection of resources is designed to help you find security related documentation and information from across Microsoft.
Microsoft Digital Defense Report Insights about the threat intelligence landscape and guidance from experts, practitioners, and defenders at Microsoft
Networking up (to the cloud) — One architect’s viewpoint In this article, Ed Fisher, Security & Compliance Architect at Microsoft, describes how to optimize your network for cloud connectivity by avoiding the most common pitfalls.
These blogs are great training resources, and will often write about new features, and even have videos/webinars to watch to learn more. Highly recommend following them.
Microsoft Security Intelligence Blog
Microsoft Security and Compliance Blog
Microsoft Defender for Endpoint Blog
Microsoft Endpoint Manager Blog
I can’t say this enough, these videos are AMAZING and extremely valuable (and available at no cost). Often the speakers are developers and program managers on the engineering teams at Microsoft. Take advantage of these! https://myignite.microsoft.com/home looking for recommendations? Check out my other blog on my favorite Ignite sessions to watch!
This is one of my favorites! Whether you’re just starting or an experienced professional, our hands-on approach helps you arrive at your goals faster, with more confidence and at your own pace. https://docs.microsoft.com/en-us/learn/
Virtual Hub: Security, Compliance, Identity
Collection of online courses, documentation, webinars and videos!
Matt Soseman http://aka.ms/SosemanTV
Security Community short videos
Security Community Webinars (covering Azure Security, Sentinel, and Microsoft 365 security) These are updated frequently!
Lessons Learned from the Microsoft Security Operations Center
A good series of blogs on the importance of modernizing your Security Operations Center, and lessons Microsoft learned in doing so.
CISO Series: Lessons learned from the Microsoft SOC—Part 1: Organization
CISO Series: Lessons learned from the Microsoft SOC—Part 2a: Organizing people
CISO Series: Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness
CISO series: Lessons learned from the Microsoft SOC—Part 3a: Choosing SOC tools
CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life
CISO Series: Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2
Tech Community Video Hub
The Tech Community Video Hub contains hundreds of great training videos!
Advanced L400 Ninja Training
I *love* the ninja trainings! These include dozens (and dozens) of videos to watch on a given product and are super deep!
Microsoft Defender for Endpoint
Partners: Virtual End-to-End Microsoft Security Bootcamp
Virtual End-to-End Microsoft Security Bootcamp We recently conducted an interactive bootcamp with our Engineering Security experts to help you learn more about Microsoft Security solutions. The live event consisted of three, half-day sessions focused focuses on providing practice leads, security architects, and consultants a deeper understanding of the capabilities within the Microsoft Security stack. We discussed opportunities across the Microsoft Security pillars and provided guided hands-on lab experiences. Even though the live event is over, you can still access recordings and content. We recommend that you watch all sessions to fully understand Microsoft’s end-to-end Security solutions.
Partners: Building a Security Practice: Partner Series
Building a Security Practice: Partner Series This course covers a training series delivered over five weeks with Microsoft Cybersecurity Solutions group and security experts. This is a great series to leverage to learn from Microsoft security experts on how to build and expand your Microsoft Security practice.
Partners: Microsoft 365 & Security Partner Presales Bootcamp
Microsoft 365 & Security Partner Presales Bootcamp Managing that first touch point with a client is a crucial step in establishing an ongoing partnership. We’re excited to invite you to our first Microsoft 365 & Security Partner Presales Bootcamp to learn more about conversation best practices, objection handling, and sales programs. Consisting of seven unique 150-minute live sessions, from September 29 to October 13, this comprehensive training series offers you a deep-dive into various conversation starters across Microsoft 365. Interact directly with our sales specialists and get follow-up experience to directly apply your learnings in your day-to-day job.