I sound like a broken record all the time when I say “technical readiness is the most important thing you’ll do in your IT career”. If you focus on Microsoft technology, specifically the security and compliance suite of products, there are many resources available to help you learn and grow enabling you to advance in your career.
The purpose of this blog post is to share resources that I use frequently to maintain my technical readiness with Microsoft security and compliance and use as a reference. Now, this is not an exhaustive list – I am sure there’s more out there that I am not aware of, but use this post to get started. Please subscribe and bookmark this page as I will update it frequently.
Note: You are more than welcome to stay up to date on Microsoft Security & Compliance by following my YouTube channel http://aka.ms/SosemanTV, follow me on Twitter @SosemanMatt and follow me on LinkedIn. I try to post as much as I can to help you!
Is there something I missed in this blog? Leave a comment and I’ll add it!
***START HERE -> Technical Documentation
The technical documentation for all Microsoft IT products and services can be found at docs.microsoft.com and is available at no charge to the public. The website is built on GitHub which allows the content to be updated frequently, post comments, see who updated it, download the article as a PDF and more! This is not your father’s TechNet!
Whenever I get asked a question I don’t know, or I want to learn about a new feature that was just released, the first place I go is the product’s technical documentation. I promise you, there is ahigh probability you will find your answer if you check the documentation first 🙂
If you want to get started with a product that you know nothing about, reading the documentation will bring you up to speed pretty fast. The downside, is you need to invest your time in reading it!
Before I share links to the documentation, consider taking advantage of these three features of the website:
Subscribe for updates to the product so you know when things change
Most of the products’ technical documentation will have a “What’s New” section that will show you all the latest changes/updates to the product. They will usually contain an RSS feed too. I use Microsoft PowerAutomate to subscribe to the RSS feed and receive email notifications whenever there are changes to specific products I want to follow.
Download as PDF
Most of the products technical documentation will have a “Download PDF’ option in the lower left corner of the pages. Clicking this will download ALL documentation for that product to a PDF! This makes it super easy to search, share with a customer, etc. I use this frequently and like to save the PDFs to my tablet and read on the couch, or wherever I find a comfy nook!
Save as Bookmark
A feature I use frequently is saving specific articles from docs.microsoft.com for a product to my bookmarks – not my browser bookmarks but bookmarks in the website itself. This way I can access it later for reference. If you see a article you want to save, click “Bookmark” in the upper right corner (requires you to sign in). You can access your bookmarks by clicking on your profile in the upper right corner.
Okay, let’s get to some links!
Direct links to Technical Documentation
(I’m not going to post ALL links, but here’s the major products. If there’s something not on this list, performing an internet search for the product name and appending documentation to the end of the search string will often return the documentation website for that product).
Identity & Access Management
Unified Endpoint Management
Getting Started in Microsoft Security
Chief Information Security Officer (CISO) Workshop Training The Chief Information Security Office (CISO) workshop contains a collection of security learnings, principles, and recommendations for modernizing security in your organization. This training workshop is a combination of experiences from Microsoft security teams and learnings from customers.
Microsoft Security Best Practices is a collection of best practices that provide clear actionable guidance for security related decisions. This is designed to help you increase your security posture and reduce risk whether your environment is cloud-only, or a hybrid enterprise spanning cloud(s) and on-premises data centers. This guidance was formerly referred to as Azure Security Compass and is now increasing in scope to encompass all Microsoft security guidance and capabilities, including Microsoft 365.
Azure security benchmark introduction Microsoft has found that using security benchmarks can help you quickly secure cloud deployments. Benchmark recommendations from your cloud service provider give you a starting point for selecting specific security configuration settings in your environment and allow you to quickly reduce risk to your organization.
Microsoft security engineering documentation This collection of resources is designed to help you find security related documentation and information from across Microsoft.
Microsoft Digital Defense Report Insights about the threat intelligence landscape and guidance from experts, practitioners, and defenders at Microsoft
Networking up (to the cloud) — One architect’s viewpoint In this article, Ed Fisher, Security & Compliance Architect at Microsoft, describes how to optimize your network for cloud connectivity by avoiding the most common pitfalls.
These blogs are great training resources, and will often write about new features, and even have videos/webinars to watch to learn more. Highly recommend following them.
I can’t say this enough, these videos are AMAZING and extremely valuable (and available at no cost). Often the speakers are developers and program managers on the engineering teams at Microsoft. Take advantage of these! https://myignite.microsoft.com/home looking for recommendations? Check out my other blog on my favorite Ignite sessions to watch!
This is one of my favorites! Whether you’re just starting or an experienced professional, our hands-on approach helps you arrive at your goals faster, with more confidence and at your own pace. https://docs.microsoft.com/en-us/learn/
Virtual Hub: Security, Compliance, Identity
Collection of online courses, documentation, webinars and videos!
Security Community Webinars (covering Azure Security, Sentinel, and Microsoft 365 security) These are updated frequently!
Lessons Learned from the Microsoft Security Operations Center
A good series of blogs on the importance of modernizing your Security Operations Center, and lessons Microsoft learned in doing so.
Tech Community Video Hub
The Tech Community Video Hub contains hundreds of great training videos!
Advanced L400 Ninja Training
I *love* the ninja trainings! These include dozens (and dozens) of videos to watch on a given product and are super deep!
Partners: Virtual End-to-End Microsoft Security Bootcamp
Virtual End-to-End Microsoft Security Bootcamp We recently conducted an interactive bootcamp with our Engineering Security experts to help you learn more about Microsoft Security solutions. The live event consisted of three, half-day sessions focused focuses on providing practice leads, security architects, and consultants a deeper understanding of the capabilities within the Microsoft Security stack. We discussed opportunities across the Microsoft Security pillars and provided guided hands-on lab experiences. Even though the live event is over, you can still access recordings and content. We recommend that you watch all sessions to fully understand Microsoft’s end-to-end Security solutions.
Partners: Building a Security Practice: Partner Series
Building a Security Practice: Partner Series This course covers a training series delivered over five weeks with Microsoft Cybersecurity Solutions group and security experts. This is a great series to leverage to learn from Microsoft security experts on how to build and expand your Microsoft Security practice.
Partners: Microsoft 365 & Security Partner Presales Bootcamp
Microsoft 365 & Security Partner Presales Bootcamp Managing that first touch point with a client is a crucial step in establishing an ongoing partnership. We’re excited to invite you to our first Microsoft 365 & Security Partner Presales Bootcamp to learn more about conversation best practices, objection handling, and sales programs. Consisting of seven unique 150-minute live sessions, from September 29 to October 13, this comprehensive training series offers you a deep-dive into various conversation starters across Microsoft 365. Interact directly with our sales specialists and get follow-up experience to directly apply your learnings in your day-to-day job.
I recently published a video discussing how Microsoft Defender ATP can perform dynamic web content filtering for Windows 10 clients.
One question that came up was how can I block a category of content (e.g. video streaming services) but whitelist a specific video streaming website like YouTube?
The answer: Custom Domain/URL indicators in Microsoft Defender ATP. This blog will describe how.
I have web content filtering setup within Microsoft Defender ATP, with a global policy applied to all device groups, to block web traffic to streaming media & downloads websites:
But I have a business requirement to allow YouTube (example scenario for the marketing department to publish advertising videos.) How can I allow access to YouTube but still block other streaming sites?
Currently when browsing to YouTube with web content filtering enabled, I receive the following notification:
Easy. With a custom indicator! Within Microsoft Defender ATP navigate to Settings -> Indicators -> URLs/Domains
Click on +Add Indicator and in the URL/Domain field type http://www.youtube.com then click Next
Click Allow as the Response Action , in the Title field type Allow YouTube and in the Description field type Allow YouTube (or some other description) and click Next
For Scope assume the default All devices in my scope and click Next then click Save.
IMPORTANT: If I wanted to whitelist YouTube but only for certain devices in the marketing department, then I would need to create a device group called “Marketing Devices” and add all the devices in the marketing department to that group – then scope this indicator policy to that group.
The indicator will be added to the list. Allow time for the change to propagate before testing.
It’s that easy! I recommend taking careful consideration however as you don’t want to be in the business of whitelisting applications. For situations that dictate it though, this is an easy solution to the problem.
If you want to learn more about custom indicators of compromise in Microsoft Defender ATP see the following video: