SC-100: Governance/Compliance Flashcards
(31 cards)
Microsoft Defender for Cloud
Microsoft Defender for Cloud helps streamline the process for meeting regulatory compliance requirements using the regulatory compliance dashboard. Continuously assess your hybrid cloud environment to analyze the risk factors according to the controls you have applied.
Microsoft Cloud Security Benchmark is automatically assigned when onboarding Microsoft Defender for Cloud.
Microsoft Defender for Cloud Paid Features
Attack Path analysis and Permissions Management are two Defender for Cloud capabilities that require a Defender paid plan.
Features included for free are:
Microsoft Secure Score
Multicloud coverage
Cloud Security Posture Management
Microsoft Defender for Cloud PII
It can help you identify PII data at risk by scanning your Azure resources for misconfigurations and vulnerabilities that could expose PII data.
Provides a holistic view of your security posture, making it easier to identify and mitigate risks to PII data.
Microsoft Defender Secure Score
Achievable Score: Displays the Secure Score that can be achieved based on Microsoft licenses and current risk acceptance.
Planned Score: shows the projected score when planned actions are selected
Current license score: Displays score that is currently achieved.
History: Shows the history of improvement actions
Microsoft Defender for Cloud
Trusted Launch Feature
Trusted launch is integrated with Defender for Cloud to ensure that virtual machines are properly configured by remotely attesting that the virtual machine is booted in a healthy way.
Azure Policy (Part 1)
A service for defining and enforcing policies for cloud resources. It helps organizations maintain compliance by ensuring that resources in their Azure environment are configured and managed in accordance with company policies, industry standards, and regulatory requirements.
Azure Policy (Part 2)
Identifies which resources are applicable, and then evaluates resources that have not been excluded or exempt. Policy assignments which append or deny effects are considered non-compliant for existing resources when the conditions of the policy rule evaluate to True.
Azure Policy effects
Deny: prevents the deployment or modification of resources that do not comply with the policy
Append: Adds specific properties to a resource during deployment or modification if the resource does not have them.
Audit: creates a warning event in the activity log when a resource is non-compliant, but it does not prevent the deployment or modification
Disabled: this effect turns off the policy so it has no effect on resources.
Microsoft Priva
A suite of privacy management tools within Microsoft 365 designed to help organizations manage personal data, automate risk mitigation and manage subject rights requests, ultimately building trust with customers.
Microsoft Priva capabilities
Priva capabilities are available through:
Priva Privacy Risk Management: Provides visibility into your organization’s data and policy templates for reducing risks.
Priva Subject Rights Request: Provides automation and workflow tools for fulfilling data requests.
Microsoft Priva
Privacy Risk Management
Helps you to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Policies are meant to be internal guides and can help you:
Detect overexposed personal data so that users can secure it
Spot and limit transfers of personal data across departments or regional borders.
Help users identify and reduces the amount of unused personal data that you store.
Microsoft Priva
Subject Rights Request
A solution designed to help alleviate the complexity and length of time involved in responding to data subject inquiries. Provides automation, insights and workflows to help organizations fulfill requests more confidently and efficiently.
Microsoft Purview
A unifed suite of Compliance and Governance tools designed to help organizations understand, manage, and secure their data across on-prem, multi-cloud and SaaS environments.
Microsoft Purview Compliance Manager
A tool for analyzing and managing compliance with regulatory standards. It provides a unified view of an organization’s compliance posture and helps prioritize actions to meet compliance requirements.
Microsoft Purview Data Map
A cloud native platform as a service that captures metadata about enterprise data present in on-prem and cloud-based systems. Data Map is automatically kept up to date by using a built-in automated scanning and classification system.
Microsoft Purview Data Catalog
Finds trusted data sources by browsing and searching your data assets. The Data Catalog aligns your assets with friendly business terms and data classification to identify data sources.
Microsoft Purview
Data Estate Insight
Access Data Estate health
Gives you an overview of your data estate to help you discover what kinds of data you have and where it is.
Microsoft Purview
Data Sharing
Allows you to securely share data internally or cross organizations with business partners and customers.
Microsoft Purview
PII feature
Microsoft Purview can help you identify PII data across your Azure resources by scanning data sources like Azure Storage, Azure SQL Database, and Azure Data Lake Storage.
Purview provides a comprehensive view of your data estate, maing it easier to identify and protect PII data.
Azure compliance tools
Microsoft Purview and its Compliance Manager
Microsoft Priva
Azure Policy
Microsoft Defender for Cloud
5 disciplines of cloud governance
Cost management
Security baseline
Resource consistency
Identity baseline
Deployment acceleration
Compliant Foundation in Azure
Azure compliance offerings are grouped into four segments:
Global
US Government
Industry
Region
Microsoft Security Compliance Toolkit
A set of tools that allows enterprise security admins to download, analyze, test, edit and store Microsoft recommended security configuration baselines for Windows and other Microsoft products
Tools include:
Policy Analyzer
Local Group Policy Object
Set Object Security
GPO to policy rules
