diff --git a/Instructions/Labs/LAB_08_Azure Monitor.md b/Instructions/Labs/LAB_08_Azure Monitor.md index 20ad3bcd..26d490e1 100644 --- a/Instructions/Labs/LAB_08_Azure Monitor.md +++ b/Instructions/Labs/LAB_08_Azure Monitor.md @@ -49,7 +49,7 @@ In this exercise, you will complete the following tasks: New-AzResourceGroup -Name AZ500LAB131415 -Location 'EastUS' ``` - >**Note**: This resource group will be used for labs 13, 14, and 15. + >**Note**: This resource group will be used for labs 8, 9, and 10. 5. In the PowerShell session within the Cloud Shell pane, run the following to enable encryption at host (EAH) @@ -163,7 +163,9 @@ In this task, you will create a data collection rule. ![image](https://github.com/MicrosoftLearning/AZ500-AzureSecurityTechnologies/assets/91347931/d43e8f94-efb2-4255-9320-210c976fd45e) -3. On the **Basics** tab of the **Create Data Collection Rule** blade, specify the following settings: +3. Click the **+ Create** button to create a new data collection rule. + +4. On the **Basics** tab of the **Create Data Collection Rule** blade, specify the following settings: |Setting|Value| |---|---| @@ -202,7 +204,7 @@ In this task, you will create a data collection rule. 11. Click on the button labeled **Next: Destination >** to proceed. -12. Change the **Destination type** drop-down menu to display **Azure Monitor Logs.** In the **Subscription** window, ensure that your *Subscription* is displayed, then change the **Account or namespace** drop-down menu to reflect your previously created Log Analytics Workspace. +12. Click **+ Add destination**, change the **Destination type** drop-down menu to display **Azure Monitor Logs.** In the **Subscription** window, ensure that your *Subscription* is displayed, then change the **Account or namespace** drop-down menu to reflect your previously created Log Analytics Workspace. ![image](https://github.com/MicrosoftLearning/AZ500-AzureSecurityTechnologies/assets/91347931/481843f5-94c4-4a8f-bf51-a10d49130bf8) diff --git a/Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md b/Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md index 7545b1ea..b6f2666d 100644 --- a/Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md +++ b/Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md @@ -62,7 +62,7 @@ In this task, you will review the Microsoft Defender for Cloud recommendations. 1. In the Azure portal, navigate back to the **Microsoft Defender for Cloud \| Overview** blade. -2. On the **Microsoft Defender for Cloud \| Overview** blade, review the **Secure Score** tile. +2. On the **Microsoft Defender for Cloud \| Overview** blade, review the **Security Posture** tile and the Total secure score within it. >**Note**: Record the current score if it is available. diff --git a/Instructions/Labs/LAB_10_Microsoft Sentinel.md b/Instructions/Labs/LAB_10_Microsoft Sentinel.md index 87e9fce2..d635e81d 100644 --- a/Instructions/Labs/LAB_10_Microsoft Sentinel.md +++ b/Instructions/Labs/LAB_10_Microsoft Sentinel.md @@ -9,7 +9,7 @@ lab: ## Lab scenario -**Note:** **Microsoft Sentinel** is renamed to **Microsoft Sentinel** +**Note:** **Azure Sentinel** is renamed to **Microsoft Sentinel** You have been asked to create a proof of concept of Microsoft Sentinel-based threat detection and response. Specifically, you want to: @@ -242,7 +242,7 @@ In this task, you will create a playbook. A security playbook is a collection of 4. On the **Just-in-time VM access** blade, on the right hand side of the row referencing the **myVM** virtual machine, click the **ellipsis (...)** button, click **Remove** and then click **Yes**. - >**Note:** If the VM is not listed in the **Just-in-time VMs**, navigate to **Virutal Machine** blade and click the **Configuration**, Click the **Enable the Just-in-time VMs** option under the **Just-in-time Vm's access**. Repeat the above step to navigate back to the **Microsoft Defender for Cloud** and refresh the page, the VM will appear. + >**Note:** If the VM is not listed in the **Just-in-time VMs**, navigate to **Virtual Machine** blade and click the **Configuration**, Click the **Enable the Just-in-time VMs** option under the **Just-in-time Vm's access**. Repeat the above step to navigate back to the **Microsoft Defender for Cloud** and refresh the page, the VM will appear. 5. In the Azure portal, in the **Search resources, services, and docs** text box at the top of the Azure portal page, type **Activity log** and press the **Enter** key.