From a331feab48d79a23d0ba631fab52fb9a0d5f2b82 Mon Sep 17 00:00:00 2001 From: Johannes Verwijnen <59250144+verwijnen@users.noreply.github.com> Date: Sat, 4 Jan 2025 12:39:13 +0200 Subject: [PATCH 1/3] small fixes LAB 8 --- Instructions/Labs/LAB_08_Azure Monitor.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Instructions/Labs/LAB_08_Azure Monitor.md b/Instructions/Labs/LAB_08_Azure Monitor.md index 20ad3bcd..26d490e1 100644 --- a/Instructions/Labs/LAB_08_Azure Monitor.md +++ b/Instructions/Labs/LAB_08_Azure Monitor.md @@ -49,7 +49,7 @@ In this exercise, you will complete the following tasks: New-AzResourceGroup -Name AZ500LAB131415 -Location 'EastUS' ``` - >**Note**: This resource group will be used for labs 13, 14, and 15. + >**Note**: This resource group will be used for labs 8, 9, and 10. 5. In the PowerShell session within the Cloud Shell pane, run the following to enable encryption at host (EAH) @@ -163,7 +163,9 @@ In this task, you will create a data collection rule. ![image](https://github.com/MicrosoftLearning/AZ500-AzureSecurityTechnologies/assets/91347931/d43e8f94-efb2-4255-9320-210c976fd45e) -3. On the **Basics** tab of the **Create Data Collection Rule** blade, specify the following settings: +3. Click the **+ Create** button to create a new data collection rule. + +4. On the **Basics** tab of the **Create Data Collection Rule** blade, specify the following settings: |Setting|Value| |---|---| @@ -202,7 +204,7 @@ In this task, you will create a data collection rule. 11. Click on the button labeled **Next: Destination >** to proceed. -12. Change the **Destination type** drop-down menu to display **Azure Monitor Logs.** In the **Subscription** window, ensure that your *Subscription* is displayed, then change the **Account or namespace** drop-down menu to reflect your previously created Log Analytics Workspace. +12. Click **+ Add destination**, change the **Destination type** drop-down menu to display **Azure Monitor Logs.** In the **Subscription** window, ensure that your *Subscription* is displayed, then change the **Account or namespace** drop-down menu to reflect your previously created Log Analytics Workspace. ![image](https://github.com/MicrosoftLearning/AZ500-AzureSecurityTechnologies/assets/91347931/481843f5-94c4-4a8f-bf51-a10d49130bf8) From b44bf9329560fc088e59df740f39b0482bf50be2 Mon Sep 17 00:00:00 2001 From: Johannes Verwijnen <59250144+verwijnen@users.noreply.github.com> Date: Sat, 4 Jan 2025 13:04:09 +0200 Subject: [PATCH 2/3] small changes lab 9 --- Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md b/Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md index 7545b1ea..b6f2666d 100644 --- a/Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md +++ b/Instructions/Labs/LAB_09_Microsoft Defender for Cloud.md @@ -62,7 +62,7 @@ In this task, you will review the Microsoft Defender for Cloud recommendations. 1. In the Azure portal, navigate back to the **Microsoft Defender for Cloud \| Overview** blade. -2. On the **Microsoft Defender for Cloud \| Overview** blade, review the **Secure Score** tile. +2. On the **Microsoft Defender for Cloud \| Overview** blade, review the **Security Posture** tile and the Total secure score within it. >**Note**: Record the current score if it is available. From 9684947415342862e081eb9b454e232d74e1c7f9 Mon Sep 17 00:00:00 2001 From: Johannes Verwijnen <59250144+verwijnen@users.noreply.github.com> Date: Sat, 4 Jan 2025 14:47:21 +0200 Subject: [PATCH 3/3] small changes lab 10 --- Instructions/Labs/LAB_10_Microsoft Sentinel.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Instructions/Labs/LAB_10_Microsoft Sentinel.md b/Instructions/Labs/LAB_10_Microsoft Sentinel.md index 87e9fce2..d635e81d 100644 --- a/Instructions/Labs/LAB_10_Microsoft Sentinel.md +++ b/Instructions/Labs/LAB_10_Microsoft Sentinel.md @@ -9,7 +9,7 @@ lab: ## Lab scenario -**Note:** **Microsoft Sentinel** is renamed to **Microsoft Sentinel** +**Note:** **Azure Sentinel** is renamed to **Microsoft Sentinel** You have been asked to create a proof of concept of Microsoft Sentinel-based threat detection and response. Specifically, you want to: @@ -242,7 +242,7 @@ In this task, you will create a playbook. A security playbook is a collection of 4. On the **Just-in-time VM access** blade, on the right hand side of the row referencing the **myVM** virtual machine, click the **ellipsis (...)** button, click **Remove** and then click **Yes**. - >**Note:** If the VM is not listed in the **Just-in-time VMs**, navigate to **Virutal Machine** blade and click the **Configuration**, Click the **Enable the Just-in-time VMs** option under the **Just-in-time Vm's access**. Repeat the above step to navigate back to the **Microsoft Defender for Cloud** and refresh the page, the VM will appear. + >**Note:** If the VM is not listed in the **Just-in-time VMs**, navigate to **Virtual Machine** blade and click the **Configuration**, Click the **Enable the Just-in-time VMs** option under the **Just-in-time Vm's access**. Repeat the above step to navigate back to the **Microsoft Defender for Cloud** and refresh the page, the VM will appear. 5. In the Azure portal, in the **Search resources, services, and docs** text box at the top of the Azure portal page, type **Activity log** and press the **Enter** key.