New Azure Management Groups Portal Experience!!!

It’s quite common to have organizations with many Azure Subscriptions, and it’s hard to manage each Subscription on its own… Azure Management Groups provide a level of scope above Subscriptions so that we can organize our Subscriptions. We can apply Azure Policies or RBAC authorization at the Management Group scope instead of having to do this at each Azure Subscription. This leads to create a hierarchy of Azure Management Groups to respond to the company structure and organization in Azure. There are several best practices on how to create this. I recommend you to ready this article on Microsoft Docs – Management group and subscription organization – Cloud Adoption Framework | Microsoft Docs. It explains how to structure the Management Groups hierarchy using some of the best practices of the Cloud Adoption Framework.

Old Azure Management Groups UI

This was the previous UI in the Azure Portal for Management Groups. Impossible the full tree of Management Groups / Subscriptions. We could only see in the breadcrumb the hierarchy of the current selected Management Group / Subscription.

Introducing the new Management Groups UI

But this blog post is not to talk about the Management Groups features, it’s to talk about a big struggle that Azure Governance professionals have for years. Find an easy way to see a tree view of the Management Groups. Yes, we could see that in other areas of the Azure Portal like Security Center, but I want, and I deserve to see this in the Management Group blade, upppsss, Window! They are called Windows now and not blades!

Our feedback produced amazing results. Look at this amazing new UI Experience in the Azure Portal!

I can now easily check in just one page the hierarchy of my Management Groups and understand why certain policies are affecting some Subscriptions, ….

What do you think? Better this way? Super excited to start to show this to customers and students!

New Microsoft Security Certification

View the autosave

In today’s world, Security it’s a hot topic. More and more organization are moving workloads to the Cloud and the way we interact and move data around is changing. Data is no longer contained within corporate network perimeter; we use mobile devices, work from home and have to share the data with valuable partners. It’s more important than ever to be able to protect our workloads and data from unauthorized access. Microsoft Learning is aware of this changing world and released 4 new role-based certifications focused on Security.

Together with other amazing professionals I did a session at Microsoft Ignite 2021 just about this topic. You can watch it at: https://myignite.microsoft.com/sessions/80a523a6-0984-4aa8-aaa9-d010d62c030d?source=sessions

What are the 4 new certifications and how can you get then? It couldn’t be easier. You pass at 1 exam and you get the corresponding certification! I have compiled the list of certifications and corresponding exams:

 

Microsoft Certified: Security, Compliance, and Identity Fundamentals

Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals

This certification is targeted to those looking to familiarize themselves with the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services.

This is a broad audience that may include business stakeholders, new or existing IT professionals, or students who have an interest in Microsoft security, compliance, and identity solutions.

Candidates should be familiar with Microsoft Azure and Microsoft 365 and want to understand how Microsoft security, compliance, and identity solutions can span across these solution areas to provide a holistic and end-to-end solution.

Skills measured:

  • Describe the concepts of security, compliance, and identity (5-10%)
  • Describe the capabilities of Microsoft identity and access management solutions (25-30%)
  • Describe the capabilities of Microsoft security solutions (30-35%)
  • Describe the capabilities of Microsoft compliance solutions (25-30%)

 

Microsoft Certified: Security Operations Analyst Associate

Exam SC-200: Microsoft Security Operations Analyst

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders.

Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Skills measured:

  • Mitigate threats using Microsoft 365 Defender (25-30%)
  • Mitigate threats using Azure Defender (25-30%)
  • Mitigate threats using Azure Sentinel (40-45%)

 

Microsoft Certified: Identity and Access Administrator Associate

Exam SC-300: Microsoft Identity and Access Administrator

The Microsoft Identity and Access Administrator designs, implements, and operates an organization’s identity and access management systems by using Azure Active Directory (Azure AD). They manage tasks such as providing secure authentication and authorization access to enterprise applications. The administrator provides seamless experiences and self-service management capabilities for all users. Adaptive access and governance are core elements to the role. This role is also responsible for troubleshooting, monitoring, and reporting for the identity and access environment.

The Identity and Access Administrator may be a single individual or a member of a larger team. This role collaborates with many other roles in the organization to drive strategic identity projects to modernize identity solutions, to implement hybrid identity solutions, and to implement identity governance.

Skills measured:

  • Implement an identity management solution (25-30%)
  • Implement an authentication and access management solution (25-30%)
  • Implement access management for apps (10-15%)
  • Plan and implement an identity governance strategy (25-30%)

 

Microsoft Certified: Information Protection Administrator Associate

Exam SC-400: Microsoft Information Protection Administrator

The Information Protection Administrator plans and implements controls that meet organizational compliance needs. This person is responsible for translating requirements and compliance controls into technical implementation. They assist organizational control owners to become and stay compliant.

They work with information technology (IT) personnel, business application owners, human resources, and legal stakeholders to implement technology that supports policies and controls necessary to sufficiently address regulatory requirements for their organization. They also work with the compliance and security leadership such as a Chief Compliance Officer and Security Officer to evaluate the full breadth of associated enterprise risk and partner to develop those policies.

This person defines applicable requirements and tests IT processes and operations against those policies and controls. They are responsible for creating policies and rules for content classification, data loss prevention, governance, and protection.

Skills measured:

  • Implement information protection (35-40%)
  • Implement data loss prevention (30-35%)
  • Implement information governance (25-30%)

 

 

How to prep for these exams?

In each exam page you have the Microsoft Lean learning paths. It’s free and an amazing resource to get started. I also advise candidates to take some practice exams like MeasureUp. It’s important to understand how questions are done. Allocate some time in your schedule, build a learning plan and follow it. Then just schedule the exam and seat for it! I teach hundreds of professionals every year and help then get certified. Most professional with proper preparation succeed on the exam, but sometimes that’s not the case. If that happens with you, use that experience as a learning opportunity, you have checked the format of the exam, the type of questions you struggled, … Take 1-2 weeks to study some more and give it another shoot, I’m sure you will ace it!

At the time of writing this article, these 4 exams are still in Beta. Beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. It usually takes around 2-3 weeks after the exam is out of Beta for you to take the score.

 

What does this mean for the actual AZ-500: Microsoft Azure Security Technologies and MS-500: Microsoft 365 Security Administration exams?
Well in short it means nothing. Both AZ-500 and MS-500 are generic security exams and certifications for Azure and Microsoft 365. The SC portfolio is more detailed and target at specific roles that cross the Azure and M365 space – Identity, Information Protection, …

 

Hope you enjoyed this post about the new Microsoft Security certifications and if you have questions just comment or ping me over social networks!