HOTSPOT -
Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII).
The company plans to use Microsoft Information Protection for the PII data store in Azure.
You need to recommend a solution to discover PII data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: Azure Purview -
Microsoft Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data.
Microsoft Purview allows you to:
Create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage.
Enable data curators to manage and secure your data estate.
Empower data consumers to find valuable, trustworthy data.
Box 2: Microsoft Defender for Cloud
Microsoft Purview provides rich insights into the sensitivity of your data. This makes it valuable to security teams using Microsoft Defender for Cloud to manage the organization's security posture and protect against threats to their workloads. Data resources remain a popular target for malicious actors, making it crucial for security teams to identify, prioritize, and secure sensitive data resources across their cloud environments. The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data.
References:
https://docs.microsoft.com/en-us/azure/purview/overview
https://docs.microsoft.com/en-us/azure/purview/how-to-integrate-with-azure-security-products
Purview and Defender for cloud
The answer is correct, but it's the first time I know about Azure Purview, I thought it should be Microsoft Purview,
Azure Preview is changed to Microsoft Purview ( the ans is Correct)
1. Azure Purview 2. Microsoft Defender for Cloud https://learn.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide Defender for Cloud collects, analyzes, and integrates log data from your Azure, hybrid, and multicloud resources, the network, and connected partner solutions, such as firewalls and endpoint agents. Defender for Cloud uses the log data to detect real threats and reduce false positives. A list of prioritized security alerts is shown in Defender for Cloud along with the information you need to quickly investigate the problem and the steps to take to remediate an attack.
as per my knowledge, it should be Purview and for alerting it should be Azure Monitor, Because Purview is integrated with Azure Monitor for Alerting.
Correct: Azure Purview Defender for Cloud Note the new name change as of April 2022: Microsoft Purview—a comprehensive set of solutions from Microsoft to help you govern, protect, and manage your entire data estate. By bringing together the former Azure Purview and the former Microsoft 365 Compliance portfolio under one brand and over time, a more unified platform, Microsoft Purview can help you understand and govern the data across your estate, safeguard that data wherever it lives, and improve your risk and compliance posture in a much simpler way than traditional solutions on the market today.
Seems like the answer is correct: Prioritize security actions by data sensitivity, https://docs.microsoft.com/en-us/azure/defender-for-cloud/information-protection. As to Azure SQL Database Azure SQL Managed Instance Azure Synapse Analytics (Azure resources as well): https://docs.microsoft.com/en-us/azure/azure-sql/database/data-discovery-and-classification-overview?view=azuresql
correct answers , Microsoft Purview is the new name for Azure Purview https://learn.microsoft.com/en-us/azure/defender-for-cloud/information-protection
There is nothing called Azure Purview. Correct name if Microsoft Purview and MDC is correct
Azure Purview and Defender for Cloud are the correct answers. https://learn.microsoft.com/en-us/azure/purview/register-scan-azure-multiple-sources https://learn.microsoft.com/en-us/azure/purview/how-to-integrate-with-azure-security-products
・Purview ・Microsoft Defender for Cloud Apps The reason for choosing Microsoft Defender for Cloud Apps is the need for features that visualize cloud application usage and protect data to triage security alerts related to resources containing PII data. Defender for Cloud Apps enhances cloud application security and provides data loss prevention (DLP), shadow IT detection, and compliance evaluation. Defender for Cloud focuses on managing the security of the entire Azure environment, Defender for Cloud Apps specializes in the security and data protection of cloud applications.
This is trick question due to integration with Defender for Cloud and PII data in Azure environment. So: Azure Purview and Microsoft Defender for Cloud
Purview and Defender for Cloud; "The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data. Classifications and labels applied to data resources in Microsoft Purview are ingested into Microsoft Defender for Cloud, which provides valuable context for protecting resources. Microsoft Defender for Cloud uses the resource classifications and labels to identify potential attack paths and security risks related to sensitive data. The resources in the Defender for Cloud's Inventory and Alerts pages are also enriched with the classifications and labels discovered by Microsoft Purview, so your security teams can filter and focus to prioritize protecting your most sensitive assets."
File policy integration with MIP in Microsoft Defender for Cloud App for sensitivity labels. In this case alerts are created when match is encountered. The alert is also found in the MDCA Ans: Azure/Microsoft Purview & Microsoft Defender for Cloud Apps
on second box I would select - cloud apps
I do understand why you could suggest Defender for Cloud Apps. But as far as I can tell, there is no explicit integration with Azure (in M365 it works very well). https://docs.microsoft.com/en-us/defender-cloud-apps/azip-integration
MS Defender for Cloud Apps is a CASB - so I dont see a "triage" action relevance