Microsoft 365 and Azure Compliance Bootcamp – Healthcare

During this class, attendees will acquire skills and knowledge related to security controls, security postures and the proper identification and remediation of vulnerabilities by using available tools in Microsoft 365 and Azure.  

  • This course includes content from both AZ500 and SC-400. 
  •  Courseware, labs, and exam vouchers will be provided for each course.  
  • This is a 200level course.
Days : 3
Price :

Ce produit est actuellement en rupture et indisponible.

Description

Course Content

HIPPA Course Mapping  

This course will help attendees understand the security technologies available within Azure and M365 so they can stay compliant with HIPAA. Here we have some example controls and the relatable modules that we will cover in this course.   

  • Rolebased access control is implemented and capable of mapping each user to one or more roles, and each role to one or more system functions. 
    • Module 1, Lesson: Secure Identities and Manage RBAC 
  • The organization limits authorization to privileged accounts on information systems to a predefined subset of users. 
    • Module 1, Lesson: Configure Azure Active Directory for Azure Workloads and Subscriptions 
  • Strong authentication methods such as multifactor, Radius or Kerberos (for privileged access) and CHAP (for encryption of credentials for dialup methods) are implemented for all external connections to the organizations network. 
    •  Module 1, Lesson: Secure Identities and Manage RBAC 
  • Access to management functions or administrative consoles for systems hosting virtualized systems are restricted to personnel based upon the principle of least privilege and supported through technical controls 
    • Module 3, Lesson: Implement Host Security and Update Management 

  • The organization’s security gateways (e.g., firewalls) enforce security policies and are configured to filter traffic between domains, block unauthorized access, and are used to maintain segregation between internal wired, internal wireless, and external network segments (e.g., the Internet) including DMZs and enforce access control policies for each of the domains.
    • Module 3, Lessons: Build and Secure Network, Implement Platform Security

       

  • The organization ensures the security of information in networks, availability of network services and information services using the network, and the protection of connected services from unauthorized access.

    • Module 3, Lesson: Configure Security Policies by Using Microsoft Defender for Cloud

  • Agreed services provided by a network service provider/manager are formally managed and monitored to ensure they are provided securely.
    • Module 3, Lesson: Build and Secure Network 

HIPAA and the HITECH Act are U.S. laws that govern the security and privacy of individually identifiable health information stored or processed electronically. This information is referred to as electronic protected health information (ePHI). HIPAA refers to healthcare providers, payors and clearinghouses that use or process ePHI as covered entities. Under HIPAA and the HITECH Act, covered entities must implement mandated physical, technical, and administrative safeguards to protect ePHI. Certain service providers that store or process ePHI on behalf of covered entities are called business associates. Covered entities must ensure that their business associates implement similar security and privacy safeguards. 

  • Retain ePHI compliance supporting documentation
    • Module 2, Lesson: Archiving and Retention 
  • Apply sensitivity labels to protect ePHI
    • Module 2, Lesson: Configure and apply Sensitive labels 

Lastly, you will need tools that helps you manage your organization’s compliance requirements with greater ease and convenience.

  • Module 4, Lesson: Compliance in M365

 

Who should attend

The security administrator will collaborate with EP Admins, stakeholders, and other managers implementing the security strategies needed by the organization. The Security administrator is familiar with Microsoft 365 workloads and hybrid environments. This role has strong skills and experience with identity protection, information protection, threat protection, security management and data governance. This role has communication with Chief Information Security Officers (CISOs), Chief Risk Officers (CROs), Chief Privacy Officers (CPOs), Chief Compliance Officers (CCOs), IT professionals, and security specialists.

Prerequisites

This is a 200level course. Attendees should take AZ-900 and SC-900 prior to attending or be familiar with: 

  • Understanding of Azure (Intermediate desired) 
  • Basic Understanding of O365
  • Experience with Windows 10 
  • Understanding of Authorization and Authentication 
  • Understanding of Networking 

Outline: Microsoft 365 and Azure Compliance Bootcamp  Healthcare (M365-AZ-CB)

Module 1: Identity and Access

  Lessons

  • Configure Azure Active Directory for Azure Workloads and Subscriptions
    • Register Devices with Azure AD 
  •  Configure Azure AD Privileged Identity Management 
  • Secure Identities and manage RBAC 
    • Least Privilege 
    • MFA 
    • Azure Conditional Access Policies 

Module 2: Information protection, DLP and Governance 

  Lessons

      

  • Classify Your Data 
  • Configure and Apply Sensitive Labels 
  • Configure Trainable Classifiers 
  • Create and Manage DLP Policies 
  • Configure and Implement Retention Labels 
  • Archiving and Retention 
  • Content Search and Investigation 
  • Cloud App Security  
  • Secure Information with MDM and MAM 

Module 3: Platform Protection

   Lessons

      

  • Understand Cloud Security 
  • Build and Secure Network
    • Network Security Groups
    • VPN Gateway
    • ExpressRoute 
  • Implement Host Security and Update Management 
  • Implement Platform Security
    • Application Gateway
    • WAF 
    • Azure Firewall 
  • Configure Security Services
    • Azure Sentinel
    • Azure Private Links 
  •  Configure Security Policies by Using Microsoft Defender for Cloud 
  • Manage Security Alerts 
  • Configure Security for Data Infrastructure 
  • Configure Encryption for Data at Rest 
  • Configure and Manage Azure Key Vault 

Module 4: Compliance in M365

  Lessons

      

  • Compliance Center 
  • Compliance Manager 
  • Service Trust Portal