When a security incident is detected on the Azure cloud platform, forensic investigators must examine the log data collected from various sources. If a VM is found to be affected, it is important to take a snapshot of the OS disk of the VM for further investigation. This session discusses the forensic acquisition methodology of an Azure VM and discusses an assumed scenario to divide the whole process into multiple steps.
Azure AD incident response explores how Azure AD investigates, manages and responds cybersecurity incidents. It involves skills, knowledge and experience with best practices to protect Azure Active Directory on day to day IR operations, remediation techniques and describes Azure AD incident response – life cycle, proces and tools.
Entra ID is the core of any secure solution you will build on Azure. You need to know verify who is accessing your systems, what they have access to, and monitor how they are using your solutions