Objective:
To design and operate a hybrid security operations environment using Microsoft Defender XDR suite and Sentinel, aligned with the SC-200 Security Operations Analyst certification.
Environment Setup:
- On-premises: Kali Linux (host), Windows Server Active Directory (AD), VMWare Windows 11 VM
- Cloud: Workstations- Azure Linux VM, AWS Windows VM
Project Activities:
- Identity & Access Management (IAM):
- Set up a Windows Server Domain Controller and implemented basic Group Policy Object (GPO) security policies.
- Configured a hybrid identity setup, joining test VMs to both on-premises AD and Entra ID.
- Tested device compliance policies through Intune integration.
- Monitored identity-based threats using Microsoft Defender for Identity.
- Defender based Security Configurations:
- Deployed Microsoft Defender for Endpoint, Defender for Office 365, and Defender for Identity for advanced threat detection, EDR, and email protection.
- Integrated Defender for Endpoint with Entra ID and Intune for unified security management.
- Used Microsoft Defender Vulnerability Management for continuous asset discovery, risk-based vulnerability assessment and remediation in VMs.
- Improved Microsoft Secure Score by implementing recommended security controls (MFA, device compliance, conditional access), achieving measurable posture gains.
- SIEM Integration (Microsoft Sentinel):
- Connected the on-premises Windows Server to Azure Arc-enabled server and ingested logs into Microsoft Sentinel.
- Integrated AWS CloudTrail logs with Microsoft Sentinel for cross-cloud visibility.
- Implemented custom detection rules and practised threat hunting using KQL.
- Practiced incident response workflows, including alert triage, investigation and automated remediation in Defender XDR.
Key Skills Practiced:
- Endpoint Detection and Response (EDR) using the Microsoft Defender XDR suite (Endpoint, Identity, Entra ID protection, Office 365)
- Authentication and Identity Management (IAM), Active Directory, Entra ID, Intune configuration and management.