 Hey everybody, stay tuned today where I'm going to be interviewing Yuri from the Azure Security Center team, and we'll be talking about Azure Security Center, Azure Defender, and also Yuri's going to share some of his tips on how to actually study and pass the AZ500 exam. Welcome to today's Azure Unblogged. I am joined by Yuri from the Azure Security Team. Welcome to the show today, Yuri. Hey, thank you very much for having me here today, Sarah. Awesome. Security is one of those big topics that regardless of what size of organization you are and what technologies you're using, you have to think about it. But if your organization is starting their security strategy and they're having to think about it, where can they actually start? What's the best point of starting for them? Assuming that this journey is starting with the Cloud, they usually are migrating to the Cloud. What they usually need is visibility and control. They need to be able to, as they start migrating those resources to the Cloud, understand the secure posture of each workload, how well configured those workloads are from the hardening best practice perspective, and making sure that over time they continue to increase that secure posture. That's where Azure Security Center can add a lot of value is by helping them to have the right visibility, the right control, and ensuring that they are moving in the right direction to enhance the overall secure posture. You mentioned Azure Security Center and I definitely want to talk about that because it's a great tool. I've used it for some of my Cloud developments and deployments with customers. But if a customer is moving from on-prem to the Cloud, they probably have some security products or features or something enabled already. Does Azure Security Center complement that? Is it replacement? Where does that sit on that journey for a customer migrating, Yuri? It really depends what they use. Because one thing that the customer have to realize is that by moving to the Cloud, the threat landscape change quite drastically actually. The secure controls that they used to have on-prem for those workloads might not be fully applicable. So some secure controls they can preserve, like if it is a VM, then it's quite obvious that the anti-malware that they are using can be preserved on that VM. But if it is a storage, if it is a database, then they might start to looking at the options that are available in Secure Center to replace the secure controls because the on-prem secure controls are not probably applicable or does not really leverage the power of the Cloud. Because the whole advantage of using native secure controls in Azure Secure Center is because it's built in Azure. So it uses the entire elasticity of the signals and sensors that we have available in Azure. Azure Security Center is obviously native to Azure and works great with our Azure products, but it can also work kind of back the way it can to as well. It can also help secure and add some security protocols to your on-prem kind of resources as well. Is that right? Yeah. So they Azure Secure Center, in order to utilize in a hybrid environment, which means on-prem or even other Cloud providers, they have to upgrade to Azure Defender. Used to be called Azure Secure Center standard to your after Ignite we rebrand the whole product part of it, it's continued to be called Azure Secure Center, but Azure Secure Center now is a free tier, and when you upgrade it goes to Azure Defender. So the Azure Defender capabilities are the ones that can be leveraged for on-prem or different Cloud providers as well. So that was a question I actually wanted to ask you, because I heard Azure Defender mentioned at Ignite, but I wasn't sure if it was a new product or a name change, but I think from what you're saying there, it's actually just a name change in what we've already been offering customers. Is that right or if I got it wrong there? Yeah. I understand the confusion. Many people said, are you retiring Azure Secure Center and the answer is no. There is only one single portal, it's called Azure Secure Center. The change in the strategy it was to keep a seamless experience for the defender branding. So you have Azure Defender for servers, you have Azure Defender for Kubernetes, you have Azure Defender for storage. The branding is for the threat detection perspective. So now when you upgrade from free, there is no more the concept of standards here. Now the concept is Azure Defender because now you have the whole package of threat detection for the different workloads. Azure Defender is part of Secure Center. Azure Defender is not a different product. Azure Defender belongs to the Secure Center umbrella, it's just the upgraded version. Okay. Cool. That clears that up. Thank you for that. This year, I've noticed you've launched tons of new features and additions within Azure Security Center. I think off the top of my head, I remember you added asset inventory and secure score and multi-cloud support. What's been your favorite new feature that you've added to Azure Security Center, Yuri? I always look at Azure Secure Center in two major pillars, the Cloud Secure Posture Management, CSPM, and the Cloud Workload Protection Platform, the CWPP, which is Azure Defender. From the CSPM perspective, I think that inventory is the inventory is actually one of the major ones. It's really easy to search and to query for different resources, the current status, and also the integration with Azure Resource Graph is very powerful. You can start the inventory using that dashboard. If you needed to go deeper and create different filters, then you can just click on Open Query in ARG, and everything that you see on the screen will be used as a baseline to create a different query in ARG. That's very powerful. I really like that capability as well. We recently released, and actually, this was this week, next last week actually, the capability to export the Secure Score to the Log Analytics Workspace, which is using the Continuous Export feature. Now, you're using the Continuous Export, you can export the Secure Score, which is also something that I like. The capability to query the Secure Score via Azure Resource Graph is very powerful as well. These are the things that from the CSPM perspective, it helps a lot of customers to have visibility and to track progress over time. Now, from the Cloud Workload Protection Platform, one of the things that we release at Ignite is the continuous assessment of ACRs, container registries, and we continue to improve on our threat detections. We released recently the threat detections for SQL anywhere, which means that you can have a SQL on your machine in AWS or GCP, and by onboarding that SQL using Azure Arc, you will be able to use Azure Defender for SQL. That's why we call it anywhere, because it can be any Cloud provider on-prem or in Azure. We're going to have threat detection no matter what. Awesome. Sounds brilliant. Now, I know you've written tons and tons of books in the past, and I think you've got a new book that's either out or coming out, Yuri, is that right? Yeah. The new book is the AZ500 exam for Microsoft Press, the official one. It got delayed a little bit because towards the end of September, we had another update on the exam. It was a minimal update, but we had to readjust the book. The book was almost ready. It was actually going to be released in October. Then they sent these updates, hey, we have a new update on the exam objectives, and we have to basically restructure a part of the book, because they remove some stuff, they add some other stuff. But again, it caused delay, the book is now available for pre-order at microsoftpressstore.com and Amazon as well, and the date to be released will be now December between 25th and 28th, so around Christmas time. Awesome. I have to admit, the AZ500 exam is still one that I haven't attempted yet, Yuri. Do you have any tips for me in terms of what I should be thinking about, and if people are thinking about the AZ500 exam, who should be thinking about it? Is it for IT pros, devs, everybody? What's your take on that? Well, ideally, everyone that works with security should be taking the exam. That's point number one. But if you think broadly, everyone needs to know a little bit of security, right? So ideally, the dev, when he is creating his application, he should think about security and develop a secure code. The exam is very well-formatted for the IT pro that also needs the secure skills. So it's very infrastructure-oriented. There will be some automations, questions or using PowerShell, ARM template, things like that. But it's very heavily on the infrastructure. Now, it is a very broad exam. I know people that have been working with Azure for a long time that are currently on their third attempt for the exam. I just received a couple of emails saying, hey, I need this book to be out now because I failed twice. And I was like, okay. But it is a hard exam, to be very honest with you. It's not an easy exam. Usually, people that are very experienced, they still surprise. I actually record a podcast with Sara Young and Michael and Mark Simons about this. And they just passed the exam, like border edge, because they were like, wow, this is a very difficult exam. And we are talking about some folks that really know security. So it's not an easy exam. Do not underestimate the exam. There's a lot of Azure policy. And I think the challenge with the exam is the breadth, right? It's very broad, the scope. You have to know Azure Firewall, you have to know Security Center, Sentinel, Azure Blueprint, Azure Policy, VPN, networking. So it's very broad. It covers a lot of things. And all those things are covered from the infrastructure slash security standpoint. So do a lot of hands-on. Try to do some hands-on, because if you just study from the theory perspective, you might miss some points that you only see when you start doing some hands-on. Awesome. I think that's what I'll be doing over my Christmas holidays then, getting some hands-on experience for EZ 500. Thank you so much, Yuri, for your time today. I really appreciate it. And you've cleared up some of those misconceptions that I had around some of the products in our security range. Now, if you want to check out any of the resources or products that Yuri mentioned, please do check out our show description notes where we'll be posting some links. And remember to subscribe and like our channel for future content as well. So cheers, everybody.