{"id":37121,"date":"2020-09-14T16:00:05","date_gmt":"2020-09-14T16:00:05","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=91853"},"modified":"2020-09-14T16:00:05","modified_gmt":"2020-09-14T16:00:05","slug":"microsoft-security-use-baseline-default-tools-to-accelerate-your-security-career","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-security-use-baseline-default-tools-to-accelerate-your-security-career\/","title":{"rendered":"Microsoft Security: Use baseline default tools to accelerate your security career"},"content":{"rendered":"

I wrote a series of blogs last year on how gamified learning through cyber ranges can create more realistic and impactful cybersecurity learning experiences and help attract tomorrow\u2019s security workforce. With the global talent shortage in this field, we need to work harder to bring people into the field. This blog is for new cyber professionals or perhaps younger aspirants considering getting into cyber. From an employee\u2019s perspective, it can seem daunting to know where to start, especially when you\u2019re entering an organization with established technology investments, priorities, and practices. Having come to this field later in my career than others, I say from experience that we need to do a better job collectively in providing realistic and interesting role-based learning, paths toward the right certifications and endorsements, and more definitive opportunities to advance one\u2019s career.<\/p>\n

I\u2019m still a big fan of gamified learning, but if gaming isn\u2019t your thing, then another way to acquire important baseline learning is to look at simpler, more proactive management tools that up-level different tasks and make your work more efficient. Microsoft has recently released two important cloud security posture management tools that can help a newer employee quickly grasp basic yet critically important security concepts AND show immediate value to your employer. They\u2019re intuitive to learn and deserve more attention.  I\u2019m talking about Azure Security Defaults<\/a> and Microsoft Secure Score<\/a> (also including Azure Secure Score<\/a>). While tools like these don\u2019t typically roll off the tongue, and your experience won\u2019t grab you like an immersive gaming UI, their purpose-built capabilities that focus on commonly-accepted cyber hygiene best practices reinforce solid foundational practices that are no less important than SecOps, incident response, or forensics and hunting. Learning how to use these tools can make you a champion and influencer, and we encourage you to learn more below. These capabilities are also built directly into our larger Azure and M365 services, so by using built-in tools, you\u2019ll help your organization maximize its investments in our technologies and help save money and reduce complexity in your environment.<\/p>\n

Azure Security Defaults<\/strong> is named for what it does\u2014setting often overlooked defaults. With one click, you automatically enable several foundational security controls that if left unaddressed are convenient and time-tested targets for attackers to go after your organization. One question that I frequently receive is why Microsoft doesn\u2019t simply pre-configure these settings by default and force customers to turn them off. Several large, high-threat customers have asked specifically that we do that. It\u2019s tempting, but until or unless we make such a move, this is a great self-service add-on. As explained in this blog<\/a>, ASD does the following:<\/p>\n