- Chapter 1 – Welcome to the jungle: Why IT security affects everyone today
- 1.1 Welcome to the security jungle!
- 1.2 "I've got nothing to hide" Or do you?
- 1.3 Passwords on Post-its and other everyday crimes
- 1.4 Why Microsoft and why the cloud?
- 1.5 What you won't find here (and what you will)
- Chapter 2 – Small cause, big effect: Why safety is also a must for "the little guys"
- 2.1 Cybercriminals love small and medium-sized businesses because it's so easy
- 2.2 How much does an attack cost? Spoiler: more than just money
- 2.3 Laws, rules and other killjoys
- 2.4 Why monitoring is not an option, but a must
- 2.5 The new safety triangle: technology, processes, people
- Chapter 3 – What do we actually have? The IT inventory as the basis of every security strategy
- 3.1 IT inventory with a wink: The digital attic
- 3.2 Who uses what and who is actually allowed to do what?
- 3.3 Password chaos, Excel lists and administrator "secret knowledge"
- 3.4 Tools and methods for taking stock
- 3.5 How to get to know your IT better than your coffee machine
- Chapter 4 – Systematic protection: How to recognise what is really important
- 4.1 The big question: What is worth protecting?
- 4.2 From smart TVs to customer lists: A reality check
- 4.3 Protection requirements explained simply: The three-cheese method
- 4.4 Risk analysis light: The pragmatic option for decision-makers
- 4.5 From goal to roadmap: What follows from the need for protection?
- Chapter 5 – Microsoft as a security provider: From the Word corporation to digital bodyguard
- 5.1 Microsoft's security strategy in one sentence: "Connect and monitor everything"
- 5.2 Azure, Microsoft 365, Entra, Defender, Sentinel, Purview
- Microsoft Entra (formerly Azure AD)
- Microsoft Defender (XDR)
- Microsoft Sentinel (SIEM/SOAR)
- Microsoft Purview
- Azure Security Services
- 5.3 A heart for administrators: The Defender XDR universe explained
- What does XDR do?
- Why administrators love it (or should love it)
- Chapter 5.4 – Zero Trust: Trust is good, control is better
- 5.4 Automation with Azure Functions & Logic Apps
- Logic Apps: Automation with a modular approach
- Azure Functions: When things get a little more complex
- 5.5 Microsoft Purview: Data protection with transparency
- What exactly does Purview do?
- Why this is important
- Typical use cases
- Chapter 5.6 – On-premises, hybrid & data security, control even outside the cloud
- 5.7 Azure Firewall: The guardian at the border, but not always the best choice
- Criticisms in everyday use, 2025 edition
- When Azure Firewall still makes sense
- 5.8 Entra Domain Services (AAD DS): Secure legacy protocols from the cloud
- What is Entra Domain Services?
- Why is this important?
- 5.9 Zero-trust remote access without VPN: Entra Global Secure Access (Private Access)
- What is Entra Private Access?
- Advantages over traditional VPN
- Why this is relevant
- 5.10 Always On VPN vs. Entra Private Access: A quick and clear decision
- Always On VPN – what are the advantages?
- Entra Private Access, what are the advantages?
- Decision guide – When what?
- Chapter 6 – Access only with security badge: identities, access & passwords reimagined
- 6.1 Why your password "Breakfast2023!" is not a good idea
- Why passwords are a risk
- The modern solution: passwordless authentication
- 6.2 MFA is not an obstacle, but the best insurance in the IT world
- Why MFA is so important
- How does MFA work?
- Objections vs. reality
- Best practices for MFA in companies
- 6.3 Microsoft Entra ID: The cloud's gatekeeper
- What is Entra ID?
- Features at a glance
- Why this is important
- What changes for administrators
- Hybrid reality: both in use?
- Why a switch can make sense
- What is a "custom domain"?
- Domain sharing: multiple brands, one tenant
- Typical use cases
- What needs to be considered?
- Alternative: Multiple tenants?
- 6.4 Privileged Identity Management: Temporary admin rights
- Why this is so dangerous
- The solution: Privileged Identity Management (PIM)
- What PIM can do specifically
- Best practice
- 6.5 Self-service & password reset: The rescue of the helpdesk
- How does it work?
- Important note: security questions
- What are the benefits?
- Bonus: Reporting & monitoring
- 6.6 Password manager vs. Post-it note on the monitor
- What is the problem?
- The solution: password managers
- Team management & access rights
- Relevant solutions (also with regard to NIS2)
- And importantly:
- 6.7 Conditional access: rules instead of gut feeling
- What is conditional access?
- Why this is important
- Bonus: Report & simulation
- 6.8 Normal user accounts for scripts, tools and services – a nightmare waiting to happen
- The problems at a glance
- The better solution: Proper service accounts + Azure Managed Identity
- 6.9 Entra ID Protection: Identify risks before they hit
- What is Entra ID Protection?
- What risks are detected?
- Response according to policy
- Reporting included
- 6.10 SSPR & MFA registration: Self-service saves admin nerves
- What is SSPR?
- The advantages at a glance
- Registration enforcement, mandatory rather than optional
- Typical methods
- 6.1 Why your password "Breakfast2023!" is not a good idea
- Chapter 7 – Today's workplace: mobile, modern and full of security pitfalls
- 7.1 The modern workplace: anywhere, anytime, and dangerously naive?
- What often goes wrong in everyday life
- Why companies need to take action
- 7.2 Defender for Endpoint: The bodyguard for your notebook
- What is Defender for Endpoint?
- What exactly can the tool do?
- Bonus: Vulnerability management with MDVM
- Practical example:
- What does hardening mean?
- Why all this?
- 7.3 Microsoft Intune: The remote control for all devices
- What is Microsoft Intune?
- What exactly can Intune do?
- Intune + Entra = Smart access
- Real-world examples
- The modern version with Intune & Autopilot:
- What is Autopilot?
- Hybrid join sounds good, but it's complex
- But this is where the challenge begins:
- Configure the connector correctly
- An overview of the most important Intune profile types
- The Settings Catalogue, the new control centre
- The proliferation: Why app control is important
- Block the Microsoft Store
- What is Kiosk Mode?
- What is Device Enrollment Manager (DEM)?
- 7.4 Updates, patches, policies: No fun, but necessary
- What is the problem?
- The solution: automation & control
- Bonus: compliance & reporting
- Why BitLocker?
- Entra & Intune: Centralised control over BitLocker
- Why this is important
- 7.5 Device security vs. user-friendliness, a balancing act
- Typical conflicts in everyday life
- The path to balance
- Here's how to do it better:
- Clear communication, the underestimated lever
- 7.6 Small measures, big impact: 10 simple things with a big impact
- 7.7 Azure Virtual Desktop, the secure workplace from the cloud
- What is Azure Virtual Desktop (AVD)?
- Advantages for IT
- Advantages for users
- Security bonus
- Two paths to the virtual workplace
- 7.8 Local admin rights under control: Endpoint privilege management vs. LAPS
- Why local admin rights are dangerous
- Solution 1: LAPS – Local Administrator Password Solution
- When to use
- Solution 2: Endpoint Privilege Management (EPM)
- Chapter 8 – When there's a fire, you need to see it: Monitor, detect and respond with Microsoft Sentinel & Co.
- 8.1 Microsoft Sentinel: The control centre for modern threats
- What does SIEM/SOAR mean?
- What Sentinel collects and analyses
- What makes Sentinel special
- 8.2 What is an incident? From suspicion to real problem
- From signal to incident
- What Sentinel does here
- Advantages for IT
- 8.3 Correlation is not a mathematical problem: How Sentinel detects real threats
- What does correlation mean in Sentinel?
- Example: The inconspicuous colleague becomes a risk
- What Sentinel does here
- Why this is better than traditional systems
- 8.4 Respond automatically: Playbooks, Logic Apps & Azure Functions
- The tools of choice
- Practical example: Phishing & response
- Advantages of automation
- 8.5 Extended Detection & Response: See the big picture with Defender XDR
- What is Defender XDR?
- Example: A small phishing email, big impact, or not
- Advantages of Defender XDR
- What is shadow IT?
- Why is this dangerous?
- How does this work technically?
- Typical use cases
- 8.6 Advanced Hunting: Security for nerds, but with impact
- Where can you hunt?
- What can you do with it?
- Example query in KQL
- Why this is so powerful
- 8.7 The best playbooks, rules and tips from practice
- Must-have playbooks (can be automated in Sentinel)
- Rules & tips for everyday use
- Combine for greater impact
- Connect Health: The bridge between local AD and Entra
- Licence matrix: What is possible with P1? What is only possible with P2?
- 8.9 Microsoft Defender for Endpoint for non-enrolled devices: Making shadows visible
- What are "non-enrolled" devices?
- The solution: Microsoft Defender for Endpoint (MDE) for non-enrolled devices
- Why this is important
- Setup & requirements
- 8.1 Microsoft Sentinel: The control centre for modern threats
- Chapter 9 – NIS2, KRITIS & compliance. When security becomes mandatory
- 9.1 What is NIS2 and who does it really affect?
- What is NIS2?
- Who does NIS2 affect?
- What does NIS2 require?
- Why this is important
- 9.2 KRITIS & Co: When the state has a say and rightly so
- What is KRITIS?
- Companies of particular public interest (UBI)
- What does the law require?
- And what does this have to do with Microsoft?
- 9.3 What NIS2 specifically requires and how Microsoft can help
- The 10 key obligations under NIS2
- How Microsoft helps
- Recommendation for implementation
- 9.4 How to make compliance visible for authorities, customers and internal audits
- What needs to be verifiable?
- Tools for greater visibility
- Pro tips from practice
- 9.1 What is NIS2 and who does it really affect?
- Chapter 10 – Safety myths debunked: 5 phrases that can cost you your head and data
- 10.1 "We don't have anything anyone would want to steal"
- Why this statement is so wrong
- Reality instead of wishful thinking
- How to eliminate this misconception
- 10.2 "We have antivirus software, that's enough"
- Why antivirus alone is no longer enough
- What is needed instead
- Reality: Antivirus is just one module today
- 10.3 "Updates? We'll do them sometime"
- Why this is dangerous
- Real-world examples
- The solution: patch management
- Bonus: Automatic vulnerability scoring
- 10.4 "The cloud is insecure"
- What is really "insecure"
- Why the cloud can actually be more secure
- The bigger problem: 'shared responsibility'
- What you really need
- 10.5 "We don't have a plan, but we have technology"
- The problem: technology without context
- Why strategy is crucial
- What you need: A security concept
- 10.1 "We don't have anything anyone would want to steal"
- Chapter 11 – Security is a matter for the boss: planning, budget and common sense
- 11.1 Security projects don't start in IT, they start in the mind
- The fallacy
- Why this is so important
- What successful projects have in common
- First steps, in concrete terms
- 11.2 From actual to target: Maturity models, security score & risk analysis
- Maturity models: guidance instead of opinion
- Secure Score: The easy way to get started
- Risk analysis, but in business language, please
- The advantage of a clear ACTUAL/TARGET comparison
- 11.3 Who needs to be involved? Roles, responsibilities and typical conflicts
- Typical roles in a security project
- Typical conflicts
- How to resolve this
- 11.4 How much does security cost? Why the budget issue is not as difficult as it seems
- Why security (supposedly) seems expensive
- How to get the budget anyway
- 11.5 How to convince management and colleagues: communication instead of IT jargon
- The challenge
- How to talk to management
- This is how you convince your colleagues
- Communication channels that work
- 11.6 Social engineering: when the hacker hacks you instead of the server
- What is social engineering?
- A classic example from real life
- Why this works
- Protective measures without technology
- 11.1 Security projects don't start in IT, they start in the mind
- Chapter 12 – Overview, orientation, recommendations: What suits whom and why?
- 12.1 Overview of the most important Microsoft security services
- Microsoft Defender family – The XDR basis
- Microsoft Entra – identity and access control
- Microsoft Sentinel – The SIEM of the cloud
- Microsoft Purview – governance, DLP & compliance
- 12.2 Recommendations for small, medium and large enterprises
- Small companies (up to ~50 employees)
- Medium-sized companies (~50–300 employees)
- Large companies (300+ employees / KRITIS / international)
- 12.3 Platform coverage & BYOD guidelines
- What Microsoft Defender (XDR) covers today
- BYOD – blessing or risk?
- The guidelines you should set
- 12.4 Comparison of other tools, services and password managers
- Password managers compared, with a view to NIS2
- Additional tools
- What NIS2 expects here
- 12.5 Recommendations for external partners, consulting and 24/7 support
- When external help makes sense
- What roles exist (and what they should do)
- What you should look for in partners
- Bonus tip: Partner agreement = security agreement
- Bonus material
- Windows 11 & Azure Hybrid Join: How login works
- Emergency? And no one knows the number?
- Mini checklist: Getting started with zero trust in your organisation
- Final word: Security is not a state, but a process.
- 12.1 Overview of the most important Microsoft security services