Lab 24 – Cloud Compliance & Audit Automation

This lab focuses on automating compliance and audit workflows in Azure. You’ll configure Defender for Cloud recommendations, build compliance dashboards, automate audit exports, and integrate alerts into your SIEM.

• Outcome 1: Defender for Cloud recommendations reviewed and automated.
• Outcome 2: Compliance dashboards created in Azure Monitor.
• Outcome 3: Audit logs exported automatically.
• Outcome 4: SIEM integration validated for compliance alerts.

• DL24.1: Defender for Cloud recommendations reviewed and remediated.
• DL24.2: Compliance dashboard created.
• DL24.3: Automated audit‑log export configured.
• DL24.4: SIEM integration validated.
• DL24.5: Documentation updated with screenshots and findings.

1. Navigate to Defender for Cloud → Recommendations.
2. Review:
   • Secure Score
   • Identity & Access recommendations
   • Data & Storage recommendations
3. Remediate or document exceptions.

1. Open Azure Monitor → Workbooks.
2. Create a new workbook with:
   • Secure Score trend
   • Policy compliance
   • Identity risk events
   • Resource‑level compliance
3. Save and publish dashboard.

1. Navigate to Azure AD → Audit Logs.
2. Configure export to:
   • Log Analytics Workspace
   • Storage Account
   • Event Hub (optional)
3. Validate log ingestion.

1. Configure alerts for:
   • Non‑compliant resources
   • Identity risk events
   • Policy violations
2. Send alerts to SIEM via:
   • Log Analytics
   • Event Hub
3. Validate alert ingestion and correlation.

• Compliance: How Azure enforces and monitors cloud standards.
• Automation: How audit logs and alerts can be exported automatically.
• Visibility: How dashboards reveal posture and risk trends.

With this lab, you’ve completed Month 6 and built a strong foundation in cloud security, identity protection, and compliance automation. You’re now ready to move into **Month 7 – Threat Intelligence & Automation**.