Microsoft Azure Security For Beginners

Public-facing applications are common targets for hackers and malicious users. In this course you will gain the ability to prevent these attacks by leveraging Microsoft Azure’s powerful security services. First, you will learn to eliminate sensitive service credentials from your app code by using Managed Identities (MSI). Next, you will discover how Network Security Groups (NSG) and Application Security Groups (ASG) are used to control inbound and outbound traffic for virtual networks and virtual machines. Finally, you will explore how to protect Azure app service deployments from common attacks such as SQL injection and XSS by using Web Application Firewalls (WAF) and App Service Environments (ASE). When you are finished with this course, you will have the skills and knowledge of Azure security services needed to protect your applications in Microsoft Azure.

Who This Course Is For:

• Cloud Engineers
• DevOps Engineers
• Cybersecurity Analysts
• Network Security Engineers
• System Administrators
• Data Scientists
• Data Engineers
• Machine Learning Engineers
• Big Data Architects
• Solutions Architects
• Programmers

Manage identity and access (30-35%)

Manage Azure Active Directory identities

configure security for service principals

manage Azure AD directory groups

manage Azure AD users

manage administrative units

configure password writeback

configure authentication methods including password hash and Pass Through

Authentication (PTA), OAuth, and passwordless

transfer Azure subscriptions between Azure AD tenants

Configure secure access by using Azure AD

monitor privileged access for Azure AD Privileged Identity Management (PIM)

configure Access Reviews

configure PIM

implement Conditional Access policies including Multi-Factor Authentication (MFA)

configure Azure AD identity protection

Manage application access

create App Registration

configure App Registration permission scopes

manage App Registration permission consent

manage API access to Azure subscriptions and resources

Manage access control

configure subscription and resource permissions

configure resource group permissions

configure custom RBAC roles

identify the appropriate role

apply the principle of least privilege

interpret permissions

check access

Implement platform protection (15-20%)

Implement advanced network security

secure the connectivity of virtual networks (VPN authentication, Express Routeencryption)

configure Network Security Groups (NSGs) and Application Security Groups (ASGs)

create and configure Azure Firewall

implement Azure Firewall Manager

configure Azure Front Door service as an Application Gateway

configure a Web Application Firewall (WAF) on Azure Application Gateway

configure Azure Bastion

configure a firewall on a storage account, Azure SQL, Key Vault, or App Service

implement Service Endpoints

implement DDoS protection

Configure advanced security for compute

configure endpoint protection

configure and monitor system updates for VMs

configure authentication for Azure Container Registry

configure security for different types of containers

implement vulnerability management

configure isolation for AKS

configure security for container registry

implement Azure Disk Encryption

configure authentication and security for Azure App Service

configure SSL/TLS certs

configure authentication for Azure Kubernetes Service

configure automatic updates

Manage security operations (25-30%)

Monitor security by using Azure Monitor

create and customize alerts

monitor security logs by using Azure Monitor

configure diagnostic logging and log retention

Monitor security by using Azure Security

Center evaluate vulnerability scans from Azure Security Center

configure Just in Time VM access by using Azure Security Center

configure centralized policy management by using Azure Security Center

configure compliance policies and evaluate for compliance by using Azure Security

Center

configure workflow automation by using Azure Security Center

Monitor security by using Azure Sentinel

create and customize alerts

configure data sources to Azure Sentinel

evaluate results from Azure Sentinel

configure a playbook by using Azure Sentinel

Configure security policies

·configure security settings by using Azure Policy

configure security settings by using Azure Blueprint

Secure data and applications (20-25%)

Configure security for storage

configure access control for storage accounts

configure key management for storage accounts

configure Azure AD authentication for Azure Storage

configure Azure AD Domain Services authentication for Azure Files

create and manage Shared Access Signatures (SAS)

create a shared access policy for a blob or blob container

configure Storage Service Encryption

configure Azure Defender for Storage

Configure security for databases

enable database authentication

enable database auditing

configure Azure Defender for SQL

configure Azure SQL Database Advanced Threat Protection

implement database encryption

o implement Azure SQL Database Always Encrypted

Configure and manage Key Vault

manage access to Key Vault

manage permissions to secrets, certificates, and keys

configure RBAC usage in Azure Key Vault

manage certificates

manage secrets

configure key rotation

backup and restore of Key Vault items

configure Azure Defender for Key Vault

This practice test will help you prepare and pass the real official exam test environment. Questions include:

• Answers with detailed explanation.
• Reference links to official and unofficial documentation.
• Illustrations to prepare for the exam.

Join us and get ready to pass!! 🙂