Microsoft Azure Security Technologies

Secure Azure solutions with Azure Active Directory

Explore how to securely configure and administer your Azure Active Directory instance.

• Explore Azure Active Directory features
• Self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services
• Azure AD DS and self-managed AD DS
• Azure AD DS and Azure AD
• Investigate roles in Azure AD
• Azure AD built-in roles
• Deploy Azure AD Domain Services
• Create and manage Azure AD users
• Manage users with Azure AD groups
• Configure Azure AD administrative units
• Implement passwordless authentication
• Explore Try-This exercises

Implement Hybrid identity

Explore how to deploy and configure Azure AD Connect to create a hybrid identity solution for your company.

• Deploy Azure AD connect
• Explore authentication options
• Configure Password Hash Synchronization (PHS)
• Implement Pass-through Authentication (PTA)
• Deploy Federation with Azure AD
• Explore the authentication decision tree
• Configure password writeback

Deploy Azure AD identity protection

Protect identities in Azure AD using Conditional Access, MFA, access reviews, and other capabilities.

• Explore Azure AD identity protection
• Configure risk event detections
• Implement user risk policy
• Implement sign-in risk policy
• Deploy multifactor authentication in Azure
• Explore multifactor authentication settings
• Enable multifactor authentication
• Implement Azure AD conditional access
• Configure conditional access conditions
• Implement access reviews
• Explore try-this exercises

Configure Azure AD privileged identity management

Ensure that your privileged identities have extra protection and are accessed only with the least amount of access needed to do the job.

• Explore the zero trust model
• Review the evolution of identity management
• Deploy Azure AD privileged identity management
• Configure privileged identity management scope
• Implement privileged identity management onboarding
• Explore privileged identity management configuration settings
• Implement a privileged identity management workflow
• Explore Try-This exercises

Design an enterprise governance strategy

Learn to use RBAC and Azure Policy to limit access to your Azure solutions, and determine which method is right for your security goals.

• Review the shared responsibility model
• Explore the Azure cloud security advantages
• Review Azure hierarchy of systems
• Configure Azure policies
• Enable Azure role-based access control (RBAC)
• Compare and contrast Azure RBAC vs Azure policies
• Configure built-in roles
• Enable resource locks
• Deploy Azure blueprints
• Design an Azure subscription management plan
• Explore Try-This exercises

Implement perimeter security

Prevent attacks before they get to your Azure solutions. Use the concepts of defense in depth and zero trust to secure Azure perimeter.

• Define defense in depth
• Explore virtual network security
• Enable Distributed Denial of Service (DDoS) Protection
• Configure a distributed denial of service protection implementation
• Explore Azure Firewall features
• Deploy an Azure Firewall implementation
• Configure VPN forced tunneling
• Create User Defined Routes and Network Virtual Appliances
• Explore hub and spoke topology
• Perform try-this exercises

Configure network security

Use Azure network capabilities to secure your network and applications from external and internal attacks.

• Explore Network Security Groups (NSG)
• Deploy a Network Security Groups implementation
• Create Application Security Groups
• Enable service endpoints
• Configure service endpoint services
• Deploy private links
• Implement an Azure application gateway
• Deploy a web application firewall
• Configure and manage Azure front door
• Review ExpressRoute
• Perform try-this exercises

Configure and manage host security

Learn to lock down the devices, virtual machines, and other components that run your applications in Azure.

• Enable endpoint protection
• Define a privileged access device strategy
• Deploy privileged access workstations
• Create virtual machine templates
• Enable and secure remote access management
• Configure update management
• Deploy disk encryption
• Managed disk encryption options
• Deploy and configure Windows Defender
• Microsoft cloud security benchmark in Defender for Cloud
• Explore Microsoft Defender for Cloud recommendations
• Perform Try-This exercises

Enable Containers security

Explore how to secure your applications running within containers and how to securely connect to them.

• Explore containers
• Configure Azure Container Instances security​
• Manage security for Azure Container Instances (ACI)​
• Explore the Azure Container Registry (ACR)​
• Enable Azure Container Registry authentication
• Review Azure Kubernetes Service (AKS)​
• Implement an Azure Kubernetes Service architecture​
• Configure Azure Kubernetes Service networking​
• Deploy Azure Kubernetes Service storage​
• Secure authentication to Azure Kubernetes Service with Active Directory​
• Manage access to Azure Kubernetes Service using Azure role-based access controls

Deploy and secure Azure Key Vault

Protect your keys, certificates, and secrets in Azure Key Vault. Learn to configure key vault for the most secure deployment.

• Explore Azure Key Vault
• Configure Key Vault access
• Review a secure Key Vault example
• Deploy and manage Key Vault certificates
• Create Key Vault keys
• Manage customer managed keys
• Enable Key Vault secrets
• Configure key rotation
• Manage Key Vault safety and recovery features
• Perform Try-This exercises
• Explore the Azure Hardware Security Module

Configure application security features

Register your company applications then use Azure security features to configure and monitor secure access to the application.

• Review the Microsoft identity platform
• Explore the Application model
• Register an application with App Registration
• Configure Microsoft Graph permissions
• Enable managed identities
• Azure App Services
• App Service Environment
• Azure App Service plan
• App Service Environment networking
• Availability Zone Support for App Service Environments
• App Service Environment Certificates
• Perform Try-This exercises

Implement storage security

Ensure your data is stored, transferred, and accessed in a secure way using Azure storage and file security features.

• Define data sovereignty
• Configure Azure storage access
• Deploy shared access signatures
• Manage Azure AD storage authentication
• Implement storage service encryption
• Configure blob data retention policies
• Configure Azure files authentication​
• Enable the secure transfer required​ property
• Perform Try-This exercises

Configure and manage SQL database security

Configure and lock down your SQL database on Azure to protect your corporate data while it's stored.

• Enable SQL database authentication
• Configure SQL database firewalls
• Enable and monitor database auditing
• Implement data discovery and classification​
• Microsoft Defender for SQL
• Vulnerability assessment for SQL Server
• SQL Advanced Threat Protection
• Explore detection of a suspicious event
• SQL vulnerability assessment express and classic configurations
• Configure dynamic data masking
• Implement transparent data encryption​
• Deploy always encrypted​ features
• Deploy an always encrypted implementation
• Perform Try-This exercises

Configure and manage Azure Monitor

Use Azure Monitor, Log Analytics, and other Azure tools to monitor the secure operation of your Azure solutions.

• Explore Azure Monitor
• Configure and monitor metrics and logs
• Enable Log Analytics
• Manage connected sources for log analytics
• Enable Azure monitor Alerts
• Configure properties for diagnostic logging
• Perform try-this exercises

Enable and manage Microsoft Defender for Cloud

Use Azure Security Center, Azure Defender, and Secure Score to track and improve your security posture in Azure.

• MITRE Attack matrix
• Implement Microsoft Defender for Cloud
• Security posture
• Workload protections
• Deploy Microsoft Defender for Cloud
• Azure Arc
• Azure Arc capabilities
• Microsoft cloud security benchmark
• Configure Microsoft Defender for Cloud policies
• View and edit security policies
• Manage and implement Microsoft Defender for Cloud recommendations
• Explore secure score
• Define brute force attacks
• Understand just-in-time VM access
• Implement just-in-time VM access
• Perform try-this exercises

Configure and monitor Microsoft Sentinel

Use Azure Sentinel to discover, track, and respond to security breaches within your Azure environment.

• Enable Microsoft Sentinel
• Configure data connections to Sentinel
• Create workbooks to monitor Sentinel data
• Enable rules to create incidents
• Configure playbooks
• Hunt and investigate potential breaches