Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

A to Z of Azure security - Covers AZ 500, 300,103 and more

The most comprehensive course on Azure Cloud Security showing you how to implement security controls across the board

Created byVarma Rudra

Last updated 10/2019

English

What you'll learn

Pass the AZ 500 Microsoft Azure Security Technologies
Create & Configure Azure Active Directory tenant and synchronise identities from On-premise AD into Azure AAD
Implement conditional based access policies in AAD
Implement roles based access controls, Azure policies and locks
Implement Azure AD privilaged identity management
Implement network security controls such as Azure Firewall, NSG, ASG and service end points
Implement host security such as VM end point protection, update management and disk encryption
Carry out security monitoring using Azure monitor metrics, activity logs, log analytics and alerts.
Configure Azure storage security using SAS keys, stored access policies
Configure basic and advanced security controls for Azure SQL database
Configure security settings for Cosmos DB and Azure App services
Monitor Azure resources security using Azure monitor activity logs, metrics and logs. Configure different types of alerts
Configure Security centre coverage, data collection, recommendations, security alerts
Configure Key Vault secrets, keys and certificates. Retrieve secrets using Azure web app.

Course content

14 sections • 99 lectures • 16h 2m total length

Introduction to the course3:17
By the end of this lecture, you will gain understating of five key outcomes of this course, scope of the course and how each section is structured.
Important lecture on how to improve lectures video quality4:26
By the end of this lecture, you will be able to configure some settings in Udemy portal to improve your course taking experience.
Walkthrough of Azure security building blocks15:28
By the end of this lecture, you will gain understating of all key security related services that are available in Azure.
Introduction to Azure Resource management security10:48
By the end of this lecture, you will gain understating of different layers of security control that you can put in place in creating and managing Azure resources.
Useful links to documentation related to Azure Resource Manager0:01
This lecture contains useful links to documentation related to Azure security and Azure Resource Manager

Introduction to Azure Active Directory (AAD)18:30
By the end of this lecture, you will gain understanding of different capabilities of Azure Active directory, Different identities in AAD, Hybrid identities and Application proxy.
Lab demo - Step 1 - Create user in AAD and go through user settings14:15
By the end of this lecture, you will be able to create users, invite guest users and configure default access level users and guests can have in AAD.
Introduction to Application management using AAD15:04
By the end of this lecture, you will gain understanding of application management using AAD and single sign on options you can use to configure single sign on
Lab demo - Step 2 - Walkthrough of My Apps portal and related settings11:32
By the end of this lab, you will be able to configure settings that will influence My Apps portal capabilities in groups, password reset and multi factor authentication.
Lab demo - Step 3 - Publish an On-premise app into MyApps portal10:19
By the end of this lab, you will be able to publish an on-premise app into My Apps portal using Application proxy.
Lab demo - Step 4 - Configure password based SSO for the on-premise app6:36
By the end of this lab, you will be able to configure Password SSO in Azure Active Directory for an on-premise application.
Introduction to AD connect and supprted topologies11:50
By the end of this lecture, you will gain knowledge of AD connect, different authentication methods and different topologies supported by AD connect.
Lab demo - Step 5 - Sychrnoise users from on-premise AD into Azure AAD20:26
By the end of this lab, you will be able to synchronise identities exist in on-premise directory into Azure AAD using AD connect.
Useful links to documentation related to AAD0:06
This lecture contains links to documentation related to AAD

Introduction to Conditional Access in AAD11:39
By the end of this lecture, you will gain knowledge of conditional access in AAD and different conditions you can configure in AAD.
Lab demo - Step 6 - Location based conditional access policy8:48
By the end of this lab demo, you will be able to implement location based conditional access in AAD.
Introduction to Device Management and Device based conditional based access11:29
By the end of this lecture, You will gain knowledge of device management and device based conditional access.
Lab demo - Step 7 - Join a Windows 10 device with AAD and configure DM settings12:42
By the end of this lab demo, you will be able to join windows 10 device into Azure active directory, configure device management settings in Azure Active directory and auto enrol device into Microsoft Intune.
Lab demo - Step 8 - Implement device based conditional access in AAD12:39
By the end of this lab, you will be able to configure compliance policy in Microsoft Intune and apply policy on device and configure device based conditional access based on compliance status.
Introduction to Azure AD Identity protection8:25
By the end of this lab, you will gain understanding of key capabilities of Azure AD identity protection, different types of risks and different policies you can configure in Azure AD Identity protection.
Lab demo - Step 8a - Walkthorugh of Identity protection features and policies.6:11
By the end of this lab, you will be able to create Azure AD identity protection, view dashboards and configure different policies in the same.
Useful links to documentation related to AAD conditional access0:02
This lecture contains link to documentation related to AAD conditional access and device management

Introduction to Role Based Access Control (RBAC)11:35
By the end of this lecture, you will gain understanding of security principles, role definitions, scope and role assignments.
Lab demo - Step 9 - Walkthorugh of roles, Custom role creation and assignment18:39
By the end of this lab demo, you will be able to create custom role and assign to a user and azure resource. Also, you will gain understanding of Directory roles and RBAC roles and how a role assignment will get inherited by child resources
Lab demo - Step 10 - Creation of Dynamic group and role assignment6:58
By the end of this lab, you will be create a dynamic group, create a role assignment and finally test the access.
Introduction to Azure AD App registrations10:52
By the end of this lecture, you will gain understating of different app types you can register in Azure, Azure AD object types and types of permissions
Lab demo - Step 11 - Creation of service principle and access Azure resource21:25
By the end of this lab, you will be able to create service principle, create a role assignment for service principle and access a blob in Azure account using service principle credentials.
Introduction to Managed Identities7:22
By the end of this lecture, you will gain understanding of managed identities, how it works, types of them and what Azure services support managed identities.
Lab demo - Step 12 - Creation of managed service identity & access key vault.6:35
By the end of this lab, you will be able to create managed service identity for Azure web app and provide access to Azure key vault and access keys from web application using this identity.
Useful links to documentation related to AAD RBAC0:02
This lecture contains useful links to documentation related to Azure AD RBAC

Introduction to Azure policies14:36
By the end of this lecture, you will gain understanding of Azure policies, steps involved in implementing the policy, policy definition structure, policy effects and Initiatives.
Lab demo - Step 13 - Implement Azure policies and initiatives15:24
By the end of this lab, you will be able to create custom policy definitions, create initiative, assign initiative at subscription level and test the policies.
Introduction to Resource Providers and Locks6:50
By the end of this lecture, you will gain understating of resource providers and resource locks.
Lab demo - Step 14 - Manage resource providers and locks6:27
By the end of this lab demo, you will able to register & unregister resource providers, view valid location and API versions of the resource providers and finally apply a lock at a subscription level to implement change freeze and test the lock.
Useful links to documentation related to Azure policies and locks0:03
This lecture contains links related to Azure policies, resource providers and locks

Introduction to Azure AD Privileged identity management (AAD PIM)12:01
By the end of this lecture, you will gain understanding of AAD PIM, its key features and steps involved in implementing AAAD PIM.
Lab demo - Step 15 - Enable AAD PIM and carry out access reviews10:39
By the end of this lab, you will be able to enable AAD PIM in your tenant and carry out access review to seek a justification from users for having a privileged role.
Lab demo - Step 16 - Protect AD roles with PIM by making then eligible10:46
By the end of this lab, you will be able to bring all Azure AD roles under the control of PIM, make role assignments eligible for user and activate role by the user.
Lab demo - Step 17 - Protect resource roles with PIM10:37
By the end of this lab, you will be able to protect resources roles using PIM.
Useful links to documentation related to Azure PIM0:05
This lecture contains links to documentation related to Azure PIM documentation

Overview of Azure Network security controls7:03
By the end of this lecture, you will gain understating of all the key network security controls that you can apply to secure your network in Azure
Introduction to DDoS & Azure Firewall14:10
By the end of this lecture, you will gain understating of DDoS protection, different tiers of DDoS protection, Azure firewall and its key features.
Lab demo - Step 18a - Implement Azure firewall in Hub and Spoke architecture19:28
By the end of this lab, you will be able to one hub VNets and two spoke VNets, deploy Azure firewall into central VNets, two VM's into spoke VNets, peer spoke VNets with hub VNet and configure UDR to route all internet bound traffic originating from spoke VNets to Azure Firewall.
Lab demo - Step 18b - Implement Azure firewall in Hub and Spoke architecture12:12
By the end of this lab, you will be able to configure an application rule in Azure Firewall to allow users access office.com from VMs in spoke VNets and deny any other traffic to internet. Also, configure a DNAT rule in Azure Firewall to allow users to RDP into VMs in spoke VNets using Azure Firewall public IP address
Introduction to Network and Application security groups12:20
By the end of this lecture, you will gain full understanding of network security groups, service tags, application security groups.
Lab demo - Step 19 - Implement network and application security groups15:36
By the end of this lab, you will be able to create NSG, ASG and apply them at subnet level.
Introduction to Service endpoints and policies9:03
By the end of this lecture, you will gain understanding of different connectivity options to connect workload in VNet with Azure services, service endpoints and service endpoint policies.
Lab demo - Step 20 - Configure service endpoints, policies and resource firewall28:28
By the end of this lab, you will be able to create service endpoints, service endpoint policies and resource firewall
Introduction to Remote access management14:17
By the end of this lab, you will gain understating of different remote access management options and steps to take to harden workstations.
Lab demo - Step 21 - Remote access Azure Windows VM using Windows Admin Centre18:58
By the end of this lab, you will be able to install windows admin centre on Azure VM and use that as a jump box to access other VMs in the virtual network.
Useful links to documentation related to Network security0:06
This lecture contains useful links to documentation related to Azure Network security

Introduction to Azure IaaS security best practices4:38
By the end of this lecture, you will gain understanding of different areas of Azure VM security.
Introduction to Azure VM endpoint protection9:18
By the end of this lecture, you will gain understanding of Microsoft Antimalware solution, how you can customise the same and different deployment scenarios.
Lab demo - Step 22 - Install Microsoft Antimalware on Azure VM5:06
By the end of this lab demo, you will be able to install Microsoft antimalware on Azure VM and route the logs of the same into Azure storage.
Introduction to Azure VM update management8:24
By the end of this lecture, you will gain understanding of Update management solution, implementation steps and key points to consider during implementation.
Lab demo - Step 23 - Enable update management solution on Azure VM9:43
By the end of this lab demo, you will be able enable update management solution on Azure VM in multiple ways, define a deployment schedule and implement the same on VM.
Introduction to Azure VM storage and encryption6:02
By the end of this lecture, you will gain understanding of disks associated with Azure VM and two types of encryptions available for disk encryption.
Lab demo - Step 24 - Carry out disk encryption of an existing VM disks in Azure8:08
By the end of this lab, you will be able to enable azure disk encryption using Azure powershell cmdlets.
Lab demo - Step 25 - Azure VM Backup encryption5:28
By the end of this lab demo, you will be able to take backup of encrypted VM.
Useful links to documentation related to Host security0:05
This lecture contains the links to relevant documentation related to Azure Host security.

Introduction to Azure Storage security10:58
By the end of this lecture, you will gain understanding of following five layers of Azure storage security
Management plane security
Data plane security
Encryption at rest
Encryption in transit
CORS
Lab demo - Step 26 - Walkthrough of Azure storage security11:08
By the end of this lab demo, you will be able to create role assignments, configure storage firewall, view storage access keys, configure encryption in transit and encryption at rest.
Azure Storage Data plane security deep dive14:26
By the end of this lecture, you will gain understanding of different types of SAS keys and storage access policies.
Lab demo - Step 27 - Create and use SAS Keys and Storage access policies10:04
By the end of this lab, you will be able to create a stored access policy, create a SAS based on that policy and write a programme to list blobs in a container using policy based SAS.
Azure SQL database security overview13:27
By the end of this lecture, you will gain understanding of SQL/AAD authentication, TDE, Always encrypted, Row level security, Dynamic data masking and Auditing.
Lab demo: Step 28 - Implement Access control, Firewall rules, TDE and DDM.9:06
By the end of this lab, you will be able to implement access control, configure firewall rules, transparent data encryption and dynamic data masking.
Lab demo - Step 29 - Implement advanced data security and auditing.13:39
By the end of this lab, you will be able to enable advanced data security and configure following features and also enable auditing.
Data discovery and classification
Vulnerability assessment
Advanced threat protection
Lab demo - Step 30 - Implement Always encrypted in Azure SQL database13:00
By the end of this lab, you will be able to carry out following things.
Configure service principle to be used by application for always encryption
Create an Azure Key vault and provide access to service principle to access encryption keys
Enable always encrypted on one of the column in SQL database using SSMS.
Introduction to COSMOS DB security8:34
By the end of this lecture, you will gain understanding of different security features of Azure COSMOS database.
Useful links to documentation related to Azure storage and databases0:06
This lecture contains link to useful documentation related to Azure storage and databases.

Introduction to App service security9:45
By the end of this lecture, you will gain understanding of different security controls you can put in place to protect your application hosted on Azure App services and App service environment.
Lab demo - Step 31 - Authentication with AAD and configure SSL15:05
By the end of this lab, you will be able to configure authentication for your app with Azure active directory and configure SSL certificate.
Introduction to App service secure deployment9:34
By the end of this lecture, you will gain good understanding of different deployment options available to deploy applications into Azure App services and also gain understanding of deployment slots.
Lab demo - Step 32a - Publish app into Azure DevOps project using Visual Studio9:20
By the end of this lab, you will be able to carry out following activities.
Create an organization and project in Azure DevOps
Create an application using Visual studio and add source control
Publish the app into Azure DevOps project
Add further branches such as Dev and Test and push them into DevOps
Lab demo - Step 32b - Enable continous integration for an Azure web app9:20
By the end of this lab, you will be able to configure continuous integration for Azure Web app using Azure DevOps
Useful documentation related to Azure App services security0:02
This lecture contains links to documentation related to Azure App Service.

Requirements

Basic understanding of Microsoft Azure

Description

This single course covers all the Azure security relate skills required for Microsoft certification exams AZ 500, AZ 300, AZ 103.

Most of the fortune 500 companies are moving their on-premise workloads into Azure and it is increasingly imperative to secure the workloads in Azure. There is a great demand in job market for Azure security experts.This course is designed to build your skills in Azure security and make you an expert in the same.

This course covers Azure security skills required for Microsoft Azure certification exam AZ 500 & security skills required for all other Microsoft Azure certifications.

This course has been designed with an architectural approach. Firstly, I will take you through fundamental building blocks of Azure Security and after this introduction, I will take you through following aspects related to Azure Security.

Azure Active Directory - Introduction to Azure Active directory(AAD); Create a use and configure default user settings; Introduction to Application management and supported SSO's; Walkthrough of My Apps portal and settings; Publish an on-premise app into My Apps portal using Application proxy and configure password based SSO; Introduction to AD connect and supported topologies; Synchronise identities from on-premise AD into AAD using AD connect.
AAD conditional access and device management - Introduction to conditional based access; Configure location based conditional access; Introduction to device management; Configure device based conditional based access; Introduction to Azure AD Identity protection; Configure sign in based conditional access.
Roles Based Access Control - Introduction to role based access control; Custom role creation and assignment; Dynamic groups creation and assignment; Introduction to Azure AD App registrations; Creation of service principle and access Azure resource; Introduction to Managed Identities; Creation of managed service identity & access key vault.
Policies & Locks - Introduction to policies and locks and manage them using Azure Portal.
Azure AD Privileged identity management - Introduction to Azure PIM; Enable PIM and carry out access reviews; Protect AD & Resource roles using PIM.
Network security - Introduction to Azure Network security controls; Implement Azure firewall in Hub and Spoke model; Implement network security groups (NSGs) and Application security groups; Implement service end points and policies; Walkthrough of different options of remote access management and implement of Windows Admin Center.
Host security - Introduction to Azure IaaS best practices; Implementing Azure VM endpoint protection using Microsoft Antimalware; Implementation of update management solution; Implementation of Azure Disk Encryption.
Storage & Database security - Introduction to Azure storage security and Azure SQL database security; Generate SAS keys based on Stored Access policies and use them; Implement advanced data security capabilities such as data classification, vulnerabilities assessment, advanced threat detection and auditing; Implement always encrypted; Introduction to COSMOS DB security.
Application security - Introduction to Azure App service security; Configure authentication with AAD and SSL for Azure App service; Introduction to App service deployment options; Publish an app into Azure DevOps using Visual studio; Enable continuous integration with Azure DevOps for Azure web app.
Security monitoring - Introduction to Azure Monitor metrics, activity logs and logs; Implementation of Activity log alert and log search alerts; Implementation of log analytics workspace and feed activity logs, NSG flow logs, update management information etc; Walkthrough of different monitoring solutions such as anti malware assessment, activity log analytics, update management solution and traffic analytics.
Security centre - Introduction to Azure security centre; Implement preventive monitoring and remediation using Security Centre; Implement Just in Time access; Implement and manage security alert integration with playbook (logic app).

This course contains both theory lectures and a significant number of hands-on demos that helps you in gaining hands-on experience in hardening your workloads in Azure.

Microsoft Azure is a constantly evolving platform and I will be keep close watch on Azure announcements and add new labs wherever possible.

So, start taking this course and put yourself in high demand in the world of IT and command higher salary!!!

Who this course is for:

Students attending AZ 500 Microsoft Azure Security Technologies
Security Engineers
Security administrators
Security architects

A to Z of Azure security - Covers AZ 500, 300,103 and more

What you'll learn

Explore related topics

Course content

Azure Security overview5 lectures • 34min

Identity & Access management - Azure Active Directory9 lectures • 1hr 49min

AAD Conditional access and Device management8 lectures • 1hr 12min

Role based access control8 lectures • 1hr 23min

Azure policies, resource providers and locks5 lectures • 43min

Azure AD Privileged identity management5 lectures • 44min

Network security11 lectures • 2hr 32min

IaaS security9 lectures • 57min

Storage & Databases security10 lectures • 1hr 44min

Application security6 lectures • 53min

Requirements

Description

Who this course is for: