A to Z of Azure security - Covers AZ 500, 300,103 and more
4.5 (571 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4,479 students enrolled

A to Z of Azure security - Covers AZ 500, 300,103 and more

The most comprehensive course on Azure Cloud Security showing you how to implement security controls across the board
4.5 (571 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4,479 students enrolled
Created by Varma Rudra
Last updated 10/2019
English
English
Current price: $69.99 Original price: $99.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 16 hours on-demand video
  • 15 articles
  • 45 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Pass the AZ 500 Microsoft Azure Security Technologies
  • Create & Configure Azure Active Directory tenant and synchronise identities from On-premise AD into Azure AAD
  • Implement conditional based access policies in AAD
  • Implement roles based access controls, Azure policies and locks
  • Implement Azure AD privilaged identity management
  • Implement network security controls such as Azure Firewall, NSG, ASG and service end points
  • Implement host security such as VM end point protection, update management and disk encryption
  • Carry out security monitoring using Azure monitor metrics, activity logs, log analytics and alerts.
  • Configure Azure storage security using SAS keys, stored access policies
  • Configure basic and advanced security controls for Azure SQL database
  • Configure security settings for Cosmos DB and Azure App services
  • Monitor Azure resources security using Azure monitor activity logs, metrics and logs. Configure different types of alerts
  • Configure Security centre coverage, data collection, recommendations, security alerts
  • Configure Key Vault secrets, keys and certificates. Retrieve secrets using Azure web app.
Requirements
  • Basic understanding of Microsoft Azure
Description

This single course covers all the Azure security relate skills required for Microsoft certification exams AZ 500, AZ 300, AZ 103.

Most of the fortune 500 companies are moving their on-premise workloads into Azure and it is increasingly imperative to secure the workloads in Azure. There is a great demand in job market for Azure security experts.This course is designed to build your skills in Azure security and make you an expert in the same.

This course covers Azure security skills required for Microsoft Azure certification exam AZ 500 & security skills required for all other Microsoft Azure certifications.

This course has been designed with an architectural approach. Firstly, I will take you through fundamental building blocks of Azure Security and after this introduction, I will take you through following aspects related to Azure Security.


  1. Azure Active Directory - Introduction to Azure Active directory(AAD); Create a use and configure default user settings; Introduction to Application management and supported SSO's; Walkthrough of My Apps portal and settings; Publish an on-premise app into My Apps portal using Application proxy and configure password based SSO; Introduction to AD connect and supported topologies; Synchronise identities from on-premise AD into AAD using AD connect.


  2. AAD conditional access and device management - Introduction to conditional based access; Configure location based conditional access;  Introduction to device management; Configure device based conditional based access; Introduction to Azure AD Identity protection; Configure sign in based conditional access.


  3. Roles Based Access Control - Introduction to role based access control; Custom role creation and assignment; Dynamic groups creation and assignment; Introduction to Azure AD App registrations; Creation of service principle and access Azure resource; Introduction to Managed Identities; Creation of managed service identity & access key vault.


  4. Policies & Locks - Introduction to policies and locks and manage them using Azure Portal.


  5. Azure AD Privileged identity management - Introduction to Azure PIM; Enable PIM and carry out access reviews; Protect AD & Resource roles using PIM.


  6. Network security - Introduction to Azure Network security controls; Implement Azure firewall in Hub and Spoke model; Implement network security groups (NSGs) and Application security groups; Implement service end points and policies; Walkthrough of different options of remote access management and implement of Windows Admin Center.


  7. Host security - Introduction to Azure IaaS best practices; Implementing Azure VM endpoint protection using Microsoft Antimalware; Implementation of update management solution; Implementation of Azure Disk Encryption.


  8. Storage & Database security - Introduction to Azure storage security and Azure SQL database security; Generate SAS keys based on Stored Access policies and use them; Implement advanced data security capabilities such as data classification, vulnerabilities assessment, advanced threat detection and auditing; Implement always encrypted; Introduction to COSMOS DB security.


  9. Application security - Introduction to Azure App service security; Configure authentication with AAD and SSL for Azure App service; Introduction to App service deployment options; Publish an app into Azure DevOps using Visual studio; Enable continuous integration with Azure DevOps for Azure web app.


  10. Security monitoring - Introduction to Azure Monitor metrics, activity logs and logs; Implementation of Activity log alert and log search alerts; Implementation of log analytics workspace and feed activity logs, NSG flow logs, update management information etc; Walkthrough of different monitoring solutions such as anti malware assessment, activity log analytics, update management solution and traffic analytics.


  11. Security centre - Introduction to Azure security centre; Implement preventive monitoring and remediation using Security Centre; Implement Just in Time access; Implement and manage security alert integration with playbook (logic app).


This course contains both theory lectures and a significant number of hands-on demos that helps you in gaining hands-on experience in hardening your workloads in Azure. 

Microsoft Azure is a constantly evolving platform and I will be keep close watch on Azure announcements and add new labs wherever possible.

So, start taking this course and put yourself in high demand in the world of IT and command higher salary!!!

Who this course is for:
  • Students attending AZ 500 Microsoft Azure Security Technologies
  • Security Engineers
  • Security administrators
  • Security architects
Course content
Expand all 99 lectures 16:02:43
+ Azure Security overview
5 lectures 34:00

By the end of this lecture, you will gain understating of five key outcomes of this course, scope of the course and how each section is structured.

Preview 03:17

By the end of this lecture, you will be able to configure some settings in Udemy portal to improve your course taking experience.

Important lecture on how to improve lectures video quality
04:26

By the end of this lecture, you will gain understating of all key security related services that are available in Azure.

Preview 15:28

By the end of this lecture, you will gain understating of different layers of security control that you can put in place in creating and managing Azure resources.

Preview 10:48

This lecture contains useful links to documentation related to Azure security and Azure Resource Manager

Useful links to documentation related to Azure Resource Manager
00:01
+ Identity & Access management - Azure Active Directory
9 lectures 01:48:38

By the end of this lecture, you will gain understanding of different capabilities of Azure Active directory, Different identities in AAD, Hybrid identities and Application proxy.

Preview 18:30

By the end of this lecture, you will be able to create users, invite guest users and configure default access level users and guests can have in AAD.

Preview 14:15

By the end of this lecture, you will gain understanding of application management using AAD and single sign on options you can use to configure single sign on

Introduction to Application management using AAD
15:04

By the end of this lab, you will be able to configure settings that will influence My Apps portal capabilities in groups, password reset and multi factor authentication.

Lab demo - Step 2 - Walkthrough of My Apps portal and related settings
11:32

By the end of this lab, you will be able to publish an on-premise app into My Apps portal using Application proxy.

Lab demo - Step 3 - Publish an On-premise app into MyApps portal
10:19

By the end of this lab, you will be able to configure Password SSO in Azure Active Directory for an on-premise application.

Lab demo - Step 4 - Configure password based SSO for the on-premise app
06:36

By the end of this lecture, you will gain knowledge of AD connect, different authentication methods and different topologies supported by AD connect.

Introduction to AD connect and supprted topologies
11:50

By the end of this lab, you will be able to synchronise identities exist in on-premise directory into Azure AAD using AD connect.

Lab demo - Step 5 - Sychrnoise users from on-premise AD into Azure AAD
20:26

This lecture contains links to documentation related to AAD

Useful links to documentation related to AAD
00:06
+ AAD Conditional access and Device management
8 lectures 01:11:55

By the end of this lecture, you will gain knowledge of conditional access in AAD and different conditions you can configure in AAD.

Introduction to Conditional Access in AAD
11:39

By the end of this lab demo, you will be able to implement location based conditional access in AAD.

Lab demo - Step 6 - Location based conditional access policy
08:48

By the end of this lecture, You will gain knowledge of device management and device based conditional access.

Introduction to Device Management and Device based conditional based access
11:29

By the end of this lab demo, you will be able to join windows 10 device into Azure active directory, configure device management settings in Azure Active directory and auto enrol device into Microsoft Intune.

Lab demo - Step 7 - Join a Windows 10 device with AAD and configure DM settings
12:42

By the end of this lab, you will be able to configure compliance policy in Microsoft Intune and apply policy on device and configure device based conditional access based on compliance status.

Lab demo - Step 8 - Implement device based conditional access in AAD
12:39

By the end of this lab, you will gain understanding of key capabilities of Azure AD identity protection, different types of risks and different policies you can configure in Azure AD Identity protection.

Introduction to Azure AD Identity protection
08:25

By the end of this lab, you will be able to create Azure AD identity protection, view dashboards and configure different policies in the same.

Lab demo - Step 8a - Walkthorugh of Identity protection features and policies.
06:11

This lecture contains link to documentation related to AAD conditional access and device management

Useful links to documentation related to AAD conditional access
00:02
+ Role based access control
8 lectures 01:23:28

By the end of this lecture, you will gain understanding of security principles, role definitions, scope and role assignments.

Introduction to Role Based Access Control (RBAC)
11:35

By the end of this lab demo, you will be able to create custom role and assign to a user and azure resource. Also, you will gain understanding of Directory roles and RBAC roles and how a role assignment will get inherited by child resources

Lab demo - Step 9 - Walkthorugh of roles, Custom role creation and assignment
18:39

By the end of this lab, you will be create a dynamic group, create a role assignment and finally test the access.

Lab demo - Step 10 - Creation of Dynamic group and role assignment
06:58

By the end of this lecture, you will gain understating of different app types you can register in Azure, Azure AD object types and types of permissions

Introduction to Azure AD App registrations
10:52

By the end of this lab, you will be able to create service principle, create a role assignment for service principle and access a blob in Azure account using service principle credentials.

Lab demo - Step 11 - Creation of service principle and access Azure resource
21:25

By the end of this lecture, you will gain understanding of managed identities, how it works, types of them and what Azure services support managed identities.

Introduction to Managed Identities
07:22

By the end of this lab, you will be able to create managed service identity for Azure web app and provide access to Azure key vault and access keys from web application using this identity.

Lab demo - Step 12 - Creation of managed service identity & access key vault.
06:35

This lecture contains useful links to documentation related to Azure AD RBAC

Useful links to documentation related to AAD RBAC
00:02
+ Azure policies, resource providers and locks
5 lectures 43:20

By the end of this lecture, you will gain understanding of Azure policies, steps involved in implementing the policy, policy definition structure, policy effects and Initiatives.

Introduction to Azure policies
14:36

By the end of this lab, you will be able to create custom policy definitions, create initiative, assign initiative at subscription level and test the policies.

Lab demo - Step 13 - Implement Azure policies and initiatives
15:24

By the end of this lecture, you will gain understating of resource providers and resource locks.

Introduction to Resource Providers and Locks
06:50

By the end of this lab demo, you will able to register & unregister resource providers, view valid location and API versions of the resource providers and finally apply a lock at a subscription level to implement change freeze and test the lock.

Lab demo - Step 14 - Manage resource providers and locks
06:27

This lecture contains links related to Azure policies, resource providers and locks

Useful links to documentation related to Azure policies and locks
00:03
+ Azure AD Privileged identity management
5 lectures 44:08

By the end of this lecture, you will gain understanding of AAD PIM, its key features and steps involved in implementing AAAD PIM.

Introduction to Azure AD Privileged identity management (AAD PIM)
12:01

By the end of this lab, you will be able to enable AAD PIM in your tenant and carry out access review to seek a justification from users for having a privileged role.

Lab demo - Step 15 - Enable AAD PIM and carry out access reviews
10:39

By the end of this lab, you will be able to bring all Azure AD roles under the control of PIM, make role assignments eligible for user and activate role by the user.

Lab demo - Step 16 - Protect AD roles with PIM by making then eligible
10:46

By the end of this lab, you will be able to protect resources roles using PIM.

Lab demo - Step 17 - Protect resource roles with PIM
10:37

This lecture contains links to documentation related to Azure PIM documentation

Useful links to documentation related to Azure PIM
00:05
+ Network security
11 lectures 02:31:41

By the end of this lecture, you will gain understating of all the key network security controls that you can apply to secure your network in Azure

Overview of Azure Network security controls
07:03

By the end of this lecture, you will gain understating of DDoS protection, different tiers of DDoS protection, Azure firewall and its key features.

Introduction to DDoS & Azure Firewall
14:10

By the end of this lab, you will be able to one hub VNets and two spoke VNets, deploy Azure firewall into central VNets, two VM's into spoke VNets, peer spoke VNets with hub VNet and configure UDR to route all internet bound traffic originating from spoke VNets to Azure Firewall.

Lab demo - Step 18a - Implement Azure firewall in Hub and Spoke architecture
19:28

By the end of this lab, you will be able to configure an application rule in Azure Firewall to allow users access office.com from VMs in spoke VNets and deny any other traffic to internet. Also, configure a DNAT rule in Azure Firewall to allow users to RDP into VMs in spoke VNets using Azure Firewall public IP address

Lab demo - Step 18b - Implement Azure firewall in Hub and Spoke architecture
12:12

By the end of this lecture, you will gain full understanding of network security groups, service tags, application security groups.

Introduction to Network and Application security groups
12:20

By the end of this lab, you will be able to create NSG, ASG and apply them at subnet level.

Lab demo - Step 19 - Implement network and application security groups
15:36

By the end of this lecture, you will gain understanding of different connectivity options to connect workload in VNet with Azure services, service endpoints and service endpoint policies.

Introduction to Service endpoints and policies
09:03

By the end of this lab, you will be able to create service endpoints, service endpoint policies and resource firewall

Lab demo - Step 20 - Configure service endpoints, policies and resource firewall
28:28

By the end of this lab, you will gain understating of different remote access management options and steps to take to harden workstations.

Introduction to Remote access management
14:17

By the end of this lab, you will be able to install windows admin centre on Azure VM and use that as a jump box to access other VMs in the virtual network.

Lab demo - Step 21 - Remote access Azure Windows VM using Windows Admin Centre
18:58

This lecture contains useful links to documentation related to Azure Network security

Useful links to documentation related to Network security
00:06
+ IaaS security
9 lectures 56:52

By the end of this lecture, you will gain understanding of different areas of Azure VM security.

Introduction to Azure IaaS security best practices
04:38

By the end of this lecture, you will gain understanding of Microsoft Antimalware solution, how you can customise the same and different deployment scenarios.

Introduction to Azure VM endpoint protection
09:18

By the end of this lab demo, you will be able to install Microsoft antimalware on Azure VM and route the logs of the same into Azure storage.

Lab demo - Step 22 - Install Microsoft Antimalware on Azure VM
05:06

By the end of this lecture, you will gain understanding of Update management solution, implementation steps and key points to consider during implementation.

Introduction to Azure VM update management
08:24

By the end of this lab demo, you will be able enable update management solution on Azure VM in multiple ways, define a deployment schedule and implement the same on VM.

Lab demo - Step 23 - Enable update management solution on Azure VM
09:43

By the end of this lecture, you will gain understanding of disks associated with Azure VM and two types of encryptions available for disk encryption.

Introduction to Azure VM storage and encryption
06:02

By the end of this lab, you will be able to enable azure disk encryption using Azure powershell cmdlets.

Lab demo - Step 24 - Carry out disk encryption of an existing VM disks in Azure
08:08

By the end of this lab demo,  you will be able to take backup of encrypted VM.

Lab demo - Step 25 - Azure VM Backup encryption
05:28

This lecture contains the links to relevant documentation related to Azure Host security.

Useful links to documentation related to Host security
00:05
+ Storage & Databases security
10 lectures 01:44:28

By the end of this lecture, you will gain understanding of following five layers of Azure storage security

  • Management plane security

  • Data plane security

  • Encryption at rest

  • Encryption in transit

  • CORS

Introduction to Azure Storage security
10:58

By the end of this lab demo, you will be able to create role assignments, configure storage firewall, view storage access keys, configure encryption in transit and encryption at rest.

Lab demo - Step 26 - Walkthrough of Azure storage security
11:08

By the end of this lecture, you will gain understanding of different types of SAS keys and storage access policies.

Azure Storage Data plane security deep dive
14:26

By the end of this lab, you will be able to create a stored access policy, create a SAS based on that policy and write a programme to list blobs in a container using policy based SAS.

Lab demo - Step 27 - Create and use SAS Keys and Storage access policies
10:04

By the end of this lecture, you will gain understanding of SQL/AAD authentication, TDE, Always encrypted, Row level security, Dynamic data masking and Auditing.

Azure SQL database security overview
13:27

By the end of this lab, you will be able to implement access control, configure firewall rules, transparent data encryption and dynamic data masking.

Lab demo: Step 28 - Implement Access control, Firewall rules, TDE and DDM.
09:06

By the end of this lab, you will be able to enable advanced data security and configure following features and also enable auditing.

  • Data discovery and classification

  • Vulnerability assessment

  • Advanced threat protection

Lab demo - Step 29 - Implement advanced data security and auditing.
13:39

By the end of this lab, you will be able to carry out following things.

  • Configure service principle to be used by application for always encryption

  • Create an Azure Key vault and provide access to service principle to access encryption keys

  • Enable always encrypted on one of the column in SQL database using SSMS.

Lab demo - Step 30 - Implement Always encrypted in Azure SQL database
13:00

By the end of this lecture, you will gain understanding of different security features of Azure COSMOS database.

Introduction to COSMOS DB security
08:34

This lecture contains link to useful documentation related to Azure storage and databases.

Useful links to documentation related to Azure storage and databases
00:06
+ Application security
6 lectures 53:06

By the end of this lecture, you will gain understanding of different security controls you can put in place to protect your application hosted on Azure App services and App service environment.

Introduction to App service security
09:45

By the end of this lab, you will be able to configure authentication for your app with Azure active directory and configure SSL certificate.

Lab demo - Step 31 - Authentication with AAD and configure SSL
15:05

By the end of this lecture, you will gain good understanding of different deployment options available to deploy applications into Azure App services and also gain understanding of deployment slots.

Introduction to App service secure deployment
09:34

By the end of this lab, you will be able to carry out following activities.

  • Create an organization and project in Azure DevOps

  • Create an application using Visual studio and add source control

  • Publish the app into Azure DevOps project

  • Add further branches such as Dev and Test and push them into DevOps

Lab demo - Step 32a - Publish app into Azure DevOps project using Visual Studio
09:20

By the end of this lab, you will be able to configure continuous integration for Azure Web app using Azure DevOps

Lab demo - Step 32b - Enable continous integration for an Azure web app
09:20

This lecture contains links to documentation related to Azure App Service.

Useful documentation related to Azure App services security
00:02