A to Z of Azure security - Covers AZ 500, 300,103 and more
- 16 hours on-demand video
- 15 articles
- 45 downloadable resources
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- Pass the AZ 500 Microsoft Azure Security Technologies
- Create & Configure Azure Active Directory tenant and synchronise identities from On-premise AD into Azure AAD
- Implement conditional based access policies in AAD
- Implement roles based access controls, Azure policies and locks
- Implement Azure AD privilaged identity management
- Implement network security controls such as Azure Firewall, NSG, ASG and service end points
- Implement host security such as VM end point protection, update management and disk encryption
- Carry out security monitoring using Azure monitor metrics, activity logs, log analytics and alerts.
- Configure Azure storage security using SAS keys, stored access policies
- Configure basic and advanced security controls for Azure SQL database
- Configure security settings for Cosmos DB and Azure App services
- Monitor Azure resources security using Azure monitor activity logs, metrics and logs. Configure different types of alerts
- Configure Security centre coverage, data collection, recommendations, security alerts
- Configure Key Vault secrets, keys and certificates. Retrieve secrets using Azure web app.
- Basic understanding of Microsoft Azure
This single course covers all the Azure security relate skills required for Microsoft certification exams AZ 500, AZ 300, AZ 103.
Most of the fortune 500 companies are moving their on-premise workloads into Azure and it is increasingly imperative to secure the workloads in Azure. There is a great demand in job market for Azure security experts.This course is designed to build your skills in Azure security and make you an expert in the same.
This course covers Azure security skills required for Microsoft Azure certification exam AZ 500 & security skills required for all other Microsoft Azure certifications.
This course has been designed with an architectural approach. Firstly, I will take you through fundamental building blocks of Azure Security and after this introduction, I will take you through following aspects related to Azure Security.
Azure Active Directory - Introduction to Azure Active directory(AAD); Create a use and configure default user settings; Introduction to Application management and supported SSO's; Walkthrough of My Apps portal and settings; Publish an on-premise app into My Apps portal using Application proxy and configure password based SSO; Introduction to AD connect and supported topologies; Synchronise identities from on-premise AD into AAD using AD connect.
AAD conditional access and device management - Introduction to conditional based access; Configure location based conditional access; Introduction to device management; Configure device based conditional based access; Introduction to Azure AD Identity protection; Configure sign in based conditional access.
Roles Based Access Control - Introduction to role based access control; Custom role creation and assignment; Dynamic groups creation and assignment; Introduction to Azure AD App registrations; Creation of service principle and access Azure resource; Introduction to Managed Identities; Creation of managed service identity & access key vault.
Policies & Locks - Introduction to policies and locks and manage them using Azure Portal.
Azure AD Privileged identity management - Introduction to Azure PIM; Enable PIM and carry out access reviews; Protect AD & Resource roles using PIM.
Network security - Introduction to Azure Network security controls; Implement Azure firewall in Hub and Spoke model; Implement network security groups (NSGs) and Application security groups; Implement service end points and policies; Walkthrough of different options of remote access management and implement of Windows Admin Center.
Host security - Introduction to Azure IaaS best practices; Implementing Azure VM endpoint protection using Microsoft Antimalware; Implementation of update management solution; Implementation of Azure Disk Encryption.
Storage & Database security - Introduction to Azure storage security and Azure SQL database security; Generate SAS keys based on Stored Access policies and use them; Implement advanced data security capabilities such as data classification, vulnerabilities assessment, advanced threat detection and auditing; Implement always encrypted; Introduction to COSMOS DB security.
Application security - Introduction to Azure App service security; Configure authentication with AAD and SSL for Azure App service; Introduction to App service deployment options; Publish an app into Azure DevOps using Visual studio; Enable continuous integration with Azure DevOps for Azure web app.
Security monitoring - Introduction to Azure Monitor metrics, activity logs and logs; Implementation of Activity log alert and log search alerts; Implementation of log analytics workspace and feed activity logs, NSG flow logs, update management information etc; Walkthrough of different monitoring solutions such as anti malware assessment, activity log analytics, update management solution and traffic analytics.
Security centre - Introduction to Azure security centre; Implement preventive monitoring and remediation using Security Centre; Implement Just in Time access; Implement and manage security alert integration with playbook (logic app).
This course contains both theory lectures and a significant number of hands-on demos that helps you in gaining hands-on experience in hardening your workloads in Azure.
Microsoft Azure is a constantly evolving platform and I will be keep close watch on Azure announcements and add new labs wherever possible.
So, start taking this course and put yourself in high demand in the world of IT and command higher salary!!!
- Students attending AZ 500 Microsoft Azure Security Technologies
- Security Engineers
- Security administrators
- Security architects
By the end of this lecture, you will gain understating of five key outcomes of this course, scope of the course and how each section is structured.
By the end of this lecture, you will gain understating of all key security related services that are available in Azure.
By the end of this lecture, you will gain understating of different layers of security control that you can put in place in creating and managing Azure resources.
By the end of this lecture, you will gain understanding of different capabilities of Azure Active directory, Different identities in AAD, Hybrid identities and Application proxy.
By the end of this lecture, you will be able to create users, invite guest users and configure default access level users and guests can have in AAD.
By the end of this lab demo, you will be able to create custom role and assign to a user and azure resource. Also, you will gain understanding of Directory roles and RBAC roles and how a role assignment will get inherited by child resources
By the end of this lab demo, you will able to register & unregister resource providers, view valid location and API versions of the resource providers and finally apply a lock at a subscription level to implement change freeze and test the lock.
By the end of this lab, you will be able to one hub VNets and two spoke VNets, deploy Azure firewall into central VNets, two VM's into spoke VNets, peer spoke VNets with hub VNet and configure UDR to route all internet bound traffic originating from spoke VNets to Azure Firewall.
By the end of this lab, you will be able to configure an application rule in Azure Firewall to allow users access office.com from VMs in spoke VNets and deny any other traffic to internet. Also, configure a DNAT rule in Azure Firewall to allow users to RDP into VMs in spoke VNets using Azure Firewall public IP address
By the end of this lab, you will be able to carry out following things.
Configure service principle to be used by application for always encryption
Create an Azure Key vault and provide access to service principle to access encryption keys
Enable always encrypted on one of the column in SQL database using SSMS.
By the end of this lab, you will be able to carry out following activities.
Create an organization and project in Azure DevOps
Create an application using Visual studio and add source control
Publish the app into Azure DevOps project
Add further branches such as Dev and Test and push them into DevOps