Learn to use course simulations via assignments, including starting, opening the external simulation in a new tab, submitting, and refreshing, with emphasis on video progress for certification.

Start a free Azure account to receive $200 credit for 30 days and 12 months of free services. Create a new email or use incognito, then log in at portal.azure.com.

Activates a Microsoft intra ID premium two license for hands-on Azure security administration, including free trials, marketplace steps, and alternatives when trials aren’t available.

Review on-premise Active Directory foundations, compare Azure AD, Azure AD Domain Services, and Microsoft Entra, and learn hybrid identity with Azure AD Connect and credentials via Microsoft Intro across AWS.

Create azure ad users and guests in the portal, including external identities and invites. Manage passwords, usage location, licenses, and bulk user imports with csv.

Create and manage Azure AD groups, choosing between Microsoft 365 and security groups, using dynamic membership rules, owners, and manual assignments, with licensing and device limitations.

Learn how administrative units in Azure AD categorize objects, delegate user management with roles, and require at least a premium one license across locations like New York City and Atlanta.

Explore how managed identities in Azure let a virtual machine access a SQL database without a dedicated user, and set up system and user assigned identities with role-based access control.

Explore role based access control in Azure and Entra ID by examining role definitions, assignments, and privileged identity management, including temporary access and MFA.

Learn how Azure Active Directory roles are defined by role definitions and permissions, including actions, data actions, and assignable scopes, and how to create custom roles.

Implement just-in-time privileged access with PIM to enforce least privilege, approvals, and multi-factor authentication, monitor with access reviews and audit trails across Azure and Microsoft 365.

Implement privileged identity management in Microsoft Entra to grant temporary access by activating eligible roles like user administrator, with multi-factor authentication and time-bound durations.

Learn how to redo simulations after completing an assignment by navigating to the summary, returning to the assignment, and opening the instructions to access the simulation link.

Master PowerShell fundamentals for managing Microsoft cloud services, using verb-noun commands, intellisense, and piping to view and control services and logs.

Install the Azure PowerShell AZ module from the PowerShell Gallery and verify AZ commands with Get-Command; then connect to Azure and authenticate.

Connect to Azure with PowerShell, execute command-line tasks, and automate user and group management in Azure Active Directory to speed up provisioning and scripting workflows.

Explore Cloud Shell in Azure to run PowerShell or Azure CLI (bash) in your browser or mobile, switch between shells, and use bash commands from PowerShell.

Explore the zero trust model in Azure: verify explicitly, never trust, and assume breach. Apply least privilege, just-in-time administration, just-enough access, and conditional access to protect users, devices, and data.

Explore how defense in depth layers Azure security, from virtual machines and web apps to Azure Firewall, NSGs, ACLs, RBAC, and DDoS protection.

Enable self service password reset for all users or selected groups, configure authentication methods, and note SPR is off by default as methods are managed in the security blade.

Explore MFA by pairing different factors—something you know, something you have, and something you are—to strengthen security, using text codes, phone calls, or the Microsoft authenticator app.

Enable and enforce MFA for users using per-user MFA or conditional access, and manage authentication methods in Microsoft Entra ID, including FIDO2 keys and the authenticator app.

Explore configuring intra-identity protection with risk-based conditional access policies, focusing on user risk and sign-in risk, MFA requirements, compliant devices, and Azure and Microsoft 365 access.

Learn how Entra ID access reviews support identity governance by periodically validating guest and user access, with configurable reviewers, recurrence, and options to auto apply or remove access.

Explore conditional access in Azure and Microsoft 365, using signals from identities, devices, and applications to enforce zero-trust policies with real-time risk detection and policy enforcement.

Explains how to create conditional access policies in the azure portal, assign users or groups, target apps, set risk- and device-based conditions, and choose block or grant.

Create an Azure storage account in the portal with a new resource group, a unique name in East US, general purpose standard, and hot or cool access tiers.

Authorize users to access a storage account using Azure Active Directory roles in IAM, assign roles such as storage blob data contributor or owner, and apply fine-grained conditional access.

Configure stored access policies to control SAS tokens on specific containers, enabling week-long or shorter expirations and on-the-fly policy edits to improve security.

Create a virtual network and multiple subnets in a resource group using the Azure portal, configuring address spaces such as 10.1.0.0/16 and subnets like 10.1.1.0/24. Explore hub-and-spoke topology and optional security features such as bastion host, DDoS protection, and Azure Firewall.

Explore network security groups and application security groups in Azure, learn how NSGs and ASGs control inbound and outbound traffic on subnets and NICs, and apply rules effectively.

Explore how NSG and ASG rules enforce IP filtering in Azure, prioritizing the first applicable rule, distinguishing explicit from implicit denial, and controlling RDP traffic on port 3389.

Configure a route table to direct Azure traffic through the firewall by adding a 10.0.0.0/8 route with the firewall as next hop and associating the table with multiple VNet subnets.

Learn to deploy and configure Azure Firewall, compare SKUs, enable threat intelligence and IDS/IPS, and design firewall policies with rule collections in a hub VNet.

Enable Azure DDoS protection to guard resources against botnet-driven traffic by adding protected resources like VNets and firewalls in the portal, and review pricing with the Azure pricing calculator.

Azure application gateway is a regional, layer 7 load balancer with uri path routing. Azure front door is a global cdn with path-based routing and edge caching.

Learn to configure an Azure application gateway for load balancing, autoscaling, and routing to back end pools with front end public IPs, listeners, and health probes.

Configure storage account firewall settings and networking to control access via virtual networks or IP ranges, with all networks enabled by default.

Install Microsoft anti-malware on a Windows Server VM using the extension, review real-time protection and scheduled scans, and monitor via Microsoft Defender for Cloud for alerts and posture.

Learn to deploy and manage security updates for virtual machines in Azure, using guest operating system updates, update assessments, scheduling, one-time installs, and update history.

Learn how to secure Azure container services with IAM RBAC, managed identities, and locks, compare container options (ACI vs AKS), and apply encryption keys and OWASP security practices.

Secure an Azure app service by configuring IAM roles, Defender for Cloud integration, authentication via OpenID providers, TLS/SSL settings, SSH access, and network controls for Linux or Docker deployments.

Apply built-in Azure policy initiatives to audit virtual machines, selecting the audit password settings initiative, assign to a subscription, generate a non-compliance report, and review results after 30 minutes.

Explore Microsoft Defender for cloud’s single pane of glass dashboard in Azure, providing a security overview, recommendations, secure score, and alerts to strengthen your environment.

Use Defender for Cloud to analyze vulnerabilities with active recommendations, assess severity, remediate issues like external accounts with read permissions, enable MFA, and apply policy definitions.

Explore how Defender for Cloud monitors SQL databases, create a SQL database and server, and use vulnerability assessments, security alerts, and logging to identify threats.