
Target cloud architects and developers with Azure experience. Deliver an advanced security course for those familiar with virtual machines, app services, Azure SQL, and Vnets, not a beginner intro.
Learn how security responsibility spans the entire organization, from the CIO and CISO to architects, developers, and QA, with every role contributing to secure software.
Learn the differences between Azure AD roles and Azure roles, their predefined permissions, and why least-privilege access and avoiding global administrator boost Azure identity security.
Understand managed identities in Azure, enabling services to authenticate to resources via Azure AD. Compare system assigned identities tied to a resource with user assigned identities usable across resources.
Demonstrate configuring a system-assigned managed identity on an Azure app service, then locate and review its application and resource identifiers in Azure Active Directory and enterprise applications.
Privatelink extends managed services into your vnet via a private endpoint, creating a private IP for resources like Azure SQL, enabling private DNS and keeping traffic inside the vnet.
Install an up-to-date anti-malware solution on the virtual machine, such as Microsoft anti-malware, and integrate it with Defender for Cloud to receive alerts and incidents data.
Secure an Azure Windows VM by creating it in a secure resource group, restricting RDP to your IP, enabling Azure orchestrated patching, and configuring BitLocker with a Key Vault.
Configure the app service to accept only https requests, ensuring http is blocked and https traffic remains encrypted; by default these settings are enabled, but verify after deployment.
Learn how Azure SQL encrypts data at rest with TDE, and how Always Encrypted adds column-level protection using keys stored in a key vault.
Create a new Azure AD user, assign the db_datareader role in Azure SQL, then verify the user can log in and read data but cannot edit.
Learn how to store a database connection string as a key vault secret, configure dotnet code to retrieve it securely, and grant a VM managed identity access to read secrets.
Demonstrates configuring a private endpoint for Azure Key Vault, linking it to the VM's vnet, enabling private DNS, and disabling public access to secure secret retrieval.
Demonstrates configuring an Azure SQL private endpoint, linking the database to a VM virtual network, updating firewall rules, and securing access with a managed identity.
Learn to connect a VM to Azure SQL using a managed identity, map the VM as a database user, grant read access, and enforce private endpoints with Key Vault secrets.
Restrict access to storage accounts by enabling private endpoints and firewall rules for specific IP addresses, while allowing public access only for static website files.
Configure a storage account with a private endpoint connected to a vnet to disable public network access. Validate access via a secure virtual machine using key vault and managed identity.
Enable secure storage access by using the virtual machine's managed identity via a key vault secret for the container URL and DefaultAzureCredential, replacing the connection string.
Make your Azure environment as secure as possible.
Working in the cloud poses unique security challenges. The fact that the cloud is accessible through the internet, and that some services are open to the network by default, makes it an attractive target to attackers.
And that means that you have to make sure your cloud environment is secure. Unsecure environment is an easy target for hackers, which can steal your data, crush your servers, and destroy your reputation.
And this is exactly what this course is all about.
In this course we'll learn everything there's to learn about security in Azure. We'll begin from the very basics, the foundations of software security, and go all the way to the most advanced security topics in Azure.
We'll learn about the security services in Azure and see how, and when, to use them.
We'll also learn how to set a security baseline in Azure and make sure all the resources follow it.
Here are some of the topics we'll discuss in this course:
- Basic security principles
- Security challenges in the cloud
- Identity security with Azure AD
- Network security (NSG, Private Endpoints and more)
- KeyVault
- Securing Virtual Machines
- Securing App Services
- Securing Databases
- Firewalls
And lots more.
But that's not all. I wanted to make this course as practical as possible, and therefore we're going to have a lot of hands-on work in Azure.
We're going to deploy virtual machines and configure them for security, we're going to create KeyVault and store our secrets securely in it, We're going to connect our database to an app service using Private Endpoint, and lots more.
And to make this course even better - it has the following two additional elements:
1. Case study, where we're going to begin with a basic, unsecure cloud architecture, and go through all the elements in it and make them secure. You'll be surprised to see the difference between our starting point and the final architecture.
2. Azure Security Handbook, summarizing what we learn in this course. This downloadable handbook is a great go-to-guide for security in Azure, and it will greatly help you when designing your next cloud architecture (the same way it helps me...)
There is no other course like this! This is the most comprehensive, practical and easy-to-follow course about Azure security. And by the end of this course - you'll be a real Azure Security Expert!
------------------------------------------------------------
What do my students have to say about my Azure courses
------------------------------------------------------------
"This is the best Azure course I have encountered on Udemy or anywhere. And I say this after buying 8 different Udemy Azure before" - Arbaaz
"One of the best Azure classes in the world" - Kkvi1357
"One of the best courses I've done at Udemy - top among maybe 50-100" - Russ
"Memi is a true architect willing to get his hands dirty!" - Kevon
"Excellent" - Ashwani
"Highly recommended" - Shashank
"I am loving it <3 the best part is the project based learning !" - Juhi
"The best course I have taken on Udemy" - Eslam
And lots more...
------------------------------------------------------------
Who is this course for?
------------------------------------------------------------
Any person who works with Azure will benefit from this course.
Whether you are a cloud architect, developer or administrator - this course is for you.
And in fact - anyone who's interested in cloud and security can take this course and benefit from it.
If you're not sure if this course is for you - drop me a note!
------------------------------------------------------------
What are the prerequisites for this course?
------------------------------------------------------------
Some knowledge of Azure and familiarity with the Azure portal is required for this course.
Note: This is not a beginner course in Azure, and I assume you already know how to work with Azure, create resources in it and work with them.
------------------------------------------------------------
About Me
------------------------------------------------------------
I've been working with Azure for more than 11 years, spanning dozens of customers from various fields - Fortune 100 enterprises, start-ups, govt. entities, defense, telco, banking, and lots more.
In addition, I am a certified Azure Solutions Architect Expert and a certified Azure Security Engineer.
I've been in the software industry for more than 20 years, and a Software Architect for more than 17 years, working with a variety of clients.
I'm an avid speaker and trainer, having trained thousands of students in various courses.
I love what I do, and my greatest passion (well, besides my family...) is designing modern, practical, and reliable systems for my clients, using the best possible architecture patterns and services.