YoVDO

Architect secure infrastructure in Azure

Offered By: Microsoft via Microsoft Learn

Tags

Microsoft Azure Courses Cloud Security Courses Data Encryption Courses Azure Key Vault Courses

Course Description

Overview

  • Module 1: In this module, you’ll use the alert capabilities of Microsoft Defender for Cloud to watch for and respond to threats.

    • In this module, you will:

    • View security alerts in Microsoft Defender for Cloud
    • Define an incident response plan
    • Use a Workflow automation to automate a security response
  • Module 2: Explore the options for Azure disk encryption to encrypt OS and data disks on existing and new virtual machines.

    • In this module, you will:

    • Determine which encryption method is best for your VM
    • Encrypt existing virtual machine disks using the Azure portal
    • Encrypt existing virtual machine disks using PowerShell
    • Modify Azure Resource Manager templates to automate disk encryption on new VMs
  • Module 3: Learn how to create an Azure Key Vault to store secret values and how to enable secure access to the vault.

    • In this module, you will:

    • Explore what types of information can be stored in Azure Key Vault
    • Create an Azure Key Vault and use it to store secret configuration values
    • Enable secure access to the vault from an Azure App Service web app with managed identities for Azure resources
    • Implement a web application that retrieves secrets from the vault
  • Module 4: Learn how to use Azure role-based access control to effectively manage your team’s access to Azure resources.

    • In this module, you will:

    • Verify access to resources for yourself and others
    • Grant access to resources
    • View activity logs of Azure RBAC changes
  • Module 5: Secure the traffic from your users all the way to your web servers by enabling TLS encryption on Application Gateway.

    • In this module, you will:

    • Implement TLS encryption between your users and Application Gateway
    • Implement TLS encryption between Application Gateway and your web servers
  • Module 6: Identify the data in your organization and store it on Azure. Store secrets securely, and use client-side encryption and Storage Service Encryption to help protect your data.

    • In this module, you will:

    • Identify the types of data that your organization is using and the security requirements for that data
    • Identify the encryption capabilities for services on Azure
  • Module 7: Secure an Azure SQL database to keep the information safe and diagnose potential security concerns as they happen.

    • In this module, you will:

    • Control network access to your Azure SQL Database using firewall rules
    • Control user access to your Azure SQL Database using authentication and authorization
    • Protect your data in transit and at rest
    • Audit and monitor your Azure SQL Database for access violations
  • Module 8: Keep tabs on security events in your Azure AD resources by using built-in reporting and monitoring capabilities. Respond to events as they happen, and address security risks before they become a problem.

    • In this module, you will:

    • Store Azure audit activity and sign-in activity logs in Azure Monitor.
    • Create alerts for security events in Azure Monitor.
    • Create and view dashboards to support improved monitoring.

Syllabus

  • Module 1: Resolve security threats with Microsoft Defender for Cloud
    • Introduction
    • View security alerts
    • Respond to alerts
    • Define a security incident response plan
    • Use a workflow automation to automate responses
    • Exercise - Configure a Playbook for a security event
    • Summary
  • Module 2: Secure your Azure virtual machine disks
    • Introduction
    • Encryption options for protecting Windows and Linux VMs
    • Encrypt existing VM disks
    • Exercise - Encrypt existing VM disks
    • Automate secure VM deployments by adding encryption to Azure Resource Manager templates
    • Exercise - Use a Resource Manager template to decrypt the VM
    • Knowledge check
    • Summary
  • Module 3: Manage secrets in your server apps with Azure Key Vault
    • Introduction
    • What is Azure Key Vault?
    • Exercise - Create a Key Vault and store secrets
    • Vault authentication with managed identities for Azure resources
    • Exercise - Access secrets stored in Azure Key Vault
    • Exercise - Configure, deploy, and run your app in Azure
    • Summary
  • Module 4: Secure your Azure resources with Azure role-based access control (Azure RBAC)
    • Introduction
    • What is Azure RBAC?
    • Knowledge check - What is Azure RBAC?
    • Exercise - List access using Azure RBAC and the Azure portal
    • Exercise - Grant access using Azure RBAC and the Azure portal
    • Exercise - View activity logs for Azure RBAC changes
    • Knowledge check - Using Azure RBAC
    • Summary
  • Module 5: Encrypt network traffic end to end with Azure Application Gateway
    • Introduction
    • Application Gateway and encryption
    • Configure back-end pools for encryption
    • Exercise - Configure back-end pools for encryption
    • Configure an Application Gateway listener for encryption
    • Exercise - Configure an Application Gateway listener for encryption
    • Summary
  • Module 6: Introduction to securing data at rest on Azure
    • Introduction
    • Classify your data and protect confidential information
    • Secure data at rest by using Azure Storage Service Encryption
    • Secure data at rest in Azure SQL Database and Azure Cosmos DB
    • Keep your keys and secrets safe by using Azure Key Vault
    • Summary
  • Module 7: Secure your Azure SQL Database
    • Introduction
    • Exercise - Set up sandbox environment
    • Exercise - Restrict network access
    • Exercise - Control who can access your database
    • Exercise - Secure your data in transit, at rest, and on display
    • Exercise - Monitor your database
    • Knowledge check
    • Summary
  • Module 8: Monitor and report on security events in Azure AD
    • Introduction
    • Use sign-in, audit, and provisioning logs to detect suspicious activity
    • Integrate activity logs with Azure Monitor logs
    • Set up reports and dashboards to visualize the information
    • Exercise - Set up reports and dashboards to visualize the information
    • Summary

Tags

Related Courses

Azure Security and Compliance
Microsoft via edX Azure for Architects: Design an Authentication and Data Security Strategy
LinkedIn Learning Azure for Developers: Implementing and Developing Functions
LinkedIn Learning Azure for Developers: Security Best Practices
LinkedIn Learning Managing App Secrets in .NET Core
LinkedIn Learning