Develop a security and compliance plan

In this module, you will:

• Describe the core terminology of Microsoft Entra ID.
• Describe the core features of Microsoft Entra ID.
• Describe the licensing models for Microsoft Entra ID.

In this module, you will:

• Add users to Microsoft Entra ID.
• Manage app and resource access by using Microsoft Entra groups.
• Give guest users access in Microsoft Entra business to business (B2B).

In this module, you will:

• Identify the benefits of and use cases for service principals.
• Identify the benefits of using managed identities for Azure resources.
• Enable managed identity on an Azure VM.
• Use managed identity with Azure SDKs in applications.

In this module, you will:

• Explore proper usage of Azure Key Vault
• Manage access to an Azure Key Vault
• Explore certificate management with Azure Key Vault
• Configure a Hardware Security Module Key-generation solution

In this module, you will:

• Use API keys to authorize access to your APIs
• Use client certificate authentication to secure your APIs

In this module, you will:

• Store Azure audit logs and sign-in activity logs in a Log Analytics workspace.
• Create alerts for security events in a Log Analytics workspace.
• Create and view dashboards to support improved monitoring.

In this module, you will:

• Identify the tools and GitHub features to establish a secure development strategy
• Enable vulnerable dependency detection for private repositories
• Detect and fix outdated dependencies with security vulnerabilities
• Automate the detection of vulnerable dependencies with Dependabot
• Add a security policy with a SECURITY.md file
• Remove a commit exposing sensitive data in a pull request
• Keep sensitive files out of your repository by applying the use of a .gitignore file
• Remove historical commits exposing sensitive data deep in your repository

In this module you will:

• Discover the importance of learning from incidents
• Understand the aspects of complex systems that make learning from failure important
• Learn when and how to conduct a post-incident review
• Understand the purpose and goals of a post-incident review
• Learn the components that go into a good post-incident review
• Explore the Azure tools that can assist with getting started with post-incident reviews
• Become aware of common traps to avoid
• Identify helpful practices to conduct a better review

In this module you will:

• Learn the importance of effective incident response
• Gain an understanding of the lifecycle of an incident so we know just how to apply our efforts
• Learn the building blocks for constructing an incident response process that allows us to respond with urgency.
• Begin to track your incidents effectively using Azure DevOps tools.
• Explore ways to automate your incident tracking for a speedy and consistent response
• Understand the guidelines around communication that allow incident response to be more efficient
• Visit some Azure tools that can significantly speed up your remediation times during an incident

• Introduction
• Microsoft Entra overview
• Understand Microsoft Entra ID licenses and terminology
• Essential features of Microsoft Entra ID
• Get started with Microsoft Entra ID
• Summary

• Introduction
• What are user accounts in Microsoft Entra ID?
• Exercise - Add and delete users in Microsoft Entra ID
• Manage app and resource access by using Microsoft Entra groups
• Exercise - Assign users to Microsoft Entra groups
• Collaborate by using guest accounts and Microsoft Entra B2B
• Exercise - Give guest users access in Microsoft Entra B2B
• Summary

• Introduction
• Authentication with service principals in Microsoft Entra ID
• Authentication with managed identities
• Use managed identities with Azure virtual machines
• Exercise - Configure a system-assigned managed identity for an Azure VM
• Build applications by using Microsoft Entra managed identities
• Exercise - Configure a custom application in .NET by using managed identity
• Summary

• Introduction
• Guidelines for using Azure Key Vault
• Manage access to secrets, certificates, and keys
• Exercise - store secrets in Azure Key Vault
• Manage certificates
• Summary

• Introduction
• What is API Management?
• Create subscriptions in Azure API Management
• Exercise - Create subscriptions in Azure API Management
• Use client certificates to secure access to an API
• Exercise - Use client certificates to secure access to an API
• Summary

• Introduction
• Use logs to detect suspicious activity
• Exercise - Set up and view sign-in logs and audit logs
• Integrate logs with a Log Analytics workspace
• Exercise - Integrate logs with a Log Analytics workspace
• Set and view alerts in your Log Analytics workspace
• Exercise - Set an alert in your Log Analytics workspace and view alerts
• Set up dashboards and reports to visualize log data
• Exercise - Set up a dashboard and add a report
• Summary

• Introduction
• How to maintain a secure GitHub repository
• Exercise - Add a .gitignore file
• Automated security
• Knowledge check
• Summary

• Introduction
• Why learn from incidents?
• What is a post-incident review?
• Characteristics and components of a good post-incident review
• The post-incident review process
• Common traps to avoid
• Helpful practices for learning from failure
• Summary

• Introduction
• Importance of incident response
• Characteristics and lifecycle of an incident
• Foundations of incident response
• Incident tracking
• Communication and collaboration
• Remediation
• Summary