Welcome to Azure Security: AZ-500 course!
In this course you will learn how to provide a high level of security to the entire Azure platform, which is currently one of the most in-demand skill sets as cyber security threats continue to rise and target cloud based resources.
Course Update:
June 2022: Microsoft Defender for Cloud updated to reflect new settings
This is a list of the skills you will acquire from this course:
Manage identity and access
· manage Azure Active Directory identities
· configure security for service principals
· manage Azure AD directory groups
· manage Azure AD users
· manage administrative units
· configure password writeback
· configure authentication methods including password hash and Pass Through
· authentication (PTA), OAuth, and passwordless
· transfer Azure subscriptions between Azure AD tenants
· configure secure access by using Azure AD
· monitor privileged access for Azure AD Privileged Identity Management (PIM)
· configure Access Reviews
· configure PIM
· implement Conditional Access policies including Multi-Factor Authentication (MFA)
· configure Azure AD identity protection
· manage application access
· create App Registration
· configure App Registration permission scopes
· manage App Registration permission consent
· manage API access to Azure subscriptions and resources
· manage access control
· configure subscription and resource permissions
· configure resource group permissions
· configure custom RBAC roles
· identify the appropriate role
· apply principle of least privilege
· interpret permissions
· check access
Implement platform protection
· Implement advanced network security
· secure the connectivity of virtual networks (VPN authentication, Express Route
· encryption)
· configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
· create and configure Azure Firewall
· implement Azure Firewall Manager
· configure Azure Front Door service as an Application Gateway
· configure a Web Application Firewall (WAF) on Azure Application Gateway
· configure Azure Bastion
· configure a firewall on a storage account, Azure SQL, Key Vault, or App Service
· implement Service Endpoints
· implement DDoS protection
· configure advanced security for compute
· configure endpoint protection
· configure and monitor system updates for VMs
· configure authentication for Azure Container Registry
· configure security for different types of containers implement vulnerability management
· configure isolation for AKS configure security for container registry
· implement Azure Disk Encryption
· configure authentication and security for Azure App Service
· configure SSL/TLS certs
· configure authentication for Azure Kubernetes Service
· configure automatic updates
Manage security operations
· monitor security by using Azure Monitor
· create and customize alerts
· monitor security logs by using Azure Monitor
· configure diagnostic logging and log retention
· monitor security by using Microsoft Defender for Cloud
· evaluate vulnerability scans from Microsoft Defender for Cloud
· configure Just in Time VM access by using Microsoft Defender for Cloud
· configure centralized policy management by using Microsoft Defender for Cloud
· configure compliance policies and evaluate for compliance by using Microsoft Defender for Cloud
· configure workflow automation by using Microsoft Defender for Cloud
· monitor security by using Azure Sentinel
· create and customize alerts
· configure data sources to Azure Sentinel
· evaluate results from Azure Sentinel
· configure a playbook by using Azure Sentinel
· configure security policies
· configure security settings by using Azure Policy
· configure security settings by using Azure Blueprint
Secure data and applications
· Configure security for storage
· configure access control for storage accounts
· configure key management for storage accounts
· configure Azure AD authentication for Azure Storage
· configure Azure AD Domain Services authentication for Azure Files
· create and manage Shared Access Signatures (SAS)
· create a shared access policy for a blob or blob container
· configure Storage Service Encryption
· configure Azure Defender for Storage
· configure security for databases
· enable database authentication
· enable database auditing
· configure Azure Defender for SQL
· configure Azure SQL Database Advanced Threat Protection
· implement database encryption
· implement Azure SQL Database Always Encrypted
Configure and manage Key Vault
· manage access to Key Vault
· manage permissions to secrets, certificates, and keys
· configure RBAC usage in Azure Key Vault
· manage certificates
· manage secrets
· configure key rotation
· backup and restore of Key Vault items
· configure Azure Defender for Key V