Content

• Target Audience
• This course is intended for Azure Security Engineers who plan to take the related certification exam or who perform security tasks in their daily work. This course is also helpful for engineers who specialize in the security of Azure-based digital platforms and want to play an essential role in protecting an organization's data.
• Content
• Module 1: Managing identity and access
• This module covers Azure Active Directory, Azure Identity Protection, Enterprise Governance, Azure AD PIM and Hybrid Identity.
• Lesson
• - Azure Active Directory
• - Hybrid Identity
• - Azure Identity Protection
• - Azure AD privileged identity management
• - Enterprise management
• Exercise: Role-based access control
• Exercise: Azure Policies
• Lab: Resource Manager Lockdown
• Lab: MFA, conditional access, and AAD identity protection
• Lab: Azure AD Privileged Identity Management
• Lab: Implement directory synchronization
• Upon completion of this module, participants will be able to
• - Implement enterprise governance strategies including role-based access control, Azure policies, and resource locking.
• - Implement an Azure AD infrastructure, including users, groups and multi-factor authentication.
• - Implement Azure AD Identity Protection, including risk policies, conditional access and access auditing.
• - Implement Azure AD Privileged Identity Management, including Azure AD roles and Azure resources.
• - Implement Azure AD Connect, including authentication methods and on-premises directory synchronization
• Module 2: Implementing platform protection
• This module covers perimeter, network, host and container security.
• Lesson
• - Perimeter Security
• - Network Security
• - Host security
• - Container Security
• Exercise: Network security groups and application security groups
• Exercise: Azure firewall
• Lab: Configuring and securing ACR and AKS
• After completing this module, participants will be able to
• - Implement perimeter security strategies including Azure Firewall.
• - Implement network security strategies, including network security groups and application security groups.
• - Implement host security strategies including endpoint protection, remote access management, update management and disk encryption.
• - Implement container security strategies, including Azure Container Instances, Azure Container Registry and Azure Kubernetes.
• Module 3: Secure data and applications
• This module covers Azure Key Vault, application security, storage security and SQL database security.
• Lesson
• - Azure Key Vault
• - Application security
• - Storage security
• - SQL database security
• Exercise: Key Vault (Implementing secure data by setting up Always Encrypted)
• Exercise: Securing Azure SQL database
• Exercise: Service endpoints and securing storage
• After completing this module, participants will be able to
• - Implement Azure Key Vault, including certificates, keys, and secrets.
• - Implement application security strategies, including application registry, managed identities, and service endpoints.
• - Implement storage security strategies, including shared access signatures, blob retention policies, and Azure Files authentication.
• - Implement database security strategies, including authentication, data classification, dynamic data masking and always encrypted.
• Module 4: Managing security operations
• This module covers Azure Monitor, Azure Security Center, and Azure Sentinel.
• Lesson
• - Azure monitoring
• - Azure Security Center
• - Azure Sentinel
• Exercise: Azure Monitor
• Exercise: Azure Security Center
• Exercise: Azure Sentinel
• After completing this module, participants will be able to
• - Implement Azure Monitor, including connected sources, log analysis, and alerts.
• - Implement Azure Security Center, including policies, recommendations, and just-in-time access to virtual machines.
• - Implement Azure Sentinel, including workbooks, incidents and playbooks.