Managing identities and access
- Azure Active Directory (infrastructure, users, groups, multi-factor authentication).
- Azure identity protection (risk policies, conditional access and access checks).
- Corporate governance.
- Azure AD privileged identity management.
- Hybrid identity.
Hands-on work
Implement: role-based access control, Azure policy, resource manager lockdown, MFA, conditional access and AAD identity protection, Azure AD privileged identity management, directory synchronization.
Implementing platform protection
- Perimeter security (Azure firewall, etc.).
- Network security (network security groups, application security groups, etc.).
- Host security (endpoint protection, remote access management, disk encryption, etc.).
- Container security (Azure container instances, Azure container registry and Azure Kubernetes).
Hands-on work
Practice: network security groups and application security groups, Azure firewall, configuring and securing ACR and AKS.
Securing data and applications
- Azure Key Vault (certificates, keys and secrets).
- Application security (application registration, managed identities and service endpoints).
- Storage security (shared access signatures, Blob retention policies, and Azure file authentication).
- SQL database security (authentication, data classification, dynamic data masking).
Hands-on work
Implementing data security by configuring Always Encrypted, securing an Azure SQL database, service endpoints and securing storage.
Managing security operations
- Azure Monitor (connected sources, log analysis, alerts, etc.).
- Azure Security center (policies, recommendations, just-in-time access to virtual machines).
- Azure Sentinel (workbooks, incidents and playbooks, etc.).
Hands-on work
Implementing Azure Monitor, Azure Security Center and Azure Sentinel.