Are you a security engineer who wants to learn how to lock down the infrastructure and network resources running in your Azure environment? Then, Implement Platform Protection is the right course for you!
Throughout this course, you will explore perimeter security, network security, and host and containers security, along with various security components, tools, solutions, deployment methods, strategies, and services for protecting your Azure environment.
You’ll examine connecting networks via peering, implementing hub-and-spoke topology and distributed denial of service (DDoS ) protection, securing solutions with VPNs, traffic control with network virtual appliances (NVAs), and using Azure Web Application Firewall (WAF) to prevent attacks.
Within the course, you’ll discover the ins and outs of defense in depth, endpoint protection host security, network client and server technology, privileged access, serverless compute, and virtual machines (VMs).
You’ll learn how to configure, deploy, enable, and manage various security solutions, including Azure App Service, Azure Application Gateway, Azure Bastion, Azure Container Instances, Azure Container Registry, Azure Defender, Azure Disk Encryption, Azure ExpressRoute, Azure Firewall and Firewall Manager, Azure Front Door, Azure Functions, Azure Kubernetes Service, Azure Private Link, Azure Security Benchmarks, and Azure Update Management.
This is the third course in a series of seven courses that will prepare you to succeed in the AZ-500: Microsoft Azure Security Technologies exam.
Overview
Syllabus
- Perimeter Security
- In this module, you will learn about some of the perimeter level security tools provided by Azure to help prevent attacks to your Azure solutions. You will explore the concepts of defense in depth and zero trust to secure Azure perimeter. You will learn about network security and firewalls and tools to strengthen network protection in Azure. Azure virtual network security and enabling and configuring a distributed denial of service (DDoS) protection implementation is also covered in this module. You will learn how to deploy Azure Firewall implementation and configure and deploy the Azure Firewall Manager. The module also covers how you can secure your solutions using VPNs, Network virtual appliances (NVAs), and the Azure network virtual appliances firewall architecture. Finally, you will learn how to configure VPN forced tunneling.
- Network security
- Network security is an integral part of a defense in depth strategy. In this module, you will learn how to deploy and configure network security groups, create application security groups, and enable service endpoints. You will learn how to configure service endpoint services, deploy private links, and integrate private endpoints with other services. You will gain an understanding of encrypting traffic with SSL by using Application Gateway and learn about the various components of an application gateway. The module also covers implementing an Azure application gateway, configuring back-end pools for encryption, and configuring Application Gateway listener for encryption. You will learn how to deploy a web application firewall. You will also learn how to configure and manage Azure front door to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability.
- Host and container security
- In this module, you will learn how to use Host security as part of your defense strategy. You will learn how to configure and manage Host security to keep application host machines secure and how to configure and deploy Endpoint Protection. You will learn how to deploy a privileged access strategy for devices and privileged workstations and secure access to your virtual machines. You will gain an appreciation of the practice of layered security. You will learn how to configure and manage security for Azure Container Instances (ACI). You will learn about the Azure Container Registry (ACR) and how to enable Azure Container Registry authentication. You will learn about security for serverless compute and Azure App service, and how Kubernetes deployments and Azure Kubernetes Service works. You will understand how to configure Azure Kubernetes Service networking and deploy Azure Kubernetes Service storage. You will also learn how to secure authentication to Azure Kubernetes Service (AKS) with Active Directory and manage access to AKS using Azure role-based access controls.
- Project and graded assessment
- In this module, you will attempt a course-level ungraded project and graded assessment.
Taught by
Microsoft