Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Microsoft

Architect secure infrastructure in Azure

Microsoft via Microsoft Learn

Overview

  • Module 1: In this module, you’ll use the alert capabilities of Microsoft Defender for Cloud to watch for and respond to threats.
  • In this module, you will:

    • View security alerts in Microsoft Defender for Cloud
    • Define an incident response plan
    • Use a Workflow automation to automate a security response
  • Module 2: Explore the options for Azure disk encryption to encrypt OS and data disks on existing and new virtual machines.
  • In this module, you will:

    • Determine which encryption method is best for your VM
    • Encrypt existing virtual machine disks using the Azure portal
    • Encrypt existing virtual machine disks using PowerShell
    • Modify Azure Resource Manager templates to automate disk encryption on new VMs
  • Module 3: Learn how to create an Azure Key Vault to store secret values and how to enable secure access to the vault.
  • In this module, you will:

    • Explore what types of information can be stored in Azure Key Vault
    • Create an Azure Key Vault and use it to store secret configuration values
    • Enable secure access to the vault from an Azure App Service web app with managed identities for Azure resources
    • Implement a web application that retrieves secrets from the vault
  • Module 4: Learn how to use Azure role-based access control to effectively manage your team’s access to Azure resources.
  • In this module, you will:

    • Verify access to resources for yourself and others
    • Grant access to resources
    • View activity logs of Azure RBAC changes
  • Module 5: Secure the traffic from your users all the way to your web servers by enabling TLS encryption on Application Gateway.
  • In this module, you will:

    • Implement TLS encryption between your users and Application Gateway
    • Implement TLS encryption between Application Gateway and your web servers
  • Module 6: Identify the data in your organization and store it on Azure. Store secrets securely, and use client-side encryption and Storage Service Encryption to help protect your data.
  • In this module, you will:

    • Identify the types of data that your organization is using and the security requirements for that data
    • Identify the encryption capabilities for services on Azure
  • Module 7: Secure an Azure SQL database to keep the information safe and diagnose potential security concerns as they happen.
  • In this module, you will:

    • Control network access to your Azure SQL Database using firewall rules
    • Control user access to your Azure SQL Database using authentication and authorization
    • Protect your data in transit and at rest
    • Audit and monitor your Azure SQL Database for access violations
  • Module 8: Keep tabs on security events in your Azure AD resources by using built-in reporting and monitoring capabilities. Respond to events as they happen, and address security risks before they become a problem.
  • In this module, you will:

    • Store Azure audit activity and sign-in activity logs in Azure Monitor.
    • Create alerts for security events in Azure Monitor.
    • Create and view dashboards to support improved monitoring.

Syllabus

  • Module 1: Resolve security threats with Microsoft Defender for Cloud
    • Introduction
    • View security alerts
    • Respond to alerts
    • Define a security incident response plan
    • Use a workflow automation to automate responses
    • Exercise - Configure a Playbook for a security event
    • Summary
  • Module 2: Secure your Azure virtual machine disks
    • Introduction
    • Encryption options for protecting Windows and Linux VMs
    • Encrypt existing VM disks
    • Exercise - Encrypt existing VM disks
    • Automate secure VM deployments by adding encryption to Azure Resource Manager templates
    • Exercise - Use a Resource Manager template to decrypt the VM
    • Knowledge check
    • Summary
  • Module 3: Manage secrets in your server apps with Azure Key Vault
    • Introduction
    • What is Azure Key Vault?
    • Exercise - Create a Key Vault and store secrets
    • Vault authentication with managed identities for Azure resources
    • Exercise - Access secrets stored in Azure Key Vault
    • Exercise - Configure, deploy, and run your app in Azure
    • Summary
  • Module 4: Secure your Azure resources with Azure role-based access control (Azure RBAC)
    • Introduction
    • What is Azure RBAC?
    • Knowledge check - What is Azure RBAC?
    • Exercise - List access using Azure RBAC and the Azure portal
    • Exercise - Grant access using Azure RBAC and the Azure portal
    • Exercise - View activity logs for Azure RBAC changes
    • Knowledge check - Using Azure RBAC
    • Summary
  • Module 5: Encrypt network traffic end to end with Azure Application Gateway
    • Introduction
    • Application Gateway and encryption
    • Configure back-end pools for encryption
    • Exercise - Configure back-end pools for encryption
    • Configure an Application Gateway listener for encryption
    • Exercise - Configure an Application Gateway listener for encryption
    • Summary
  • Module 6: Introduction to securing data at rest on Azure
    • Introduction
    • Classify your data and protect confidential information
    • Secure data at rest by using Azure Storage Service Encryption
    • Secure data at rest in Azure SQL Database and Azure Cosmos DB
    • Keep your keys and secrets safe by using Azure Key Vault
    • Summary
  • Module 7: Secure your Azure SQL Database
    • Introduction
    • Exercise - Set up sandbox environment
    • Exercise - Restrict network access
    • Exercise - Control who can access your database
    • Exercise - Secure your data in transit, at rest, and on display
    • Exercise - Monitor your database
    • Knowledge check
    • Summary
  • Module 8: Monitor and report on security events in Azure AD
    • Introduction
    • Use sign-in, audit, and provisioning logs to detect suspicious activity
    • Integrate activity logs with Azure Monitor logs
    • Set up reports and dashboards to visualize the information
    • Exercise - Set up reports and dashboards to visualize the information
    • Summary

Reviews

Start your review of Architect secure infrastructure in Azure

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.