AZ-500: Microsoft Azure Security Technologies Series

In this guide, you'll see how to create Azure users and groups, and use role-based access control to assign roles to groups. You'll create Senior Admins, Junior Admins, and Service Desk groups, add specific users as members, and assign the Virtual Machine Contributor role to the Service Desk group.

In this guide, you'll see how to implement and test your organization’s virtual networking infrastructure. You'll configure Application Security Groups for Web Servers and Management Servers, enable RDP access to Management Servers, ensure Web Servers display the IIS web page, and control network access using network security group rules.

In this guide, you'll see how to install and configure Azure Firewall to control network access. You'll create a virtual network with workload and jump host subnets, deploy virtual machines in each subnet, set up a custom route for outbound traffic, and configure firewall rules to allow traffic to www.bing.com and enable external DNS server lookups.

In this guide, you'll see how to deploy a proof of concept with Azure Container Registry and Azure Kubernetes Service. You'll build a Docker image using a Dockerfile, store it in Azure Container Registry, configure Azure Kubernetes Service, and secure and access container applications both internally and externally.

In this guide, you'll review security features for Azure SQL Database, including protection against SQL injection and data exfiltration, the ability to classify database information, and how to audit database servers, queries, and log events.

In this guide, you'll see how to create a proof of concept for securing Azure file shares. You'll configure a storage endpoint to ensure traffic stays within the Azure backbone network, restrict access to resources from a specific subnet, and verify that resources outside the subnet cannot access the storage.

In this guide, you'll see how to create a proof of concept application using Azure SQL Database's Always Encrypted functionality. You'll store keys and secrets in Azure Key Vault, register the application in Microsoft Entra ID, and encrypt database columns using Always Encrypted to enhance security.

In this guide, you'll see how to configure Azure Monitor Agent (AMA) and Data Collection Rules (DCRs) to enhance security and performance visibility for Azure virtual machines handling financial transactions and sensitive data. You'll set up centralized logging and performance monitoring to collect security events, system logs, and performance metrics, enabling proactive threat detection and optimizing system performance in line with the organization's security requirements.

In this guide, you'll see how to enable Microsoft Defender for Servers in Microsoft Defender for Cloud to enhance security for Azure virtual machines (VMs) and hybrid servers. You'll configure advanced threat protection and security monitoring to safeguard critical applications, customer data, and transactions against cyber threats, vulnerabilities, and misconfigurations.

In this guide, you'll see how to enable Just-in-Time (JIT) VM access on an Azure virtual machine (VM) used for processing financial transactions. This configuration mitigates the risk of brute-force attacks and unauthorized access by limiting continuous open access to the VM, ensuring secure access management for critical applications in your organization's Azure environment.

In this guide, you'll see how to create a proof of concept for Microsoft Sentinel-based threat detection and response. You'll learn how to collect data from Azure Activity and Microsoft Defender for Cloud, configure built-in and custom alerts, and explore how playbooks can automate responses to incidents for enhanced security monitoring and automation.