logo

Microsoft Cloud Computing Course

course overview

download outline

Select Country and City to View dates & book now

Overview

In this course students will gain the knowledge and skills needed to implement security controls, maintain the security posture, and identify and remediation of vulnerabilities by using a variety of security tools. The course covers configuring and deploying security solutions for cloud N-tier architecture.

Audience profile

Students should have at least one year of hands-on experience securing Azure workloads and experience with security controls for workloads on Azure.

Accessing your courseware and registering attendance with Microsoft

To access your Official Curriculum (MOC) course materials you will need a Microsoft.com/Learn account. In Learn you will also be able to register your completion of the event and receive your achievement badge. You will be issued with a unique code during your event.

Audience

Students should have at least one year of hands-on experience securing Azure workloads and experience with security controls for workloads on Azure.

Skills Gained

After completing this course, students will be able to:

  • Describe specialized data classifications on Azure
  • Identify Azure data protection mechanisms
  • Implement Azure data encryption methods
  • Secure Internet protocols and how to implement them on Azure
  • Describe Azure security services and features

Prerequisites

Before attending this course, students must have knowledge of:

Microsoft Azure Administrator (AZ-104) (MAZ104)

Please note: In order to access the Azure labs for this course you will need to have a Microsoft Outlook account that has/will not be used to associate with any other corporate Azure subscription. You can set up a new Outlook account here

Outline

MODULE 1: Secure Azure solutions with Microsoft Entra ID

Explore how to securely configure and administer your Microsoft Entra instance.

By the end of this module, you will be able to:

  • Configure Microsoft Entra ID and Microsoft Entra Domain Services for security
  • Create users and groups that enable secure usage of your tenant
  • Use MFA to protect user's identities
  • Configure passwordless security options

  • Introduction
  • Explore Microsoft Entra features
  • Self-managed Active Directory Domain Services, Microsoft Entra ID, and managed Microsoft Entra Domain Services
  • Microsoft Entra Domain Services and self-managed AD DS
  • Microsoft Entra Domain Services and Microsoft Entra ID
  • Investigate roles in Microsoft Entra ID
  • Microsoft Entra built-in roles
  • Deploy Microsoft Entra Domain Services
  • Create and manage Microsoft Entra users
  • Manage users with Microsoft Entra groups
  • Configure Microsoft Entra administrative units
  • Implement passwordless authentication
  • Explore Try-This exercises
  • Knowledge check
  • Summary

MODULE 2: Implement Hybrid identity

Explore how to deploy and configure Microsoft Entra Connect to create a hybrid identity solution for your company.

By the end of this module, you'll be able to:

  • Deploy Microsoft Entra Connect
  • Pick and configure that best authentication option for your security needs
  • Configure password writeback

  • Introduction
  • Deploy Microsoft Entra Connect
  • Explore authentication options
  • Configure Password Hash Synchronization (PHS)
  • Implement Pass-through Authentication (PTA)
  • Deploy Federation with Microsoft Entra ID
  • Explore the authentication decision tree
  • Configure password writeback
  • Knowledge check
  • Summary

MODULE 3: Deploy Microsoft Entra ID Protection

Protect identities in Microsoft Entra ID using Conditional Access, MFA, access reviews, and other capabilities.

By the end of this module, you will be able to:

  • Deploy and configure Identity Protection
  • Configure MFA for users, groups, and applications
  • Create Conditional Access policies to ensure your security
  • Create and follow an access review process

  • Introduction
  • Explore Microsoft Entra ID Protection
  • Configure risk event detections
  • Implement user risk policy
  • Implement sign-in risk policy
  • Deploy multifactor authentication in Azure
  • Explore multifactor authentication settings
  • Enable multifactor authentication
  • Implement Microsoft Entra Conditional Access
  • Configure conditional access conditions
  • Implement access reviews
  • Explore try-this exercises
  • Knowledge check
  • Summary

MODULE 4: Configure Microsoft Entra Privileged Identity Management

Ensure that your privileged identities have extra protection and are accessed only with the least amount of access needed to do the job.

By the end of this module, you'll be able to:

  • Describe Zero Trust and how it impacts security
  • Configure and deploy roles using Privileged Identity Management (PIM)
  • Evaluate the usefulness of each PIM setting as it relates to your security goals

  • Introduction
  • Explore the zero trust model
  • Review the evolution of identity management
  • Deploy Microsoft Entra Privileged Identity Management
  • Configure privileged identity management scope
  • Implement privileged identity management onboarding
  • Explore privileged identity management configuration settings
  • Implement a privileged identity management workflow
  • Explore Try-This exercises
  • Knowledge check
  • Summary

MODULE 5: Design an enterprise governance strategy

Learn to use RBAC and Azure Policy to limit access to your Azure solutions, and determine which method is right for your security goals.

By the end of this module, you will be able to:

  • Explain the shared responsibility model and how it impacts your security configuration
  • Create Azure policies to protect your solutions
  • Configure and deploy access to services using RBAC

  • Introduction
  • Review the shared responsibility model
  • Explore the Azure cloud security advantages
  • Review Azure hierarchy of systems
  • Configure Azure policies
  • Enable Azure role-based access control (RBAC)
  • Compare and contrast Azure RBAC vs Azure policies
  • Configure built-in roles
  • Enable resource locks
  • Deploy Azure blueprints
  • Design an Azure subscription management plan
  • Explore Try-This exercises
  • Knowledge check
  • Summary

MODULE 6: Implement perimeter security

By the end of this module, you will be able to:

  • Define defense in depth
  • Protect your environment from denial-of-service attacks
  • Secure your solutions using firewalls and VPNs
  • Explore your end-to-end perimeter security configuration based on your security posture

  • Introduction
  • Define defense in depth
  • Explore virtual network security
  • Enable Distributed Denial of Service (DDoS) Protection
  • Configure a distributed denial of service protection implementation
  • Explore Azure Firewall features
  • Deploy an Azure Firewall implementation
  • Configure VPN forced tunneling
  • Create User Defined Routes and Network Virtual Appliances
  • Explore hub and spoke topology
  • Perform try-this exercises
  • Knowledge check
  • Summary

MODULE 7: Configure network security

Use Azure network capabilities to secure your network and applications from external and internal attacks.

By the end of this module, you will be able to:

  • Deploy and configure network security groups to protect your Azure solutions
  • Configure and lockdown service endpoints and private links
  • Secure your applications with Application Gateway, Web App Firewall, and Front Door
  • Configure ExpressRoute to help protect your network traffic

  • Introduction
  • Explore Network Security Groups (NSG)
  • Deploy a Network Security Groups implementation
  • Create Application Security Groups
  • Enable service endpoints
  • Configure service endpoint services
  • Deploy private links
  • Implement an Azure application gateway
  • Deploy a web application firewall
  • Configure and manage Azure front door
  • Review ExpressRoute
  • Perform try-this exercises
  • Knowledge check
  • Summary

MODULE 8: Configure and manage host security

Learn to lock down the devices, virtual machines, and other components that run your applications in Azure.

By the end of this module, you will be able to:

  • Configure and deploy Endpoint Protection
  • Deploy a privileged access strategy for devices and privileged workstations
  • Secure your virtual machines and access to them
  • Deploy Windows Defender
  • Practice layered security by reviewing and implementing Security Center and Security Benchmarks

  • Introduction
  • Enable endpoint protection
  • Define a privileged access device strategy
  • Deploy privileged access workstations
  • Create virtual machine templates
  • Enable and secure remote access management
  • Configure update management
  • Deploy disk encryption
  • Managed disk encryption options
  • Deploy and configure Windows Defender
  • Microsoft cloud security benchmark in Defender for Cloud
  • Explore Microsoft Defender for Cloud recommendations
  • Perform Try-This exercises
  • Knowledge check
  • Summary

MODULE 9: Enable Containers security

Explore how to secure your applications running within containers and how to securely connect to them.

By the end of this module, you will be able to:

  • Define the available security tools for containers in Azure
  • Configure security settings for containers and Kubernetes services
  • Lock down network, storage, and identity resources connected to your containers
  • Deploy RBAC to control access to containers

  • Introduction
  • Explore containers
  • Configure Azure Container Instances security​
  • Manage security for Azure Container Instances (ACI)​
  • Explore the Azure Container Registry (ACR)​
  • Enable Azure Container Registry authentication
  • Review Azure Kubernetes Service (AKS)​
  • Implement an Azure Kubernetes Service architecture​
  • Configure Azure Kubernetes Service networking​
  • Deploy Azure Kubernetes Service storage​
  • Secure authentication to Azure Kubernetes Service with Active Directory​
  • Manage access to Azure Kubernetes Service using Azure role-based access controls
  • Knowledge check
  • Summary

MODULE 10: Deploy and secure Azure Key Vault

Protect your keys, certificates, and secrets in Azure Key Vault. Learn to configure key vault for the most secure deployment.

By the end of this module, you will be able to:

  • Define what a key vault is and how it protects certificates and secrets
  • Deploy and configure Azure Key Vault
  • Secure access and administration of your key vault
  • Store keys and secrets in your key vault
  • Explore key security considers like key rotation and backup / recovery

  • Introduction
  • Explore Azure Key Vault
  • Configure Key Vault access
  • Review a secure Key Vault example
  • Deploy and manage Key Vault certificates
  • Create Key Vault keys
  • Manage customer managed keys
  • Enable Key Vault secrets
  • Configure key rotation
  • Manage Key Vault safety and recovery features
  • Perform Try-This exercises
  • Explore the Azure Hardware Security Module
  • Knowledge check
  • Summary

MODULE 11: Configure application security features

Register your company applications then use Azure security features to configure and monitor secure access to the application.

By the end of this module, you will be able to:

  • Register an application in Azure using app registration
  • Select and configure which Microsoft Entra users can access each application
  • Configure and deploy web app certificates

  • Introduction
  • Review the Microsoft identity platform
  • Explore the Application model
  • Register an application with App Registration
  • Configure Microsoft Graph permissions
  • Enable managed identities
  • Azure App Services
  • App Service Environment
  • Azure App Service plan
  • App Service Environment networking
  • Availability Zone Support for App Service Environments
  • App Service Environment Certificates
  • Perform Try-This exercises
  • Knowledge check
  • Summary

MODULE 12: Implement storage security

Ensure your data is stored, transferred, and accessed in a secure way using Azure storage and file security features.

By the end of this module, you will be able to:

  • Define data sovereignty and how that is achieved in Azure
  • Configure Azure Storage access in a secure and managed way
  • Encrypt your data while it is at rest and in transit
  • Apply rules for data retention

  • Introduction
  • Define data sovereignty
  • Configure Azure storage access
  • Deploy shared access signatures
  • Manage Microsoft Entra storage authentication
  • Implement storage service encryption
  • Configure blob data retention policies
  • Configure Azure files authentication​
  • Enable the secure transfer required​ property
  • Perform Try-This exercises
  • Knowledge check
  • Summary

MODULE 13: Configure and manage SQL database security

Configure and lock down your SQL database on Azure to protect your corporate data while it's stored.

By the end of this module, you'll be able to:

  • Configure which users and applications have access to your SQL databases
  • Block access to your servers using firewalls
  • Discover, classify, and audit the use of your data
  • Encrypt and protect your data while is it stored in the database.

  • Introduction
  • Enable SQL database authentication
  • Configure SQL database firewalls
  • Enable and monitor database auditing
  • Implement data discovery and classification​
  • Microsoft Defender for SQL
  • Vulnerability assessment for SQL Server
  • SQL Advanced Threat Protection
  • Explore detection of a suspicious event
  • SQL vulnerability assessment express and classic configurations
  • Configure dynamic data masking
  • Implement transparent data encryption​
  • Deploy always encrypted​ features
  • Deploy an always encrypted implementation
  • Perform Try-This exercises
  • Knowledge check
  • Summary

MODULE 14: Configure and manage Azure Monitor

Use Azure Monitor, Log Analytics, and other Azure tools to monitor the secure operation of your Azure solutions.

By the end of this module, you will be able to:

  • Configure and monitor Azure Monitor
  • Define metrics and logs you want to track for your Azure applications
  • Connect data sources to and configure Log Analytics
  • Create and monitor alerts associated with your solutions security

  • Introduction
  • Explore Azure Monitor
  • Configure and monitor metrics and logs
  • Enable Log Analytics
  • Manage connected sources for log analytics
  • Enable Azure monitor Alerts
  • Configure properties for diagnostic logging
  • Perform try-this exercises
  • Knowledge check
  • Summary

MODULE 15: Enable and manage Microsoft Defender for Cloud

Use Microsoft Defender for Cloud to strengthen security posture and protect workloads against modern threats in Azure.

By the end of this module, you're able to:

  • Define the most common types of cyber-attacks
  • Configure Microsoft Defender for cloud based on your security posture
  • Review Secure Score and raise it
  • Lock down your solutions using Microsoft Defender for Cloud's workload protection
  • Enable Just-in-Time access and other security features

  • Introduction
  • MITRE Attack matrix
  • Implement Microsoft Defender for Cloud
  • Security posture
  • Workload protections
  • Deploy Microsoft Defender for Cloud
  • Azure Arc
  • Azure Arc capabilities
  • Microsoft cloud security benchmark
  • Configure Microsoft Defender for Cloud security policies
  • View and edit security policies
  • Manage and implement Microsoft Defender for Cloud recommendations
  • Explore secure score
  • Define brute force attacks
  • Understand just-in-time VM access
  • Implement just-in-time VM access
  • Perform try-this exercises
  • Knowledge check
  • Summary

MODULE 16: Configure and monitor Microsoft Sentinel

Use Microsoft Sentinel to discover, track, and respond to security breaches within your Azure environment.

By the end of this module, you'll be able to:

  • Explain what Microsoft Sentinel is and how it is used
  • Deploy Microsoft Sentinel
  • Connect data to Microsoft Sentinel, like Azure Logs, Microsoft Entra ID, and others
  • Track incidents using workbooks, playbooks, and hunting techniques

  • Introduction
  • Enable Microsoft Sentinel
  • Configure data connections to Sentinel
  • Create workbooks to monitor Sentinel data
  • Enable rules to create incidents
  • Configure playbooks
  • Hunt and investigate potential breaches
  • Knowledge check
  • Summary

Certification

Please note: In order to access the Azure labs for this course you will need to have a Microsoft Outlook account that has/will not be used to associate with any other corporate Azure subscription. You can set up a new Outlook account here.

Is you are attending a technical AFA course, you must have a dual-monitor setup. At least one monitor must have minimum screen size of 19' and resolution be a minimum of 1280x1024 with the vertical resolution (1024) being the most critical.
Please join the session using a wired USB headset with microphone attached and read through the PDF included with this email as this gives information on how to connect using your headset.

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.