Secure Azure services and workloads with Microsoft Defender for Cloud regulatory compliance controls - Applied Skills workshop

• Practical experience in administration of Microsoft Azure and hybrid environments.
• Strong familiarity with compute, network, and security in Azure, as well as Microsoft Entra ID.
• Familiarity with security management and vulnerability remediation techniques.
• Knowledge of threat modeling and implementation of threat protection measures.

Module 1: Filter network traffic with a network security group using the Azure portal

In this module, we will focus on filtering network traffic using Network Security Groups (NSGs) in the Azure portal. Learn how to create, configure, and apply NSGs for improved network security.

• Introduction
• Azure resource group
• Azure Virtual Network
• How network security groups filter network traffic
• Application security groups
• Exercise - Create a virtual network infrastructure
• Knowledge check
• Summary

Module 2: Create a Log Analytics workspace for Microsoft Defender for Cloud

In this module, you'll discover how to create a Log Analytics workspace in the Azure portal for Microsoft Defender for Cloud, improving data collection and security analysis.

• Introduction
• Defender for Cloud monitoring components
• Exercise - Create a workspace
• Knowledge check
• Summary

Module 3: Set up Microsoft Defender for Cloud

In this module, you'll learn how to implement Microsoft Defender for Cloud using the Azure portal, to strengthen security and threat detection in your Azure environment.

• Introduction
• Implement Microsoft Defender for Cloud
• Security posture
• Workload protections
• Deploy Microsoft Defender for Cloud
• Exercise - Enable Defender for Cloud on your Azure subscription
• Azure Arc
• Azure Arc capabilities
• Microsoft cloud security benchmark
• Improve your regulatory compliance.
• Configure Microsoft Defender for Cloud policies
• View and edit security policies
• Manage and implement Microsoft Defender for Cloud recommendations
• Explore secure score
• MITRE Attack matrix
• Define brute force attacks
• Understand just-in-time VM access
• Implement just-in-time VM access
• Exercise - Enable just-in-time access on Virtual Machines
• Knowledge check
• Summary

Module 4: Configure and integrate a Log Analytics agent and workspace in Defender for Cloud

This module will guide you to configure and integrate a Log Analytics agent with a workspace in Defender for Cloud via the Azure portal, boosting security analysis.

• Introduction
• Collect data from your workloads with the Log Analytics agent
• Configure the Log Analytics agent and workspace
• Exercise - Collect data from your workloads with the Log Analytics agent
• Knowledge check
• Summary

Module 5: Configure Azure Key Vault networking settings

In this module, you'll learn to configure Azure Key Vault networking settings via the Azure portal, ensuring secure and controlled access to your stored secrets.

• Introduction
• Azure Key Vault basic concepts
• Best practices for Azure Key Vault
• Azure Key Vault security
• Configure Azure Key Vault firewalls and virtual networks
• Exercise - Configure Key Vault firewall and virtual networks
• Azure Key Vault soft delete overview
• Virtual network service endpoints for Azure Key Vault
• Exercise - Configure Azure Key Vault recovery management with soft delete and purge protection
• Knowledge check
• Summary

Module 6: Connect an Azure SQL server using an Azure Private Endpoint using the Azure portal

This module will guide you on securely connecting an Azure SQL server via Azure Private Endpoint in the Azure portal, enhancing data communication security.

• Introduction
• Azure Private Endpoint
• Azure Private Link1
• Exercise - Deploy a virtual machine to test connectivity privately and securely to the SQL server across the private endpoint
• Knowledge check
• Summary

Please note: Your applied skills assessment practical lab can be sat at any time of your choosing directly via the MSLearn website here.