Apply Now
Contact Us

AZURE
Security Training

Course Overview

This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization’s security posture, and continuously identify and remediate vulnerabilities by using a variety of security tools. It focuses on securing identity, platforms, data, applications, and operations in Azure. The training aligns with the Microsoft Certified: Azure Security Engineer Associate certification exam (AZ-500)

Course Curriculum

Course Outline

Module 1: Secure Identity and Access

Lessons

  • Manage security controls for identity and access

o Manage Azure built-in role assignments

o Manage custom roles, including Azure roles and Microsoft Entra roles

o Plan and manage Azure resources in Microsoft Entra Privileged Identity Management (PIM), including settings and assignments

o Implement multi-factor authentication (MFA) for access to Azure resources

o Implement Conditional Access policies for cloud resources in Azure

  • Manage Microsoft Entra application access

o Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants

o Manage Microsoft Entra app registrations

o Configure app registration permission scopes

o Manage app registration permission consent

o Manage and use service principals

o Manage managed identities

Labs

  • Implementing PIM and role assignments
  • Configuring Conditional Access policies
  • Managing app registrations and service principals

Module 2: Secure Networking

Lessons

  • Plan and implement security for virtual networks

o Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs)

o Manage virtual networks by using Azure Virtual Network Manager

o Plan and implement user defined routes (UDRs)

o Plan and implement Virtual Network peering or VPN gateway

o Plan and implement Virtual WAN, including secured virtual hub

o Secure VPN connectivity, including point-to-site and site to-site

o Implement encryption over ExpressRoute

o Configure firewall settings on Azure resources

o Monitor network security by using Network Watcher

  •  Plan and implement security for private access to Azure resources

o Plan and implement virtual network Service Endpoints

o Plan and implement Private Endpoints

o Plan and implement Private Link services

o Plan and implement network integration for Azure App Service and Azure Functions

o Plan and implement network security configurations for an App Service Environment (ASE)

o Plan and implement network security configurations for an Azure SQL Managed Instance

  • Plan and implement security for public access to Azure resources

o Plan and implement Transport Layer Security (TLS) to applications, including Azure App Service and API Management

o Plan, implement, and manage an Azure Firewall, including Azure Firewall Manager and firewall policies

o Plan and implement an Azure Application Gateway

o Plan and implement an Azure Front Door, including Content Delivery Network (CDN)

o Plan and implement a Web Application Firewall (WAF)

o Recommend when to use Azure DDoS Protection Standard

Labs

  • Configuring NSGs and ASGs
  • Implementing Private Endpoints and Private Link
  • Deploying Azure Firewall and Application Gateway

Module 3: Secure Compute, Storage, and Databases

Lessons

  • Plan and implement advanced security for compute

o Plan and implement remote access to virtual machines, including Azure Bastion and just-in-time (JIT)

o Configure network isolation for Azure Kubernetes Service (AKS)

o Secure and monitor AKS

o Configure authentication for AKS

o Configure security monitoring for Azure Container Instances (ACIs)

o Configure security monitoring for Azure Container Apps (ACAs)

o Manage access to Azure Container Registry (ACR)

o Configure disk encryption, including Azure Disk Encryption (ADE), encryption at host, and confidential disk encryption

o Recommend security configurations for Azure API Management

  •  Plan and implement security for storage

o Configure access control for storage accounts

o Manage storage account access keys

o Select and configure an appropriate method for access to Azure Files

o Select and configure an appropriate method for access to Azure Blob Storage

o Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage

o Configure Bring your own key (BYOK)

o Enable double encryption at the Azure Storage infrastructure level

  •  Plan and implement security for Azure SQL Database and Azure SQL Managed Instance

o Enable Microsoft Entra database authentication

o Enable database auditing

o Plan and implement dynamic data masking

o Implement Transparent Data Encryption (TDE)

o Recommend when to use Azure SQL Database Always Encrypted

Labs

  •  Securing AKS clusters and containers
  •  Configuring storage encryption and access controls
  •  Implementing SQL database security features like TDE and auditing

Module 4: Secure Data and Applications

Lessons

  •  Identify Azure data protection mechanisms

o Configure security policies to manage data

o Configure security for data infrastructure Configure encryption for data at rest and in transit

  •  Implement application security

o Understand application security concepts

o Implement security for application lifecycle (development, deployment,

operations)

o Secure applications using Azure security features, including endpoint security

o Configure and manage Azure Key Vault for secrets management

  •  Manage security operations for data and apps

o Configure Microsoft Defender for Cloud for data and app protection

o Implement threat protection and vulnerability management

Labs

  • Configuring Key Vault and secret management
  • Implementing application security in App Service
  • Using Defender for Cloud to assess data and app security

Module 5: Manage Security Operations

Lessons

  • Configure security services and policies

o Configure Microsoft Defender for Cloud

o Configure security policies using Azure Policy and Blueprints

  •  Manage and respond to security alerts

o Manage security alerts and recommendations

o Respond to and remediate security issues using Defender

for Cloud

  • Create and manage security baselines

o Develop regulatory compliance baselines

o Configure workflow automation for compliance

Labs

  •  Setting up Defender for Cloud and policies
  • Responding to security incidents and alerts
  • Creating custom security baselines

Our Study materal

It’s not magic; it’s the right study resources. Forget the guesswork and the old textbooks. This section holds our battle-tested arsenal of notes, practice exams, and exclusive guides. Click through and see how we turn confusion into clarity.

Download course curriculum Here

  • Cloud Security Administrator

  • Cloud Security Engineer
  • Infrastructure Security Engineer
  • Security Operations (SecOps) Analyst

  • Security Operations Center Engineer

  • Threat Detection Analyst

  • Identity & Access Management (IAM) Specialist
  • Cloud Security Architect

  • Ethical Hacker (Azure)

  • Red Team Engineer

Interested In Any of Our Courses? Contact our Program Advisors via Email at Info@yandtechconsulting.com Or Call Us at ‪+1 (318) 404 8059‬. No Tech Skills? No Problem! We Train Your From Scratch

SMS Text Us