AZ-500: Microsoft Azure Security Technologies

AZ-500 Course: Microsoft Azure Security Technologies

This course provides IT security professionals with the knowledge and skills necessary to implement security controls, maintain an organization's security posture, and identify and remediate security vulnerabilities. This course covers identity and access security, platform, data, and application protection, and security operations.

The course includes a certification exam and a bonus opportunity for a virtual gift! *Promotion valid until August 31st, for customers in Spain only. Does not apply to self-learning.

Course aimed at

This course is intended for Azure security engineers who plan to take the associated certification exam or who perform security tasks in their daily work. This course would also be useful for an engineer who wants to specialize in providing security for Azure-based digital platforms and play an integral role in protecting an organization's data.

Course objectives

• Implement security controls: You'll learn how to configure and manage security controls to protect resources in Azure, including identity and access protection, platform security, data security, and application security.
  
• Maintaining a Security Posture: You'll develop skills to maintain and improve your organization's security posture, ensuring that systems and data are protected against threats.
  
• Identify and remediate vulnerabilities: You'll learn how to identify and remediate security vulnerabilities using tools like Microsoft Defender for Cloud.
  
• Implement Threat Protection: You will configure and manage threat protection solutions to detect and respond to security incidents in Azure, multi-cloud, and hybrid environments.

Elements of the AZ-500 formation

• Virtual Network Security Planning and Implementation (13 Units)
• Planning and Implementing Private Access Security for Azure Resources (9 units)
• Planning and Implementing Security for Public Access to Azure Resources (9 Units)
• Planning and Implementing Advanced Process Security (13 Units)
• Storage Security Planning and Implementation (13 Units)
• Planning and Implementing Security for Azure SQL Database and Azure SQL Managed Instance (11 Units)

AZ-500 Course Content

Module 1: Identity and Access Protection

Learning objectives

• Effectively manage identities with Microsoft Sign In ID to ensure secure access and identity governance.
  
• Manage authentication processes effectively with Microsoft Sign In ID to protect user access and verify identities.
  
• Deploy and manage authorization settings with Microsoft Sign-in ID to securely control access rights and permissions.
  
• Effectively manage and secure access to applications with Microsoft Sign-in ID to ensure proper user authorization and authentication.
  

Lessons

• Managing security controls for identity and access

• Managing application access in Microsoft Access

• Module Laboratory:
  

  • Lab 01: Role-Based Access Control

Module 2: Network Protection

Learning objectives

• Plan and implement security measures for virtual networks, including NSGs, ASGs, UDRs, VNET peering, VPN Gateway instances, Virtual WAN, and network monitoring using Network Watcher
  
• Establish private access to Azure resources using service endpoints, private endpoints, Private Link services, and secure configurations for App Service, Azure Functions, and Azure SQL Managed Instance.
  
• Implement security for Azure public access, including TLS application integration, Azure Firewall, Application Gateway, Front Door, WAF, and recommendations for Azure DDoS Protection.
  

Lessons

• Planning and implementing virtual network security

• Planning and implementing security for private access to Azure resources
  

• Planning and implementing security for public access to Azure resources
  

• Module laboratories:
  

  • Lab 02: Network Security Groups and Application Security Groups
  • Lab 03: Azure Firewall

Module 3: Protecting processes, storage, and databases

Learning objectives:

• Strengthen process security with Azure Bastion, AKS configurations, container monitoring, and advanced encryption techniques.
  
• Enhance storage security with customized access controls, threat protection measures, and multiple encryption strategies.
  
• Strengthen Azure SQL Database security with authentication, auditing, data classification, and advanced encryption recommendations.
  

Lessons

• Planning and implementing advanced process security

• Storage Security Planning and Implementation

• Planning and implementing security for Azure SQL Database and Azure SQL Managed Instance

• Module laboratories:

  • Lab 04: Configuring and Securing ACR and AKS
  • Lab 05: Securing Azure SQL Database
  • Lab 06: Service Connection Points and Secure Storage

Module 4: Securing Azure with Microsoft Defender for Cloud and Microsoft Sentinel

Learning objectives:

• Implement security operations, establish governance, and implement Azure policies and infrastructure, while protecting keys and certificates.
  
• Improve Defender's security posture, ensure compliance, and monitor external threats.
  
• Configure Defender for a variety of threats, manage alerts, and leverage Sentinel for advanced security strategies.
  

Lessons

• Implementing and managing compliance with cloud governance policies

• Managing your security posture with Microsoft Defender for Cloud
  Configuring and managing threat protection using Microsoft Defender for Cloud

• Configuring and managing security monitoring and automation solutions

• Module laboratories:
  

  • Lab 07: Keystore
  • Lab 08: Creating a Log Analytics Workspace, Azure Storage Account, and Data Collection Rule (DCR)
  • Lab 09: Configuring Microsoft Defender for Cloud Enhanced Security Features for Servers
  • Lab 10: Enabling Just-In-Time Access on Virtual Machines
  • Lab 11: Microsoft Sentinel

Prerequisites

Students who pass the test will have prior knowledge and understanding of:

• Industry security best practices and requirements, such as defense in depth, least privilege access, role-based access control, multi-factor authentication, shared responsibility, and a zero-trust model.
• Security protocols, such as virtual private networks (VPNs), Internet Protocol Security (IPSec), Secure Sockets Layer (SSL), and disk and data encryption methods.
• Have some experience deploying Azure workloads This course does not cover the basics of Azure administration, but rather builds on that knowledge by adding security-specific information.
• Have experience with Windows and Linux systems, as well as scripting languages.
• Course labs can use PowerShell and the CLI.

Language

• Course: English / Spanish

• Labs: English / Spanish

Microsoft Associate Certification: Azure Security Engineer Associate

Microsoft Certified: Azure Security Engineer Associate

Demonstrates the skills necessary to implement security controls, maintain an organizational security posture, and identify and correct security vulnerabilities.

Level: Intermediate
Role: Security Engineer
Product: Azure
Subject: Security