- Duration: 5 hours (4 segments of ~1 hour each, 8 min break at the top of each hour)
- Focus: Concise discussion and demos of core AZ-500 topics
- Style: Interactive and practical
-
🔑 Microsoft Entra Management
- Manage users and groups
- Implement multi-factor authentication (MFA)
- Configure passwordless authentication
- Implement Conditional Access policies
-
🗝️ Role Management
- Assign and manage Azure roles
- Configure Privileged Identity Management (PIM)
- Create custom roles
-
🔐 Application Access
- Manage app registrations and OAuth permissions
- Configure managed identities for Azure resources
-
🔒 Virtual Network Security
- Configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
- Plan and implement Virtual Network peering and VPN gateways
- Monitor security with Network Watcher
-
🛡️ Private Access
- Configure Private Endpoints and Private Link services
- Plan secure access to Azure App Services and Functions
-
🚀 Public Access Security
- Implement Azure Firewall and Web Application Firewall (WAF)
- Use Azure DDoS Protection Standard
-
🖥️ Compute Security
- Plan secure remote access (Azure Bastion, JIT VM access)
- Configure AKS network isolation and monitoring
- Manage container security (ACI, ACR, ACA)
-
🗄️ Storage Security
- Configure access control for storage accounts
- Enable encryption (ADE, BYOK, double encryption)
- Protect data with soft delete, backups, and versioning
-
📊 Database Security
- Enable database auditing and data classification
- Configure Transparent Data Encryption (TDE)
- Implement Always Encrypted for Azure SQL
-
⚙️ Governance and Compliance
- Create and assign security policies with Azure Policy
- Configure secure infrastructures with Blueprints
- Manage Key Vault access and key rotation
-
🛠️ Microsoft Defender for Cloud
- Assess risks using Secure Score
- Enable workload protection (Storage, SQL, Containers)
- Remediate vulnerabilities and monitor alerts
-
📈 Monitoring and Automation
- Configure Microsoft Sentinel analytics and data connectors
- Respond to incidents and automate workflows
- Evaluate vulnerability scans and alerts
Follow along with this scenario to practice key security concepts covered in the course.
You're a security engineer at Contoso Ltd, tasked with securing a new three-tier application:
- Web frontend (Azure App Service)
- API layer (Azure Functions)
- Database (Azure SQL)
- Configure Azure AD authentication for the web app
- Set up managed identities for service-to-service communication
- Implement Conditional Access policy for admin access
- Create network isolation using VNets and NSGs
- Configure Private Endpoints for the database
- Set up Azure Application Gateway with WAF
- Enable TDE and Always Encrypted for sensitive data
- Configure backup policies and soft delete
- Implement key rotation using Key Vault
- Set up Microsoft Defender for Cloud
- Configure diagnostic settings and log analytics
- Create custom alert rules in Microsoft Sentinel
- ✅ All services use managed identities for authentication
- ✅ No direct public access to backend services
- ✅ All sensitive data encrypted at rest and in transit
- ✅ Comprehensive logging and monitoring in place