Master Cloud Security with Azure Security Engineer Certification
This Azure Security certification training equips you with the expertise needed to excel as an Azure Security Engineer and succeed in the AZ-500 exam. Learn how to implement robust security controls, manage identity and access, protect data, monitor environments, and respond to threats to build secure and compliant cloud solutions on Microsoft Azure.
Azure Security Engineer Course Overview
This Azure Security Technologies course focuses on advanced security capabilities within the Azure platform, including identity and access management, platform protection, security operations, and data and application security. Gain expertise in implementing threat protection, managing security posture, and securing cloud resources to design and maintain a secure Azure environment.
Course Highlights
Includes an exam voucher, access to official Microsoft learning materials, and the flexibility to choose training dates. Hands-on Azure labs and real-world projects provide practical experience in cloud architecture.
Key Skills You’ll Gain
Develop expertise in Azure security management, threat protection, and secure access control. Learn to implement identity and access management (IAM), configure platform protection, manage security operations, and safeguard data and applications across Azure environments.
Microsoft Azure (AZ-500) Course Curriculum
Who Should Enroll?
This training is designed for IT professionals, cloud solution architects, experienced Azure administrators, developers, and DevOps professionals looking to advance their expertise in Azure architecture.
Recommended Knowledge
A high school diploma or undergraduate degree is recommended. Prior hands-on experience in IT operations, including networking, virtualization, security, computing, storage, cost management, and governance, is essential for success in this course.
Course Content
Module 1: Manage Identities in Microsoft Entra ID
-
Introduction
-
What Is Microsoft Entra ID?
-
Secure Microsoft Entra Users
-
Create a New User in Microsoft Entra ID
-
Secure Microsoft Entra Groups
-
Recommend When to Use External Identities
-
Secure External Identities
-
Implement Microsoft Entra Identity Protection
Module 2: Manage Authentication by Using Microsoft Entra ID
-
Introduction
-
Microsoft Entra Connect
-
Microsoft Entra Cloud Sync
-
Authentication Options
-
Password Hash Synchronization with Microsoft Entra ID
-
Microsoft Entra Pass-Through Authentication
-
Federation with Microsoft Entra ID
-
What is Microsoft Entra Authentication?
-
Implement Multifactor Authentication (MFA)
-
Passwordless Authentication Options for Microsoft Entra ID
-
Implement Passwordless Authentication
-
Implement Password Protection
-
Microsoft Entra ID Single Sign-On
-
Implement Single Sign-On (SSO)
-
Integrate Single Sign-On (SSO) And Identity Providers
-
Introduction to Microsoft Entra Verified ID
-
Configure Microsoft Entra Verified ID
-
Recommend and Enforce Modern Authentication Protocols
Module 3: Manage Authorization by Using Microsoft Entra ID
-
Introduction
-
Azure Management Groups
-
Configure Azure Role Permissions for Management Groups, Subscriptions, Resource Groups, and Resources
-
Azure Role-Based Access Control
-
Azure Built-In Roles
-
Assign Azure Role Permissions for Management Groups, Subscriptions, Resource Groups, and Resources
-
Microsoft Entra Built-In Roles
-
Assign Built-In Roles in Microsoft Entra ID
-
Microsoft Entra Role-Based Access Control
-
Create and Assign a Custom Role in Microsoft Entra ID
-
Microsoft Entra Permissions Management
-
Implement and Manage Microsoft Entra Permissions Management
-
Zero Trust Security
-
Microsoft Entra Privileged Identity Management
-
Configure Privileged Identity Management
-
Microsoft Entra ID Governance
-
Entitlement Management
-
Access Reviews
-
Identity Lifecycle Management
-
Lifecycle Workflows
-
Delegation and Roles in Entitlement Management
-
Configure Role Management and Access Reviews by Using Microsoft Entra ID Governance
-
Implement Conditional Access Policies
Module 4: Manage Application Access in Microsoft Entra ID
-
Introduction
-
Manage Access to Enterprise Applications In Microsoft Entra ID, Including Oauth Permission Grants
-
Manage App Registrations in Microsoft Entra ID
-
Configure App Registration Permission Scopes
-
Manage App Registration Permission Consent
-
Manage and Use Service Principals
-
Manage Managed Identities for Azure Resources
-
Recommend When to Use And Configure a Microsoft Entra Application Proxy, Including Authentication
Module 5: Plan and Implement Security For Virtual Networks
-
Introduction
-
What is an Azure Virtual Network
-
Plan and Implement Network Security Groups (Nsgs) and Application Security Groups (Asgs)
-
Plan and Implement User-Defined Routes (Udrs)
-
Plan and Implement Virtual Network Peering or Gateway
-
Plan and Implement Virtual Wide Area Network, Including Secured Virtual Hub
-
Secure VPN Connectivity, Including Point-To-Site and Site-To-Site
-
Azure Expressroute
-
Implement Encryption Over Expressroute
-
Configure Firewall Settings on Paas Resources
-
Monitor Network Security by Using Network Watcher, Including Network Security Groups
Module 6: Plan and Implement Security for Private Access to Azure Resources
-
Introduction
-
Plan and Implement Virtual Network Service Endpoints
-
Plan and Implement Private Endpoints
-
Plan and Implement Private Link Services
-
Plan and Implement Network Integration for Azure App Service and Azure Functions
-
Plan and Implement Network Security Configurations for an App Service Environment (ASE)
-
Plan and Implement Network Security Configurations for an Azure SQL Managed Instance
Module 7: Plan and Implement Security For Public Access To Azure Resources Introduction
-
Introduction
-
Plan and Implement Transport Layer Security (TLS) to Applications, Including Azure App Service And API Management
-
Plan, Implement, And Manage an Azure Firewall, Azure Firewall Manager and Firewall Policies
-
Plan and Implement an Azure Application Gateway
-
Plan and Implement a Web Application Firewall (WAF)
-
Plan and Implement an Azure Front Door, Including Content Delivery Network (CDN)
-
Recommend When to Use Azure Ddos Protection Standard
Module 8: Plan and Implement Advanced Security For Compute
-
Introduction
-
Plan and Implement Remote Access to Public Endpoints, Azure Bastion and Just-In-Time (JIT) Virtual Machine (VM) Access
-
What Is Azure Kubernetes Service?
-
Configure Network Isolation for Azure Kubernetes Service (AKS)
-
Secure and Monitor Azure Kubernetes Service
-
Configure Authentication for Azure Kubernetes Service
-
Configure Security for Azure Container Instances (Acis)
-
Configure Security for Azure Container Apps (Acas)
-
Manage Access to Azure Container Registry (ACR)
-
Configure Disk Encryption, Azure Disk Encryption (ADE), Encryption as Host, And Confidential Disk Encryption
-
Recommend Security Configurations for Azure API Management
Module 9: Plan and Implement Security for Storage
-
Introduction
-
Azure Storage
-
Configure Access Control for Storage Accounts
-
Manage Life Cycle for Storage Account Access Keys
-
Select and Configure an Appropriate Method for Access to Azure Files
-
Select and Configure an Appropriate Method for Access to Azure Blobs
-
Select and Configure an Appropriate Method for Access to Azure Tables
-
Select and Configure an Appropriate Method for Access to Azure Queues
-
Select and Configure Appropriate Methods for Protecting Against Data Security Threats, Including Soft Delete, Backups, Versioning, and Immutable Storage
-
Configure Bring Your Own Key (BYOK)
-
Enable Double Encryption at the Azure Storage Infrastructure Level
Module 10: Plan and Implement Security for Azure SQL Database and Azure SQL Managed Instance
-
Introduction
-
Azure SQL Database and SQL Managed Instance Security
-
Enable Database Authentication by Using Microsoft Entra ID
-
Enable and Monitor Database Audit
-
Identify Use Cases for the Microsoft Purview Governance Portal
-
Implement Data Classification of Sensitive Information by Using the Microsoft Purview Governance Portal
-
Plan and Implement Dynamic Mask
-
Implement Transparent Data Encryption
-
Recommend When to Use Azure SQL Database Always Encrypted
Module 11: Plan, Implement, And Manage Governance for Security
-
Introduction
-
Azure Governance
-
Create, Assign, And Interpret Security Policies and Initiatives in Azure Policy
-
Configure Security Settings by Using Azure Blueprint
-
Deploy Secure Infrastructures by Using a Landing Zone
-
Azure Key Vault
-
Azure Key Vault Security
-
Azure Key Vault Authentication
-
Create and Configure an Azure Key Vault
-
Recommend When to Use a Dedicated Hardware Security Module (HSM)
-
Configure Access to Key Vault, Including Vault Access Policies and Azure Role Based Access Control
-
Manage Certificates, Secrets, And Keys
-
Configure Key Rotation
-
Configure Backup and Recovery of Certificates, Secrets, and Keys
Module 12: Manage Security Posture by Using Microsoft Defender For Cloud
-
Introduction
-
Implement Microsoft Defender For Cloud
-
Identify and Remediate Security Risks by Using the Microsoft Defender for Cloud Secure Score and Inventory
-
Assess Compliance Against Security Frameworks and Microsoft Defender For Cloud
-
Add Industry and Regulatory Standards to Microsoft Defender for Cloud
-
Add Custom Initiatives to Microsoft Defender for Cloud
-
Connect Hybrid Cloud and Multicloud Environments to Microsoft Defender For Cloud
-
Identify and Monitor External Assets by Using Microsoft Defender External Attack Surface Management
Module 13: Configure and Manage Threat Protection by Using Microsoft Defender For Cloud
-
Introduction
-
Enable Workload Protection Services in Microsoft Defender for Cloud
-
Configure Microsoft Defender for Servers
-
Configure Microsoft Defender for Azure SQL Database
-
Container Security in Microsoft Defender for Containers
-
Managed Kubernetes Threat Factors
-
Defender for Containers Architecture
-
Configure Microsoft Defender for Containers Components
-
Vulnerability Assessments for Azure
-
Defender for Storage
-
Malware Scanning in Defender for Storage
-
Detect Threats to Sensitive Data
-
Deploy Microsoft Defender for Storage
-
Enable Configure Azure Built-In Policy
-
Microsoft Defender For Cloud Devops Security
-
Devops Security Support and Prerequisites
-
Devops Environment Security Posture
-
Connect Your Github Lab Environment to Microsoft Defender for Cloud
-
Configure the Microsoft Security Devops Github Action
-
Manage and Respond to Security Alerts in Microsoft Defender for Cloud
-
Configure Workflow Automation by Using Microsoft Defender for Cloud
-
Evaluate Vulnerability Scans from Microsoft Defender For Server
Module 14: Configure and Manage Security Monitoring and Automation Solutions
-
Introduction
-
Monitor Security Events by Using Azure Monitor
-
Configure Data Connectors in Microsoft Sentinel
-
Create and Customize Analytics Rules in Microsoft Sentinel
-
Evaluate Alerts and Incidents from Microsoft Sentinel
-
Configure Automation in Microsoft Sentinel
Lessons:
