Microsoft Azure Security Engineer (AZ-500)

Paths

Microsoft Azure Security Engineer (AZ-500)

Authors: Tim Warner, Neil Morrissey, Michael Teske, Ned Bellavance, Muhammad Sajid, Ammar Hasayen, Reza Salehi, Sahil Malik

Cloud security is becoming ever more important in today’s business world, with Microsoft Azure at the forefront of most companies’ demands. Microsoft Azure Security Engineers must... Read more

What you will learn

  • How to implement Active Directory Domain Services
  • How to manage identity and access
  • How to implement platform protection
  • How to manage security operations
  • How to secure data and applications

Pre-requisites

This path is targeted to Azure Security Engineers who understand scripting and automation. Learners should have a deep understanding of fundamental Azure skills such as virtualization, cloud N-tier architecture and networking, along with a strong familiarity with the Azure platform and services.

Manage Identity and Access

In this section of the path, you will learn how to manage identity and access in order to control exactly who in your organization will be able to access important applications and data.

Configuring Azure Active Directory for Microsoft Azure Workloads

by Tim Warner

Apr 10, 2020 / 2h 59m

2h 59m

Start Course
Description

You are a Microsoft Azure security engineer tasked with managing Azure Active Directory. In this course, Configuring Azure Active Directory for Microsoft Azure Workloads, you learn how to secure Azure AD for use as an identity store for your Azure-based cloud applications. First, you will discover how to create and configure Azure AD user and group accounts. Next, you will learn how to configure authentication methods, including deploying a hybrid cloud with Azure AD Connect. Finally, you will explore how to create and manage Azure AD application registrations. When you are finished with this course, you will have the skills and knowledge needed to provide security oversight of Azure AD.

Table of contents
  1. Course Overview
  2. Administering Azure AD Users and Groups
  3. Managing Azure AD Directory Roles
  4. Configuring Authentication Methods in Azure AD
  5. Installing and Configuring Azure AD Connect
  6. Creating Application Registrations in Azure AD

Implementing and Managing Microsoft Azure Multi-factor Authentication

by Neil Morrissey

Aug 14, 2020 / 5h 15m

5h 15m

Start Course
Description

Username and password authentication is susceptible to many forms of attack, and multi-factor authentication offers a way to mitigate this threat. Azure multi-factor authentication is a global service that allows you to add a second factor of authentication to your on-premises and cloud based systems using a hardware device already in the hands of your users and customers - their mobile phone. In this course, Implementing and Managing Microsoft Azure Multi-factor Authentication, you'll learn how to configure Azure MFA in the cloud and on-premises. First, you'll discover the self-service options available to users and business administrators, and how to integrate Azure MFA with a variety of technologies and applications. Next, you'll explore the configuration options to integrate Azure MFA with your existing systems. Finally, you'll see how to protect cloud-based applications with MFA and Conditional Access Policies. By the end of this course, you'll know how to deploy, configure, and monitor Azure MFA, in the cloud and on-premises.

Table of contents
  1. Course Overview
  2. Understanding Azure Multi-factor Authentication
  3. Configuring Azure MFA in the Cloud
  4. Implementing Azure MFA Server On-premises
  5. Integrating Azure MFA with On-premises Systems
  6. The MFA User Portal for Self-service and Administration
  7. Configuring the Microsoft Authenticator and OATH Clients
  8. Protecting Cloud-based Applications
  9. Monitoring and Reporting with Azure MFA

Configuring Microsoft Azure Active Directory Privileged Identity Management

by Tim Warner

Apr 10, 2020 / 1h 34m

1h 34m

Start Course
Description

Which accounts have high-privilege access to your Azure AD tenant and trusting subscriptions? How easily can you report and remediate this issue? In this course, Configuring Microsoft Azure Active Directory Privileged Identity Management, you will learn how to use this tool to quickly identify high-privilege role holders and assign time-limited on-demand administrative access. First, you will gain an understanding of how to use Azure AD PIM to manage and report on both Azure AD and Azure resource roles. Next, you will discover the "hows and whys" of access reviews. Finally, you will explore how to audit the entire process to ensure security compliance. When you are finished with this course, you will have the skills and knowledge to enforce least-privilege access in your Azure environment, which greatly increases your organizational security posture in Azure.

Table of contents
  1. Course Overview
  2. Activate and Configure Azure AD PIM
  3. Implement and Monitor Azure AD PIM Privileged Access
  4. Organize and Perform Azure AD PIM Access Reviews

Securing Microsoft Azure Subscriptions

by Tim Warner

Apr 1, 2020 / 2h 27m

2h 27m

Start Course
Description

At the core of Azure subscription security is a thorough knowledge of least-privilege authorization. In this course, Securing Microsoft Azure Subscriptions, you will learn how to protect your Azure AD tenants and the subscriptions that trust them. First, you will touch on how to implement role-based access control for your Azure resources and Azure AD tenant. Next, you will explore how to identify and manage high-privilege external accounts in Azure AD. Finally, you will discover how to protect application programming interface (API) access to Azure AD and, by extension, to your cloud apps. When you are finished with this course, you will have a foundational knowledge of Azure subscription security that will help you as you move forward in your Azure security engineer career. Software required: Microsoft Azure subscription.

Table of contents
  1. Course Overview
  2. Configuring Microsoft Azure Subscription and Resource Permissions
  3. Creating Custom RBAC Roles in Microsoft Azure
  4. Identifying High-privilege External Accounts in Microsoft Azure
  5. Transferring Microsoft Azure Subscriptions between Azure AD Tenants
  6. Managing API Access to Microsoft Azure Subscriptions and Resources

Implement Platform Protection

In this section of the path, you will learn how to properly implement platform protection in order to keep networks, virtual machines, containers and Azure Resources safe.

Configuring Virtual Machines in Microsoft Azure

by Tim Warner

Sep 14, 2018 / 1h 42m

1h 42m

Start Course
Description

At the core of configuration management in Microsoft Azure is a thorough knowledge of how to connect to and manage Azure-based virtual machines (VMs). In this course, Configuring Virtual Machines in Microsoft Azure, you’ll learn how to configure Windows Server and Linux VMs in Azure for maximum performance, availability, and security. First, you’ll learn how to manage VM configurations, including storage, networking, and extensions. Next, you’ll explore how to maximize VM availability, involving availability sets, availability zones, and Azure Advisor. Finally, you’ll discover how to enforce VM security in Azure, including role-based access control (RBAC) and Azure Security Center. When you’re finished with this course, you’ll have a foundational knowledge of Azure VM configuration that will help you as you move forward in your work as a Microsoft Azure administrator or solution architect.

Table of contents
  1. Course Overview
  2. Managing VM Configuration
  3. Managing VM Availability
  4. Managing VM Security

Managing Microsoft Azure Virtual Networks

by Tim Warner

Sep 14, 2018 / 1h 39m

1h 39m

Start Course
Description

At the core of Microsoft Azure infrastructure as a service (IaaS) is a thorough knowledge of software-defined networking. In this course, Managing Microsoft Azure Virtual Networks, you’ll learn how to design, deploy, manage, and maintain virtual networks in the Microsoft Azure cloud. First, you’ll learn how to create and configure virtual networks. Next, you’ll explore how to implement traffic control in a virtual network. Finally, you’ll discover how to troubleshoot virtual networks with Network Watcher. When you’re finished with this course, you’ll have a foundational knowledge of Azure networking that will help you as you move forward to become a more effective Azure administrator or solution architect.

Table of contents
  1. Course Overview
  2. Creating and Configuring an Azure Virtual Network
  3. Implementing Traffic Control in a Microsoft Azure Virtual Network

Securing Microsoft Azure Networks

by Michael Teske

May 28, 2019 / 1h 30m

1h 30m

Start Course
Description

Establishing a presence in the cloud should be done with security at the forefront. In this course, Securing Microsoft Azure Networks, you will learn what services and features you can leverage to create a plan to better improve your security profile in Azure. First, you will configure access control by securing what traffic can access your assets as well as who. Next, you will create and configure services that will better protect your network from malicious actors. Finally, you will maintain a secured connection from your on-premises environment to Azure in order to manage your Azure assets in a more secure fashion. When you’re finished with this course, you will have the skills and knowledge to apply security controls to your Azure network resources while creating a secure posture in the cloud.

Table of contents
  1. Course Overview
  2. Planning Hybrid Network Security in Microsoft Azure
  3. Configuring Network Security Access to Microsoft Azure Resources
  4. Configuring Network Resources in Microsoft Azure
  5. Creating a VPN Site-to-Site Connection to Microsoft Azure

Implementing Host Security in Microsoft Azure

by Michael Teske

May 12, 2020 / 1h 45m

1h 45m

Start Course
Description

Improving your security profile includes ensuring your hosts, both on-premises and in Azure, are updated and secured. In this course, Implementing Host Security in Microsoft Azure, you will gain knowledge of the services and features you can leverage to harden and update hosts in order to reduce their attack surface. First, you will enable learn how to update management to automatically enroll your hosts to keep them up to date. Next, you will explore how to enroll your hosts into Azure Security Center and apply any remediation suggestions while also installing endpoint protection. Finally, you will see how everything ties together with Azure's advanced threat detection using the tools described including Azure Monitor. When you’re finished with this course, you will have the skills and knowledge to update and harden your endpoints, both on-premises and in the cloud, improving your overall security posture.

Table of contents
  1. Course Overview
  2. Planning for Endpoint Security
  3. Updating Virtual Machines
  4. Securing Azure Virtual Machines and Connected Devices
  5. Monitoring Azure VMs and Non-Azure Systems

Maintaining Deployment Security in Microsoft Azure

by Michael Teske

May 20, 2020 / 59m

59m

Start Course
Description

In any situation, be it on-premises, in the cloud, or somewhere in between, maintaining the security posture of your assets is a full-time job. In this course, Maintaining Deployment Security in Microsoft Azure, you will learn what services and features you can leverage to keep your assets secured and up to date, including virtual machines as well as your serverless computing. First, you will enroll your hosts into update management while also creating availability sets for your future deployments, ensuring platform resiliency. Next, you will monitor your assets in Azure Security Center and apply any remediation suggestions. Finally, you will see how you can maintain, monitor, and secure your container resources. When you’re finished with this course, you will have the skills and knowledge to maintain a strong security profile for your virtual machines and containers in Microsoft Azure.

Table of contents
  1. Course Overview
  2. Identifying Azure Platform Maintenance and Security Services
  3. Configuring Azure Maintenance and Security Services

Manage Security Operations

In this section of the path, you will learn how to properly manage your organization’s security operations in order to always be in touch with what’s going on within your teams.

Managing Microsoft Azure Security

by Ned Bellavance

Mar 16, 2020 / 2h 41m

2h 41m

Start Course
Description

Configuring and monitoring the security of your Azure environment is a challenging endeavor. You want to ensure you are following best practices, finding important events, and taking a proactive stance on security configuration. Microsoft Azure Security Center helps provide a single management point for all things security in Azure. In this course, Managing Microsoft Azure Security, you will learn how to properly leverage the Azure Security Center from Microsoft to meet the advanced security needs of a cloud deployment. First, you will explore how to configure policies and data collection for the resources in your Azure subscriptions. Next, you will learn how to review the recommended actions from Security Center and prioritize which actions to take first. Finally, you will understand how to use the advanced cloud defense features to take your security game to the next level. By the end of this course, you will be able to leverage Azure Security Center to improve your security posture in Azure and assess and remediate vulnerabilities effectively.

Table of contents
  1. Course Overview
  2. Introducing Monitoring Azure Security
  3. Understanding Azure Security Center
  4. Policies and Data Collection
  5. Security Assessments and Threat Prevention
  6. Managing Security Solutions
  7. Investigating Threats
  8. Automating Security Workflows
  9. Advanced Cloud Defense

Managing and Responding to Security Events Using Azure Sentinel

by Muhammad Sajid

Sep 28, 2020 / 1h 48m

1h 48m

Start Course
Description

Overwhelming volumes of security data combined with shortages of qualified professionals in the cybersecurity space continue to prove a challenge for many organizations. In this course, Managing and Responding to Security Events Using Azure Sentinel, you will learn how the Azure Sentinel can help you solve many SOC and SecOps challenges.

First, you will explore how simple it is to enable the Azure Sentinel solution in your Azure environments, and start ingesting data for analyses. Next, you will learn how to manage security incidents and use Workbooks for Visualizations. Finally, you will learn how Azure Sentinel helps you to detect threats using Analytic rules and how to perform proactive threat hunting.

By the end of this course, you will have the knowledge and confidence to be able to use the Azure Sentinel in your organization and help your organization's SOC and SecOps teams leverage this cloud-native SIEM-as-a-service and SOAR-as-a-service offering from Microsoft.

Table of contents
  1. Course Overview
  2. Azure Sentinel Getting Started
  3. Getting Data into Azure Sentinel and Using Workbooks
  4. Threat Detection Using Analytics
  5. Managing and Investigating Incidents
  6. Integration and Automation

Incident Response and Remediation in Microsoft Azure

by Ammar Hasayen

Sep 16, 2019 / 2h 10m

2h 10m

Start Course
Description

While moving to the cloud brings many benefits, the endless journey to obtain the right level of visibility and control over the cloud workloads is still a challenge. In this course, Incident Response and Remediation in Microsoft Azure, you will learn several ways of strengthening your security poster in the cloud and protect your workloads against threats. First, you will learn how to ensure visibility and control so that any new resource that gets deployed and how it is managed and secured from day one. Next, you will learn how to assess your cloud workloads for vulnerabilities and increase your security posture with threat prevention recommendations and advanced cloud defense services. Finally, you will explore how to detect and respond to security incidents using the advance capabilities in Azure Security Center. When you are finished with this course, you will have the skills and knowledge of securing your cloud workloads that will help you prevent, detect, and respond to security incidents.

Table of contents
  1. Course Overview
  2. Introducing Azure Security Center
  3. Ensuring Resource Security Hygiene with Azure Security Center
  4. Detecting and Responding to Security Incidents
  5. Ensuring Advanced Cloud Defense with Azure Security Center

Configuring Security Services and Policies in Microsoft Azure

by Ned Bellavance

Aug 18, 2020 / 1h 51m

1h 51m

Start Course
Description

Securing the cloud effectively is a daunting challenge for many architects and administrators. Microsoft Azure provides you with tools to address that challenge and improve your security posture. In this course, Configuring Security Services and Policies in Microsoft Azure, you'll learn how to leverage Azure services such as Azure Monitor, Azure Policies, and Azure Security Center to assess the security posture of your environment, remediate discovered issues, and monitor Azure resources on a continual basis. First, you'll explore how to configure policies in the context of Security Center. Next, you'll discover how to remediate issues in your environment with automated and manual interactions. Finally, you'll learn how to use Azure Monitor and Log Analytics to assess the health of your environment. When you're finished with this course, you'll have the necessary skills needed to use the native tools in Microsoft Azure to improve your cloud security.

Table of contents
  1. Course Overview
  2. Microsoft Azure Security Services and Policy Overview
  3. Configuring Microsoft Azure Security Governance Policy
  4. Managing Azure Resource Security Policy
  5. Monitoring Security Events in Microsoft Azure

Implementing Microsoft Azure Subscription Security

by Michael Teske

May 20, 2020 / 1h 17m

1h 17m

Start Course
Description

Shifting to the cloud requires quite a bit of thought and analysis. It's critical to think about how you can govern what your users have the rights to do within your company’s subscriptions. In this course, Implementing Microsoft Azure Subscription Security, you will learn what controls and features you can use to ensure you’re able to control who can deploy those resources, what they can deploy, and what they can do after deployment. First, you will make management groups to better organize and manage your subscription resources. Next, you will create policies to ensure your Azure assets remain in compliance and remediated if not. Finally, you will enforce the practice of least privilege by locking down resources through access control and resource locks. When you’re finished with this course, you will have the skills and knowledge to set guardrails and manage the governance over your entire Azure environment.

Table of contents
  1. Course Overview
  2. Identifying Azure Subscription Management Resources
  3. Configuring Microsoft Azure Subscription Security
  4. Securing Azure Resources

Secure Data and Applications

In this section of the path, you will learn how to properly secure data and applications in order to protect your organization’s sensitive and important data, as well as your publicly-released applications.

Creating Security Baselines in Microsoft Azure

by Neil Morrissey

Dec 11, 2019 / 1h 54m

1h 54m

Start Course
Description

Security is a major concern for every organization moving to the cloud, or evolving their cloud security practices. In this course, Creating Security Baselines in Microsoft Azure, you'll learn about the Microsoft Cloud Adoption Framework, and the Security Baseline discipline contained in the framework. First, you'll explore the framework itself, and the five disciplines of cloud governance. Next, you'll cover how to create network security baselines using features of Azure. Finally, you'll discover how to secure data at rest, in transit and in use, using encryption and key management features in Azure. When you're finished with this course, you'll have the skills and knowledge of security design needed to create a Security Baseline for your organization.

Table of contents
  1. Course Overview
  2. Creating an Application Platform Security Baseline in Microsoft Azure
  3. Creating a Network Security Baseline in Microsoft Azure
  4. Creating a Data Security Baseline in Microsoft Azure

Configuring Data Security Policies in Microsoft Azure

by Reza Salehi

Jul 27, 2020 / 2h 8m

2h 8m

Start Course
Description

Do you need to enforce proper tagging and region restrictions on your Azure resources? Do you need to make sure customers' data does not leave their country? Need to comply with EU's GDPR? In this course, Configuring Data Security Policies in Microsoft Azure, you will gain the ability to easily govern your Azure subscriptions. First, you will use Azure services to classify your data and find out its confidentiality level. Next, you will learn how data retention policies can be enforced within key Azure resources. Finally, you will explore how to use Azure policies to control the location of your data so you can comply with data security and privacy regulations. When you are finished with this course, you will have the skills and knowledge of Azure data governance services needed to take back control of your data in the cloud.

Table of contents
  1. Course Overview
  2. Configuring Data Classification in Microsoft Azure
  3. Configuring Data Retention in Microsoft Azure
  4. Configuring Data Sovereignty in Microsoft Azure
  5. Azure Sentinel and Policy Enforcement

Configuring Microsoft Azure Data Infrastructure Security

by Sahil Malik

May 26, 2020 / 2h 59m

2h 59m

Start Course
Description

As we move our data to the cloud, securing it is of critical importance. The cloud is very flexible, and it offers numerous data products, including many flavors of SQL server, CosmosDB, and more. This course, Configuring Microsoft Azure Data Infrastructure Security, will teach you how to secure your data infrastructure services running in the Microsoft Azure cloud. Relevant Azure products covered include Azure SQL Database, Azure Cosmos DB, and Azure Data Lake. By the end of this course you will find yourself well equipped with a clear understanding of the various security-related capabilities of various Azure data products, and how various other Azure security products help keep your data safe.

Table of contents
  1. Course Overview
  2. Configuring Authentication in Microsoft Azure
  3. Configuring Authorization in Microsoft Azure
  4. Configuring Auditing in Microsoft Azure
  5. Configuring Encryption in Microsoft Azure
  6. Managed Identity and KeyVault
  7. Configuring Access Control for Microsoft Azure Storage Accounts

Configuring Encryption for Data at Rest in Microsoft Azure

by Ned Bellavance

Apr 3, 2020 / 2h 17m

2h 17m

Start Course
Description

Data protection and security is a fundamental tenant of deploying resources in Microsoft Azure. As an administrator, you need to understand the shared responsibility model for Microsoft Azure, and how data security is impacted. In this course, Configuring Encryption for Data at Rest in Microsoft Azure, you will learn how to apply additional encryption protection for Azure resources. First, you will learn about encryption with Azure Storage and the Storage Encryption Service. Then, you will discover how to implement Azure Disk Encryption for Windows and Linux VMs. Finally, you will understand how to implement Transparent Data Encryption and Always Encrypted on Microsoft SQL Databases. When you are finished with this course, you will have the skills necessary to implement data encryption at rest for multiple services in your Azure environment.

Table of contents
  1. Course Overview
  2. Introducing Data Protection and Encryption in Azure
  3. Implementing Encryption for Azure Storage
  4. Encrypting Azure Virtual Machines
  5. Implementing Encryption for Azure Recovery Vaults
  6. Implementing Azure SQL Transparent Data Encryption
  7. Implementing Azure SQ L Database Always Encrypted

Securing the Application Lifecycle in Microsoft Azure

by Reza Salehi

Jul 27, 2020 / 1h 25m

1h 25m

Start Course
Description

Manually maintaining code credentials and Azure resources' security health is time-consuming and error-prone. In this course, Securing the Application Lifecycle in Microsoft Azure, you will gain the ability to use automated tools to uphold the security of your cloud subscription. First, you will discover how to use the CredScan tool to search your code for secrets and credentials before they accidentally get checked in. Next, you will learn to scan your Azure subscriptions for security health using the Secure DevOps Kit for Azure (AzSK). Finally, you will explore how to create automated load tests for your Azure app services. When you are finished with this course, you will have the skills and knowledge of secure application lifecycle needed to protect your applications in the cloud.

Table of contents
  1. Course Overview
  2. Implementing Security Validations for Microsoft Azure Application Development
  3. Deploying and Managing Synthetic Security Transactions in Microsoft Azure

Securing Applications in Microsoft Azure

by Reza Salehi

Apr 6, 2020 / 3h 16m

3h 16m

Start Course
Description

Public-facing applications are common targets for hackers and malicious users. In this course, Securing Applications in Microsoft Azure, you will gain the ability to prevent these attacks by leveraging Microsoft Azure's powerful security services. First, you will learn to eliminate sensitive service credentials from your app code by using Managed Identities (MSI). Next, you will discover how Network Security Groups (NSG) and Application Security Groups (ASG) are used to control inbound and outbound traffic for virtual networks and virtual machines. Finally, you will explore how to protect Azure app service deployments from common attacks such as SQL injection and XSS by using Web Application Firewalls (WAF) and App Service Environments (ASE). When you are finished with this course, you will have the skills and knowledge of Azure security services needed to protect your applications in Microsoft Azure.

Table of contents
  1. Course Overview
  2. Configuring TLS/SSL Certificates
  3. Configuring Managed Service Identities (MSI) for Microsoft Azure Resources
  4. Configuring Network Security Groups & Application Security Groups to Secure Virtual Machines
  5. Protecting Azure App Service Apps Using Web Application Firewall & Azure Front Door
  6. Protecting App Services Using Network Isolation Tier

Configuring and Managing Microsoft Azure Key Vault

by Ned Bellavance

Sep 9, 2020 / 2h 19m

2h 19m

Start Course
Description

Azure Key Vault is a secrets management platform, providing a secure repository to keys, secrets, and certificates. It offers deep integration with other services in Azure, and provides a highly secure repository for your most sensitive data. In this course, Configuring and Managing Microsoft Azure Key Vault, you will learn how to deploy and manage Azure Key Vault. First, you will understand how to deploy Key Vault and control access on the management plane. Then, you will discover how to create keys, secrets, and certificates and secure access to those objects with Access Policies. Finally, you will gain knowledge about configuring proper logging and auditing of Key Vault using Log Analytics and Storage Accounts. When you're finished with this course, you'll have the skills necessary to confidentially deploy and manage Azure Key Vault in your cloud environment.

Table of contents
  1. Course Overview
  2. Evaluating Microsoft Azure Key Generation Solutions
  3. Securing Azure Key Vault Access
  4. Creating Azure Key Vault Secrets, Certificates, and Keys
  5. Configuring Permissions to Azure Key Vault Secrets, Certificates, and Keys

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Kaplan®* practice exams. Sign in below or sign up for a free team trial.