Securing Data and Applications in Microsoft Azure

Paths

Securing Data and Applications in Microsoft Azure

Authors: Ned Bellavance, Reza Salehi, Sahil Malik

Microsoft Azure offers a host of powerful security services that you can use to secure your public-facing applications and sensitive data from hackers and other malicious users.... Read more

What you will learn:

  • How to configure data encryption in Microsoft Azure
  • How to use Microsoft Azure security services to secure applications
  • How to use Key Vault to protect sensitive data
  • How to govern your Azure subscriptions with the appropriate data security policies
  • How to use automated tools to create a secure application lifecycle on Microsoft Azure
  • How to secure data infrastructure in Microsoft Azure

Pre-requisites

This path expects learners to be familiar with the Microsoft Azure Data and Security platform and fundamental security concepts.

Beginner

The courses in this section of the path teach you how to apply encryption protection for Azure resources and how to use Azure security services to protect your IaaS and PaaS applications. These courses serve as the foundation for the intermediate and advanced courses in this path.

Configuring Encryption for Data at Rest in Microsoft Azure

by Ned Bellavance

Jun 27, 2019 / 2h 18m

2h 18m

Start Course
Description

Data protection and security is a fundamental tenant of deploying resources in Microsoft Azure. As an administrator, you need to understand the shared responsibility model for Microsoft Azure, and how data security is impacted. In this course, Configuring Encryption for Data at Rest in Microsoft Azure, you will learn how to apply additional encryption protection for Azure resources. First, you will learn about encryption with Azure Storage and the Storage Encryption Service. Then, you will discover how to implement Azure Disk Encryption for Windows and Linux VMs. Finally, you will understand how to implement Transparent Data Encryption and Always Encrypted on Microsoft SQL Databases. When you are finished with this course, you will have the skills necessary to implement data encryption at rest for multiple services in your Azure environment.

Table of contents
  1. Course Overview
  2. Introducing Data Protection and Encryption in Azure
  3. Implementing Encryption for Azure Storage
  4. Encrypting Azure Virtual Machines
  5. Implementing Encryption for Azure Recovery Vaults
  6. Implementing Azure SQL Transparent Data Encryption
  7. Implementing Azure SQ L Database Always Encrypted

Securing Applications in Microsoft Azure

by Reza Salehi

Jun 5, 2019 / 2h 47m

2h 47m

Start Course
Description

Public-facing applications are common targets for hackers and malicious users. In this course, Securing Applications in Microsoft Azure, you will gain the ability to prevent these attacks by leveraging Microsoft Azure's powerful security services. First, you will learn to eliminate sensitive service credentials from your app code by using Managed Identities (MSI). Next, you will discover how Network Security Groups (NSG) and Application Security Groups (ASG) are used to control inbound and outbound traffic for virtual networks and virtual machines. Finally, you will explore how to protect Azure app service deployments from common attacks such as SQL injection and XSS by using Web Application Firewalls (WAF) and App Service Environments (ASE). When you are finished with this course, you will have the skills and knowledge of Azure security services needed to protect your applications in Microsoft Azure.

Table of contents
  1. Course Overview
  2. Configuring TLS/SSL Certificates
  3. Configuring Managed Service Identities (MSI) for Microsoft Azure Resources
  4. Configuring Network Security Groups & Application Security Groups to Secure Virtual Machines
  5. Protecting Azure App Service Apps Using Web Application Firewall & Azure Front Door
  6. Protecting App Services Using Network Isolation Tier

Intermediate

The courses in this section of the path dive deeper into the specific tools and policies you can use to better protect your data and applications in Microsoft Azure. You’ll learn how to use Key Vault and Azure’s data governance services to keep tight control of your data in the cloud.

Configuring and Managing Microsoft Azure Key Vault

by Ned Bellavance

Sep 16, 2019 / 2h 9m

2h 9m

Start Course
Description

Azure Key Vault is a secrets management platform, providing a secure repository to keys, secrets, and certificates. It offers deep integration with other services in Azure, and provides a highly secure repository for your most sensitive data. In this course, Configuring and Managing Microsoft Azure Key Vault, you will learn how to deploy and manage Azure Key Vault. First, you will understand how to deploy Key Vault and control access on the management plane. Then, you will discover how to create keys, secrets, and certificates and secure access to those objects with Access Policies. Finally, you will gain knowledge about configuring proper logging and auditing of Key Vault using Log Analytics and Storage Accounts. When you're finished with this course, you'll have the skills necessary to confidentially deploy and manage Azure Key Vault in your cloud environment.

Table of contents
  1. Course Overview
  2. Evaluating Microsoft Azure Key Generation Solutions
  3. Securing Azure Key Vault Access
  4. Creating Azure Key Vault Secrets, Certificates, and Keys
  5. Configuring Permissions to Azure Key Vault Secrets, Certificates, and Keys

Configuring Data Security Policies in Microsoft Azure

by Reza Salehi

Sep 24, 2019 / 1h 44m

1h 44m

Start Course
Description

Do you need to enforce proper tagging and region restrictions on your Azure resources? Do you need to make sure customers' data does not leave their country? Need to comply with EU's GDPR? In this course, Configuring Data Security Policies in Microsoft Azure, you will gain the ability to easily govern your Azure subscriptions. First, you will use Azure services to classify your data and find out its confidentiality level. Next, you will learn how data retention policies can be enforced within key Azure resources. Finally, you will explore how to use Azure policies to control the location of your data so you can comply with data security and privacy regulations. When you are finished with this course, you will have the skills and knowledge of Azure data governance services needed to take back control of your data in the cloud.

Table of contents
  1. Course Overview
  2. Configuring Data Classification in Microsoft Azure
  3. Configuring Data Retention in Microsoft Azure
  4. Configuring Data Sovereignty in Microsoft Azure

Advanced

The courses in this section of the path teach you how to secure your data infrastructure services and how to use automation and other tools to maintain the overall security health of your Azure resources.

Configuring Microsoft Azure Data Infrastructure Security

by Sahil Malik

Jul 23, 2019 / 2h 37m

2h 37m

Start Course
Description

As we move our data to the cloud, securing it is of critical importance. The cloud is very flexible, and it offers numerous data products, including many flavors of SQL server, CosmosDB, and more. This course, Configuring Microsoft Azure Data Infrastructure Security, will teach you how to secure your data infrastructure services running in the Microsoft Azure cloud. Relevant Azure products covered include Azure SQL Database, Azure Cosmos DB, and Azure Data Lake. By the end of this course you will find yourself well equipped with a clear understanding of the various security-related capabilities of various Azure data products, and how various other Azure security products help keep your data safe.

Table of contents
  1. Course Overview
  2. Configuring Authentication in Microsoft Azure
  3. Configuring Authorization in Microsoft Azure
  4. Configuring Auditing in Microsoft Azure
  5. Configuring Encryption in Microsoft Azure
  6. Configuring Access Control for Microsoft Azure Storage Accounts

Securing the Application Lifecycle in Microsoft Azure

by Reza Salehi

Oct 1, 2019 / 1h 4m

1h 4m

Start Course
Description

Manually maintaining code credentials and Azure resources' security health is time-consuming and error-prone. In this course, Securing the Application Lifecycle in Microsoft Azure, you will gain the ability to use automated tools to uphold the security of your cloud subscription. First, you will discover how to use the CredScan tool to search your code for secrets and credentials before they accidentally get checked in. Next, you will learn to scan your Azure subscriptions for security health using the Secure DevOps Kit for Azure (AzSK). Finally, you will explore how to create automated load tests for your Azure app services. When you are finished with this course, you will have the skills and knowledge of secure application lifecycle needed to protect your applications in the cloud.

Table of contents
  1. Course Overview
  2. Implementing Security Validations for Microsoft Azure Application Development
  3. Deploying and Managing Synthetic Security Transactions in Microsoft Azure