Course topics

Configuring Microsoft Azure AD

• Understanding App Registrations & Types
• Nuances between the new and old Azure portal for Azure AD
• App Registration Permission Content
• Configuring MFA in Azure AD
• Configuring Authentication methods
• Manage Azure AD Users and Groups
• Configuring Azure AD Connect for directory sync bewteen ADDS and Azure AD
• Implementing Conditional Access policies

Azure AD Privileged Access Management

• Monitoring Privileged Access and Activating Privileged Identity Management

Azure Tenant Security

• Azure subscriptions between Azure AD tenants and managing API access to Azure subscriptions and resources

Network Security

• Configuring Virtual Network Connectivity
• Configuring Network Service Groups
• Configuring Azure Firewall
• Configuring Application Security Groups
• Configuring Remote Access Management
• Configuring Resource Firewall

Host Security

• Configuring endpoint security with the VM
• Configuring VM Security
• Hardening Virtual Machines in Microsoft Azure
• Configuring system updates for Azure VMs
• Configuring baselines for VMs

Container security

• Configuring: network, authentication, container isolation, AKS security, container registry, container instance security
• Configuring and implementing vulnerability management

Azure Resource Management Security

• Microsoft Azure Resource Locks, Manage resource group security, Configure Microsoft Azure Policies, Custom RBAC role and subscription and resource perrmission

Security Services

• Microsoft Azure Monitor, Microsoft Azure Log Analytics, Diagnostic Logging and Log retention, Vulnerability scanning

Security Policies

• Centralized policy management with Azure Security Center and Just in time VM access with Azure Security Center

Security Alerts

• Create and customize alerts
• Review and respond to alerts and recommendations
• Configure playbook for security events through Azure Security Center
• Investigate escalated security incidents

Security policies to manage data

• Data classification, data retention and data sovereignty

Security for Data Infrastructure

• Database Authentication
• Shared Access Signatures
• Database Auditing
• Security for HDInsights
• Azure SQL database threat detection
• Security for CosmosDB
• Access control for storage accounts
• Security for Azure Data Lake
• Key management for storage accounts

Data encryption at rest

• Database encryption
• Storage service encryption
• Disk encryption
• Backup encryption
• Microsoft Azure SQL Database Always Encrypted

Application Security

• SSL/TLS
• Azure Services to protect web apps
• Application security baseline

Azure Key Vault

• Managing access to key vault
• Managing permissions to secrets, certificates and keys
• Managing certificates
• Managing secrets
• Configuring key rolation

War stories: How we secure our Azure Cloud

Target audience

The target audience for the DevOps Foundation course include management, operations, developers, QA and testing professionals, such as:

• Individuals involved in IT development, IT operations or IT service management
• Individuals who require an understanding of DevOps principles
• IT professionals working within, or about to enter, an Agile Service Design Environment
• The following IT roles: Automation Architects, Application Developers, Business Analysts, Business Managers, Business Stakeholders, Change Agents, Consultants, DevOps Consultants, DevOps Engineers, Infrastructure Architects, Integration Specialists, IT Directors, IT Managers, IT Operations, IT Team Leaders, Lean Coaches, Network Administrators, Operations Managers, Project Managers, Release Engineers, Software Developers, Software Testers/QA, System Administrators, Systems Engineers, System Integrators, Tool Providers