Table of Contents

Preface

Section 1: Identity and Governance

Chapter 1: An Introduction to Azure Security

Exploring the shared responsibility model

On-premises

IaaS

PaaS

SaaS

Division of security in the shared responsibility model

Physical security

Azure network

Azure infrastructure availability

Azure infrastructure integrity

Azure infrastructure monitoring

Understanding Azure security foundations

Summary

Questions

Chapter 2: Governance and Security

Understanding governance in Azure

Using common sense to avoid mistakes

Using management locks

Using management groups for governance

Understanding Azure Policy

Mode

Parameters

Policy assignments

Initiative definitions

Initiative assignments

Policy exemptions

Policy best practices

Defining Azure blueprints

Blueprint definitions

Blueprint publishing

Azure Resource Graph

Querying Azure Resource Graph with PowerShell

Querying Azure Resource Graph with the Azure CLI

Advanced queries

Summary

Questions

Chapter 3: Managing Cloud Identities

Exploring passwords and passphrases

Dictionary attacks and password protection

Understanding MFA

How to enable MFA in Azure AD

MFA activation from a user's perspective

Introducing security defaults

Using Conditional Access

Named locations

Custom controls

Terms of use

Conditional Access policies

Introducing Azure AD Identity Protection

Azure AD Identity Protection at a glance

Understanding role-based access control

Creating custom RBAC roles

Protecting admin accounts with Azure AD PIM

Managing Azure AD roles in PIM

Managing Azure resources with PIM

Hybrid authentication and Single Sign-On

Understanding passwordless authentication

Global settings

Licensing considerations

Summary

Questions

Section 2: Cloud Infrastructure Security

Chapter 4: Azure Network Security

Understanding Azure Virtual Network

Connecting on-premises networks with Azure

Creating an S2S connection

Connecting a VNet to another VNet

VNet service endpoints

Private endpoints

Considering other VNet security options

Azure Firewall deployment and configuration

Azure DDoS protection

Azure Bastion

Hub-and-spoke network topology

Hub VNet

Understanding Azure Application Gateway

Understanding Azure Front Door

Summary

Questions

Chapter 5: Azure Key Vault

Understanding Azure Key Vault

Understanding access policies

Understanding service-to-service authentication

Understanding managed identities for Azure resources

Using Azure Key Vault in deployment scenarios

Creating an Azure Key Vault and secret

Azure VM deployment

Summary

Questions

Chapter 6: Data Security

Technical requirements

Understanding Azure Storage

Understanding Azure virtual machine disks

Working on Azure SQL Database

Summary

Questions

Section 3: Security Management

Chapter 7: Microsoft Defender for Cloud

Introducing Microsoft Defender for Cloud

Enabling Microsoft Defender for Cloud

Using auto-provisioning to deploy extensions

Enabling Microsoft Defender for Cloud's enhanced security

Cloud Security Posture Management with Defender for Cloud

Working with recommendations

How to prioritize remediation

Working with resource exemptions

Custom policies and (regulatory) compliance

Using the regulatory compliance dashboard

Working with regulatory compliance standards

Cloud workload protection and multi-cloud capabilities

Microsoft Defender for Servers

Microsoft Defender for Containers

Threat detection summary

Automating security

Continuous export

Workflow automation

REST APIs

Multi-cloud capabilities in Microsoft Defender for Cloud

Summary

Questions

Chapter 8: Microsoft Sentinel

Introduction to SIEM

Getting started with Microsoft Sentinel

Configuring data connectors and retention

Working with Microsoft Sentinel dashboards

Setting up rules and alerts

Microsoft Sentinel automation

Creating workbooks

Using threat hunting and notebooks

Advanced threat detection

Using community resources

Summary

Questions

Chapter 9: Security Best Practices

Log Analytics design considerations

Understanding Azure SQL Database security features

Security in Azure App Service

Storage account access keys

Summary

Questions

Assessments

Other Books You May Enjoy