O'Reilly logo
live online training icon Live Online training

Azure Security Fundamentals

Iain Foulds

Security is often a major concern as companies look to move to the cloud. This concern is warranted, however cloud platforms like Azure provide a number of security features above and beyond what their traditional on-premises environments provide. Learn the core concepts of Azure to help secure your workloads in the cloud, protect your data, and provide reliable services to your customers.

Most existing content on security in Azure dives into specific features such as Azure Security Center and the specific Azure features, rather than taking an overall approach to managing security. A lot of the current knowledge a learner would have still applies to security in Azure, it’s translating what they know into what Azure offers. Existing training courses are a little too light-weight in what they offer, and fixed, recorded video is often dated quickly since the Azure platforms changes so much.

What you'll learn-and how you can apply it

By the end of this live, hands-on, online course, you’ll understand:

  • Many of the same foundational security principles and considerations when you work in the cloud. These approaches include granting the least amount of privileges required for a given task, or auditing access to resources. You can re-use this existing knowledge.
  • The key Azure security features to simplify running workloads in the cloud.
  • How automated tooling helps reduce the time needed to manage threats and helps users focus on other core tasks.
  • What features and tools are available to solve problems when deploying workloads to the cloud.

And you’ll be able to:

  • Define baselines or review compliance issues and recommendations using Azure Security Center.
  • Secure virtual networks by enabling Azure DDoS protection for virtual networks and review potential threats.
  • Keep virtual machines up to date and secure using Azure Update Management and Anti-Malware.
  • Define and control access to resources using Azure Active Directory (AD) identities and features such as Azure Role-Based Access Controls and Azure AD Mutli-Factor Authentication (MFA).
  • Define resource access or creation rules using Azure Policy or Azure Information Protection.
  • Run workloads in Azure
  • Manage the security environment

This training course is for you because...

  • You're looking to use firewall rules and traffic filtering to control the flow of traffic to applications.
  • You automatically apply security update and report on virtual machine compliance.
  • You secure access to applications and resources using secure identities or digital keys.

Prerequisites

  • Basic understanding of cloud computing terms such as virtual machines and virtual networks.

Recommended preparation:

  • (Optional) Set up a free Azure trial account if you would like to follow along during the course exercises.
  • Watch the “Azure Service Overview” section in Azure - Introduction to Azure (video)

Recommended follow-up:

About your instructor

  • Iain Foulds is a senior content developer at Microsoft, focused on Azure technologies. He spent more than a decade in the field as an engineer building and running virtualization environments, including cloud solutions. At Microsoft since 2014, he supports and enables customers to successfully run workloads in Azure.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Introduction and core concepts (10 mins)

  • Discussion: What are some of your security concerns with running applications in cloud?
  • Presentation: Bringing existing experiences and security knowledge into a cloud platform. How Azure builds on that existing knowledge and provides tools to reduce the administrative burden
  • Poll

Physical security (45 mins)

  • Poll
  • Presentation: Securing physical resources in Azure, how the Azure datacenters are secured.
  • Exercise: On paper or just mentally, draw a high-level overview of how you connect multiple locations in your environment. Even in a small environment, do you have more than wiring closet or server room? In chat, list some of the main equipment used such as routers, firewalls, application gateways, etc.
  • Presentation / demo: Securing traffic from your on-premises environment to Azure using Azure VPN Gateway or Express Route.
  • Poll
  • Presentation / demo: Azure Firewall and Azure DDoS protection to limit traffic and minimize threats.
  • Exercise / discussion: What are some common services, protocols, and ports you may need to provide access to? For example, a web application that uses HTTP on port 80.
  • Presentation / demo: Network traffic filtering with network security groups and application security groups.
  • Poll
  • Presentation / demo: Data encryption in Azure such as VM disk encryption, Managed Disk encryption at rest, or requiring HTTPS connections to Azure Storage.
  • Q&A
  • 5 minute break

Application-level security (30 mins)

  • Poll
  • Presentation / demo: Storing secure data in Azure Key Vault, secure application access using managed identities for Azure resources. Hardware security module options.
  • Exercise / discussion: Think about what database platforms does your company use or have you experienced? Was the data encrypted? Was the data backed up or replicate? How quickly could you recover from a failure?
  • Presentation / demo: Database encryption and resiliency using Azure SQL DB, Cosmos DB, or Data Lake.
  • Polls
  • Presentation / demo: Azure Backup and Azure Site Recovery as a means to backup, restore, and replicate data in the event of an issue.
  • Q&A
  • 5 minute break

Azure value-add features for security (45 mins)

  • Poll: Who currently uses Active Directory? What about Azure Active Directory? Office 365?
  • Presentation / demo: Azure Active Directory for integrated identity. This includes Azure AD DomainServices, Azure Multi-Factor Authentication, and Azure AD Connect.
  • Exercise / discussion: How does your company decide who gets access to what resources? How is it enforced? What happens if a user changes roles or leaves the company?
  • Presentation / demo: Azure role-based access control (RBAC) to define access to resources in Azure. Resource locks to protect against malicious or accidental data loss.
  • Poll
  • Discussion follow-up to poll: How are policies enforced in your company?
  • Presentation / demo: Azure Policy to define what requirements must be met before resources can be deployed, what configurations must be applied, or what connectivity is permitted.
  • Presentation / demo: Azure Update Management and Azure Anti-Malware to ensure virtual machines remain updated with latest security patches and scanned for vulnerabilities.
  • Q&A
  • 5 minute break

Azure Security Center (30 mins)

  • Exercise / discussion: How do you currently receive notifications when there’s a problem? Who gets those alerts? Do they get adequate attention?
  • Presentation / demo: Overview Azure Security Center, how to aggregate and review alerts and recommendations.
  • Poll
  • Presentation / demo: Just In Time (JIT) access to VMs to only allow access to designed accounts, and for a set period
  • Q&A

Closing Q&A