This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations. This course is recommended preparation for the Microsoft Certified: Azure Security Engineer Associate
This course includes a complete suite of online hands-on lab environments for use during and post course completion.
This course is for Azure Security Engineers who are planning to take the associated certification exam, or who are performing security tasks in their day-to-day job. This course would also be helpful to an engineer that wants to specialize in providing security for Azure-based digital platforms and play an integral role in protecting an organization's data.
After completing this course, students will be able to:
- Implement enterprise governance strategies including role-based access control, Azure policies, and resource locks.
- Implement an Entra ID infrastructure including users, groups, and multi-factor authentication
- Implement Entra ID Identity Protection including risk policies, conditional access, and access reviews.
- Implement Entra ID Privileged Identity Management including Entra ID roles and Azure resources.
- Implement Entra ID Connect including authentication methods and on-premises directory synchronization.
- Implement perimeter security strategies including Azure Firewall.
- Implement network security strategies including Network Security Groups and Application Security Groups.
- Implement host security strategies including endpoint protection, remote access management, update management, and disk encryption.
- Implement container security strategies including Azure Container Instances, Azure Container Registry, and Azure Kubernetes.
- Implement Azure Key Vault including certificates, keys, and secretes.
- Implement application security strategies including app registration, managed identities, and service endpoints.
- Implement storage security strategies including shared access signatures, blob retention policies, and Azure Files authentication.
- Implement database security strategies including authentication, data classification, dynamic data masking, and always encrypted.
- Implement Azure Monitor including connected sources, log analytics, and alerts.
- Implement Azure Security Center including policies, recommendations, and just in time virtual machine access.
- Implement Azure Sentinel including workbooks, incidents, and playbooks.
Learning Path 1: Manage identity and access
Module 1: Manage identities in Microsoft Entra ID
- Secure users in Microsoft Entra ID
- Secure groups in Microsoft Entra ID
- Recommend when to use external identities
- Secure external identities
- Implement Microsoft Entra Identity Protection
Module 2: Manage authentication by using Microsoft Entra ID
- Configure Microsoft Entra Verified ID
- Implement multi-factor authentication (MFA)
- Implement passwordless authentication
- Implement password protection
- Implement single sign-on (SSO)
- Integrate single sign on (SSO) and identity providers
- Recommend and enforce modern authentication protocols
Module 3: Manage authorization by using Microsoft Entra ID
- Configure Azure role permissions for management groups, subscriptions, resource groups, and resources
- Assign built-in roles in Microsoft Entra ID
- Assign built-in roles in Azure
- Create and assign custom roles, including Azure roles and Microsoft Entra roles
- Implement and manage Microsoft Entra Permissions Management
- Configure Microsoft Entra Privileged Identity Management (PIM)
- Configure role management and access reviews in Microsoft Entra
- Implement Conditional Access policies
Module 4: Manage application access in Microsoft Entra ID
- Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants
- Manage app registrations in Microsoft Entra ID
- Configure app registration permission scopes
- Manage app registration permission consent
- Manage and use service principals
- Manage managed identities for Azure resources
- Recommend when to use and configure an Microsoft Entra Application Proxy, including authentication
Learning Path 2: Secure networking
Module 1: Plan and implement security for virtual networks
- Plan and implement Network Security Groups (NSGs) and Application
Security Groups (ASGs)
- Plan and implement user-defined routes (UDRs)
- Plan and implement Virtual Network peering or VPN gateway
- Plan and implement Virtual WAN, including secured virtual hub
- Secure VPN connectivity, including point-to-site and site-to-site
- Implement encryption over ExpressRoute
- Configure firewall settings on PaaS resources
- Monitor network security by using Network Watcher, including NSG flow
logging
Module 2: Plan and implement security for private access to Azure resources
- Plan and implement virtual network Service Endpoints
- Plan and implement Private Endpoints
- Plan and implement Private Link services
- Plan and implement network integration for Azure App Service and Azure Functions
- Plan and implement network security configurations for an App Service
Environment (ASE)
- Plan and implement network security configurations for an Azure SQL
Managed Instance
Module 3: Plan and implement security for public access to Azure resources
- Plan and implement Transport Layer Security (TLS) to applications, including Azure App Service and API Management
- Plan, implement, and manage an Azure Firewall, including Azure Firewall Manager and firewall policies
- Plan and implement an Azure Application Gateway
- Plan and implement an Azure Front Door, including Content Delivery Network (CDN)
- Plan and implement a Web Application Firewall (WAF)
- Recommend when to use Azure DDoS Protection Standard
Learning Path 3: Secure compute, storage, and databases
Module 1: Plan and implement advanced security for compute
- Plan and implement remote access to public endpoints, including Azure
Bastion and just-in-time (JIT) virtual machine (VM) access
- Configure network isolation for Azure Kubernetes Service (AKS)
- Secure and monitor AKS
- Configure authentication for AKS
- Configure security monitoring for Azure Container Instances (ACIs)
- Configure security monitoring for Azure Container Apps (ACAs)
- Manage access to Azure Container Registry (ACR)
- Configure disk encryption, including Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption
- Recommend security configurations for Azure API Management
Module 2: Plan and implement security for storage
- Configure access control for storage accounts
- Manage life cycle for storage account access keys
- Select and configure an appropriate method for access to Azure Files
- Select and configure an appropriate method for access to Azure Blob Storage
- Select and configure an appropriate method for access to Azure Tables
- Select and configure an appropriate method for access to Azure Queues
- Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage
- Configure Bring your own key (BYOK)
- Enable double encryption at the Azure Storage infrastructure level
Module 3: Plan and implement security for Azure SQL Database and Azure SQL Managed Instance
- Enable database authentication by using Microsoft Entra ID
- Enable database auditing
- Identify use cases for the Microsoft Purview governance portal
- Implement data classification of sensitive information by using the Microsoft Purview governance portal
- Plan and implement dynamic masking
- Implement Transparent Database Encryption (TDE)
- Recommend when to use Azure SQL Database Always Encrypted
Learning Path 4: Manage security operations
Module 1: Plan, implement, and manage governance for security
- Create, assign, and interpret security policies and initiatives in Azure Policy
- Configure security settings by using Azure Blueprint
- Deploy secure infrastructures by using a landing zone
- Create and configure an Azure Key Vault
- Recommend when to use a dedicated Hardware Security Module (HSM)
- Configure access to Key Vault, including vault access policies and Azure Role Based Access Control
- Manage certificates, secrets, and keys
- Configure key rotation
- Configure backup and recovery of certificates, secrets, and keys
Module 2: Configure data collection in Azure Monitor
- Azure Monitor
- Azure Monitor Alerts
- Azure Monitor Key Metrics
- Azure Monitor Activity Log
- Collect data from Azure resources
- Monitor virtual machines
- Design Log Analytics workspace architecture
- Data collection rules
- Data collection scenarios
Module 3: Manage security posture by using Microsoft Defender for Cloud
- Identify and remediate security risks by using the Microsoft Defender for
Cloud Secure Score and Inventory
- Assess compliance against security frameworks and Microsoft Defender for Cloud
- Add industry and regulatory standards to Microsoft Defender for Cloud
- Add custom initiatives to Microsoft Defender for Cloud
- Connect hybrid cloud and multi-cloud environments to Microsoft Defender for Cloud
- Identify and monitor external assets by using Microsoft Defender External
- Attack Surface Management
Module 4: Configure and manage threat protection by using Microsoft Defender for Cloud
- Enable workload protection services in Microsoft Defender for Cloud,
including Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, Resource Manager, and DNS
- Configure Microsoft Defender for Servers
- Configure Microsoft Defender for Azure SQL Database
- Manage and respond to security alerts in Microsoft Defender for Cloud
- Configure workflow automation by using Microsoft Defender for Cloud
- Evaluate vulnerability scans from Microsoft Defender for Server
Module 5: Configure and manage security monitoring and automation solutions
- Monitor security events by using Azure Monitor
- Configure data connectors in Microsoft Sentinel
- Create and customize analytics rules in Microsoft Sentinel
- Evaluate alerts and incidents in Microsoft Sentinel
- Configure automation in Microsoft Sentinel
1. Hvem passer dette kurset for?
Kurset er tilpasset Azure sikkerhetsingeniører og andre IT-sikkerhetsansvarlige som ønsker opplæring og evt. sertifiseringen Microsoft Certified: Azure Security Engineer Associate.
2. Hvilke forkunnskaper bør jeg ha?
Du bør ha fullført AZ‑104 eller ha tilsvarende erfaring med Azure-administrasjon, samt kjenne til både Windows og Linux og komfort med å kjøre scripts i Azure
3. Gir kurset en sertifisering?
Kurset forbereder deg til eksamen AZ‑500: Azure Security Engineer Associate. Sertifiseringen oppnås ved å bestå eksamen – eksamen er ikke inkludert i kursavgiften.
4. Hva lærer jeg i løpet av kurset?
Du lærer å:
- Administrere tilgang og identitet med Entra ID, MFA, betinget tilgang og privilegert identitetsstyring
- Sikre nettverk ved hjelp av NSG, Firewall, Azure Front Door og Application Gateway
- Beskytte compute og lagring: kryptering, diskbeskyttelse og oppdateringsstyring
- Implementere sikkerhetshåndtering med Microsoft Defender for Cloud og Microsoft Sentinel
5. Hvordan foregår kurset?
Kurset varer 4 dager og undervises av sertifiserte instruktører. Det kombinerer teori, demoer og omfattende hands-on lab‑oppgaver, med tilgang til eget Azure-labmiljø under og etter kurset.
6. Er dette kurset praktisk?
Ja. Kurset har et sterkt praktisk fokus med lab‑oppgaver som gir konkret erfaring du kan bruke direkte i din rolle som sikkerhetsingeniør.
7. Kan jeg delta digitalt?
Ja, kurset tilbys både fysisk (i klasserom hos oss) og via live, virtuelt klasserom – med identisk innhold og tilgang.
8. Hva slags materiell får jeg?
Du får tilgang til Microsofts offisielle kursmateriale (MOC), lab‑miljø i Azure og støtte fra instruktør underveis.
9. Er det nødvendig å ha tatt AZ‑104 først?
Nei – det er ikke et krav. Men vi anbefaler AZ‑104 for å bygge et solid fundament før du tar steget videre til mer avanserte sikkerhetskurs som dette.
10. Hva er naturlig neste steg etter kurset?
Etter AZ‑500 kan du utvikle din kompetanse videre med kurs som: