Course Content

Module 1: Manage identity and access

Configure Azure Active Directory for workloads 

• Create App Registration 
• Configure App Registration permission scopes 
•  Manage App Registration permission consent 
•  Configure Multi-Factor Authentication settings 
•  Manage Azure AD directory groups 
•  Manage Azure AD users 
•  Install and configure Azure AD Connect 
•  Configure authentication methods 
•  Implement Conditional Access policies 
•  Configure Azure AD identity protection 

• Configure Azure AD Privileged Identity Management 

•  Monitor privileged access 
•  Configure access reviews 
•  Activate Privileged Identity Management 

Configure Azure tenant security 

•  Transfer Azure subscriptions between Azure AD tenants 
•   Manage API access to Azure subscriptions and resources       

Module 2: Implement platform protection 

Implement network security

• Configure virtual network connectivity 
• Configure network security groups (NSGs)
• Create and configure azure firewall
• Create and configure azure front door service 
• Create and configure application security groups 
• Configure remote access management
• Configure baseline
• Configure resource firewall 

Implement host security  

• Configure endpoint security within the VM 
• Configure VM security 
• Harden VMs in Azure 
• Configure system updates for VMs in Azure 
• Configure baseline 

Configure container security  

• Configure network 
• Configure authentication 
• Configure container isolation 
• Configure AKS security 
• Configure container registry 
• Implement vulnerability management 

Implement Azure Resource management security  

• Create Azure resource locks 
• Manage resource group security 
• Configure Azure policies 
• Configure custom RBAC roles 
• Configure subscription and resource permissions 

Module 3: Implement Manage security operations

Configure security services  

• Configure Azure Monitor 
• Configure diagnostic logging and log retention 
• Configure vulnerability scanning 

Configure security policies  

• Configure centralized policy management by using Security Center 
• Configure azure ad domain services authentication for azure files 
• Create and manage shared access signatures (SAS) 
• Configure security for HDInsight 
• Configure security for Cosmos DB 
• Configure security for Azure Data Lake 

Configure encryption for data at rest

• Implement Azure SQL Database Always Encrypted 
• Configure Just in Time VM access by using Security Center 

Manage security alerts  

• Create and customize alerts 
• Review and respond to alerts and recommendations 
• Configure a playbook for a security event by using security center 
• Investigate escalated security incidents 

Module 4: Deploy Secure data and applications

Configure security policies to manage data  

• Configure data classification 
• Configure data retention 
• Configure data sovereignty 

Configure security for data infrastructure  

• Enable database authentication 
• Enable database auditing 
• Configure azure SQL database advanced threat protection 
• Configure access control for storage accounts 
• Configure key management for storage accounts 
• Configure azure ad authentication for azure storage 
• Implement database encryption 
• Implement Storage Service Encryption 
• Implement disk encryption 

Configure application security  

• Configure SSL/TLS certs 
• Configure Azure services to protect web apps 
• Create an application security baseline 

Configure and manage Key Vault  

• Manage access to Key Vault 
• Manage permissions to secrets, certificates, and keys 
• Configure RBAC usage in Azure Key Vault 
• Manage certificates 
• Manage secrets 
• Configure key rotation 

Trainer Profile

Interview Questions & Answer

Blog