Prepare for Microsoft Exam AZ-500, and demonstrate your knowledge of Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.

Description

Microsoft MVP and Microsoft Certified Azure Solutions Architect Tim Warner walks you through what to expect on the AZ-500 Microsoft Azure Security Technologies exam. The new Azure certifications are aligned to industry job roles; earning Azure certification both validates your specific Azure skill set and increases your value in today’s crowded IT job market.

Think of the news you’ve read lately regarding data breaches and ransomware attacks. Knowing how to secure applications and data in the cloud is a business necessity these days, as well as a lucrative job skill. Azure Security Engineer is a popular Microsoft certification for both IT newcomers and veterans. Exam AZ-500 has a reputation as a challenging exam because of the breadth and depth of its content. This training course covers every Exam AZ-500 objective and provides just what you need to pass in a friendly, approachable, and logical way.

About the Instructor

Tim Warner has been a Microsoft MVP in Cloud/Datacenter Management for five years, and a Microsoft Certified Trainer for more than 20 years. His Microsoft Azure-related O’Reilly Live Training classes reach hundreds of thousands of students around the world. He’s written for Microsoft Press, presented at Microsoft Ignite, and contributed to Microsoft open-source projects. He’s earned the Azure Security Engineer credential and trains regularly on the topic.

You can find Tim on Twitter (@TechTrainerTim) or his website, TechTrainerTim.com.

Skill Level

• Intermediate to Advanced

• Complete your AZ-500 exam preparation with confidence
• Manage identity and access to Azure enforcing least-privilege security
• Implement Azure platform protection
• Manage security operations in your Azure environment
• Secure data and applications

• Certification candidates preparing for exam AZ-500 Microsoft Azure Security Technologies
• Any Microsoft certification candidate interested in learning the Azure Security Engineer skill set
• Any IT professional looking to understand how Microsoft Azure institutes information security

• Candidates for this exam should have practical experience in administration of Azure and hybrid environments.
• Candidates should have experience with infrastructure as code, security operations processes, cloud capabilities, and Azure services.

Microsoft Press creates IT books and references for all skill levels across the range of Microsoft technologies.

https://www.microsoftpressstore.com

About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video .

Table of Contents

Introduction

Exam AZ-500 Microsoft Azure Security Technologies: Introduction

Lesson 1: Manage Azure AD Identities

Learning objectives

1.1 Create and manage a managed identity for Azure resources

1.2 Manage Azure AD groups

1.3 Manage Azure AD users

1.4 Manage external identities by using Azure AD

1.5 Manage administrative units

Lesson 2: Manage Azure AD Secure Access

Learning objectives

2.1 Configure Azure AD Privileged Identity Management (PIM)

2.2 Implement Conditional Access policies, including multifactor authentication

2.3 Implement Azure AD Identity Protection

2.4 Implement passwordless authentication

2.5 Configure access reviews

Lesson 3: Manage Application Access

Learning objectives

3.1 Integrate single sign-on (SSO) and identity providers for authentication

3.2 Create an app registration

3.3 Configure app registration permission scopes

3.4 Manage app registration permission consent

3.5 Manage API permissions to Azure subscriptions and resources

3.6 Configure an authentication method for a service principal

Lesson 4: Manage Access Control

Learning objectives

4.1 Configure Azure role permissions for management groups, subscriptions, resource groups, and resources

4.2 Interpret role and resource permissions

4.3 Assign built-in Azure AD roles

4.4 Create and assign custom roles, including Azure roles and Azure AD roles

Lesson 5: Implement Azure Firewall Security

Learning objectives

5.1 Secure the connectivity of hybrid networks

5.2 Secure the connectivity of virtual networks

5.3 Create and configure Azure Firewall

5.4 Create and configure Azure Firewall Manager

Lesson 6: Implement Network Load Balancer Security

Learning objectives

6.1 Create and configure Azure Application Gateway

6.2 Create and configure Azure Front Door

6.3 Create and configure Web Application Firewall (WAF)

Lesson 7: Implement Storage and Application Security

Learning objectives

7.1 Configure a resource firewall, including storage account, Azure SQL, Azure Key Vault, or Azure App Service

7.2 Configure network isolation for Web Apps and Azure Functions

7.3 Implement Azure service endpoints

Lesson 8: Implement Virtual Network Security

Learning objectives

8.1 Implement Azure Private Endpoints, including integrating with other services

8.2 Implement Azure Private Links

8.3 Implement Azure DDoS Protection

Lesson 9: Configure Advanced Security for Compute

Learning objectives

9.1 Configure Azure Endpoint Protection for virtual machines (VMs)

9.2 Implement and manage security updates for VMs

9.3 Configure security for container services

9.4 Manage access to Azure Container Registry

Lesson 10: Configure Data Encryption

Learning objectives

10.1 Configure security for serverless compute

10.2 Configure security for an Azure App Service

10.3 Configure encryption at rest

10.4 Configure encryption in transit

Lesson 11: Configure Centralized Policy Management

Learning objectives

11.1 Configure a custom security policy

11.2 Create a policy initiative

11.3 Configure security settings and auditing by using Azure Policy

Lesson 12: Configure and Manage Threat Protection

Learning objectives

12.1 Configure Azure Defender for Servers (not including Microsoft Defender for Endpoint)

12.2 Evaluate vulnerability scans from Azure Defender

12.3 Configure Azure Defender for SQL

12.4 Use the Microsoft Threat Modeling Tool

Lesson 13: Configure and Manage Security Monitoring Solutions

Learning objectives

13.1 Create and customize alert rules by using Azure Monitor

13.2 Configure diagnostic logging and log retention by using Azure Monitor

13.3 Monitor security logs by using Azure Monitor

13.4 Create and customize alert rules in Azure Sentinel

13.5 Configure connectors in Azure Sentinel

13.6 Evaluate alerts and incidents in Azure Sentinel

Lesson 14: Configure Security for Storage

Learning objectives

14.1 Configure access control for storage accounts

14.2 Configure storage account access keys

14.3 Configure Azure AD authentication for Azure Storage and Azure Files

14.4 Configure delegated access

Lesson 15: Configure Security for Data

Learning objectives

15.1 Enable database authentication by using Azure AD

15.2 Enable database auditing

15.3 Configure dynamic masking on SQL workloads

15.4 Implement database encryption for Azure SQL Database

15.5 Implement network isolation for data solutions, including Azure Synapse Analytics and Azure Cosmos DB

Lesson 16: Configure and Manage Azure Key Vault

Learning objectives

16.1 Create and configure Key Vault

16.2 Configure access to Key Vault

16.3 Manage certificates, secrets, and keys

16.4 Configure key rotation

16.5 Configure backup and recovery of certificates, secrets, and keys

Summary

Exam AZ-500 Microsoft Azure Security Technologies: Summary