Azure Cloud Security

Master's Program
Become an Azure Cloud Security Engineer - learn the fundamentals of cloud
www.nwkings.com | www.nw ix.com security and the advanced security features of the IT industry along with Azure.

GET COURSES WORTH $1700

THIS MONTH FOR FREE

Azure 104: Microsoft CompTIA Network+

Azure Administrator
CompTIA Security+
Azure 500: Microsoft
Azure Security GCP Cloud
Technologies
AWS Cloud Practitioner
Azure 700: Designing and
Implementing Microsoft
Azure Networking
Solutions
 AZ-104: Microsoft Azure Administrator
Become a Microsoft Azure Administrator - learn to create and manage Azure resources, implement and manage
storage solutions and con gure virtual networks.

Module 1 Manage Azure Identities and Governance

Manage Azure Active Directory (Azure AD)

Objects

1.  Create users and groups

 Manage licenses in Azure AD
 Create administrative units
 Manage user and group properties
 Manage device settings
 Perform bulk user updates
 Manage guest accounts
 Con gure Azure AD join
 Con gure self-service password reset

Manage role-based access control (RBAC)

2.  Create a custom role

 Provide access to Azure resources by assigning
roles at different scopes
 Interpret access assignments

Manage subscriptions and governance

3. 

Con gure Azure policies
Con gure resource locks
 Apply and manage tags on resources
 Manage resource groups
 Manage subscriptions
 Manage costs
 Con gure management groups

www.nwkings.com | www.nw ix.com

 Module 2 Implement and Manage Storage

Secure Storage

1. 

Con gure network access to storage accounts
Create and con gure storage accounts
 Generate shared access signature (SAS) tokens
 Con gure stored access policies
 Manage access keys
 Con gure Azure AD authentication for a storage
account
 Con gure access to Azure les

Manage Storage

2. 

Export from Azure job
Import into Azure job
 Install and use Azure Storage Explorer
 Copy data by using AZCopy
 Implement Azure Storage replication
 Con gure blob object replication

Con gure Azure les and Azure Blob Storage

3. 

Create an Azure le share
Create and con gure Azure File Sync service
 Con gure Azure Blob Storage
 Con gure storage tiers
 Con gure blob lifecycle management

www.nwkings.com | www.nw ix.com

 Module 3 Deploy and Manage Azure Compute Resources

Automate deployment of virtual machines (VMs)

by using Azure Resource Manager templates

1.  Modify an Azure Resource Manager template

 Deploy from a template
 Save a deployment as an Azure Resource Manager
template
 Deploy virtual machine extensions

Con gure VMs

 Create a VM
2.  Manage images by using the Azure
Compute Gallery
 Con gure Azure Disk Encryption
 Move VMs from one resource group to another
 Manage VM sizes
 Add data disks
 Con gure networking
 Redeploy VMs
 Con gure high availability
 Deploy and con gure virtual machine scale sets

Create and con gure containers

 Con gure sizing and scaling for Azure Container

3. Instances
 Con gure container groups for Azure Container
Instances
 Create and con gure Azure Container Apps
 Con gure storage for Azure Kubernetes Service (AKS)
 Con gure scaling for AKS
 Con gure network connections for AKS
 Upgrade an AKS cluster

www.nwkings.com | www.nw ix.com

 Module 3 Deploy and Manage Azure Compute Resources

Create and con gure Azure App Service

Create an App Service plan

4.

 Con gure scaling settings in an App Service plan
 Create an App Service
 Secure an App Service
 Con gure custom domain names
 Con gure backup for an App Service
 Con gure networking settings
 Con gure deployment settings

www.nwkings.com | www.nw ix.com

 Module 4 Con gure and Manage Virtual Networking

Implement and manage virtual networking

1. 
 Create and con gure virtual networks, including
www.nwkings.com | www.learn.nwkings.com
peering
 Con gure private and public IP addresses
 Con gure user-de ned network routes
 Implement subnets
 Con gure endpoints on subnets
 Con gure private endpoints
 Con gure Azure DNS, including custom DNS
settings and private or public DNS zones

Secure access to virtual networks

2.  Create and con gure network security groups

www.nwkings.com | www.learn.nwkings.com
(NSGs) and application security groups (ASGs)
 Associate a network security group (NSG) to a
subnet or network interface
 Evaluate effective security rules
 Implement Azure Firewall
 Implement Azure Bastion

Con gure load balancing

3.  Con gure Azure Application Gateway

www.nwkings.com | www.learn.nwkings.com
 Con gure an internal or public load balancer
 Troubleshoot load balancing

www.nwkings.com | www.nw ix.com

 Module 4 Con gure and Manage Virtual Networking

Monitor and troubleshoot virtual networking

4.  Monitor on-premises connectivity

www.nwkings.com | www.learn.nwkings.com
 Con gure and use Azure Monitor for Networks
 Use Azure Network Watcher
 Troubleshoot external networking
 Troubleshoot virtual network connectivity

Module 5 Monitor and back up Azure resources

Monitor resources by using Azure Monitor

1.  Con gure and interpret metrics

 Con gure Azure Monitor logs
 Query and analyze logs
 Set up alerts and actions
 con gure monitoring of VMs, storage accounts,
and networks by using VM insights

Implement backup and recovery

 Create a Recovery Services vault

2. 

Create a Backup vault
Create and con gure backup policy
 Perform backup and restore operations by using
Azure Backup
 Perform site-to-site recovery by using Azure Site
Recovery
 perform failover to a secondary region by using
Azure Site Recovery
 Con gure and review backup reports

www.nwkings.com | www.nw ix.com

 Microsoft Azure 500
Become a Microsoft Certi ed Azure Security Engineer - learn to manage, implement
and monitor security for resources in Azure. Also, learn to manage security posture,
identify and rectify vulnerabilities and implement threat protection.

Module 1 Manage Identity and Access

Manage Identities in Azure AD

1.  Secure users in Azure AD

 Secure directory groups in Azure AD
 Recommend when to use external identities
 Secure external identities
 Implement Azure AD Identity Protection

Manage Authentication by Using Azure AD

2.  Con gure Microsoft Entra Veri ed ID

 Implement multi-factor authentication (MFA)
 Implement passwordless authentication
 Implement password protection
 Implement single sign-on (SSO)
 Integrate single sign-on (SSO) and identity providers
 Recommend and enforce modern authentication
protocols

Manage Authorization by Using Azure AD

3.  Con gure Azure role permissions for management

groups, subscriptions, resource groups, and resources
 Assign built-in roles in Azure AD
 Assign built-in roles in Azure
 Create and assign custom roles, including Azure roles
and Azure AD roles
 Implement and manage Microsoft Entra Permissions
Management
 Con gure Azure AD Privileged Identity Management
(PIM)
 Con gure role management and access reviews by
using Microsoft Entra Identity Governance
 Implement Conditional Access policies

www.nwkings.com | www.nw ix.com

 Module 1 Manage Identity and Access

Manage Application Access in Azure AD

4.  Manage access to enterprise applications in Azure AD,

including OAuth permission grants
 Manage app registrations in Azure AD
 Con gure app registration permission scopes
 Manage app registration permission consent
 Manage and use service principles
 Manage managed identities for Azure resources
 Recommend when to use and con gure
authentication for an Azure AD Application Proxy

www.nwkings.com | www.nw ix.com

 Module 2 Secure Networking

Plan and Implement Security for Virtual

Networks
1.  Plan and implement Network Security Groups (NSGs)
and Application Security Groups (ASGs)
 Plan and implement user-de ned routes (UDRs)
 Plan and implement VNET peering or VPN gateway
 Plan and implement Virtual WAN, including secured
virtual hub
 Secure VPN connectivity, including point-to-site and
site-to-site
 Implement encryption over ExpressRoute
 Con gure rewall settings on PaaS resources
 Monitor network security by using Network Watcher,
including NSG ow logging

Plan and Implement Security for Private Access

to Azure Resources
2.  Plan and implement virtual network Service Endpoints
 Plan and implement Private Endpoints
 Plan and implement Private Link services
 Plan and implement network integration for Azure App
Service and Azure Functions
 Plan and implement network security con gurations
for an App Service Environment (ASE)
 Plan and implement network security con gurations
for an Azure SQL Managed Instance

www.nwkings.com | www.nw ix.com

 Module 2 Secure Networking

Plan and Implement Security for Public Access to

Azure Resources
3.  Plan and implement TLS to applications, including
Azure App Service and API Management
 Plan, implement, and manage an Azure Firewall,
including Azure Firewall Manager and rewall policies
 Plan and implement an Azure Application Gateway
 Plan and implement an Azure Front Door, including
Content Delivery Network (CDN)
 Plan and implement a Web Application Firewall (WAF)
 Recommend when to use Azure DDoS Protection
Standard

www.nwkings.com | www.nw ix.com

 Module 3 Secure, Compute, Storage and Databases

Plan and Implement Advanced Security for

Compute

1.  Plan and implement remote access to public endpoints,

including Azure Bastion and JIT
 Con gure network isolation for Azure Kubernetes
Service (AKS)
 Secure and monitor AKS
 Con gure authentication for AKS
 Con gure security monitoring for Azure Container
Instances (ACIs)
 Con gure security monitoring for Azure Container Apps
(ACAs)
 Manage access to Azure Container Registry (ACR)
 Con gure disk encryption, including Azure Disk
Encryption (ADE), encryption as host, and con dential
disk encryption
 Recommend security con gurations for Azure API
Management

Plan and Implement Security for Storage

2.  Con gure access control for storage accounts

 Manage life cycle for storage account access keys
 Select and con gure an appropriate method for access
to Azure Files
 Select and con gure an appropriate method for access
to Azure Blob Storage
 Select and con gure an appropriate method for access
to Azure Tables
 Select and con gure an appropriate method for access
to Azure Queues
 Select and con gure appropriate methods for
protecting against data security threats, including soft
delete, backups, versioning, and immutable storage
 Con gure Bring your own key (BYOK)
 Enable double encryption at the Azure Storage
infrastructure level

www.nwkings.com | www.nw ix.com

 Module 3 Secure, Compute, Storage and Databases

Plan and Implement Security for Azure SQL

3. Database and Azure SQL Managed Instance

 IEnable database authentication by using Microsoft

Azure Active Directory (Azure AD)
 Enable database auditing
 Identify use cases for the Microsoft Purview
governance portal
 Implement data classi cation of sensitive information
by using the Microsoft Purview governance portal
 Plan and implement dynamic masking
 Implement Transparent Database Encryption (TDE)
 Recommend when to use Azure SQL Database Always
Encryptednfrastructure level

www.nwkings.com | www.nw ix.com

 Module 4 Manage Security Operations

Plan, Implement and Manage Governance for

Security
1.  Create, assign, and interpret security policies and
initiatives in Azure Policy
 Con gure security settings by using Azure Blueprint
 Deploy secure infrastructures by using a landing zone
 Create and con gure an Azure Key Vault
 Recommend when to use a Dedicated HSM
 Con gure access to Key Vault, including vault access
policies and Azure Role-Based Access Control
 Manage certi cates, secrets, and keys
 Con gure key rotation
 Con gure backup and recovery of certi cates, secrets,
and keys

Manage Security Posture by Using Microsoft

Defender for Cloud
2.  Identify and remediate security risks by using the
Microsoft Defender for Cloud Secure Score and
Inventory
 Assess compliance against security frameworks and
Microsoft Defender for Cloud
 Add industry and regulatory standards to Microsoft
Defender for Cloud
 Add custom initiatives to Microsoft Defender for Cloud
 Connect hybrid cloud and multi-cloud environments to
Microsoft Defender for Cloud

www.nwkings.com | www.nw ix.com

 Module 4 Manage Security Operations

Con gure and Manage Threat Protection by

Using Microsoft Defender for Cloud
3.  Enable workload protection services in Microsoft
Defender for Cloud, including Microsoft Defender for
Storage, Databases, Containers, App Service, Key Vault,
Resource Manager, and DNS
 Con gure Microsoft Defender for Servers
 Con gure Microsoft Defender for Azure SQL Database
 Manage and respond to security alerts in Microsoft
Defender for Cloud
 Con gure work ow automation by using Microsoft
Defender for Cloud

Con gure and Manage Security Monitoring and

Automation Solutions
4.  Monitor security events by using Azure Monitor
 Con gure data connectors in Microsoft Sentinel
 Create and customize analytics rules in Microsoft
Sentinel
 Evaluate alerts and incidents in Microsoft Sentinel
 Con gure automation in Microsoft Sentinel
 Evaluate vulnerability scans from Microsoft Defender
for Server

www.nwkings.com | www.nw ix.com

 Microsoft Azure 700
Become an Azure Networking Engineer Associate - learn to design and implement
Microsoft Azure networking solutions.

Module 1 Design and implement core networking infrastructure

Design and implement private IP addressing

for Azure resources

1.  Plan and implement network segmentation and

address spaces
 Create a virtual network (VNet)
 Plan and con gure subnetting for services,
including VNet gateways, private endpoints
 Plan and con gure subnet delegation
 Create a pre x for public IP addresses
 Choose when to use a public IP address pre x
 Plan and implement a custom public IP address
pre x
 Create a new public IP address
 Associate public IP addresses to resources

Design and implement name resolution

2.  Design name resolution inside a VNet

 Con gure DNS settings inside a VNet
 Design public DNS zones
 Design private DNS zones
 Con gure a public or private DNS zone
 Link a private DNS zone to a VNet

www.nwkings.com | www.nw ix.com

 Module 1 Design and implement core networking infrastructure

Design and implement VNet connectivity and

3. routing

 Design service chaining, including gateway transit

 Design virtual private network (VPN) connectivity
between VNets
 Implement VNet peering
 Design and implement user-de ned routes (UDRs)
 Associate a route table with a subnet
 Con gure forced tunneling
 Diagnose and resolve routing issues
 Design and implement Azure Route Server
 Identify appropriate use cases for a Virtual Network
NAT gateway
 Implement a NAT gateway

Monitor networks

4.  Con gure monitoring, network diagnostics, and logs

in Azure Network Watcher
 Monitor and repair network health by using Azure
Network Watcher
 Activate and monitor distributed denial-of-service
(DDoS) protection
 Activate and monitor Microsoft Defender for DNS

www.nwkings.com | www.nw ix.com

 Design, implement, and manage
Module 2
connectivity services

Design, implement, and manage a site-to-site

VPN connection
1.  Design a site-to-site VPN connection for high
availability
 Select an appropriate VNet gateway SKU for site-to-site
VPN requirements
 Implement a site-to-site VPN connection
 Identify when to use a policy-based VPN versus a
route-based VPN connection
 Create and con gure an IPsec/IKE policy
 Diagnose and resolve virtual network gateway
connectivity issues
 Implement Azure Extended Network

Design, implement, and manage a point-to-site

VPN connection
2.  Select an appropriate virtual network gateway SKU for
point-to-site VPN requirements
 Select and con gure a tunnel type
 Select an appropriate authentication method
 Con gure RADIUS authentication
 Con gure certi cate-based authentication
 Con gure authentication by using Azure Active
Directory (Azure AD)
 Implement a VPN client con guration le
 Diagnose and resolve client-side and authentication
issues
 Specify Azure requirements for Always On
Authentication
 Specify Azure requirements for Azure Network Adapter

www.nwkings.com | www.nw ix.com

 Design, implement, and manage
Module 2
connectivity services

Design, implement, and manage Azure Express

Route
3.  Select an ExpressRoute connectivity model
 Select an appropriate ExpressRoute SKU and tier
 Design and implement ExpressRoute to meet
requirements, including cross-region connectivity,
redundancy, and disaster recovery
 Design and implement ExpressRoute options, including
Global Reach, FastPath, and ExpressRoute Direct
 Choose between private peering only, Microsoft peering
only, or both
 Con gure private peering
 Con gure Microsoft peering
 Create and con gure an ExpressRoute gateway
 Connect a virtual network to an ExpressRoute circuit
 Recommend a route advertisement con guration
 Con gure encryption over ExpressRoute
 Implement Bidirectional Forwarding Detection
 Diagnose and resolve ExpressRoute connection issues

Design and implement an Azure Virtual WAN

architecture

4.  Select a Virtual WAN SKU

 Design a Virtual WAN architecture, including selecting
types and services
 Create a hub in Virtual WAN
 Choose an appropriate scale unit for each gateway type
 Deploy a gateway into a Virtual WAN hub
 Con gure virtual hub routing
 Create a network virtual appliance (NVA) in a virtual
hub
 Integrate a Virtual WAN hub with a third-party NVA

www.nwkings.com | www.nw ix.com

 Module 3 Design and implement application delivery services

Design and implement an Azure Load Balancer

1.  Map requirements to features and capabilities of Azure

Load Balancer
 Identify use cases for Azure Load Balancer
 Choose an Azure Load Balancer SKU and tier
 Choose between public and internal
 Create and con gure an Azure Load Balancer
 Implement a load-balancing rule
 Create and con gure inbound NAT rules
 Create and con gure explicit outbound rules, including
SNAT

Design and implement Azure Application

Gateway
2.  Map requirements to features and capabilities of Azure
Application Gateway
 Identify appropriate use cases for Azure Application
Gateway
 Create a back-end pool
 Con gure health probes
 Con gure listeners
 Con gure routing rules
 Con gure HTTP settings
 Con gure Transport Layer Security (TLS)
 Con gure rewrite sets


www.nwkings.com | www.nw ix.com

 Module 3 Design and implement application delivery services

Design and implement Azure Front Door

3.  Map requirements to features and capabilities of Azure

Front Door
 Identify appropriate use cases for Azure Front Door
 Choose an appropriate tier
 Con gure an Azure Front Door, including routing,
origins, and endpoints
 Con gure SSL termination and end-to-end SSL
encryption
 Con gure caching
 Con gure traf c acceleration
 Implement rules, URL rewrite, and URL redirect
 Secure an origin by using Azure Private Link in Azure
Front Door

Design and implement Azure Traf c Manager

4.  Identify appropriate use cases for Azure Traf c

Manager
 Con gure a routing method
 Con gure endpoints

www.nwkings.com | www.nw ix.com

 Design and implement private
Module 4
access to Azure services

Design and implement Azure Private Link service

and Azure private endpoints

1.  Plan an Azure Private Link service

 Create a Private Link service
 Integrate a Private Link service with DNS
 Plan private endpoints
 Create private endpoints
 Con gure access to Azure resources by using private
endpoints
 Connect on-premises clients to a private endpoint
 Integrate a private endpoint with DNS

Design and implement service endpoints

2.  Choose when to use a service endpoint

 Create service endpoints
 Con gure service endpoint policies
 Con gure access to service endpoints

www.nwkings.com | www.nw ix.com

 Module 5 Secure network connectivity to Azure resources

Implement and manage network security groups

1.  Create a network security group (NSG)

 Associate an NSG with a resource
 Create an application security group (ASG)
 Associate an ASG to a network interface card (NIC)
 Create and con gure NSG rules
 Interpret NSG ow logs
 Validate NSG ow rules
 Verify IP ow
 Con gure an NSG for remote server administration,
including Azure Bastion

Design and implement Azure Firewall and Azure

Firewall Manager
2.  Map requirements to features and capabilities of Azure
Firewall
 Select an appropriate Azure Firewall SKU
 Design an Azure Firewall deployment
 Create and implement an Azure Firewall deployment
 Con gure Azure Firewall rules
 Create and implement Azure Firewall Manager policies
 Create a secure hub by deploying Azure Firewall inside
an Azure Virtual WAN hub


Design and implement a Web Application

Firewall (WAF) deployment
3.  Map requirements to features and capabilities of WAF
 Design a WAF deployment
 Con gure detection or prevention mode
 Con gure rule sets for WAF on Azure Front Door
 Con gure rule sets for WAF on Application Gateway
 Implement a WAF policy
 Associate a WAF policy

www.nwkings.com | www.nw ix.com

https://www.youtube.com/c/NetworkkingsOrgtraining/featured

https://in.linkedin.com/company/networkkings

https://www.nwkings.com/

info@nwkings.com

+918130537300

Network kings IT services Private Limited,

2nd Floor, FCS Tower, Plot J-7, IT Park,
Chandigarh 160101

Network kings 60 Parrotta Drive Toronto ON

M9M Oe5

www.nwkings.com | www.nw ix.com

https://www.facebook.com/Networkkingss/

https://www.instagram.com/network.kings/