1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Configuring Azure VM and Container Security

Configuring Endpoint Security within VMs

Configuring Endpoint Security within VMs

This course focuses on implementing security controls, maintaining the security posture of an Azure environment, and protecting data, applications, and networks, showing you how to configure security for your containers and virtual machines.

The content of this course is ideally suited to those looking to become certified Azure security engineers.

For any feedback, queries, or suggestions relating to this course, please contact us at support@cloudacademy.com.

Learning Objectives

  • Understand how to configure VM security including VM endpoints and system updates
  • Configure baselines
  • Understand key Azure networking components
  • Configure AKS security
  • Obtain a basic understanding of Azure Container Registry and how to create registries in Azure
  • Manage vulnerabilities in Azure

Intended Audience

This course is intended for people who want to become Microsoft certified Azure security engineers, or those who are tasked with implementing security controls, maintaining the security posture of an Azure environment, or protecting data, applications, and networks.


To get the most from this course, you should have a moderate understanding of Microsoft Azure and of basic security principles.


Hi there, welcome to Configuring Endpoint Security within VMs. The term endpoint system refers to a computer system that interacts directly with an end user. So this means that devices like desktop computers, laptops, tablets and smartphones are all considered endpoint systems. That being the case, they need to be secured. Failing to properly secure these endpoint systems opens them up to becoming launchpads for security attacks on other networked systems.

Because securing infrastructure-as-a-service offerings requires more customer responsibility than platform-as-a-service and software-as-a-service did, Microsoft has made available the Azure Security Center. The Azure Security Center provides you with the tools that are necessary for hardening your network and securing your services.

The first step to protecting your virtual machines is to protect them from malware. To do this, you need to install anti-malware on them. This helps you identify and remove viruses, spyware, and many other kinds of malicious software. There are two ways you can go about this. You can either install Microsoft Antimalware, or you can install a third-party endpoint protection solution.

Once you have your anti-malware solution installed on your virtual machines, you'll want to integrate that solution with Azure Security Center so you can monitor the status of your anti-malware protection on those VMs.

Azure Security Center allows you to view reports on the Endpoint protection issues blade. What it does is highlight detected threats and insufficient protection, which obviously make your VMs vulnerable to malware threats. By deploying anti-malware on your machines and then integrating it with Azure Security Center, you'll have the information necessary to create plans for addressing potential threats.

In the upcoming demonstration, I'll show you how to configure and monitor anti-malware on virtual machines.


Introduction - Configuring and Monitoring Antimalmare for VMs - Configuring Virtual Machine Security - Hardening Virtual Machines - Configuring System Updates for Virtual Machines - Starting a Runbook from the Azure Portal - Configuring Baselines - Azure Networking - Configuring Authentication - Container Isolation - AKS Security - Azure Container Registry - Creating a Container Registry - Implementing Vulnerability Management - Conclusion

About the Author
Thomas Mitchell
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.