The course is part of this learning path
Azure Key Vault
Azure Security Center
Single Sign-On for SaaS Applications
Public Consumer Identity Providers
As companies race toward the cloud, it’s imperative that IT professionals keep up with the times. Keeping up with the times means maintaining the ability to deploy and maintain cloud-based solutions – particularly those offered through Microsoft Azure.
In this course, you will learn how to create and manage encryption keys in Azure, prevent and respond to security threats to Azure resources, configure access to Azure applications via single sign-on, manage access to Azure applications, and configure federation with public consumer identity providers like Facebook and Google.
- Create and import keys in the Azure Key Vault
- Define, configure, and assess security policies
- Harden Azure resources against threats
- Configure single sign-on for SaaS applications
- Configure federation with public consumer identity providers like Facebook and Google
- People interested in becoming Azure security engineers
- General knowledge of IT infrastructure
- General knowledge of the Azure environment
- [Instructor] Based on the security policies that are enabled, security center provides a set of security recommendations as needed. You can assess resource security by reviewing the recommendations made, generally, starting with virtual machines and applications. To do this, browse to the security center dashboard, and click overview. This screen will give you an overall view of what's happening in your environment. To view specific recommendations, we'll start with the compute and apps resource. From here, you can review all recommendations by priority, with anything in red being high priority.
While some of these recommendations can be remediated directly from security center, other recommendations have only guidelines to apply the remediation. For example, missing disk encryption. Click on each recommendation to see how each issue can be remediated. So as you can see here, one of our VMs is unmonitored. By clicking on the recommendation, security center will tell us that it's identified, in this case several unmonitored VMs, when in actuality it's just one. Essentially it's telling us that the monitoring is not in place. We can view the details of this recommendation by clicking on our server. And as you can see here on the screen, it's telling us that installation of monitoring can be done manually or automatically by security center by enabling auto-provisioning. Now what you would typically do here is work through each of these recommendations and address them one by one.
After addressing all of the computer and application recommendations, you then move on to networking by clicking networking under the resource security hygiene section. As was the case with the compute and app section, the networking recommendations page shows a list of security issues for the existing network configuration. And this includes internet-facing endpoints and network topology. And as you can see here I don't have any recommendations here. It's a pretty basic environment. But if there were recommendations, this is where we would find them. As was the case with the computer, some networking recommendations can be remediated right from the security center, while others simply can't. After remediating the outstanding network issues, move on to the data and storage, and again look at the recommendations. And essentially repeat this process of viewing and remediating any outstanding issues identified by security center.
Now, this data and storage page contains recommendations revolving around auditing for Azure SQL servers and databases. It also offers insight into our storage accounts. In addition, it will also address SQL database encryption and encryption of the storage account itself. Obviously, if these workloads don't exist in your environment, you won't see any recommendations for them. As you can see here we don't have any SQL in our environment, so we don't see anything listed. And as was the case with the previous sections, some of these SQL and storage recommendations are going to provide integrated remediation while others won't.
Continue working through each of these recommendations and remediate them as you progress until all outstanding issues have been resolved. Obviously, this can take a little bit of time, but when you're done, you'll have a secure environment. In this demonstration, you learned about basic policy definitions and assessment of your workloads with security center. You also learned how to configure policies to ensure compliance with company and/or regulatory security requirements. In addition, you also learned how to assess security for compute, apps, networking, SQL, and storage resources. In the next demonstration, we'll cover how to use security center to protect resources.
About the Author
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.