Azure Key Vault
Azure Security Center
Single Sign-On for SaaS Applications
Public Consumer Identity Providers
The course is part of these learning paths
As companies race toward the cloud, it’s imperative that IT professionals keep up with the times. Keeping up with the times means maintaining the ability to deploy and maintain cloud-based solutions – particularly those offered through Microsoft Azure.
In this course, you will learn how to create and manage encryption keys in Azure, prevent and respond to security threats to Azure resources, configure access to Azure applications via single sign-on, manage access to Azure applications, and configure federation with public consumer identity providers like Facebook and Google.
- Create and import keys in the Azure Key Vault
- Define, configure, and assess security policies
- Harden Azure resources against threats
- Configure single sign-on for SaaS applications
- Configure federation with public consumer identity providers like Facebook and Google
- People interested in becoming Azure security engineers
- General knowledge of IT infrastructure
- General knowledge of the Azure environment
Based on the security policies that are enabled, Security Center provides a set of security recommendations as needed.
Assess resource security by reviewing the recommendations made. Generally, starting with virtual machines and applications. To do this, browse to the Security Center dashboard. Ensure overview opens and then click compute and apps under resource security hygiene. From this overview tab, you can review all recommendations by severity with anything in red being high severity. While some recommendations can be remediated directly from Security Center, other recommendations have only guidelines to apply the remediation such as the missing disc encryption recommendation. You can see here it offers remediation steps and instructions.
Click through each recommendation to see how each issue can be remediated. To dig down further into the recommendations, you can browse each of these tabs here along the top. Clicking on VMs and computers reveals recommendations that are specific to virtual machines and computers while the VM scale sets tab reveals recommendations for any scale sets within your subscription.
As you can see here, you can do the same for cloud services, app services, containers and compute resources. The compute resources tab reveals recommendations for things like event hubs, automation accounts, service busts and other compute resources. After addressing all recommendations for compute and apps, move onto networking by clicking networking under the resource security hygiene section.
As was the case with compute and apps, the networking recommendations page defaults to the overview page. This page presents you with a clickable network topology map that shows risky resources in the subscription. You are also presented with information on adaptive network hardening. When you click the adaptive network hardening tile, you're presented with information about overly permissive network security groups as well as network security rules along with recommendations for hardening them.
Going back out to the overview page allows you to click the VNet tab to see recommendations that are specific to individual virtual networks. After remediating outstanding network issues, move onto IoT hubs and resources and then onto data and storage. The data and storage page contains recommendations revolving around auditing for Azure SQL servers and databases, storage accounts, write as cache, Data Lake analytics and Data Lake store. Obviously, if these workloads don't exist in your environment, you won't see any recommendations for them.
Just like the other resource recommendations, some data and storage recommendations will provide integrated remediation options while some other recommendations will not. Continue working through each recommendation and remediate them as you progress until all outstanding issues are resolved.
In this demonstration, you learned about the assessment of your workloads with Security Center. You learned how to assess security for compute, apps, networking, scale sets, SQL, storage, IoT and application resources.
About the Author
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.