Start course
1h 11m

As companies race toward the cloud, it’s imperative that IT professionals keep up with the times. Keeping up with the times means maintaining the ability to deploy and maintain cloud-based solutions – particularly those offered through Microsoft Azure.

In this course, you will learn how to create and manage encryption keys in Azure, prevent and respond to security threats to Azure resources, configure access to Azure applications via single sign-on, manage access to Azure applications, and configure federation with public consumer identity providers like Facebook and Google. 

Learning Objectives

  • Create and import keys in the Azure Key Vault
  • Define, configure, and assess security policies
  • Harden Azure resources against threats
  • Configure single sign-on for SaaS applications
  • Configure federation with public consumer identity providers like Facebook and Google

 Intended Audience

  • People interested in becoming Azure security engineers 


  • General knowledge of IT infrastructure
  • General knowledge of the Azure environment






I hope you've enjoyed learning about managing data protection and security compliance in Microsoft Azure. Let's review what you've learned. 

The Azure Key Vault allows you to create encryption keys and to also import existing keys. Using the add Azure Key Vault key power cell command allows you to perform both functions. You learned how to create a new software protected key in the Vault as well as how to import an existing PFX file from your workstation into the Vault using the add Azure Key Vault key power cell command. Although Security Center automatically creates a default security policy for each of your Azure subscriptions, you'll often find that you need to specially configure certain aspects of your policy. Through the Azure Security Center you can define and assess security policies that help protect your Azure resources. You can manage conditional access to VMs with access policies and harden them against malware with application policies. 

You also learned how to provision just in time virtual machine access to reduce attack exposure of your VMs by denying persistent access to VMs via policies. In addition to configuring security options to protect your VMs you also learned how to triage security alerts and how to investigate alerts and incidents using the security center. In addition to robust security features, Azure also offers the ability to provide access to applications via single sign-on using federation or password-based authentication. You learned how to configure both options. 

In addition to learning how to configure single sign-on, you also learned how to assign users and groups to applications as an administrator using the Azure portal. Additionally, you learned how to provision self-serve application access to allow end users to discover applications. As an extension to the single sign-on capabilities that Azure offers, a key feature of Azure security is the ability to configure federation with public consumer identity providers such as Facebook. You learned in this course how to configure Facebook as an identity provider for an Azure application. This allows you to leverage Facebook authentication for access to applications. 

The topics covered in this course map very closely to those covered in the 70-533 exam. Mastering the concepts in this course is critical to preparing for this exam. To learn more about managing data protection and security compliance in Azure, you can read Microsoft's documentation. Be sure to also watch for new Microsoft Azure courses on CloudAcademy because we're always publishing new ones. Please give this course a rating and if you have any questions or comments, please let us know. Thanks for watching and happy learning.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.