As companies race toward the cloud, it’s imperative that IT professionals keep up with the times. Keeping up with the times means maintaining the ability to deploy and maintain cloud-based solutions – particularly those offered through Microsoft Azure.
In this course, you will learn how to create and manage encryption keys in Azure, prevent and respond to security threats to Azure resources, configure access to Azure applications via single sign-on, manage access to Azure applications, and configure federation with public consumer identity providers like Facebook and Google.
Learning Objectives
- Create and import keys in the Azure Key Vault
- Define, configure, and assess security policies
- Harden Azure resources against threats
- Configure single sign-on for SaaS applications
- Configure federation with public consumer identity providers like Facebook and Google
Intended Audience
- People interested in becoming Azure security engineers
Prerequisites
- General knowledge of IT infrastructure
- General knowledge of the Azure environment
Although security center automatically creates a default security policy for each of your Azure subscriptions, you'll often find that you need to specially configure certain aspects of your policy.
To configure a security policy, log into the Azure portal and click on Security Center in the left pane. From the security center overview page, click Security Policy located under Policy and Compliance. From here, select the subscription that you want to manage. Now, in the top part of the screen here, we can see that I have one policy assignment configured and it's my default policy.
Down here on the bottom half of the page, we can see which policies are enabled as part of this assignment. Hovering over each icon here will give you information about the specific security policy. To modify this policy assignment, what I need to do is click on the policy assignment up here at the top. From here, we can enable and disable each individual setting by selecting the dropdown box for each.
Now our choices here are typically enable, disable, and AuditIfNotExists. AuditIfNotExists enables auditing on a resource that matches the if-condition but doesn't have the components specified in the details of the then-condition. If we scroll back up to the top here, we can even exempt specific resources from our policy assignment if we wish to. If we were to make any changes here, we would just need to scroll back down to the bottom here and click the Save button to save our changes. Now, we're not making any changes here so I'll just click Cancel here.
What security center does is assess the configuration of your environment on a continuous basis and when a vulnerability is detected, security recommendations are generated based on the settings you make here. As recommendations become available in the security center dashboard, you can begin assessing the security of your individual resources.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.