Introduction

  • 3 minutes

This module is designed to provide administrators with the knowledge and skills needed to plan and implement advanced security measures for Azure compute resources, safeguarding applications and data against evolving security threats.

Scenario

Imagine you are a cloud security specialist responsible for securing Azure compute resources in your organization. Your organization relies on virtual machines, container services, and APIs, and you need to ensure that these resources are protected against unauthorized access and security vulnerabilities.

Learning objectives

By the end of this module, participants will be able to:

  • Plan and implement advanced security measures for Azure compute resources to protect against vulnerabilities and attacks.
  • Configure remote access to public endpoints using Azure Bastion and just-in-time (JIT) virtual machine (VM) access to enhance access control.
  • Implement network isolation for Azure Kubernetes Service (AKS) to secure containerized applications.
  • Secure and monitor AKS clusters to ensure the integrity of container workloads.
  • Configure authentication for AKS to control access to Kubernetes resources.
  • Configure security monitoring for Azure Container Instances (ACIs) to detect and respond to threats.
  • Establish security monitoring for Azure Container Apps (ACAs) to safeguard serverless applications.
  • Manage access to Azure Container Registry (ACR) to control container image access and distribution.
  • Configure disk encryption, including Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption, to protect data at rest.
  • Provide informed recommendations for security configurations in Azure API Management to protect APIs and manage access effectively.

Goals

The module aims to equip participants with the knowledge and expertise necessary to design, implement, and manage advanced security measures for Azure compute resources. Participants will be able to secure access, monitor for threats, and implement encryption solutions across various Azure compute services, ultimately enhancing the security posture of their organization's applications and data.