Summary
In this module, you explored how to design and evaluate network security solutions as a Microsoft cybersecurity architect. You learned how to assess network designs against Zero Trust principles and the Microsoft cloud security benchmark, segment workloads to limit lateral movement, filter traffic with network security groups and application security groups, manage network posture through Microsoft Defender for Cloud, and monitor network activity with Azure Network Watcher and Microsoft Sentinel. You also evaluated how Microsoft Entra Internet Access and Microsoft Entra Private Access replace legacy proxy and VPN infrastructure with identity-aware, cloud-delivered security controls.
Learning objectives
You learned how to:
- Evaluate network designs to align with security requirements and best practices
- Design solutions for network segmentation
- Design solutions for filtering traffic with network security groups
- Design solutions for network posture management
- Design solutions for network monitoring
- Evaluate solutions that use Microsoft Entra Internet Access
- Evaluate solutions that use Microsoft Entra Private Access
Learn more
Network design and best practices
- Zero Trust security overview
- Microsoft cloud security benchmark v2—Network Security controls
- Azure network security best practices
- Azure Firewall Premium features
- Azure DDoS Protection overview
- Azure Web Application Firewall overview
- Azure Private Link overview
- Azure Bastion overview
- Global Secure Access overview
- Secure networks with Zero Trust
Network segmentation
- Azure Well-Architected Framework—Segmentation strategy
- Azure Virtual Network Manager overview
- Security admin rules in Azure Virtual Network Manager
- Azure Network Security Perimeter
- Azure Virtual Network encryption
- Azure Firewall overview
- Azure Virtual WAN overview
Traffic filtering with network security groups
- Network security groups overview
- How network security groups filter network traffic
- Application security groups
- Azure service tags overview
- Virtual network flow logs
- Security admin rules in Azure Virtual Network Manager
Network posture management
- What is Microsoft Defender for Cloud?
- Cloud security posture management (CSPM)
- Networking security recommendations reference
- Identify and remediate attack paths
- Governance rules in Defender for Cloud
- Network verifier in Azure Virtual Network Manager
- Azure Policy built-in definitions for Azure networking
Network monitoring
- Virtual network flow logs
- Traffic Analytics overview
- Connection Monitor overview
- Monitor Azure Firewall
- What is Microsoft Sentinel?
- Azure Firewall Workbook
Microsoft Entra Internet Access
- Microsoft Entra Internet Access for all apps
- Microsoft traffic forwarding profile
- Configure web content filtering
- Compliant network check
- Source IP restoration
- Universal tenant restrictions