Introduction

  • 3 minutes

In this module, you learn how to:

  • Design and implement standards and practices for securing the application development process
  • Design and implement a full lifecycle strategy for application security
  • Evaluate the security posture of existing application portfolios
  • Evaluate threats to business-critical applications by using threat modeling
  • Design a solution for workload identities to authenticate and access Azure resources
  • Design a solution for API management and security
  • Design solutions that secure applications by using Azure Web Application Firewall (WAF)
  • Map technologies to application security requirements

The content in the module helps you prepare for the certification exam SC-100: Microsoft Cybersecurity Architect.

Prerequisites

  • Advanced experience and knowledge in identity and access, platform protection, security operations, securing data, and securing applications.
  • Experience with hybrid and cloud implementations.

Why application security matters for architects

As a cybersecurity architect, you design security strategies that protect applications across their entire lifecycle. Applications represent one of the most significant attack surfaces in any organization. They process sensitive data, expose APIs to external consumers, and rely on complex dependencies that can introduce vulnerabilities at every layer.

Your role isn't to write secure code yourself, but to define the standards, select the technologies, and design the architectures that make secure development the default path for your organization. This means you need to understand how security controls map to each phase of the application lifecycle, from initial requirements through production operations.

This module covers both foundational practices, like the Microsoft Security Development Lifecycle (SDL) and the Microsoft Cloud Security Benchmark v2 (MCSBv2) DevOps Security controls, and specific Azure technologies that protect applications at runtime. You evaluate how to assess existing application portfolios, model threats against business-critical systems, and design solutions that use workload identities, API management, and web application firewalls to reduce risk.

Each unit builds on the previous one, starting with the standards and frameworks that guide secure development, then moving through evaluation techniques, and finishing with specific technology solutions you recommend as part of your architecture.