Implement security controls in infrastructure as code

Module
5 Units

Intermediate

Security Engineer

Microsoft Defender for Cloud

Azure Policy

Azure

Embed security controls into infrastructure as code pipelines to prevent noncompliant Azure resources from reaching production. Integrate IaC security scanning using Microsoft Defender for DevOps and the Microsoft DevOps (MSDO) extension, and configure Azure Policy in a policy-as-code workflow to enforce security compliance at deployment time.

Learning objectives

After completing this module, you can:

Configure Microsoft Defender for DevOps to scan Bicep and ARM templates in GitHub Actions and Azure Pipelines
Apply Azure Policy in a policy-as-code workflow to enforce security compliance at IaC deployment time

Prerequisites

Working knowledge of Azure Policy including policy effects and assignment
Familiarity with CI/CD pipelines in GitHub Actions or Azure DevOps
Understanding of Bicep or ARM templates at a basic level
Completion of (or equivalent knowledge to) Enforce governance with Azure Policy and resource locks

Get started with Azure

Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.

Introduction min
Scan IaC templates using Microsoft Defender for DevOps min
Enforce policy compliance in IaC deployments min
Knowledge check min
Summary min

Start