Implement security controls for Azure Kubernetes Service

Module
7 Units

Intermediate

Security Engineer

Azure

Azure Kubernetes Service (AKS)

Microsoft Defender for Cloud

Implement security controls for Azure Kubernetes Service. Configure Microsoft Entra integration and Kubernetes RBAC for API server authentication and authorization, enforce network policies and private cluster access. Then apply workload identity and pod security standards to harden containerized workloads in Azure Kubernetes Service (AKS).

Learning objectives

After completing this module, you can:

Configure Microsoft Entra ID integration and RBAC for AKS API server authentication and authorization
Implement network security controls including private clusters, authorized IP ranges, and network policies
Apply workload identity and managed identities to eliminate credential management for AKS workloads
Enforce pod security standards and container access restrictions

Prerequisites

Working knowledge of Azure Kubernetes Service including deploying and managing AKS clusters
Understanding of Microsoft Entra ID and Azure role-based access control (RBAC)
Familiarity with Kubernetes concepts including namespaces, deployments, and pods
Basic understanding of Azure Virtual Network and private endpoint concepts

Get started with Azure

Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.

Introduction min
Control AKS cluster access with Microsoft Entra ID and RBAC min
Secure AKS network access min
Implement workload identity and secrets management for AKS min
Enforce pod and container security min
Knowledge check min
Summary min

Start