Secure Azure application platform services for the cloud and AI security engineer
At a glance
-
Level
-
Skill
-
Role
-
Subject
Implement security controls across Azure application platform services—from container workloads to the API layer. Configure Microsoft Defender for Containers to detect risks in AKS and ACR, enforce AKS security baselines, harden container registries and runtime environments. Then apply authentication, network access, and policy controls across Azure Function apps, Logic apps, App Services, Web Application Firewall, and Azure API Management.
Prerequisites
- Familiarity with Azure networking concepts including virtual networks, subnets, and private endpoints
- Understanding of Azure role-based access control (RBAC) and managed identities
- Familiarity with Microsoft Defender for Cloud at a foundational level
- Basic understanding of container concepts and Azure Kubernetes Service
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
Detect misconfigurations and runtime risks across container workloads using Microsoft Defender for Containers. Enable and configure the Defender for Containers plan, and assess container image vulnerabilities in Azure Container Registry. Then respond to runtime threat alerts and security posture recommendations for Azure Kubernetes Service (AKS) clusters.
Implement security controls for Azure Kubernetes Service. Configure Microsoft Entra integration and Kubernetes RBAC for API server authentication and authorization, enforce network policies and private cluster access. Then apply workload identity and pod security standards to harden containerized workloads in Azure Kubernetes Service (AKS).
Implement security controls across Azure Container Registry, Azure Container Instances, and Azure Container Apps. Configure RBAC, private endpoints, and content trust for ACR; apply managed identities and virtual network integration for Container Instances; and enforce ingress controls, managed identities, and secrets management for Container Apps environments.
Implement security controls for Azure Function apps and Logic apps. Configure authentication and authorization, managed identities, virtual network integration, and private endpoints for Function apps, and apply managed identity, connector security, and network isolation for Logic apps.
Implement security controls for Azure App Services and Web Application Firewall. Configure authentication, managed identities, VNet integration, and private endpoints for App Service, and deploy WAF policies on Azure Application Gateway to protect web workloads at the network edge.
Implement security policies for backend API protection using Azure API Management. Configure subscription key management, JSON Web Token (JWT) validation, and OAuth 2.0 policies, and apply IP filtering and rate limiting. Then enforce mutual Transport Layer Security (mTLS) for secure backend API connections, and configure AI Gateway to secure and govern AI model endpoints.