Introduction

  • 3 minutes

This module is designed to provide administrators with the knowledge and skills needed to plan and implement advanced security measures for Azure compute resources, safeguarding applications and data against evolving security threats.

Scenario

Imagine you're a cloud security specialist responsible for securing Azure compute resources in your organization. Your organization relies on virtual machines, container services, and APIs, and you need to ensure that these resources are protected against unauthorized access and security vulnerabilities.

Learning objectives

By the end of this module, participants are able to:

  • Plan and implement advanced security measures for Azure compute resources to protect against vulnerabilities and attacks.
  • Configure secure remote access to virtual machines using Azure Bastion (Developer, Basic, Standard, and Premium) and just-in-time (JIT) virtual machine (VM) access to enhance access control.
  • Implement network isolation for Azure Kubernetes Service (AKS) to secure containerized applications.
  • Secure and monitor AKS clusters to ensure the integrity of container workloads.
  • Configure authentication for AKS using workload identity and Microsoft Entra ID to control access to Kubernetes resources and Azure services.
  • Configure security monitoring for Azure Container Instances (ACIs) to detect and respond to threats.
  • Establish security monitoring for Azure Container Apps (ACAs) to safeguard serverless applications.
  • Manage access to Azure Container Registry (ACR) to control container image access and distribution.
  • Configure disk encryption, including Azure Disk Encryption (ADE), encryption at host, and confidential disk encryption, to protect data at rest.
  • Recommend security configurations in Azure API Management to protect APIs and manage access effectively.

Goals

The module aims to equip participants with the knowledge and expertise necessary to design, implement, and manage advanced security measures for Azure compute resources. Participants are able to secure access, monitor for threats, and implement encryption solutions across various Azure compute services, ultimately enhancing the security posture of their organization's applications and data.