Implement network security controls in Azure
At a glance
-
Level
-
Skill
-
Role
-
Subject
Implement defense-in-depth network security controls in Azure. Segment workloads and enforce least-privilege access using NSGs, ASGs, and Azure Virtual Network Manager. Inspect and control traffic centrally with Azure Firewall. Harden remote and hybrid connectivity and replace broad VPN access with Zero Trust application-level access using Microsoft Entra Private Access. Eliminate public exposure of PaaS and AI services using private endpoints and Azure Private Link.
Prerequisites
- Familiarity with Azure virtual networks, subnets, and basic networking concepts
- Experience deploying and configuring Azure resources in the Azure portal (AZ-104 level)
- Basic understanding of network security concepts such as firewalls, encryption, and access control
- Familiarity with Microsoft Entra ID and Azure role-based access control (RBAC) at a conceptual level
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
Segment Azure workloads to control lateral movement and enforce least-privilege network access using NSGs, ASGs, Azure Virtual Network Manager, and Network Watcher verification.
Deploy Azure Firewall to centralize traffic inspection and enforce filtering policies across your Azure environment. Azure Firewall includes threat-intelligence-based blocking and Secured Virtual Hub deployment for hub-spoke and branch traffic.
Harden Azure VPN gateway security and deploy Microsoft Entra Private Access to replace broad VPN access with identity-aware, per-application access that enforces Zero Trust connectivity principles.
Eliminate public network exposure of Azure PaaS and AI services using private endpoints and Azure Private Link, then enforce adoption at scale using Azure Policy and Defender for Cloud.