Book description
Excel at AZ-500 and implement multi-layered security controls to protect against rapidly evolving threats to Azure environments – now with the the latest updates to the certification
Key Features
- Master AZ-500 exam objectives and learn real-world Azure security strategies
- Develop practical skills to protect your organization from constantly evolving security threats
- Effectively manage security governance, policies, and operations in Azure
Book Description
Exam preparation for the AZ-500 means you'll need to master all aspects of the Azure cloud platform and know how to implement them. With the help of this book, you'll gain both the knowledge and the practical skills to significantly reduce the attack surface of your Azure workloads and protect your organization from constantly evolving threats to public cloud environments like Azure.
While exam preparation is one of its focuses, this book isn't just a comprehensive security guide for those looking to take the Azure Security Engineer certification exam, but also a valuable resource for those interested in securing their Azure infrastructure and keeping up with the latest updates. Complete with hands-on tutorials, projects, and self-assessment questions, this easy-to-follow guide builds a solid foundation of Azure security. You'll not only learn about security technologies in Azure but also be able to configure and manage them. Moreover, you'll develop a clear understanding of how to identify different attack vectors and mitigate risks.
By the end of this book, you'll be well-versed with implementing multi-layered security to protect identities, networks, hosts, containers, databases, and storage in Azure – and more than ready to tackle the AZ-500.
What you will learn
- Manage users, groups, service principals, and roles effectively in Azure AD
- Explore Azure AD identity security and governance capabilities
- Understand how platform perimeter protection secures Azure workloads
- Implement network security best practices for IaaS and PaaS
- Discover various options to protect against DDoS attacks
- Secure hosts and containers against evolving security threats
- Configure platform governance with cloud-native tools
- Monitor security operations with Azure Security Center and Azure Sentinel
Who this book is for
This book is a comprehensive resource aimed at those preparing for the Azure Security Engineer (AZ-500) certification exam, as well as security professionals who want to keep up to date with the latest updates. Whether you're a newly qualified or experienced security professional, cloud administrator, architect, or developer who wants to understand how to secure your Azure environment and workloads, this book is for you. Beginners without foundational knowledge of the Azure cloud platform might progress more slowly, but those who know the basics will have no trouble following along.
Table of contents
- Microsoft Azure Security Technologies Certification and Beyond
- Contributors
- About the author
- About the reviewers
- Preface
- Section 1: Implement Identity and Access Security for Azure
- Chapter 1: Introduction to Azure Security
- Chapter 2: Understanding Azure AD
- Chapter 3: Azure AD Hybrid Identity
- Chapter 4: Azure AD Identity Security
- Chapter 5: Azure AD Identity Governance
- Section 2: Implement Azure Platform Protection
- Chapter 6: Implementing Perimeter Security
- Chapter 7: Implementing Network Security
-
Chapter 8: Implementing Host Security
- Technical requirements
- Using hardened baseline VM images
- Protecting VMs from viruses and malware
- Implementing system update management for VMs
- Implementing vulnerability assessment for VMs
- Encrypting VM disks with Azure Disk Encryption
- Securing management ports with JIT VM access
- Summary
- Questions
- Further reading
-
Chapter 9: Implementing Container Security
- Technical requirements
- An overview of containerization in Azure
- Hands-on exercise – providing resources for the chapter exercises
- Introducing ACR
- ACR security best practices
- Introducing AKS
-
AKS security best practices
- Limiting access to the API server using authorized IP address ranges
- Implementing a private AKS cluster using a private endpoint
- Controlling access to cluster resources using Kubernetes RBAC and Azure AD
- Regularly upgrading the cluster control plane
- Regularly applying OS updates to worker nodes
- Implementing pod-managed identities
- Cleaning up the resources
- Summary
- Questions
- Further reading
- Section 3: Secure Storage, Applications, and Data
-
Chapter 10: Implementing Storage Security
- Technical requirements
- Azure Storage overview
- Implementing encryption at rest
- Implementing encryption in transit
-
Configuring storage account authorization
- Protect access to the Storage account keys
- Grant limited access to using Shared Access Signatures (SAS)
- Implementing storage account key management with Key Vault
- Disabling key-based authorization options
- Disabling anonymous (unauthenticated) Blob access
- Implementing Azure AD authorization for the Blob service
- Implementing ADDS or Azure ADDS authentication for Azure Files
- Hands-on exercise – configuring storage account access controls
- Implementing Azure Defender for Storage
- Summary
- Question
- Further reading
-
Chapter 11: Implementing Database Security
- Technical requirements
- Database options in Azure
- Azure SQL deployment options
- Implementing defense in depth for Azure SQL
- Protecting Azure SQL against unauthorized network connections
- Protecting Azure SQL against unauthorized user access
- Protecting Azure SQL against vulnerabilities
- Protecting Azure SQL against data leakage and theft (database encryption)
- Cleaning up resources
- Summary
- Question
- Further reading
- Chapter 12: Implementing Secrets, Keys, and Certificate Management with Key Vault
- Chapter 13: Azure Cloud Governance and Security Operations
-
Assessments
- Chapter 1 – Introduction to Azure Security
- Chapter 2 – Understanding Azure AD
- Chapter 3 – Azure AD Hybrid Identity
- Chapter 4 – Azure AD Identity Security
- Chapter 5 – Azure AD Identity Governance
- Chapter 6 – Implementing Perimeter Security
- Chapter 7 – Implementing Network Security
- Chapter 8 – Implementing Host Security
- Chapter 9 – Implementing Container Security
- Chapter 10 – Implementing Storage Security
- Chapter 11 – Implementing Database Security
- Chapter 12 – Implement Secrets, Keys, and Certificate Management with Key Vault
- Chapter 13 – Azure Cloud Governance and Security Operations
- Why subscribe?
- Other Books You May Enjoy
Product information
- Title: Microsoft Azure Security Technologies Certification and Beyond
- Author(s):
- Release date: November 2021
- Publisher(s): Packt Publishing
- ISBN: 9781800562653
You might also like
book
Exam Ref AZ-500 Microsoft Azure Security Technologies
Direct from Microsoft, this Exam Ref is the official study guide for the new Microsoft AZ-500 …
book
Exam Ref AZ-500 Microsoft Azure Security Technologies
Prepare for Microsoft Exam AZ-500: Demonstrate your real-world knowledge of Microsoft Azure security, including tools and …
book
Cyber Security on Azure: An IT Professional’s Guide to Microsoft Azure Security
Prevent destructive attacks to your Azure public cloud infrastructure, remove vulnerabilities, and instantly report cloud security …
book
Microsoft Azure Security Center, 3rd Edition
The definitive practical guide to Azure Security Center, 50%+ rewritten for new features, capabilities, and threats …