Login

OTP sent to

Azure Security Engineer

Home > Courses > Azure Security Engineer

Azure Security Engineer

Azure

Duration
45 Hours

Course Description

             An Azure Security Engineer manages and monitors security for resources in Azure, multi-cloud, and hybrid environments. They implement and manage security components, configurations, and ensure infrastructure alignment with standards like the Microsoft Cloud Security Benchmark. Responsibilities include managing the security posture, implementing threat protection, and identifying and remediating vulnerabilities. They work with various teams to plan and implement secure solutions, and may also respond to security incidents. 

Course Outline For Azure Security Engineer

1. Manage identity and access

  • Managing security controls for users, groups, and external identities within Microsoft Entra ID (formerly Azure AD).
  • Implementing authentication and authorization measures, including multi-factor authentication (MFA), password less authentication, single sign-on (SSO), and conditional access policies.
  • Managing application access, registrations, permissions, service principals, and Microsoft Entra Application Proxy.
  • Understanding and configuring role-based access control (RBAC).
  • Implementing and managing Microsoft Entra Privileged Identity Management (PIM) for just-in-time access and role activation. 

2. Secure networking

  • Planning and implementing security for Azure virtual networks, network security groups (NSGs), and application security groups (ASGs).
  • Configuring secure private access to Azure resources using Private Endpoints and Service Endpoints.
  • Enhancing security for public access to Azure resources with Azure Firewall, Web Application Firewall (WAF), and DDoS protection.
  • Securing network traffic with encryption (like TLS for applications and ExpressRoute encryption), VPN connectivity (Site-to-Site and Point-to-Site), and secure routing.
  • Monitoring network security with tools like Network Watcher and NSG flow logging. 

3. Secure compute, storage, and databases

  • Planning and implementing advanced security for Azure compute resources, including virtual machines (VMs), containers (Azure Kubernetes Service, Azure Container Instances, Azure Container Apps), and their components.
  • Configuring disk encryption (Azure Disk Encryption, confidential disk encryption, encryption at host).
  • Securing Azure storage accounts, including access control, access keys, Shared Access Signatures (SAS), and protecting against data security threats.
  • Implementing security for Azure SQL Database and Azure SQL Managed Instance, including authentication with Microsoft Entra ID, auditing, data classification, dynamic masking, and encryption (Transparent Data Encryption, Always Encrypted).
  • Managing certificates, secrets, and keys using Azure Key Vault and understanding dedicated HSM options. 

4. Manage security operations

  • Implementing and managing enforcement of cloud governance policies using Azure Policy and Azure Blueprints.
  • Managing security posture with Microsoft Defender for Cloud (formerly Azure Security Center), including identifying and remediating security risks, assessing compliance against security frameworks, and connecting hybrid and multi-cloud environments.
  • Configuring and managing threat protection using Microsoft Defender for Cloud, including workload protection services, Microsoft Defender for Servers, Databases, and Storage, and integrating with DevOps Security (GitHub, Azure DevOps, GitLab).
  • Configuring and managing security monitoring and automation solutions using Azure Monitor and Microsoft Sentinel, including data connectors, analytics rules, evaluating alerts and incidents, and configuring workflow automation. 
Enquire Now