Microsoft Azure Security Technologies (AZ-500) - A Certification Guide
Get qualified to secure Azure AD, Network, Compute, Storage and Data services through Security Center, Sentinel and other Azure security best practices
Jayant Sharma
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Microsoft Azure Security Technologies (AZ-500) - A Certification Guide
Get qualified to secure Azure AD, Network, Compute, Storage and Data services through Security Center, Sentinel and other Azure security best practices
Jayant Sharma
About This Book
With Azure security, you can build a prosperous career in IT security.
Key Features
? In-detail practical steps to fully grasp Azure Security concepts.
? Wide coverage of Azure Architecture, Azure Security services, and Azure Security implementation techniques.
? Covers multiple topics from other Azure certifications (AZ-303, AZ-304, and SC series).
Description
'Microsoft Azure Security Technologies (AZ-500) - A Certification Guide' is a certification guide that helps IT professionals to start their careers as Azure Security Specialists by clearing the AZ-500 certification and proving their knowledge of Azure security services. Authored by an Azure security professional, this book takes readers through a series of steps to gain a deeper insight into Azure security services.This book will help readers to understand key concepts of the Azure AD architecture and various methods of hybrid authentication. It will help readers to use Azure AD security solutions like Azure MFA, Conditional Access, and PIM. It will help readers to maintain various industry standards for an Azure environment through Azure Policies and Azure Blueprints. This book will also help to build a secure Azure network using Azure VPN, Azure Firewall, Azure Front Door, Azure WAF, and other services. It will provide readers with a clear understanding of various security services, including Azure Key vault, Update management, Microsoft Endpoint Protection, Azure Security Center, and Azure Sentinel in detail.This book will facilitate the improvement of readers' abilities with Azure Security services to sprint to a rewarding career.
What you will learn
? Configuring secure authentication and authorization for Azure AD identities.
? Advanced security configuration for Azure compute and network services.
? Hosting and authorizing secure applications in Azure.
? Best practices to secure Azure SQL and storage services.
? Monitoring Azure services through Azure monitor, security center, and Sentinel.
? Designing and maintaining a secure Azure IT infrastructure.
Who this book is for
This book is for security engineers who want to enhance their career growth in implementing security controls, maintaining the security posture, managing identity and access, and protecting data, applications, and networks of Microsoft Azure. Intermediate-level knowledge of Azure terminology, concepts, networking, storage, and virtualization is required.
Table of Contents
1. Managing Azure AD Identities and Application Access
2. Configuring Secure Access by Using Azure Active Directory
3. Managing Azure Access Control
4. Implementing Advance Network Security
5. Configuring Advance Security for Compute
6. Configuring Container Security
7. Monitoring Security by Using Azure Monitor
8. Monitoring Security by Using Azure Security Center
9. Monitoring Security by Using Azure Sentinel
10. Configuring Security for Azure Storage
11. Configuring Security for Azure SQL Databases
Frequently asked questions
Information
CHAPTER 1
Managing Azure AD Identities and Application Access
Structure
- An overview of Azure AD
- Creating new domain in Azure AD
- Adding a custom domain in Azure AD
- Adding a company brand to Azure AD
- Creating and adding an Azure subscription to your Azure AD
- Managing Azure AD users and groups
- Configuring authentication methods in Azure AD
- Setting up password writeback through Azure AD Connect
- Password less authentication options in Azure AD
- Creating the app registration in Azure AD
- Configuring and managing app registration permission scopes and consent
- Conclusion
- Multiple choice questions (MCQ)
Objectives
Azure AD overview
Building blocks and objects of Azure AD
- Account: In Azure AD, an account represents an identity, and this identity has some attributes associated with it. You cannot have an account in Azure AD without the identity attributes. The identity attributes may have a resource ID, username, application ID, location, address, phone number, and so on.
- Azure AD account: You can create an identity through Azure AD or Office 365. These identities are stored in Azure AD. You can use these identities to access your cloud services, applications, and resources. This kind of account is also called a work or school account.
- Account administrator: An account administrator is a classic subscription administrator role. This is conceptually the billing owner of a subscription. The account administrator can access Azure Account Center and manage all subscriptions in an account.
- Azure AD global administrator: This administrator role is automatically assigned to whoever created the Azure AD tenant. Global administrators can do all the administrative functions for Azure AD and any services that federate to Azure AD such as Exchange Online, SharePoint Online, and Skype for Business Online. Note that this administrator role is called a global administrator in the Azure portal, but it is called a company administrator in the Microsoft Graph API and Azure AD PowerShell.
- Azure subscription: It is a logical collection of Azure cloud services. You need a subscription to deploy any component in Azure. You can have many subscriptions. The subscriptions are linked to a credit card for billing. The subscription can have different pricing models such as, pay-as-you-go, enterprise agreement, and so on.
- Azure tenant: An Azure tenant represents a single organization. This is the top of your Microsoft cloud service umbrella. A dedicated and trusted instance of Azure AD automatically gets created when your organization signs up for a Microsoft cloud service such as Microsoft Azure, Microsoft Intune, or Office 365.
- Azure AD directory: Each Azure tenant has a dedicated and trusted Azure AD directory. The Azure AD directory includes the tenantâs users, groups, and apps, and it is used to perform identity and access management functions for tenant resources.
- Custom domain: Every new Azure AD directory comes with an initial default domain name,
domainname.onmicrosoft.com
. In addition to that default domain name, you can also add your organizationâs domain names. A custom domain name helps you to create usernames that are familiar to your users such as[email protected]
,[email protected]
. - Identity: A thing that can get authenticated. An identity can be a user with a username and password. Identities can include applications.
- Microsoft account: It is a personal account that provides access to Microsoft products and cloud services such as Outlook, OneDrive, Xbox Live, or Office 365. Microsoft accounts are created and stored in the Microsoft consumer identity account system that is run by Microsoft.
- Multi-tenant: Azure tenants that access other services in a shared environment, across multiple organizations, are considered multi-tenant.
- Owner: This is a built in Role-Based Access Control (RBAC) role that helps you to manage all Azure resources and accesses. This is a resource-based RBAC role.
- Service administrator: This is a classic subscription administrator role. This enables you to manage all Azure resources, including access. This role has the equivalent access of a user who is assigned the owner role at the subscription scope.
- Single tenant: Azure tenants that access services in a dedicated environment are considered single tenant.