Azure Security Best Practices 2023

Make your Azure environment as secure as possible using up-to-date best practices and services

What you'll learn

Extensive, practical knowledge about Software Security, from the basics to the advanced

Specific challenges with cloud security

Identity security in the cloud

Network security in the cloud

Storing secrets in the cloud

Securing various cloud services

Utilizing Azure Policy for setting security baseline

Applying this knowledge on a case study

Requirements

Familiarity with Azure and the Azure portal

Some development knowledge is recommended but not required

No security background is required!

Description

Make your Azure environment as secure as possible.Working in the cloud poses unique security challenges. The fact that the cloud is accessible through the internet, and that some services are open to the network by default, makes it an attractive target to attackers.And that means that you have to make sure your cloud environment is secure. Unsecure environment is an easy target for hackers, which can steal your data, crush your servers, and destroy your reputation.And this is exactly what this course is all about.In this course we'll learn everything there's to learn about security in Azure. We'll begin from the very basics, the foundations of software security, and go all the way to the most advanced security topics in Azure.We'll learn about the security services in Azure and see how, and when, to use them.We'll also learn how to set a security baseline in Azure and make sure all the resources follow it.Here are some of the topics we'll discuss in this course:- Basic security principles- Security challenges in the cloud- Identity security with Azure AD- Network security (NSG, Private Endpoints and more)- KeyVault- Securing Virtual Machines- Securing App Services- Securing Databases- FirewallsAnd lots more.But that's not all. I wanted to make this course as practical as possible, and therefore we're going to have a lot of hands-on work in Azure.We're going to deploy virtual machines and configure them for security, we're going to create KeyVault and store our secrets securely in it, We're going to connect our database to an app service using Private Endpoint, and lots more.And to make this course even better - it has the following two additional elements:1. Case study, where we're going to begin with a basic, unsecure cloud architecture, and go through all the elements in it and make them secure. You'll be surprised to see the difference between our starting point and the final architecture.2. Azure Security Handbook, summarizing what we learn in this course. This downloadable handbook is a great go-to-guide for security in Azure, and it will greatly help you when designing your next cloud architecture (the same way it helps me…) There is no other course like this! This is the most comprehensive, practical and easy-to-follow course about Azure security. And by the end of this course - you'll be a real Azure Security Expert!––––––––––––––––––––––––––––––What do my students have to say about my Azure courses––––––––––––––––––––––––––––––"This is the best Azure course I have encountered on Udemy or anywhere. And I say this after buying 8 different Udemy Azure before" - Arbaaz"One of the best Azure classes in the world" - Kkvi1357"One of the best courses I've done at Udemy - top among maybe 50-100" - Russ "Memi is a true architect willing to get his hands dirty!" - Kevon"Excellent" - Ashwani"Highly recommended" - Shashank"I am loving it <3 the best part is the project based learning !" - Juhi"The best course I have taken on Udemy" - EslamAnd lots more…––––––––––––––––––––––––––––––Who is this course for?––––––––––––––––––––––––––––––Any person who works with Azure will benefit from this course.Whether you are a cloud architect, developer or administrator - this course is for you.And in fact - anyone who's interested in cloud and security can take this course and benefit from it.If you're not sure if this course is for you - drop me a note!––––––––––––––––––––––––––––––What are the prerequisites for this course?––––––––––––––––––––––––––––––Some knowledge of Azure and familiarity with the Azure portal is required for this course.Note: This is not a beginner course in Azure, and I assume you already know how to work with Azure, create resources in it and work with them.––––––––––––––––––––––––––––––About Me––––––––––––––––––––––––––––––I've been working with Azure for more than 11 years, spanning dozens of customers from various fields - Fortune 100 enterprises, start-ups, govt. entities, defense, telco, banking, and lots more.In addition, I am a certified Azure Solutions Architect Expert and a certified Azure Security Engineer.I've been in the software industry for more than 20 years, and a Software Architect for more than 17 years, working with a variety of clients.I'm an avid speaker and trainer, having trained thousands of students in various courses.I love what I do, and my greatest passion (well, besides my family…) is designing modern, practical, and reliable systems for my clients, using the best possible architecture patterns and services.

Overview

Section 1: Welcome

Lecture 1 Course Introduction

Lecture 2 Join the Software and Cloud Architects Community

Lecture 3 Get the course slides

Lecture 4 Who Is This Course For?

Lecture 5 What This Course Is NOT

Lecture 6 Agenda

Section 2: Basic Security Principles

Lecture 7 Introduction

Lecture 8 What is Software Security?

Lecture 9 Software Security Terminology

Lecture 10 Who is Responsible for the Security?

Section 3: Security in the Cloud

Lecture 11 Introduction

Lecture 12 Security Challenges in the Cloud

Lecture 13 Cloud Services Security

Section 4: Identity Security

Lecture 14 Introduction

Lecture 15 Access to the Azure Portal

Lecture 16 DEMO - Activating the P2 License Trial

Lecture 17 MFA in Azure AD

Lecture 18 DEMO - Configuring MFA in Azure AD

Lecture 19 DEMO - Testing MFA

Lecture 20 Roles

Lecture 21 DEMO - Using Azure AD Roles

Lecture 22 Azure Roles

Lecture 23 DEMO - Using Azure Roles

Lecture 24 Managed Identity

Lecture 25 DEMO - Configuring System-Assigned Managed Identity

Lecture 26 DEMO - Configuring User-Assigned Managed Identity

Section 5: Network Security

Lecture 27 Introduction

Lecture 28 Hub-and-spoke Design

Lecture 29 Network Security Group (NSG)

Lecture 30 Configuring NSG for Inbound Connections

Lecture 31 Configuring NSG for Outbound Connections

Lecture 32 Using NSGs with Subnets

Lecture 33 Private Link

Section 6: KeyVault

Lecture 34 Introduction

Lecture 35 DEMO - Using KeyVault

Section 7: Securing Virtual Machines

Lecture 36 Introduction

Lecture 37 Use Minimum Permissions

Lecture 38 Keep the VM Up-to-date

Lecture 39 Protect Against Malware

Lecture 40 Enable Disk Encryption

Lecture 41 Restrict Internet Access

Lecture 42 DEMO - Securing Virtual Machines

Lecture 43 DEMO - Using Azure Bastion

Lecture 44 Resources

Section 8: Securing App Services

Lecture 45 Introduction

Lecture 46 Accept HTTPS Only Requests

Lecture 47 Add Azure AD Authentication

Lecture 48 Protect Secrets Using KeyVault

Lecture 49 Restrict Internet Access

Lecture 50 DEMO - Securing App Services

Lecture 51 Resources

Section 9: Securing Databases

Lecture 52 Introduction

Lecture 53 Use Azure AD Identities

Lecture 54 Encrypt Data

Lecture 55 Restrict Database Access

Lecture 56 DEMO - Creating and Connecting to Azure SQL

Lecture 57 DEMO - Adding Users to Azure SQL

Lecture 58 Connecting from a VM

Lecture 59 DEMO - Preparing the Computer

Lecture 60 DEMO - Connecting from VM using Connection String

Lecture 61 DEMO - Storing Connection String in KeyVault

Lecture 62 DEMO - Configuring KeyVault Private Endpoint

Lecture 63 DEMO - Configuring Database Private Endpoint

Lecture 64 DEMO - Connecting from VM using Managed Identity

Lecture 65 Connecting from App Service

Lecture 66 DEMO - Connecting from App Service

Lecture 67 Database Security FAQ

Lecture 68 Resources

Section 10: Securing Storage Account

Lecture 69 Introduction

Lecture 70 Use Azure AD Identities

Lecture 71 Encrypt Data

Lecture 72 Restrict Access

Lecture 73 DEMO - Securing Storage Account

Lecture 74 Connecting to the Storage Account from a VM

Lecture 75 DEMO - Connecting from VM using Connection String

Lecture 76 DEMO - Configure Private Endpoint

Lecture 77 DEMO - Connecting from VM using Managed Identity

Lecture 78 Connecting from App Service

Lecture 79 Summary

Section 11: Firewalls

Lecture 80 Introduction

Lecture 81 Azure Firewall

Lecture 82 DEMO - Using Azure Firewall

Lecture 83 Application Gateway & WAF

Lecture 84 DEMO - Deploying WAF

Lecture 85 DEMO - Configuring WAF Policy

Lecture 86 DEMO - Configuring Custom Rules

Lecture 87 DEMO - Configuring WAF Logs

Lecture 88 DEMO - Switching to Prevention Mode

Lecture 89 DEMO - Configuring App Service Private Endpoint

Lecture 90 Firewall Notes

Section 12: Logging

Lecture 91 Introduction

Lecture 92 DEMO - Configuring Logging

Lecture 93 DEMO - Querying Logs

Lecture 94 Resources

Section 13: Defender for Cloud

Lecture 95 Introduction

Lecture 96 DEMO - Using Defender for Cloud

Section 14: Azure Policy

Lecture 97 Introduction

Lecture 98 Azure Policy Overview

Lecture 99 DEMO - Using Azure Policy

Section 15: Case Study

Lecture 100 Introduction

Lecture 101 The System

Lecture 102 Initial Architecture

Lecture 103 Securing the Telemetry Gateway

Lecture 104 Securing the Telemetry Processor

Lecture 105 Securing the Operational DB

Lecture 106 Securing the Telemetry Viewer

Lecture 107 Complete Architecture

Section 16: Conclusion

Lecture 108 Download the Azure Security Handbook

Lecture 109 Conclusion

Lecture 110 Bonus lecture

Azure architects who want to integrate security into their cloud system,Azure developers who want to secure their code in the cloud,Azure administrators who want to make sure their cloud infrastructure is secure,Anyone who is interested in cloud security