Security: Microsoft Azure Security Engineer Skills Plan

Le aziende fanno sempre più affidamento sulle tecnologie cloud per migliorare l'efficienza e semplificare le operazioni in un contesto aziendale in continua evoluzione come quello di oggi. Con l'aumento dell'adozione del cloud aumenta anche la richiesta di solide misure di sicurezza per proteggere i dati e le applicazioni sensibili. La certificazione Microsoft Azure Security Technologies (AZ-500) ha lo scopo di fornire ai professionisti le competenze e le conoscenze necessarie per proteggere l'infrastruttura, i servizi e i dati di Azure.

L'approccio Zero Trust Security presuppone che tutti gli utenti, i dispositivi e le reti non siano attendibili e richiedano una verifica costante ed è oggi una delle metodologie di sicurezza più critiche del settore. Man mano che le aziende adottano le tecnologie dell'Intelligenza Artificiale (AI) emergono nuovi problemi di sicurezza, che rendono fondamentale per le aziende rimanere aggiornate sulle ultime pratiche di sicurezza.

Questo skills plan vi darà una panoramica degli obiettivi dell'esame per l'esame AZ-500, che include controlli di sicurezza, gestione di identità e accessi, protezione della piattaforma, protezione di dati e applicazioni e funzionalità di governance e conformità in Azure. Gli studenti possono dimostrare la propria esperienza nella protezione dell'infrastruttura di Azure e contribuire agli sforzi di sicurezza informatica della propria azienda studiando questa guida e superando l'esame AZ-500.

I compiti e le responsabilità di un Azure Security Engineer includono il mantenimento della security posture, l'identificazione e la correzione delle vulnerabilità utilizzando una varietà di strumenti di sicurezza, l'implementazione della protezione dalle minacce e la risposta alle escalation degli incidenti di sicurezza.

Percorso 1: Contenuto dell’esame AZ-500

Prerequisiti

Vi consiglio di dare un’occhiata a questi argomenti se siete alle prime armi con i contenuti di sicurezza informatica.

• lntroduction to Azure security
• Azure security technical capabilities
• Azure identity management security overview
• Azure network security overview
• Fundamentals of Network Security
• Microsoft Azure Well-Architected Framework Security

Manage identity and access (30-35%)

Manage Azure Active Directory identities

• Application and service principal objects in Azure Active Directory
• Authenticate apps to Azure services by using service principals and managed
• identities for Azure resources
• Access with Azure Active Directory groups
• Manage users and groups in Azure Active Directory
• Add or delete users using Azure Active Directory
• Manage users and groups in Azure Active Directory
• Tutorial: Enable Azure Active Directory self-service password reset writeback to an on-premises environment
• Authentication vs authorization
• What is password hash synchronization with Azure AD?
• User sign-in with Azure Active Directory Pass-through Authentication
• Passwordless authentication options for Azure Active Directory
• Manage access to an Azure subscription by using Azure role-based access control
• Transfer billing ownership of an Azure subscription to another account
• Associate or add an Azure subscription to your Azure Active Directory tenant

Configure secure access by using Azure AD

• Configure security alerts for Azure AD roles in Privileged ldentity Management
• Create an access review of Azure AD roles in Privileged ldentity Management
• Deploy Azure AD Privileged ldentity Management (PlM)
• Secure Azure Active Directory users with Multi-Factor Authentication
• Configure Azure Multi-Factor Authentication settings
• What is Azure Active Directory ldentity Protection?
• Protect your identities with Azure AD ldentity Protection

Manage application access

• QuickStart: Register an application with the Microsoft identity platform
• Permissions and consent in the Microsoft identity platform endpoint
• Configure how end-users consent to applications
• Secure your application by using OpenID Connect and Azure AD
• Get access on behalf of a user
• Authentication flows and application scenarios
• Permissions and Consent Framework

Manage access control

• Elevate access to manage all Azure subscriptions and management groups
• Add or change Azure subscription administrators
• Lock resources to prevent unexpected changes
• What is Azure role-based access control (Azure RBAC)?
• Secure your Azure resources with role-based access control
• Create Custom Roles
• Secure your cloud resources with access control
• Create custom roles for Azure resources with role-based access control
• Azure Built-in Roles
• Manage access to an Azure subscription by using Azure role-based access control
• Best practices for Azure RBAC
• Quickstart: View the access a user has to Azure resources
• List Azure role definitions
• List Azure role assignments using the Azure portal

lmplement platform protection (15-20%)

lmplement advanced network security

• VPN Gateway design
• ExpressRoute encryption
• About Point-to-Site VPN
• Create a Site-to-Site connection in the Azure portal
• Configure virtual network connectivity
• Connect your on-premises network to the Microsoft global network by using
• ExpressRoute
• Design a hybrid network architecture on Azure
• Network security groups
• Create, change, or delete a network security group
• Tutorial: Filter network traffic with a network security group using the Azure portal
• Application security groups
• Manage and control traffic flow in your Azure deployment with routes
• Fundamentals of Network Security
• Secure and isolate access to Azure resources by using network security groups and
• service endpoints

• Tutorial: Deploy and configure Azure Firewall using the Azure portal
• Tutorial: Deploy and configure Azure Firewall in a hybrid network using the Azure portal
• Quickstart: Create a Front Door for a highly available global web application
• Encrypt network traffic end to end with Azure Application Gateway
• Azure Web Application Firewall on Azure Application Gateway
• Quickstart: Connect to a virtual machine using a private IP address and Azure
• Bastion
• How to use Azure Bastion to connect securely to your Azure VMs
• Azure SQL Database and Azure Synapse IP firewall rules
• Configure Azure Storage firewalls and virtual networks
• Access Azure Key Vault behind a firewall
• Virtual Network service endpoints
• Tutorial: Restrict network access to PaaS resources with virtual network service endpoints using the Azure portal
• Create, change, or delete service endpoint policy using the Azure portal
• Use private endpoints for Azure Storage
• Quickstart: Create a Private Endpoint using Azure portal
• Azure DDoS Protection Standard overview

Configure advanced security for compute

• Feature coverage for machines
• Security management in Azure
• Microsoft Antimalware for Azure Cloud Services and Virtual Machines
• Protect your servers and VMs from brute-force and malware attacks with Azure
• Security Center
• Manage updates and patches for your Azure VMs
• Manage updates for multiple VMs
• Keep your virtual machines updated
• Security best practices for laaS workloads in Azure
• How to use managed identities with Azure Container lnstances
• Authenticate with an Azure container registry
• lntroduction to Docker containers
• Run Docker containers with Azure Container lnstances
• Build a containerized web application with Docker
• Vulnerability assessments for your Azure Virtual Machines
• lntegrated vulnerability scanner for virtual machines (Standard tier only)
• Security concepts for applications and clusters in Azure Kubernetes Service (AKS)
• Best practices for cluster isolation in Azure Kubernetes Service (AKS)
• Container Security in Azure
• Azure Kubernetes Service Workshop
• Secure traffic between pods using network policies in Azure Kubernetes Service
• Authenticate with an Azure container registry
• Build and store container images with Azure Container Registry
• Azure Disk Encryption for Windows VMs
• Secure your Azure virtual machine disks
• Security in Azure App Service
• Authentication and authorization in Azure App Service and Azure Functions
• OS and runtime patching in Azure App Service
• Add a TLS/SSL certificate in Azure App Service
• Secure a custom DNS name with a TLS/SSL binding in Azure App Service
• Service principals with Azure Kubernetes Service (AKS)
• lntegrate Azure Active Directory with Azure Kubernetes Service
• Update containers in Azure Container lnstances

Manage security operations (25-30%)

Monitor security by using Azure Monitor

• Create, view, and manage log alerts using Azure Monitor
• Create, view, and manage metric alerts using Azure Monitor
• lmprove incident response with alerting on Azure
• Tutorial: Get started with Log Analytics queries
• Get started with log queries in Azure Monitor
• Analyze your Azure infrastructure by using Azure Monitor logs
• Monitor and report on security events in Azure AD
• Create diagnostic setting to collect resource logs and metrics in Azure
• Overview of Azure platform logs

Monitor security by using Azure Security Center

• Security alerts in Azure Security Center
• Manage and respond to security alerts in Azure Security Center
• Vulnerability assessments for your Azure Virtual Machines
• lntegrated vulnerability scanner for virtual machines (Standard tier only)
• ldentify security threats with Azure Security Center
• Secure your management ports with just-in-time access
• Working with security policies
• Azure security policies monitored by Security Center
• Tutorial: lmprove your regulatory compliance

Monitor security by using Azure Sentinel

• Automatically create incidents from Microsoft security alerts
• Tutorial: Create custom analytic rules to detect suspicious threats
• Quickstart: Get started with Azure Sentinel
• Connect data sources
• lmprove security with Azure Sentinel, a cloud-native SlEM and SOAR solution
• Tutorial: Visualize and monitor your data
• Tutorial: lnvestigate incidents with Azure Sentinel
• Use a framework to identify threats and find ways to reduce or eliminate risk
• Tutorial: Set up automated threat responses in Azure Sentinel

Configure security policies

• Tutorial: Create and manage policies to enforce compliance
• Tutorial: Create a custom policy definition
• Integrate Azure Key Vault with Azure Policy
• Apply and monitor infrastructure standards with Azure Policy
• What is Azure Blueprints?
• Overview of the Azure Security Benchmark blueprint sample
• Tutorial: Create an environment from a blueprint sample

Secure data and applications (20-25%)

Configure security for storage

• Authorizing access to data in Azure Storage
• Secure your Azure Storage accounts

• Manage storage account access keys
• Use the Azure portal to access blob or queue data
• Authorize access to blobs and queues using Azure Active Directory
• Acquire a token from Azure AD for authorizing requests from a client application
• Overview - on-premises Active Directory Domain Services authentication over SMB
• for Azure file shares
• Enable Azure Active Directory Domain Services authentication on Azure Files
• Store and share files in your application with Azure Files
• Grant limited access to Azure Storage resources using shared access signatures
• Control access to Azure Storage with shared access signatures
• Security recommendations for Blob storage
• Azure Storage encryption for data at rest
• Configure customer-managed keys with Azure Key Vault by using the Azure portal

Configure security for databases

• Use Azure Active Directory authentication
• Configure and manage Azure AD authentication with Azure SQL
• Configure security policies to manage data
• Auditing for Azure SQL Database and Azure Synapse Analytics
• Tutorial: Secure a database in Azure SQL Database
• Transparent Data Encryption
• Always Encrypted
• Overview of key management for Always Encrypted
• Configure Always Encrypted by using Azure Key Vault

Configure and manage Key Vault

• Azure Key Vault security
• Secure access to a key vault
• Provide Key Vault authentication with a managed identity
• Manage secrets in your server apps with Azure Key Vault
• Azure Policy built-in policy definitions for Key Vault
• Tutorial: lmport a certificate in Azure Key Vault
• About Azure Key Vault secrets
• Configure and manage secrets in Azure Key Vault
• Set up Azure Key Vault with key rotation and auditing
• Tutorial: Configure certificate autorotation in Key Vault
• Automate the rotation of a secret for resources that use single-user/single-password authentication
• Azure Key Vault soft-delete overview

Bonus Pack: Video e demo

• Exam Readyness zone
• Video Azure Friday
• Video Microsoft Learn Show
• Come prepararsi a sostenere un esame di certificazione Microsoft