MCA Microsoft Azure Security Engineer Certification Camp (1 Course, 1 Exam, 1 Cert)

Secure identities with Microsoft Entra and users and groups.
Configure and manage hybrid identity.
Deploy and maintain identity protection and privileged identity in Azure.
Design and manage an enterprise governance strategy for your security profile.
Configure and manage network and perimeter security solutions to protect your Azure environment.
Manage the security of any hosts and containers running in your environment.
Deploy and configure Azure Key Vault.
Implement and manage application security features to lock down application access and functionality.
Implement and maintain storage and database security.
Configure Azure Monitor and Microsoft Defender for Clouds to protect and monitor security operations.
Analyze your security with Microsoft Sentinel.

Topics Covered in this Official Boot Camp:

Manage identities in Microsoft Entra ID

Enhance security in Microsoft Entra ID to safeguard user identities and accounts.
Implement security for group management in Microsoft Entra ID for effective access control.
Advise on the secure management of external identities in Microsoft Entra ID.
Utilize Microsoft Entra ID Protection for proactive threat detection and response.

What is Microsoft Entra ID?
Secure Microsoft Entra users
Create a new user in Microsoft Entra ID
Secure Microsoft Entra groups
Recommend when to use external identities
Secure external identities
Implement Microsoft Entra Identity protection

Manage authentication by using Microsoft Entra ID

Implement multifactor and passwordless authentication for enhanced security and convenience.
Enforce password protection measures and single sign-on for simplified, secure access.
Integrate SSO with identity providers and endorse modern authentication protocols.
Set up Microsoft Entra Verified ID for trusted identity verification.

Microsoft Entra connect
Microsoft Entra Cloud Sync
Authentication options
Password hash synchronization with Microsoft Entra ID
Microsoft Entra pass-through authentication
Federation with Microsoft Entra ID
What is Microsoft Entra authentication?
Implement multifactor authentication (MFA)
Passwordless authentication options for Microsoft Entra ID
Implement passwordless authentication
Implement password protection
Microsoft Entra ID single sign-on
Implement single sign-on (SSO)
Integrate single sign-on (SSO) and identity provider
Introduction to Microsoft Entra Verified ID
Configure Microsoft Entra Verified ID
Recommend and enforce modern authentication protocols

Manage authorization by using Microsoft Entra ID

Set Azure role permissions across management groups, subscriptions, and resources for access control.
Assign built-in roles in Microsoft Entra ID and Azure for predefined user permissions.
Create custom roles in Azure and Microsoft Entra ID to match organizational access needs.
Manage Entra Permissions, Privileged Identity Management, and Conditional Access for refined control and compliance.

Azure management groups
Configure Azure role permissions for management groups, subscriptions, resource groups, and resources
Azure role-based access control
Azure built-in roles
Assign Azure role permissions for management groups, subscriptions, resource groups, and resources
Microsoft Entra built-in roles
Assign built-in roles in Microsoft Entra ID
Microsoft Entra role-based access control
Create and assign a custom role in Microsoft Entra ID
Microsoft Entra Permissions Management
Implement and manage Microsoft Entra Permissions Management
Zero Trust security
Microsoft Entra Privileged Identity Management
Configure Privileged Identity Management
Microsoft Entra ID Governance
Entitlement management
Access reviews
Identity lifecycle management
Lifecycle workflows
Delegation and roles in entitlement management
Configure role management and access reviews by using Microsoft Entra ID Governance
Implement Conditional Access policies

Manage application access in Microsoft Entra ID

Manage enterprise application access in Microsoft Entra ID, including OAuth permission grants for access control.
Govern application integration with identity platforms through Microsoft Entra ID app registrations.
Configure app registration permission scopes for appropriate resource access levels.
Manage app registration consent and use service principals and managed identities for automated management and enhanced security.

Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants
Manage app registrations in Microsoft Entra ID
Configure app registration permission scopes
Manage app registration permission consent
Manage and use service principals
Manage managed identities for Azure resources
Recommend when to use and configure a Microsoft Entra Application Proxy, including authentication

Plan and implement security for virtual networks

Implement security measures for Azure virtual networks to safeguard data and resources.
Utilize NSGs and ASGs for network traffic security, and manage UDRs for optimal traffic routing.
Establish secure network connectivity through Virtual Network peering, VPN gateways, and Virtual WAN.
Enhance network security with VPN configurations, ExpressRoute encryption, PaaS firewall settings, and Network Watcher monitoring.

What is an Azure Virtual Network
Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs)
Plan and implement User-Defined Routes (UDRs)
Plan and implement Virtual Network peering or gateway
Plan and implement Virtual Wide Area Network, including secured virtual hub
Secure VPN connectivity, including point-to-site and site-to-site
Azure ExpressRoute
Implement encryption over ExpressRoute
Configure firewall settings on PaaS resources
Monitor network security by using Network Watcher, including network security groups

Plan and implement security for private access to Azure resources

Develop security strategies for private access to Azure resources to protect sensitive data.
Utilize virtual network Service Endpoints and Private Endpoints for secure Azure service access.
Manage Private Link services for secure resource exposure and integrate Azure App Service and Functions with virtual networks.
Configure network security for App Service Environment and Azure SQL Managed Instance to safeguard web applications and databases.

Plan and implement virtual network Service Endpoints
Plan and implement Private Endpoints
Plan and implement Private Link services
Plan and implement network integration for Azure App Service and Azure Functions
Plan and implement network security configurations for an App Service Environment (ASE)
Plan and implement network security configurations for an Azure SQL Managed Instance

Plan and implement security for public access to Azure resources

Develop strategies for secure public access to Azure resources, preventing unauthorized access and breaches.
Implement TLS for Azure App Service and API Management to encrypt data in transit.
Protect network traffic with Azure Firewall and Application Gateway for optimized web application security and delivery.
Enhance web app performance with Azure Front Door and CDN, and deploy WAF and DDoS Protection for robust defense against attacks.

Plan and implement Transport Layer Security (TLS) to applications, including Azure App Service and API Management
Plan, implement, and manage an Azure Firewall, Azure Firewall Manager and firewall policies
Plan and implement an Azure Application Gateway
Plan and implement a Web Application Firewall (WAF)
Plan and implement an Azure Front Door, including Content Delivery Network (CDN)
Recommend when to use Azure DDoS Protection Standard

Plan and implement advanced security for compute

Enhance Azure compute resources’ security against vulnerabilities and attacks with advanced measures.
Secure remote access via Azure Bastion and JIT VM access, and implement network isolation for AKS.
Strengthen AKS clusters’ security, monitor Azure Container Instances and Apps, and manage access to Azure Container Registry.
Implement disk encryption methods like ADE and manage API access securely in Azure API Management.

Plan and implement remote access to public endpoints, Azure Bastion and just-in-time (JIT) virtual machine (VM) access
What is Azure Kubernetes Service?
Configure network isolation for Azure Kubernetes Service (AKS)
Secure and monitor Azure Kubernetes Service
Configure authentication for Azure Kubernetes Service
Configure security for Azure Container Instances (ACIs)
Configure security for Azure Container Apps (ACAs)
Manage access to Azure Container Registry (ACR)
Configure disk encryption, Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption
Recommend security configurations for Azure API Management

Plan and implement security for storage

Develop security strategies for Azure storage resources, ensuring data protection during rest and transit.
Manage storage account access with effective access control and secure key lifecycle management.
Tailor access methods for Azure Files, Blob Storage, Tables, and Queues to specific use cases.
Strengthen data security with soft delete, backups, versioning, immutable storage, BYOK, and double encryption.

Azure Storage
Configure access control for storage accounts
Manage life cycle for storage account access keys
Select and configure an appropriate method for access to Azure Files
Select and configure an appropriate method for access to Azure Blobs
Select and configure an appropriate method for access to Azure Tables
Select and configure an appropriate method for access to Azure Queues
Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage
Configure Bring your own key (BYOK)
Enable double encryption at the Azure Storage infrastructure level

Plan and implement security for Azure SQL Database and Azure SQL Managed Instance

Implement security for Azure SQL Managed Instance to safeguard sensitive data.
Use Microsoft Enterprise Identity for database authentication and conduct database auditing for compliance.
Utilize Microsoft Purview for data governance and classification to protect sensitive information.
Apply dynamic masking and Transparent Database Encryption, and recommend Always Encrypted for client-side data protection.

Azure SQL Database and SQL Managed Instance security
Enable database authentication by using Microsoft Entra ID
Enable and monitor database audit
Identify use cases for the Microsoft Purview governance portal
Implement data classification of sensitive information by using the Microsoft Purview governance portal
Plan and implement dynamic mask
Implement transparent data encryption
Recommend when to use Azure SQL Database Always Encrypted

Plan, implement, and manage governance for security

Enforce compliance using Azure Policy to create and manage security policies.
Streamline secure infrastructure deployment with Azure Blueprint.
Utilize landing zones for consistent Azure security and manage sensitive data with Azure Key Vault.
Enhance key security with HSM recommendations, effective access control, and regular key rotation and backup processes.

Azure governance
Create, assign, and interpret security policies and initiatives in Azure Policy
Configure security settings by using Azure Blueprint
Deploy secure infrastructures by using a landing zone
Azure Key Vault
Azure Key Vault security
Azure Key Vault authentication
Create and configure an Azure Key Vault
Recommend when to use a dedicated Hardware Security Module (HSM)
Configure access to Key Vault, including vault access policies and Azure Role Based Access Control
Manage certificates, secrets, and keys
Configure key rotation
Configure backup and recovery of certificates, secrets, and keys

Manage security posture by using Microsoft Defender for Cloud

Utilize Microsoft Defender for Cloud Secure Score and Inventory to identify and mitigate security risks, enhancing overall security posture.
Assess and align with security frameworks using Microsoft Defender for Cloud to ensure adherence to security standards and best practices.
Integrate specific industry and regulatory standards into Microsoft Defender for Cloud for tailored compliance.
Connect hybrid and multicloud environments to Microsoft Defender for Cloud for centralized security management, and monitor external assets to safeguard against external threats.

Implement Microsoft Defender for Cloud
Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory
Assess compliance against security frameworks and Microsoft Defender for Cloud
Add industry and regulatory standards to Microsoft Defender for Cloud
Add custom initiatives to Microsoft Defender for Cloud
Connect hybrid cloud and multicloud environments to Microsoft Defender for Cloud
Identify and monitor external assets by using Microsoft Defender External Attack Surface Management

Configure and manage threat protection by using Microsoft Defender for Cloud

Master the configuration of Microsoft Defender for Cloud to effectively monitor and protect cloud resources.
Implement advanced threat detection strategies using Microsoft Defender for Cloud’s built-in capabilities.
Utilize Microsoft Defender for Cloud’s threat intelligence to proactively identify and mitigate security risks.
Configure and fine-tuning security policies within Microsoft Defender for Cloud to align with organizational security requirements.
Develop expertise in incident response and remediation using Microsoft Defender for Cloud’s integrated tools and features.

Enable workload protection services in Microsoft Defender for Cloud
Configure Microsoft Defender for Servers
Configure Microsoft Defender for Azure SQL Database
Container security in Microsoft Defender for Containers
Managed Kubernetes threat factors
Defender for Containers architecture
Configure Microsoft Defender for Containers components
Vulnerability assessments for Azure
Defender for Storage
Malware scanning in Defender for Storage
Detect threats to sensitive data
Deploy Microsoft Defender for Storage
Enable configure Azure built-in policy
Microsoft Defender for Cloud DevOps Security
DevOps Security support and prerequisites
DevOps environment security posture
Connect your GitHub lab environment to Microsoft Defender for Cloud
Configure the Microsoft Security DevOps GitHub action
Manage and respond to security alerts in Microsoft Defender for Cloud
Configure workflow automation by using Microsoft Defender for Cloud
Evaluate vulnerability scans from Microsoft Defender for Server

Configure and manage security monitoring and automation solutions

Use Azure Monitor for effective security event monitoring in cloud environments.
Implement data connectors in Microsoft Sentinel for comprehensive security data collection.
Develop customized analytics rules in Microsoft Sentinel for targeted threat detection.
Assess and automate responses to security incidents in Microsoft Sentinel to enhance workflow efficiency.

Monitor security events by using Azure Monitor
Configure data connectors in Microsoft Sentinel
Create and customize analytics rules in Microsoft Sentinel
Evaluate alerts and incidents from Microsoft Sentinel
Configure automation in Microsoft Sentinel