Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Microsoft Azure Security Technologies Certification and Beyond
Microsoft Azure Security Technologies Certification and Beyond

Microsoft Azure Security Technologies Certification and Beyond: Gain practical skills to secure your Azure environment and pass the AZ-500 exam

eBook
€20.98 €29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Microsoft Azure Security Technologies Certification and Beyond

Chapter 1: Introduction to Azure Security

Security is a core component of any well-architected environment, and this is no different for Azure. Every workload that your organization implements in Azure needs to be implemented with security in mind. The risk associated with not doing this could range from an attacker being able to use your Azure resources to mine cryptocurrency at your expense to an attacker being able to gain access to sensitive customer data that could result in massive fines or sanctions against your company. It could also lead to reputation damage that may lead to customers moving to a competitor.

But how does cloud security work? Is it different from traditional security? Do you have to unlearn everything that you know about managing on-premises security and start from the beginning? You'll be glad that the answer to that latter question is "No." The principles of digital security are the same whether your workload sits in a traditional on-premises data center or in a cloud environment such as Microsoft Azure. The way you apply those principles, however, is quite different. Some of those differences are due to the dynamic and elastic nature of cloud environments. The ability to rapidly provision and release resources introduces new challenges that traditional security models struggle to address effectively, but we'll be covering how to solve this in this book – that is, we'll focus on how we apply security principles to secure dynamic Azure environments.

In any discussion on Azure security, it is critical to understand the "shared responsibility model," that is, which security tasks are handled by the cloud provider (Microsoft in this case) and which tasks are handled by the cloud consumers (us). In this chapter, I will introduce this concept and show how cloud security responsibilities vary depending on the type of service that you are using in Azure – Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS). I will also walk you through how to set up an Azure subscription that you can use to follow along with the hands-on sections of this book.

In this chapter, we're going to cover the following topics; however, feel free to skip to the next chapter if the information covered is already familiar to you:

  • Shared responsibility model
  • Setting up a practice environment

Technical requirements

To follow along with the instructions in this chapter, you'll need the following:

  • An outlook.com account that you will use to sign up for your Azure subscription. Make sure that this is an account that you have not previously used to sign up for a free trial Azure subscription. This is because every Microsoft account is entitled to only one free trial signup. You can sign up for a new outlook.com account by going to https://outlook.live.com/owa/ and clicking Create free account.
  • A PC with a web browser: The PC can run Windows, macOS, or GUI-based Linux, as long as it has a web browser installed and it has internet connectivity.
  • A credit card: This will be needed during the sign-up process to validate your identity. The credit card will not be charged during the trial. You have to explicitly convert a free trial subscription to a pay-as-you-go subscription for it to be charged.
  • A valid phone number: This will also be needed to validate your identity.

Shared responsibility model

As organizations transition their workloads from their on-premises data centers to the Azure cloud platform, the responsibility of security also shifts. One of these shifts is that you are no longer solely responsible (as an organization) for all aspects of security as you may be used to in a traditional environment. Security is now a concern that both the cloud provider (Microsoft) and the cloud customers (us) share. This is called the shared responsibility model and all cloud providers, including Microsoft's competitors such as AWS and GCP, follow this model as well.

The diagram in Figure 1.1 clearly highlights this. It is from a whitepaper on the shared security model that was published by Microsoft. You can download the whitepaper from this URL: https://azure.microsoft.com/en-gb/resources/shared-responsibility-for-cloud-computing/. In the diagram, the gray represents the security responsibilities that are transferred to Microsoft when we adopt Azure, while the blue represents security responsibilities that we still have to take care of as Azure customers:

Figure 1.1 – Shared responsibilities for different cloud service models

Figure 1.1 – Shared responsibilities for different cloud service models

One of the things that I would like to highlight in the diagram is that regardless of the cloud service model that we are using in Azure – IaaS, PaaS, or SaaS – we are never without security responsibility. Here are some other lessons that I want you to take from this section:

  • Your security responsibility varies depending on the model of service that you are using in Azure.

    If you are using an IaaS service such as a virtual machine, you have more security responsibilities to take care of. For example, you are responsible for patching the operating system of your Azure-hosted virtual machines.

    If you are using a PaaS service such as Azure App Service, you have fewer security responsibilities to take care of. For example, you are not responsible for patching the operating system used by the service, but you are still responsible for how you configure the service and also for controlling access to it.

    If you are using a SaaS service such as Azure Search, you have even fewer security responsibilities, but you are still responsible for controlling access to your data.

  • Not fulfilling your security responsibilities leaves you exposed to threats and attacks in those areas.

    Have a good look at the diagram again. Wherever you see blue in the diagram, if you do not have a strategy to address those responsibilities, you are leaving yourself exposed to threats! Don't worry too much about this right now – by the end of this book, you'll be equipped with the knowledge and skills that you need to effectively take care of these security responsibilities.

In this section, we established the foundational concept of shared security responsibilities in Azure. This clarified for us what we are responsible for depending on the service model that we are using. In the next section, we will set up a test environment that we can use to practice the implementation of security controls in Azure.

Setting up a practice environment

One of the best ways to learn a new concept is through hands-on practice. This book includes walk-throughs that allow you to gain a practical experience of the concepts being discussed:

Figure 1.2 – Practice environment

Figure 1.2 – Practice environment

To follow along with these walk-throughs, you will need access to an Azure subscription, and I will be walking you through how to sign up for one if you do not have an existing subscription now. If you have an existing subscription that you can use, feel free to skip the next section.

Create a free trial Azure subscription

To set up a free trial subscription, follow these steps:

  1. Open a browser window and browse to https://signup.azure.com/.
  2. In the Sign in window, enter your Outlook.com account and click Next:
    Figure 1.3 – Enter your email address

    Figure 1.3 – Enter your email address

  3. In the Your profile window that opens, the Country/Region, First name, Last name, and Email address fields should already be completed using information from your email profile. Enter the right values if the auto-completed values are not correct.
  4. Enter your phone number (without the country code).
  5. Skip Company VatID. Leave it empty and click Next. Depending on your Country/Region setting, this field may not be displayed, or you may be presented with a different option:
    Figure 1.4 – Enter your profile information

    Figure 1.4 – Enter your profile information

  6. In the Identity verification by phone section, ensure your country code and phone number are correct, then click on Text me:
    Figure 1.5 – Enter your phone number for identity verification

    Figure 1.5 – Enter your phone number for identity verification

  7. A verification code will be sent to your phone number. Enter the verification code and click Verify code.
  8. In the Identity verification by card section, fill in Cardholder Name (as it appears on your credit card), Card number, Expires, and CVV:
    Figure 1.6 – Enter your credit card information

    Figure 1.6 – Enter your credit card information

  9. Enter your address information and click Next.
  10. In the Agreement section, select only I agree to the subscription agreement, offer details, and privacy statement and click on Sign up:
    Figure 1.7 – Conclude the sign-up process

    Figure 1.7 – Conclude the sign-up process

    Important note

    Clicking on subscription agreement, offer details, and privacy statement will take you to the respective documentation, where you can read the details to stay informed of what you are agreeing to when signing up.

    The signup process will begin. It should only take a few minutes, after which you will be redirected to the Azure portal.

  11. To verify your subscription, in the Azure portal, click on Microsoft Azure in the top-left corner and click on Subscriptions under Navigate:
    Figure 1.8 – Verify your new subscription

    Figure 1.8 – Verify your new subscription

  12. In the Subscriptions window, you should see a subscription named Free Trial:
Figure 1.9 – Your new trial subscription

Figure 1.9 – Your new trial subscription

Congratulations! You now have an Azure subscription that you can use to follow along with the rest of the book.

Summary

In this chapter, we saw how cloud security is similar to yet different from traditional security. We also discussed the shared security model concept and highlighted how we have fewer security responsibilities when we adopt a cloud platform such as Microsoft Azure, but we are never without security responsibilities! And finally, I walked you through the process of setting up an Azure subscription, which puts you in a great place to follow along with the hands-on sections in the rest of this book.

Azure security is a deep and complex topic and we're only just getting started. In the next chapter, we'll start discussing one of the most important aspects of implementing security for your Azure environments – securing identity and access using Azure Active Directory.

Questions

As we conclude, here is a list of questions for you to test your knowledge regarding this chapter's material. You will find the answers in the Assessments section of the Appendix:

  1. True or false: When a workload is migrated from on-premises to Azure, you offload all security responsibilities to Microsoft.

    a. True

    b. False

  2. Which cloud service model requires the greatest security effort on the part of the customer?

    a. Infrastructure as a Service (IaaS)

    b. Platform as a Service (PaaS)

    c. Software as a Service (SaaS)

  3. True or false: The principles of digital security are the same whether your workload sits in a traditional on-premises data center or in a cloud environment such as Microsoft Azure.

    a. True

    b. False

  4. Which security responsibility is solely that of the cloud provider when we move to Azure?

    a. Network controls

    b. Client and endpoint protection

    c. Physical security

    d. Identity and access management

Further reading

To learn more on the topics covered in this chapter, you can refer to the following links:

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Master AZ-500 exam objectives and learn real-world Azure security strategies
  • Develop practical skills to protect your organization from constantly evolving security threats
  • Effectively manage security governance, policies, and operations in Azure

Description

Exam preparation for the AZ-500 means you’ll need to master all aspects of the Azure cloud platform and know how to implement them. With the help of this book, you'll gain both the knowledge and the practical skills to significantly reduce the attack surface of your Azure workloads and protect your organization from constantly evolving threats to public cloud environments like Azure. While exam preparation is one of its focuses, this book isn't just a comprehensive security guide for those looking to take the Azure Security Engineer certification exam, but also a valuable resource for those interested in securing their Azure infrastructure and keeping up with the latest updates. Complete with hands-on tutorials, projects, and self-assessment questions, this easy-to-follow guide builds a solid foundation of Azure security. You’ll not only learn about security technologies in Azure but also be able to configure and manage them. Moreover, you’ll develop a clear understanding of how to identify different attack vectors and mitigate risks. By the end of this book, you'll be well-versed with implementing multi-layered security to protect identities, networks, hosts, containers, databases, and storage in Azure – and more than ready to tackle the AZ-500.

Who is this book for?

This book is a comprehensive resource aimed at those preparing for the Azure Security Engineer (AZ-500) certification exam, as well as security professionals who want to keep up to date with the latest updates. Whether you’re a newly qualified or experienced security professional, cloud administrator, architect, or developer who wants to understand how to secure your Azure environment and workloads, this book is for you. Beginners without foundational knowledge of the Azure cloud platform might progress more slowly, but those who know the basics will have no trouble following along.

What you will learn

  • Manage users, groups, service principals, and roles effectively in Azure AD
  • Explore Azure AD identity security and governance capabilities
  • Understand how platform perimeter protection secures Azure workloads
  • Implement network security best practices for IaaS and PaaS
  • Discover various options to protect against DDoS attacks
  • Secure hosts and containers against evolving security threats
  • Configure platform governance with cloud-native tools
  • Monitor security operations with Azure Security Center and Azure Sentinel

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Nov 04, 2021
Length: 526 pages
Edition : 1st
Language : English
ISBN-13 : 9781800567047
Category :
Concepts :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning

Product Details

Publication date : Nov 04, 2021
Length: 526 pages
Edition : 1st
Language : English
ISBN-13 : 9781800567047
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 115.97
Privilege Escalation Techniques
€41.99
Penetration Testing Azure for Ethical Hackers
€36.99
Microsoft Azure Security Technologies Certification and Beyond
€36.99
Total 115.97 Stars icon

Table of Contents

18 Chapters
Section 1: Implement Identity and Access Security for Azure Chevron down icon Chevron up icon
Chapter 1: Introduction to Azure Security Chevron down icon Chevron up icon
Chapter 2: Understanding Azure AD Chevron down icon Chevron up icon
Chapter 3: Azure AD Hybrid Identity Chevron down icon Chevron up icon
Chapter 4: Azure AD Identity Security Chevron down icon Chevron up icon
Chapter 5: Azure AD Identity Governance Chevron down icon Chevron up icon
Section 2: Implement Azure Platform Protection Chevron down icon Chevron up icon
Chapter 6: Implementing Perimeter Security Chevron down icon Chevron up icon
Chapter 7: Implementing Network Security Chevron down icon Chevron up icon
Chapter 8: Implementing Host Security Chevron down icon Chevron up icon
Chapter 9: Implementing Container Security Chevron down icon Chevron up icon
Section 3: Secure Storage, Applications, and Data Chevron down icon Chevron up icon
Chapter 10: Implementing Storage Security Chevron down icon Chevron up icon
Chapter 11: Implementing Database Security Chevron down icon Chevron up icon
Chapter 12: Implementing Secrets, Keys, and Certificate Management with Key Vault Chevron down icon Chevron up icon
Chapter 13: Azure Cloud Governance and Security Operations Chevron down icon Chevron up icon
Assessments Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.7
(17 Ratings)
5 star 88.2%
4 star 0%
3 star 5.9%
2 star 5.9%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Darrell Martin May 11, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great book for passing certification
Amazon Verified review Amazon
vPhillyEngineer Jun 01, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is an incredible Azure security and certification guide with plenty of opportunities to implement the learned lessons.Security is a complex topic and Azure security can be a challenge for new Azure administrators. This guide is great for those who are looking for a learning resource focused solely on securing Azure. In this one guide, you have a single source of best practices and a roadmap about securing services like AD, Azure storage, Azure Key Vault, among many other Azure services.This book helped me ramp up my Azure security knowledge, provided a way to get hands on experience through guided labs, and confidence to pursue AZ-500 certification.I have met Mr. David Okeyode at cloud events and he has always been generous with his time. He speaks frequently for Azure user groups and create great content about Azure cloud services. After I work my way through this book, I will work my way through his other guide about performing ethical hacking of Azure environments to test the Azure security posture I learned in this guide.Overall, a great book to help secure Azure for those who are looking for a subject matter expert to guide you through a complex topic.
Amazon Verified review Amazon
Amadu Bah Mar 22, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I haven’t actually getting really into to it because of other activities. I just skimmed through it and I’m sure it great to have.
Amazon Verified review Amazon
IYYAPPAN NATHAN Dec 31, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is a very good book for AZ 500. Step by step explanations are given with screeen shots. Good work sir.
Amazon Verified review Amazon
Gloria Adesoga Nov 16, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I coukdnhave asked for more. Excellent security guide with a perfect way to secure your Azure environment
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.