AI, Data Science & Cloud Certificates from Google, IBM & Meta — 50% Off
One plan covers every Professional Certificate on Coursera. 50% off Coursera Plus Annual for 10 days only — price increases June 17.
Unlock All Certificates
- Enforce security standards before resources reach production using Azure Policy. Assign built-in policy definitions and initiatives at management group scope, author custom definitions with automated remediation tasks, and protect critical resources from deletion using Azure resource locks.
After completing this module, you can:
- Assign built-in Azure Policy definitions and initiatives to enforce security configurations at subscription and management group scope
- Create custom Azure Policy definitions with remediation tasks to enforce controls that built-in definitions don't cover
- Configure Azure resource locks to prevent critical resources from being deleted or modified
- Configure Defender for Cloud security standards at management group scope and systematically deploy security controls to remediate recommendations at scale using Fix, governance rules, Policy remediation tasks, and exemptions.
After completing this module, you can:
- Configure Defender for Cloud environment settings and security standards at management group scope
- Deploy security controls to remediate recommendations at scale using Fix, governance rules, Policy remediation tasks, and exemptions
- Learn to use Microsoft Defender for Cloud to assess, investigate, and report on compliance posture against security frameworks including the Microsoft Cloud Security Benchmark, regulatory standards, and custom standards.
After completing this module, you will be able to:
- Explain how compliance standards, controls, and assessments work in Defender for Cloud — including the role of the Microsoft Cloud Security Benchmark
- Navigate the regulatory compliance dashboard to identify and investigate failing compliance controls
- Assign regulatory compliance standards to Azure subscriptions and manage compliance scope in the Azure portal
- Generate compliance reports and communicate posture using audit downloads, compliance workbooks, and Microsoft Purview Compliance Manager
- Implement least-privilege access governance across Azure and Microsoft Entra ID. Assign built-in roles at appropriate scope, create custom roles for Azure resources and Microsoft Entra directory operations, and identify and remediate overprivileged access using Microsoft Entra access reviews and Defender for Cloud CSPM identity insights.
After completing this module, you can:
- Assign built-in Azure roles at the appropriate scope using least-privilege principles
- Create custom Azure roles and Microsoft Entra roles for operations that built-in roles don't cover at the right permission level
- Identify overprivileged role assignments and remediate them using Defender for Cloud CSPM, Cloud Infrastructure Entitlement Management (CIEM), and Microsoft Entra access reviews
- Protect Azure Backup data against ransomware, accidental deletion, and rogue administrators. Configure enhanced soft delete, vault immutability, Multi-User Authorization with Resource Guard, and RBAC controls to achieve an Excellent security posture rating across Recovery Services vaults.
After completing this module, you can:
- Configure soft delete and vault immutability to protect backup recovery points from deletion
- Implement Multi-User Authorization using Resource Guard to prevent unauthorized critical backup operations
- Embed security controls into infrastructure as code pipelines to prevent noncompliant Azure resources from reaching production. Integrate IaC security scanning using Microsoft Defender for DevOps and the MSDO extension, and configure Azure Policy in a policy-as-code workflow to enforce security compliance at deployment time.
After completing this module, you can:
- Configure Microsoft Defender for DevOps to scan Bicep and ARM templates in GitHub Actions and Azure Pipelines
- Apply Azure Policy in a policy-as-code workflow to enforce security compliance at IaC deployment time
