Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Microsoft

Implement network security controls in Azure

Microsoft via Microsoft Learn

Go to class Write review
Simplilearn Ad

Become an AI & ML Engineer with Cal Poly EPaCE — IBM-Certified Training

Learn More → Babbel Ad

You’re only 3 weeks away from a new language

Learn More →

Overview

Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
  • Segment Azure workloads to control lateral movement and enforce least-privilege network access. Design and configure Network Security Group (NSG) and Application Security Group (ASG) rules with a security-first approach, enforce organization-wide policies using Azure Virtual Network Manager, and verify effective security posture using Network Watcher diagnostics.

    After completing this module, you'll be able to:

    • Assess a virtual network topology to identify lateral movement risk and network segmentation gaps
    • Configure NSG rules to enforce least-privilege access between Azure workloads
    • Use ASGs to simplify and maintain NSG rule sets for grouped workloads
    • Configure Azure Virtual Network Manager security admin rules to enforce organization-wide network policies
    • Verify effective network security rules using Network Watcher diagnostics
  • Deploy Azure Firewall to centralize traffic inspection and enforce filtering policies across your Azure environment. Configure rule collections, apply threat-intelligence-based blocking, and extend centralized inspection to Virtual WAN deployments using Secured Virtual Hubs.

    After completing this module, you'll be able to:

    • Determine when Azure Firewall is required to address threats that Network Security Group (NSG) filtering can't mitigate
    • Configure Azure Firewall rule collections and Firewall Policy to control and inspect network traffic
    • Deploy Azure Firewall to a Virtual WAN hub to centralize inspection for hub-spoke and branch traffic
  • Harden Azure remote and hybrid connectivity to reduce attack surface and enforce Zero Trust access principles. Assess VPN gateway security risks, apply hardening controls, and deploy Microsoft Entra Private Access to replace broad VPN access with identity-aware, per-application access.

    After completing this module, you'll be able to:

    • Identify security risks in VPN gateway configurations for site-to-site and point-to-site connections
    • Configure VPN gateway settings to reduce attack surface through stronger authentication and encryption
    • Deploy Microsoft Entra Private Access to enforce Zero Trust application-level access for remote users
  • Eliminate public network exposure of Azure PaaS and AI services using private endpoints and Azure Private Link. Configure private endpoints, integrate private DNS, expose internal services using Private Link service, and enforce private access adoption using Azure Policy and Defender for Cloud.

    After completing this module, you'll be able to:

    • Assess the attack surface created by public PaaS service endpoints in an Azure environment
    • Configure private endpoints to route access to Azure PaaS and AI services over a private network
    • Configure Azure Private Link service to expose internal services without creating a public endpoint
    • Enforce private endpoint adoption at scale using Azure Policy and Defender for Cloud

Syllabus

  • Segment and isolate Azure workloads using network security controls
    • Introduction
    • Assess network segmentation gaps
    • Control traffic with network security groups (NSGs)
    • Simplify rule management with application security groups
    • Enforce consistent policy with Azure Virtual Network Manager
    • Verify effective network security rules with Network Watcher
    • Knowledge check
    • Summary
  • Centralize and enforce traffic inspection using Azure Firewall
    • Introduction
    • Determine when centralized traffic inspection is required
    • Configure Azure Firewall rules and policies
    • Secure a Virtual WAN hub with Azure Firewall
    • Knowledge check
    • Summary
  • Secure remote and hybrid connectivity using VPN gateways and Microsoft Entra Private Access
    • Introduction
    • Assess security risks in hybrid connectivity
    • Harden VPN gateway security
    • Replace broad VPN access with Microsoft Entra Private Access
    • Knowledge check
    • Summary
  • Eliminate public network exposure of Azure PaaS services
    • Introduction
    • Assess the risk of public PaaS endpoint exposure
    • Configure private endpoints to eliminate public PaaS exposure
    • Expose internal services securely using Azure Private Link service
    • Enforce and audit private endpoint adoption
    • Knowledge check
    • Summary

Tags

Reviews

Start your review of Implement network security controls in Azure

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.