Secure Azure application platform services for the cloud and AI security engineer

Microsoft via Microsoft Learn

Go to class Write review

Detect misconfigurations and runtime risks across container workloads using Microsoft Defender for Containers. Enable and configure the Defender for Containers plan, and assess container image vulnerabilities in Azure Container Registry. Then respond to runtime threat alerts and security posture recommendations for Azure Kubernetes Service (AKS) clusters.
After completing this module, you can:
- Describe the architecture and protection pillars of Microsoft Defender for Containers
- Enable and configure the Defender for Containers plan in Microsoft Defender for Cloud
- Evaluate container image vulnerability findings from Azure Container Registry (ACR) scanning
- Interpret runtime threat alerts and security posture recommendations for AKS clusters
Implement security controls for Azure Kubernetes Service. Configure Microsoft Entra integration and Kubernetes RBAC for API server authentication and authorization, enforce network policies and private cluster access. Then apply workload identity and pod security standards to harden containerized workloads in Azure Kubernetes Service (AKS).
After completing this module, you can:
- Configure Microsoft Entra ID integration and RBAC for AKS API server authentication and authorization
- Implement network security controls including private clusters, authorized IP ranges, and network policies
- Apply workload identity and managed identities to eliminate credential management for AKS workloads
- Enforce pod security standards and container access restrictions
Implement security controls across Azure Container Registry, Azure Container Instances, and Azure Container Apps. Configure RBAC, private endpoints, and content trust for ACR; apply managed identities and virtual network integration for Container Instances; and enforce ingress controls, managed identities, and secrets management for Container Apps environments.
After completing this module, you can:
- Implement access controls and network isolation for Azure Container Registry
- Configure security controls for Azure Container Instances workloads
- Apply ingress controls, managed identity, and secrets management for Azure Container Apps
Implement security controls for Azure Function apps and Logic apps. Configure authentication and authorization, managed identities, virtual network integration, and private endpoints for Function apps, and apply managed identity, connector security, and network isolation for Logic apps.
After completing this module, you can:
- Configure authentication and authorization controls for Azure Function apps
- Implement network access controls for Function apps including virtual network integration and private endpoints
- Apply managed identity, connector security, and network isolation for Azure Logic apps
Implement security controls for Azure App Services and Web Application Firewall. Configure authentication, managed identities, VNet integration, and private endpoints for App Service, and deploy WAF policies on Azure Application Gateway to protect web workloads at the network edge.
After completing this module, you will be able to:
- Implement authentication, managed identity, and network controls for Azure App Service
- Configure Web Application Firewall policies including managed rule sets and custom rules
- Integrate Web Application Firewall with App Service to enforce edge-layer protection
Implement security policies for backend API protection using Azure API Management. Configure subscription key management, JSON Web Token (JWT) validation, and OAuth 2.0 policies, and apply IP filtering and rate limiting. Then enforce mutual Transport Layer Security (mTLS) for secure backend API connections, and configure AI Gateway to secure and govern AI model endpoints.
After completing this module, you can:
- Configure API authentication and authorization policies including JWT validation and OAuth 2.0 with Microsoft Entra ID
- Implement network security controls including IP filtering, rate limiting, and virtual network integration for API Management
- Enforce backend connection security using client certificate authentication and mutual TLS
- Configure AI Gateway in API Management to secure and govern AI model endpoints

Syllabus

Detect container risks using Microsoft Defender for Containers
- Introduction
- Explore Microsoft Defender for Containers
- Enable and configure Defender for Containers
- Assess container image vulnerabilities
- Detect container runtime threats and misconfigurations
- Knowledge check
- Summary
Implement security controls for Azure Kubernetes Service
- Introduction
- Control AKS cluster access with Microsoft Entra ID and RBAC
- Secure AKS network access
- Implement workload identity and secrets management for AKS
- Enforce pod and container security
- Knowledge check
- Summary
Implement security controls for Azure Container Registry, Container Instances, and Container Apps
- Introduction
- Secure Azure Container Registry
- Implement security controls for Azure Container Instances
- Implement security controls for Azure Container Apps
- Knowledge check
- Summary
Implement security controls for Azure Function apps and Logic apps
- Introduction
- Configure authentication and authorization for Function apps
- Secure network access for Function apps
- Implement security controls for Logic apps
- Knowledge check
- Summary
Implement security controls for Azure App Services and Web Application Firewall
- Introduction
- Implement security controls for Azure App Service
- Configure Web Application Firewall policies
- Protect App Service with Web Application Firewall
- Knowledge check
- Summary
Implement API backend security using Azure API Management
- Introduction
- Configure API authentication and authorization policies
- Implement API network security and threat protection
- Secure API Management backend connections
- Configure AI Gateway in API Management for Azure AI Foundry
- Knowledge check
- Summary