Explore digital courses

Implement account-level security controls and access governance for Azure Storage. Configure secure transfer settings, choose appropriate authorization models, apply stored access policies for SAS lifecycle management, and enforce Shared Key disable using Azure Policy.

Units in this learning path:

• Introduction
• Configure Storage Account Security
• Select Authorization Model
• Manage Stored Access Policies
• Disable Shared Key Enforce Policy
• Knowledge Check
• Summary

Products: Azure, Azure Storage, Azure Blob Storage

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security

Duration: 21 minutes

This module equips you to configure Azure's foundational security controls for AI workloads. You'll start by configuring Microsoft Entra ID security principals that define *who* and *what* can access your AI resources—from data scientists needing interactive workspace access to managed identities enabling secure service-to-service communication.

Units in this learning path:

• Introduction
• Configure Microsoft Entra Id Security Principals
• Implement Azure Governance Scopes AI Resources
• Apply Azure Policy Primary Governance
• Exercise Configure Secure AI Infrastructure
• Knowledge Check
• Summary

Products: Azure, Azure Machine Learning, Azure Machine Learning Studio, Azure Machine Learning Designer, Azure Data Science Vm

Roles: Data Scientist, Database Administrator, Business Owner, Administrator, Developer

Level: Intermediate

Subjects: Security, Cloud Security, Infrastructure, Information Protection Governance, Devops

Duration: 63 minutes

Implement security controls for Azure App Services and Web Application Firewall. Configure authentication, managed identities, VNet integration, and private endpoints for App Service, and deploy WAF policies on Azure Application Gateway to protect web workloads at the network edge.

Units in this learning path:

• Introduction
• Implement Security Controls Azure App Service
• Configure Web Application Firewall Policies
• Protect App Service Web Application Firewall
• Knowledge Check
• Summary

Products: Azure, Azure App Service, Azure Web Application Firewall, Azure Application Gateway

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security

Duration: 30 minutes

Implement security controls across Azure Container Registry, Azure Container Instances, and Azure Container Apps. Configure RBAC, private endpoints, and content trust for ACR; apply managed identities and virtual network integration for Container Instances; and enforce ingress controls, managed identities, and secrets management for Container Apps environments.

Units in this learning path:

• Introduction
• Secure Azure Container Registry
• Implement Security Controls Azure Container Instances
• Implement Security Controls Azure Container Apps
• Knowledge Check
• Summary

Products: Azure, Azure Container Registry, Azure Container Instances, Azure Container Apps, Defender For Cloud

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security, Containers

Duration: 28 minutes

Implement security controls for Azure Function apps and Logic apps. Configure authentication and authorization, managed identities, virtual network integration, and private endpoints for Function apps, and apply managed identity, connector security, and network isolation for Logic apps.

Units in this learning path:

• Introduction
• Configure Authentication Authorization Function Apps
• Secure Network Access Function Apps
• Implement Security Controls Logic Apps
• Knowledge Check
• Summary

Products: Azure, Azure Functions, Azure Logic Apps, Azure Key Vault

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security

Duration: 28 minutes

Implement security controls for Azure Kubernetes Service. Configure Microsoft Entra integration and Kubernetes RBAC for API server authentication and authorization, enforce network policies and private cluster access. Then apply workload identity and pod security standards to harden containerized workloads in Azure Kubernetes Service (AKS).

Units in this learning path:

• Introduction
• Control Kubernetes Cluster Access Entra
• Secure Kubernetes Network Access
• Implement Workload Identity Secrets Management
• Enforce Pod Container Security
• Knowledge Check
• Summary

Products: Azure, Azure Kubernetes Service, Defender For Cloud

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security, Containers

Duration: 31 minutes

Embed security controls into infrastructure as code pipelines to prevent noncompliant Azure resources from reaching production. Integrate IaC security scanning using Microsoft Defender for DevOps and the MSDO extension, and configure Azure Policy in a policy-as-code workflow to enforce security compliance at deployment time.

Units in this learning path:

• Introduction
• Scan Iac Templates Defender Devops
• Enforce Policy Compliance Iac Deployments
• Knowledge Check
• Summary

Products: Defender For Cloud, Azure Policy, Azure

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security, Devops

Duration: 23 minutes

Implement a defense-in-depth security strategy for AI workloads across Microsoft's AI platform. Configure data security posture management in Microsoft Purview, secure agent identities in Microsoft Entra, and analyze AI identity risks in Microsoft Defender XDR. Then, enable real-time agent protection in Microsoft Defender, configure AI Gateway security in Microsoft Foundry, manage guardrails, protect AI workloads with Defender for Cloud, and govern agents with Microsoft Agent 365.

Modules in this learning path:

• Secure Access Entra Agent Identity
• Analyze AI Identity Risks Defender Xdr
• Enable Realtime Protection Copilot Studio Agents
• Configure AI Gateway Security Foundry
• Azure AI Foundry Configure Manage Guardrails
• Defender for Cloud AI Protect Workloads
• Implement Defender Cloud AI Services
• Manage Agents Microsoft Agent 365
• Identify AI Data Risks Purview

Products: Microsoft Purview, Entra Id, Defender Xdr, Defender For Cloud Apps, Microsoft Foundry, Defender For Cloud, Azure

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security, Artificial Intelligence

Duration: 239 minutes

Implement end-to-end security for Azure SQL Database and SQL Managed Instance. Configure Entra ID authentication with managed identity access, deploy private endpoints, and apply encryption and access controls to protect sensitive financial data. Establish compliant audit trails and enable Microsoft Defender for Databases to detect SQL injection, anomalous access, and vulnerability exposures.

Modules in this learning path:

• Configure Azure SQL Platform Security
• Configure Azure SQL Auditing
• Implement Defender Databases

Products: Azure, Azure SQL Database, Azure SQL Managed Instance, Microsoft Defender

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security, Databases

Duration: 62 minutes

Implement a defense-in-depth security strategy for Azure Storage. Harden storage accounts, govern access with Microsoft Entra ID and stored access policies, enforce network perimeter controls using firewall rules and private endpoints, and enable Microsoft Defender for Storage to detect threats from malicious uploads and compromised AI agent credentials.

Modules in this learning path:

• Describe Azure Storage Services
• Implement Storage Account Security
• Configure Network Security Azure Storage
• Implement Defender Storage

Products: Azure, Azure Storage, Azure Blob Storage, Azure Files, Defender For Cloud

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security

Duration: 100 minutes

Implement layered security controls across Azure virtual machines and Arc-enabled hybrid servers. Configure disk encryption, Trusted Launch, Azure Bastion, Microsoft Defender for Servers, just-in-time VM access, and Azure Machine Configuration to close security gaps across your server estate.

Modules in this learning path:

• Implement Disk Encryption Azure Virtual Machines
• Configure Trusted Launch Azure Virtual Machines
• Plan Implement Azure Bastion
• Manage Security Azure Arc Servers
• Implement Microsoft Defender Servers
• Enable Enforce Just in Time Vm Access
• Enforce Vm Security Machine Configuration

Products: Azure Virtual Machines, Defender For Cloud, Azure Bastion, Azure Arc, Azure Key Vault, Azure

Roles: Security Engineer

Level: Intermediate

Subjects: Security, Cloud Security

Duration: 177 minutes

We will learn the different security models that Azure Cosmos DB uses.

Units in this learning path:

• Introduction
• Implement Network Level Access Control
• Review Data Encryption Options
• Use Role Based Access Control Rbac
• Access Account Resources Using Aad
• Understand Always Encrypted
• Exercise Store Account Keys Azure Key Vault
• Knowledge Check
• Summary

Products: Azure Cosmos Db

Roles: Developer

Level: Intermediate

Subjects: Security

Duration: 60 minutes