This learning path guides you in securing Azure services and workloads using Microsoft Cloud Security Benchmark controls in Microsoft Defender for Cloud via the Azure portal. 

Prerequisites

None

Modules in this learning path

Examine Defender for Cloud regulatory compliance standards

In this module, we will focus on using Microsoft Defender for Cloud to streamline regulatory compliance by identifying and addressing issues that hinder meeting compliance standards and certifications.

• Introduction
• Regulatory compliance standards in Defender for Cloud
• Microsoft cloud security benchmark in Defender for Cloud
• Improve your regulatory compliance in Defender for Cloud
• Knowledge check
• Summary

Enable Defender for Cloud on your Azure subscription

In this module, we will focus on enabling Microsoft Defender for Cloud on your Azure subscription to enhance security monitoring, compliance management, and threat protection for your cloud-based applications.

• Introduction
• Connect your Azure subscriptions
• Exercise - Configuring Microsoft Defender for Cloud for Enhanced Protection
• Knowledge check
• Summary

Filter network traffic with a network security group using the Azure portal

In this module, we will focus on filtering network traffic using Network Security Groups (NSGs) in the Azure portal. Learn how to create, configure, and apply NSGs for improved network security.

• Introduction
• Azure resource group
• Azure Virtual Network
• How network security groups filter network traffic
• Application security groups
• Exercise - Create a virtual network infrastructure
• Knowledge check
• Summary

Create a Log Analytics workspace

In this module, you'll discover how to create a Log Analytics workspace in the Azure portal for Microsoft Defender for Cloud, improving data collection and security analysis.

• Introduction
• Log Analytics workspace
• Exercise - Create a Log Analytics workspace
• Knowledge check
• Summary

Collect guest operating system monitoring data from Azure and hybrid virtual machines using Azure Monitor Agent

This module will guide you on how to deploy and manage Azure Monitor Agent, configure Data Collection Rules, and integrate it with Microsoft Defender for Cloud for enhanced security.

• Introduction
• Deploy the Azure Monitor Agent
• Collect data with Azure Monitor Agent
• Exercise - Create a data collection rule and install the Azure Monitor Agent
• Knowledge check
• Summary

Explore just-in-time virtual machine access

In this module, we'll focus on the risk of open management ports on virtual machines and how JIT VM access in Microsoft Defender for Cloud mitigates this threat.

• Introduction
• Understand just-in-time virtual machine access
• Enable just-in-time access on virtual machines
• Exercise - Enable just-in-time access on virtual machines
• Knowledge check
• Summary

Configure Azure Key Vault networking settings

In this module, you'll learn to configure Azure Key Vault networking settings via the Azure portal, ensuring secure and controlled access to your stored secrets.

• Introduction
• Azure Key Vault basic concepts
• Best practices for Azure Key Vault
• Azure Key Vault network security
• Configure Azure Key Vault firewalls and virtual networks
• Exercise - Configure Key Vault networking settings
• Azure Key Vault soft delete overview
• Virtual network service endpoints for Azure Key Vault
• Exercise - Enable soft delete in Azure Key Vault
• Knowledge check
• Summary

Connect an Azure SQL server using an Azure Private Endpoint using the Azure portal

This module will guide you on securely connecting an Azure SQL server via Azure Private Endpoint in the Azure portal, enhancing data communication security.

• Introduction
• Azure Private Endpoint
• Azure Private Link
• Exercise - Connect to an Azure SQL server using an Azure Private Endpoint using the Azure portal
• Knowledge check
• Summary