O'Reilly logo
live online training icon Live Online training

Azure security fundamentals

Web Ops & Performance

Iain Foulds

Security is often a major concern as companies look to move to the cloud. Cloud platforms like Azure offer a number of security features above and beyond what traditional on-premises environments provide. Unfortunately, most available content on security in Azure focuses on specific components and features, while current training courses are too lightweight and are often quickly out-of-date since the Azure platform changes so much. This three-hour hands-on course gives you a fundamental understanding of managing security in Azure.

Expert Iain Foulds walks you through using Azure to help secure your workloads in the cloud, protect your data, and provide reliable services to your customers. You’ll explore key Azure security features and tools—including Azure Security Center, Azure DDoS, and Azure Update Management—that will help you solve problems when deploying workloads to the cloud. A lot of your current knowledge still applies to security in Azure; you just have to translate what you know into what Azure offers.

What you'll learn-and how you can apply it

By the end of this live, hands-on, online course, you’ll understand:

  • Why foundational security principles still apply in the cloud
  • The key Azure security features to simplify running workloads in the cloud
  • How automated tooling helps reduce the time needed to manage threats and helps you focus on other core tasks
  • Features and tools to solve problems when deploying workloads to the cloud

And you’ll be able to:

  • Define baselines or review compliance issues and recommendations using Azure Security Center
  • Secure virtual networks by enabling Azure DDoS protection for virtual networks and review potential threats
  • Keep virtual machines up-to-date and secure using Azure Update Management and Antimalware for Azure
  • Define and control access to resources using Azure Active Directory (AD) identities, Azure role-based access controls (RBAC), and Azure AD multifactor authentication (MFA)
  • Use Azure Policy or Azure Information Protection to define resource access or creation rules
  • Run workloads in Azure
  • Manage the security environment

This training course is for you because...

  • You want to use firewall rules and traffic filtering to control the flow of traffic to applications.
  • You want to automatically apply security updates and report on virtual machine compliance.
  • You want to secure access to applications and resources using secure identities or digital keys.


  • Basic understanding of cloud computing terms such as virtual machines and virtual networks.

Recommended preparation:

  • (Optional) Set up a free Azure trial account if you would like to follow along during the course exercises.
  • Watch the “Azure Service Overview” section in Azure - Introduction to Azure (video)

Recommended follow-up:

About your instructor

  • Iain Foulds is a senior content developer at Microsoft, focused on Azure technologies. He spent more than a decade in the field as an engineer building and running virtualization environments, including cloud solutions. At Microsoft since 2014, he supports and enables customers to successfully run workloads in Azure.


The timeframes are only estimates and may vary according to how the class is progressing

Introduction and core concepts (10 minutes)

  • Group discussion: Security concerns with running applications in the cloud; current Azure adoption or experience
  • Lecture: Existing experiences and security knowledge; how Azure is built on existing knowledge; Azure tools to reduce the administrative burden

Physical security (45 minutes)

  • Group discussion: Access controls for physical resources; securing traffic from your on-premises environment using Azure VPN Gateway or Express Route; securing network traffic; common services, protocols, and ports you may need to provide access to; securing access to your data
  • Lecture: Securing physical resources and data centers in Azure; limiting traffic and minimizing threats; network traffic filtering; data encryption
  • Hands-on exercise: Draw a high-level overview of how you would connect multiple locations in your environment
  • Q&A
  • Break (5 minutes)

Application-level security (30 minutes)

  • Group discussion: Digital keys versus identities for applications; backing up applications and servers; data retention and testing
  • Lecture: Storing secure data; secure application access using managed identities; hardware security module options; database encryption and resiliency; Azure Backup and Azure Site Recovery to back up, restore, and replicate data
  • Q&A
  • Break (5 minutes)

Azure value-add features for security (45 minutes)

  • Group discussion: Active Directory; Azure Active Directory; Office 365; deciding who gets access to which resources and its enforcement
  • Lecture: Azure Active Directory for integrated identity; Azure RBAC; resource locks; Azure Policy; Azure Update Management and Azure Antimalware
  • Q&A
  • Break (5 minutes)

Azure Security Center (30 minutes)

  • Group discussion: Receiving notifications when there’s a problem; remote connection to VMs
  • Lecture: Azure Security Center; aggregating and reviewing alerts and recommendations; just-in-time (JIT) access
  • Q&A

Wrap-up and Q&A (5 minutes)