Azure Platform Protection
The Azure Platform Protection Getting Started virtual lab, through IT Pro Challenge, introduces learners to securing virtual machines, networks, and applications. Exercises cover web app authentication, resource locks, and others. Learners gain IT security and cybersecurity basics for many jobs including, AWS Administrator and Azure Administrator.
Start acquiring and demonstrating fundamental skills and knowledge for Azure Platform Protection challenge virtual lab series. Beginners, upon completing this guided IT Pro Challenge lab, will provide Azure Platform Protection:
- Web app authentication and resource locks.
- Virtual network connectivity through peering.
- Application and network security groups
- Azure Disk Encryption.
Learners will gain fundamentals for the remaining Azure Platform Protection challenge series, upon completion of this the one and a half hour guided lab. By becoming comfortable configuring and testing security configurations through Azure, learners will get hands-on experience helpful for many jobs, such as AWS Administrator and Azure Administrator.
Configure Authentication for a Web App
Host web apps, securely in the cloud, by using Azure App service. Learners, through this capability, can deploy web apps safely through customized code by an authentication service, such as Azure, Facebook, Twitter or Google. Learners will create and deploy a web application and use Azure Active Directory to prompt validation prior to accessing the website. Learners will test authentication and authorization through using a private browser window.
Create Resource Locks on a Web App
Learners will manage what Azure resources can be modified or deleted by setting locks. Learners will validate, after completing lock configuration, they cannot update or remove resources as set in Azure. This lab will also show what happens upon removing the locks.
Configure Virtual Network Connectivity by Using Peering
Create and configure an isolated, secure virtual network on the Azure internal network. This exercise details one option through peering. Learners create two virtual networks, one for a web server and another for an application server. Bidirectional communication, between these paired networks, will be set and verified through Azure.
Create and Configure an Application Security Group
In this lab, learners will use Azure to allow appropriate access through a virtual network by creating an application security group and an associated network security group. First learners will create a virtual machine on the virtual network, configured through Azure. Then learners will create an application and an associated network security group. Using Azure to configure security rules, learners will make the application and network security groups safe. This exercise will finally guide the learners to test, through a login, that appropriate access, as configured, has been granted.
Configure Azure Disk Encryption
Learners will secure a virtual machine’s disk through setting up and testing Azure Disk Encryption. This exercise involves using Azure Key Vault and enabling the disk encryption through the created key vault, through Azure Disk Encryption. Azure capabilities include encryption key self-management through Azure Disk Encryption and Azure Key Vault. At the end of this exercise, learners will verify that the virtual OS disk has been successfully encrypted.
Upon completion of the Getting Started with Azure Platform Protection lab, learned will have successfully secured virtual applications and networks through configuring web app authorization, network peering, security groups and Azure Disk Encryption. Security set up, through Azure, will be verified by the learner after each configuration exercise has been completed. Learners will obtain and test their knowledge of security solutions in Microsoft Azure with adequate preparation for following Azure Platform Protection challenges.
- Skills: Microsoft Azure environment, authentication, Resource lock, virtual network connectivity, RDP, Virtual machines on Azure, Application security groups, Network security groups, Azure Disk Encryption.
- Time limit: 1h30 min
- Skill level: Guided/Beginner
- Work roles: System Administrator, Cyber Instructor, Software Developer, Secure Software Assessor, Product Support Manager, Cyber Defense Infrastructure Support Specialist, Security Control Assessor, Security Architect.