Implement Azure PaaS Security Guided

The guided IT Pro Challenges virtual lab familiarizes beginners with how to create, set up deployment for, and secure a web app in Microsoft Azure. The lab's PaaS security skills advance a variety of IT career paths like System Administrator, Cyber Instructor, Software Developer, Secure Software Assessor, and Product Support Manager.

45 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


This 45-minute hands-on lab gives beginners time to verify the Microsoft Azure Platform as a Service (PaaS) resource. Learners start with creating a web app and setting up deployment from a public GitHub Repository. Learners then create an Azure Active Directory and use it to authenticate a web application.

Learners advancing their capabilities as System Administrators, Microsoft Azure Cloud Engineers, Cloud Systems Administrators, and Azure Administrators gain critical knowledge about the Azure PaaS and security best practices. Azure PaaS equips users to develop, deploy, and deliver web-based applications across the entire software lifecycle.

When administering Microsoft Azure PaaS, the host takes responsibility for securing data rights and ensuring appropriate access. Forcing all network connections to authenticate through the Azure Active Directory (AAD) requires user account validation to enter a security layer. Requiring encryption through HTTPS and using role-based access controls (RBAC) provides extra protection in code deployment to a web app.

Understanding the Scenario:

In this lab, you take the role as an Azure administrator for a company that is migrating its primary web app from its on-premises datacenter to Azure. You need to create and deploy an Azure web app supporting authentication by using Azure Active Directory, as a proof of concept. You have to deploy the web app, then modify and test the security configuration.

Create an Azure Web App:

In this module, you log into Microsoft Azure and build a web app with a new app service. The instructions advise using a Microsoft operating system for web services. Web services allow server and client applications to talk with one another regardless of the programming languages they speak. In this type of communication, machines call up pages and respond to these requests by transferring data. When you configure web services for a Windows OS, developers can leverage well-known programming frameworks like Java, .Net, and Python.

Deploy Code from a Public GitHub Repository:

Learners create deployment credentials and an external repository, attached to a Git repository. By following these steps, lab participants configure a centralized location for development. Participants prepare a Git repository storing the code for the web app. Git coordinates file changes and source code for the Web App. Learners also create user credentials to permit developers to deploy code to Git through using file transfer protocol (FTP).

Modify and Test App Service Security:

After setting up the development environment, learners make sure only HTTPS protocol can be used, enforcing network encryption. Participants also set up App Service Authentication through the AAD. The AAD required sign-in provides capabilities to validate user credentials, detect threats, and audit network communications.

Learners also assign a Managed Application reader role to an existing user and validate web app requested permissions. RBAC ensures that users can only get the information they need.


At the virtual lab's conclusion, learners know how to navigate around the Microsoft Azure environment and use its services as a development platform in the cloud. Participants see how Azure's active directory and HTTPs secure web apps developed in Azure PaaS. The learner has finished three lab exercises.

  • Creating an Azure web app.
  • Deploying code from a public GitHub repository.
  • Modifying and testing the web app for authentication by using an Azure Active Directory account.