Implement Azure PaaS Security

Learn On Demand Pro Series

In this IT Pro Challenge, learners set up developer role-based access control (RBAC) to create and release a Microsoft Azure Web App with additional security, through a virtual network. System administrators, Network Engineers, Network Operations Specialists, and Cyber Defense Analysts benefit from enhanced security understanding.

1 hour
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


This hour-long IT Pro Challenge has intermediate learners secure account roles using role-based access control (RBAC) and applies added security to a web app, through a virtual network. Participants review Microsoft Azure administration, including adding user roles, creating a web app, creating a virtual network gateway, and integrating the web app within a virtual network, increasing safety.

These exercises implement Platform as a Service (PaaS) Security. The PaaS describes a cloud service environment where programmers can develop and deploy web applications. A PaaS context needs to secure accounts, apps, and data, and it is up to the customer to take care of these tasks. This lab prepares the learner to manage a PaaS securely.

Understanding the Scenario:

In this lab, you are an Azure administrator for a company that is migrating its primary web app from its on-premises datacenter to Azure. You need to allow developers to create and deploy an Azure web app, as a proof of concept. They need to be able to deploy the web app and integrate the web app with a virtual network for added security.

Configure Account Security by Using Role-based Access Control:

This lab portion instructs learners to add storage account, web plan, website, and network management roles to a developer account. Users need to know how to access the resource group provided by the lab (e.g., corp-datalod12285968), to be able to grant access.

Azure provides a list of built-in-roles such as network and web contributors. The contributor role lets a person manage resources as specified in the role name. Once learners set up correct access, they log in as the developer and create a storage account. Building a new storage account tests that the RBAC storage contributor permission.

Create an Azure Web App as a Developer:

After logging in as a developer with website and web plan contributor roles, you create a new web app and a web app service in this plan. You configure an external FTP and a GIT repository for web app development.

Setting up a new web app service gives a developer the ability to host and deploy web apps in a performant, secure, and compliant environment. The web service specifies the region hosting the computing services (e.g., West US, East US), the size of each virtual machine host, and the number of machines. This web app service defines the computing environment containing the new web app.

Integrate the Web app with an Azure Virtual Network for Added Security:

You create a new virtual network and add a gateway subnet and a virtual network gateway to secure your web app. You set the virtual network gateway tunnel types to IKEv2 and SSTP (SSL). IKEv2 or Internet Key Exchange version ensures network traffic’s safety through encryption. SSTP (SSL) stands for Secure Socket Tunneling Protocol, also ensures transmitted data stays encrypted. SSTP (SSL) secures online data and communications for Windows users.


In this IT Challenge, you implement Azure PaaS Security by using RBAC to configure account security. As the developer, allowed to manage web plans, websites, and networks, you put together a web app. Then you integrate this new web app with an Azure Virtual Network for additional security.