Implement platform protection (35-40%)
Please complete the following course on LinkedIn Learning for intermediate knowledge of this exam objectives: Implementing platform protection in Azure
NOTE: In addition to the great content listed below, there are 20 Labs for you to follow on the AZ-500 GitHub site for this learning objective. WE STRONGLY RECOMMEND that you complete all the labs in order to be exam ready.
Implement network security
| Topic | Link |
|---|---|
| configure virtual network connectivity | What is Azure Virtual Network? |
| Complete all tutorials listed in this section | |
| Centralize your core services by using hub and spoke Azure virtual network architecture | |
| configure Network Security Groups (NSGs) | Network security groups |
| Create, change, or delete a network security group | |
| Secure and isolate access to Azure resources by using network security groups and service endpoints | |
| create and configure Microsoft Azure firewall | What is Azure Firewall? |
| Tutorial: Deploy and configure Azure Firewall using the Azure portal | |
| create and configure Azure Front Door service | What is Azure Front Door? |
| Quickstart: Create a Front Door for a highly available global web application | |
| create and configure application security groups | Application security groups |
| configure remote access management | Security management in Azure |
| configure baseline | Create security baselines |
Implement host security
| Topic | Link |
|---|---|
| configure endpoint security within the VM | Azure Virtual Machines security overview |
| Security best practices for IaaS workloads in Azure | |
| configure VM security | Secure your management ports with just-in-time access |
| harden VMs in Microsoft Azure | Security recommendations for Windows virtual machines in Azure |
| configure system updates for VMs in Microsoft Azure | Update Management solution in Azure |
| Manage updates and patches for your Azure VMs | |
| Keep your virtual machines updated | |
| LinkedIn Learning | Implement Platform Protection |
Configure container security
| Topic | Link |
|---|---|
| configure network | Control egress traffic |
| Secure traffic between pods | |
| configure authentication | Configure authentication |
| configure container isolation | Best practices for container image management and security |
| configure AKS security | Security concepts for applications and clusters in Azure Kubernetes Service (AKS) |
| Best practices for cluster security | |
| configure container registry | Tutorial: Deploy and use Azure Container Registry |
| implement vulnerability management | Secure the images and run time |
Implement Microsoft Azure Resource management security
| Topic | Link |
|---|---|
| create Microsoft Azure resource locks | Lock resources to prevent unexpected changes |
| manage resource group security | Security controls for Azure Resource Manager |
| configure Microsoft Azure policies | Tutorial: Create and manage policies to enforce compliance |
| Apply and monitor infrastructure standards with Azure Policy | |
| configure custom RBAC roles | Create and assign a custom role in Azure Active Directory |
| Create custom roles for Azure resources with role-based access control (RBAC) | |
| configure subscription and resource permissions | Elevate access to manage all Azure subscriptions and management Groups |
| Manage access to an Azure subscription by using Azure role-based access control (RBAC) |