This course teaches IT Professionals to understand the challenges that organizations face in keeping modern IT environments secure, as the more distributed environments that are part of a cloud-first or hybrid world have rapidly created new security challenges for IT.
The course focuses on three key areas in the defense against attackers who target security vulnerabilities, resulting particularly from credential theft and compromised identities: Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), and Azure Active Directory Privileged Identity Management (PIM). Students learn to implement two-step verification to secure the sign-in process, as well has how to use advanced features like trusted IPs and Fraud Alerts with MFA to customize their identity access strategy. Using Privileged Identity Management, students learn how to apply just the right amount of access rights for just the right amount of time to the various administrative roles as well as to resources.
Audience profile:
This course is for Azure Administrators. Azure Administrators manage the cloud services that span storage, networking, and compute cloud capabilities, with a deep understanding of each service across the full IT lifecycle. They take end-user requests for new cloud applications and make recommendations on services to use for optimal performance and scale, as well as provision, size, monitor and adjust as appropriate. This role requires communicating and coordinating with vendors. Azure Administrators use the Azure Portal and as they become more proficient they use PowerShell and the Command Line Interface.
At course completion:
After completing this course, students will be able to:
- Use Azure RBAC to grant a granular level of access based on an administrator’s assigned tasks.
- Use Azure Multi-Factor Authentication to configure a strong authentication for users at sign-in.
- User Azure AD Privileged Identity Management to configure access rights based on just-in-time administration.
Prerequisites:
Successful Cloud Administrators start this role with experience on operating systems, virtualization, cloud infrastructure, storage structures, and networking.
Module 1: Introduction to Identity Protection in Azure
In this module, you’ll learn about Role-Based Access Control as the foundation to organizing and managing an organization’s administrative access based on the principle of least privilege. You will also review Azure Active Directory concepts, as well as gaining insight into the threat landscape and security risks that are exposed to IT organizations through breach of privileged access.
Lessons
- Role-Based Access Control
- Azure Active Directory (Refresher)
- Protecting Privileged Access in the Environment
After completing this module, students will be able to:
- Use Azure RBAC to grant a granular level of access based on an administrator’s assigned tasks.
Module 2: Using Multi-Factor Authentication for Secure Access
In this module, you’ll learn about securing the sign-in process through Multi-Factor Authentication (MFA). You’ll learn how MFA works and the differences in implementation between on-premises and cloud scenarios. You’ll also learn about using conditional access policies to provide more fine-grained control over apps and resources in your environment.
Lessons
- Introducing Multi-Factor Authentication
- Implementing MFA
After completing this module, students will be able to:
- Use Azure Multi-Factor Authentication to configure a strong authentication for users at sign-in.
Module 3: Azure AD Privileged Identity Management
In this module, you’ll learn how to use Azure Privileged Identity Management (PIM) to enable just-in-time administration and control the number of users who can perform privileged operations. You’ll also learn about the different directory roles available as well as newer functionality that includes PIM being expanded to role assignments at the resource level.
Lessons
- Getting Started with PIM
- PIM Security Wizard
- PIM for Directory Roles
- PIM for Role Resources
After completing this module, students will be able to:
- User Azure AD Privileged Identity Management to configure access rights based on just-in-time administration.
Module 4: Lab-Secure Identities
This module is provided to give you hands-on experience with the information provided in the course.
Lab : Secure Identities
- Deploy an Azure VM by using an Azure Resource Manager template.
- Create Azure AD users and groups.
- Delegate management of Azure resources by using custom Role-Based Access Control (RBAC) roles.
- Delegate management of Azure AD by using Privileged Identity Management directory roles.
- Delegate management of Azure resources by using Privileged Identity Management resource roles.
After completing this module, students will be able to:
- Deploy an Azure VM by using an Azure Resource Manager template.
- Create Azure AD users and groups.
- Delegate management of Azure resources by using custom Role-Based Access Control (RBAC) roles.
- Delegate management of Azure AD by using Privileged Identity Management directory roles.
- Delegate management of Azure resources by using Privileged Identity Management resource roles.
AZ 101T04 Secure Identities