Introduction xixAssessment Test xxvChapter 1 Introduction to Microsoft Azure 1What Is Microsoft Azure? 3Cloud Environment Security Objectives 4Confidentiality 4Integrity 4Availability 5Nonrepudiation 5Common Security Issues 5Principle of Least Privilege 5Zero- Trust Model 6Defense in Depth 6Avoid Security through Obscurity 9The AAAs of Access Management 9Encryption 10End- to- End Encryption 11Symmetric Key Encryption 11Asymmetric Key Encryption 11Network Segmentation 13Basic Network Configuration 13Unsegmented Network Example 14Internal and External Compliance 15Cybersecurity Considerations for the Cloud Environment 16Configuration Management 17Unauthorized Access 17Insecure Interfaces/APIs 17Hijacking of Accounts 17Compliance 18Lack of Visibility 18Accurate Logging 18Cloud Storage 18Vendor Contracts 19Link Sharing 19Major Cybersecurity Threats 19DDoS 19Social Engineering 20Password Attacks 21Malware 21Summary 24Exam Essentials 24Review Questions 26Chapter 2 Managing Identity and Access in Microsoft Azure 29Identity and Access Management 31Identifying Individuals in a System 31Identifying and Assigning Roles in a System and to an Individual 32Assigning Access Levels to Individuals or Groups 33Adding, Removing, and Updating Individuals and Their Roles in a System 33Protecting a System's Sensitive Data and Securing the System 33Enforcing Accountability 34IAM in the Microsoft Azure Platform 34Creating and Managing Azure AD Identities 34Managing Azure AD Groups 37Managing Azure Users 39Adding Users to Your Azure AD 39Managing External Identities Using Azure AD 40Managing Secure Access Using Azure Active Directory 42Implementing Conditional Access Policies, Including MFA 44Implementing Azure AD Identity Protection 45Enabling the Policies 47Implement Passwordless Authentication 50Configuring an Access Review 52Managing Application Access 57Integrating Single Sign- On and Identity Providers for Authentication 57Creating an App Registration 58Configuring App Registration Permission Scopes 58Managing App Registration Permission Consent 59Managing API Permission to Azure Subscriptions 60Configuring an Authentication Method for a Service Principal 61Managing Access Control 62Interpret Role and Resource Permissions 62Configuring Azure Role Permissions for Management Groups, Subscriptions, Resource Groups, and Resources 63Assigning Built- In Azure AD Roles 64Creating and Assigning Custom Roles, Including Azure Roles and Azure AD Roles 65Summary 66Exam Essentials 67Review Questions 70Chapter 3 Implementing Platform Protections 73Implementing Advanced Network Security 75Securing Connectivity of Hybrid Networks 75Securing Connectivity of Virtual Networks 77Creating and Configuring Azure Firewalls 78Azure Firewall Premium 79Creating and Configuring Azure Firewall Manager 82Creating and Configuring Azure Application Gateway 82Creating and Configuring Azure Front Door 87Creating and Configuring a Web Application Firewall 91Configuring Network Isolation for Web Apps and Azure Functions 93Implementing Azure Service Endpoints 94Implementing Azure Private Endpoints, Including Integrating with Other Services 97Implementing Azure Private Link 98Implementing Azure DDoS Protection 101Configuring Enhanced Security for Compute 102Configuring Azure Endpoint Protection for VMs 102Enabling Update Management in Azure Portal 104Configuring Security for Container Services 108Managing Access to the Azure Container Registry 109Configuring Security for Serverless Compute 109Microsoft Recommendations 111Configuring Security for an Azure App Service 112Exam Essentials 118Review Questions 122Chapter 4 Managing Security Operations 125Configure Centralized Policy Management 126Configure a Custom Security Policy 126Create Custom Security Policies 127Creating a Policy Initiative 128Configuring Security Settings and Auditing by Using Azure Policy 129Configuring and Managing Threat Protection 130Configuring Microsoft Defender for Cloud for Servers (Not Including Microsoft Defender for Endpoint) 131Configuring Microsoft Defender for SQL 134Using the Microsoft Threat Modeling Tool 139Azure Monitor 147Visualizations in Azure Monitor 148Configuring and Managing Security Monitoring Solutions 149Creating and Customizing Alert Rules by Using Azure Monitor 149Configuring Diagnostic Logging and Retention Using Azure Monitor 157Monitoring Security Logs Using Azure Monitor 159Microsoft Sentinel 167Configuring Connectors in Microsoft Sentinel 170Evaluating Alerts and Incidents in Microsoft Sentinel 175Summary 176Exam Essentials 177Review Questions 179Chapter 5 Securing Data and Applications 183Configuring Security for Storage in Azure 184Storage Account Access Keys 185Configuring Access Control for Storage Accounts 185Configuring Storage Account Access Keys 189Configuring Azure AD Authentication for Azure Storage and Azure Files 191Configuring Delegated Access for Storage Accounts 202Configuring Security for Databases 220Summary 254Exam Essentials 255Review Questions 257Appendix A An Azure Security Tools Overview 261Chapter 2, "Managing Identity and Access on Microsoft Azure" 262Azure Active Directory (AD) 262Microsoft Authenticator App 265Azure API Management 265Chapter 3, "Implementing Platform Protections" 266Azure Firewall 266Azure Firewall Manager 267Azure Application Gateway 269Azure Front Door 273Web Application Firewall 273Azure Service Endpoints 274Azure Private Links 274Azure DDoS Protection 275Microsoft Defender for Cloud 276Azure Container Registry 277Azure App Service 278Chapter 4, "Managing Security Operations" 279Azure Policy 279Microsoft Threat Modeling Tool 281Microsoft Sentinel 287How Does Microsoft Sentinel Work? 289Automation 290Chapter 5, "Securing Data and Applications" 290Azure Key Vault 299Appendix B Answers to Review Questions 301Chapter 1: Introduction to Microsoft Azure 302Chapter 2: Managing Identity and Access in Microsoft Azure 303Chapter 3: Implementing Platform Protections 304Chapter 4: Managing Security Operations 305Chapter 5: Securing Data and Applications 306Index 309

ABOUT THE AUTHORSHIMON BRATHWAITE is Editor-in-Chief of securitymadesimple.org, a website dedicated to teaching business owners how to secure their companies and helping cybersecurity professionals start and advance their careers. He is the author of three cybersecurity books and holds CEH, Security+, and AWS Security specialist certifications.