Azure security

Azure Security Study Plan

Roadmap to build Azure Security capability from fundamentals to security engineering and operations.

Plan aligns with Microsoft security certifications including AZ-500 and the SC series.

Expected pace

8 weeks

Foundation to operations track.

Azure Fundamentals Identity and Access Management Platform Protection Security Operations Resources

Section 1

Azure Fundamentals

2 weeks

Start here if you are new to Azure.

Week 1-2: Cloud Basics (AZ-900 level)

Regions, Availability Zones, Subscriptions, and Resource Groups.

IaaS, PaaS, and SaaS in Azure context.

Compute services: VMs, App Service, and AKS.

Networking services: VNet, NSG, and Load Balancers.

Storage services: Blob, File, and Disk.

Shared Responsibility Model.

Azure Policy and Blueprints basics.

Microsoft Defender for Cloud free tier basics.

Section 2

Identity and Access Management

2 weeks

Identity is the new perimeter.

Week 3-4: Microsoft Entra ID (formerly Azure AD)

Users, groups, service principals, and managed identities.

Hybrid identity with Azure AD Connect.

RBAC: built-in roles, custom roles, and scopes.

Scope hierarchy: management group > subscription > resource group > resource.

Conditional Access by location, device state, and risk.

Privileged Identity Management (PIM).

MFA and passwordless authentication.

Identity Protection and risk detection.

Section 3

Platform Protection

2 weeks

Secure infrastructure and data.

Week 5-6: Network and Compute

NSGs vs ASGs.

Azure Firewall and Azure Firewall Manager.

DDoS Protection: Basic vs Standard.

Private Link and Service Endpoints.

VM security: Bastion, JIT access, and disk encryption.

AKS security: network policies and private clusters.

Key Vault for secrets, keys, and certificates.

Storage security: SAS tokens, access keys, and encryption.

SQL database security: TDE, firewall, and auditing.

Section 4

Security Operations

2 weeks

Monitor and respond to threats.

Week 7-8: Defender and Sentinel

Defender for Cloud CSPM and Secure Score.

Defender for Cloud CWP alerts for VMs, storage, SQL, and containers.

Microsoft Sentinel data source onboarding.

KQL basics for hunting.

Analytics rules and incident creation.

Automation with playbooks using Logic Apps.

Section 5

Resources

Certifications, learning paths, and labs for practice.

AZ-500: Azure Security TechnologiesCore certification

SC-900: Security, Compliance, and Identity Fundamentals

SC-200: Security Operations AnalystSentinel and Defender focus

SC-300: Identity and Access AdministratorEntra ID focus

Microsoft Learn: Azure Security Engineer Microsoft Learn: SC-200 Azure Citadel Microsoft GitHub Labs (AZ-500)