Introduction

  • 3 minutes

This module equips administrators to secure public access, ensuring application and service confidentiality, integrity, and availability

Scenario

Imagine you're an Azure security specialist responsible for managing the security of Azure resources that are publicly accessible. Your organization relies on Azure services to deliver web applications and APIs to customers and partners in an increasingly complex threat landscape. With the rise of sophisticated attacks, API-based exploits, and the need for Zero Trust security principles, you must ensure that these resources are protected against evolving threats while maintaining high performance and availability. Your security strategy must balance accessibility with protection, implementing defense-in-depth measures that secure every layer of public-facing infrastructure.

Learning objectives

By the end of this module, participants are able to:

  • Plan and implement security strategies for public access to Azure resources, applying Zero Trust principles to protect against unauthorized access and data breaches.
  • Configure and manage Transport Layer Security (TLS) to secure applications, including Azure App Service and API Management, ensuring encryption of data in transit with modern protocols.
  • Design, implement, and manage an Azure Firewall, including Azure Firewall Manager and firewall policies, to protect network traffic and applications from threats.
  • Plan and implement an Azure Application Gateway to optimize the delivery, scalability, and security of web applications with intelligent traffic management.
  • Deploy and configure an Azure Front Door, including Content Delivery Network (CDN), to enhance the performance, availability, and security of globally distributed web applications.
  • Set up and manage a Web Application Firewall (WAF) to protect web applications from common web-based attacks.
  • Make informed recommendations on when to use Azure DDoS Protection to defend against distributed denial-of-service (DDoS) attacks and ensure service continuity.

Goals

The module aims to equip participants with the knowledge and expertise necessary to design, implement, and manage a comprehensive security strategy. The focus is on public access to Azure resources in today's threat landscape. Participants learn to apply defense-in-depth principles and Zero Trust security models to effectively secure web applications, APIs, and network traffic. By using these Azure security services, you ensure the availability and performance of critical services. You can protect against modern security threats, including sophisticated application-layer attacks, DDoS attempts, and emerging vulnerabilities.