Skip to main content
Applicable Cloud Security
Setup
Environment Setup
Terraform Baseline Deployment
Manual Deployment
Content
Day 1 — Identity, Access and RBAC
Day 2 — Network and Data Security
Day 3 — DevSecOps and API Security
Day 4 — Monitoring and Threat Detection
Day 5 — Compliance, Policy & Automation
Challenges
Challenges
Content
Mitch Mommers
Less than 1 minute
Catalog
Day 1
After Lab 1.1 — Recap
After Lab 1.2 — Recap
After Lab 1.3 — Recap
Before Lab 1.1 — Identity and RBAC Primer
Before Lab 1.2 — Management Plane and Data Plane
Before Lab 1.3 — Least Privilege and Correct Privilege
Before Lab 1.4 — Zero Trust Access Thinking
Day 1 — Appendix
Day 1 — Identity, Access and RBAC
Day 1 Wrap-up — Identity as the First Perimeter
Day 2
After Lab 2.1 — Recap
After Lab 2.2 — Recap
After Lab 2.3 — Recap
After Lab 2.4 — Recap
After Lab 2.5 — Recap
After Lab 2.6 — Recap
Before Lab 2.1 — Public, Internal and Private Services
Before Lab 2.2 — Service-to-Service Exposure
Before Lab 2.3 — VNet, Subnets and Network Segmentation
Before Lab 2.4 — Private Endpoints and the Data Layer
Before Lab 2.5 — Protecting Key Vault with a Private Endpoint
Before Lab 2.6 — Network Security Groups
Before Optional Lab 2.x — Application Gateway and WAF
Before Optional Lab 2.x — Azure Bastion Management Path
Data Protection — Encryption and Storage Security
Day 2 — Appendix
Day 2 — Network and Data Security
Day 2 Wrap-up — What Is Reachable?
DDoS Protection
Theory — Next-Generation Firewalls (NGFW)
Theory — Service Endpoints vs Private Endpoints
Day 3
After Lab 3.1 — Recap
After Lab 3.2 — Recap
After Lab 3.3 — Recap
After Lab 3.4 — Recap
After Lab 3.5 — Recap
After Lab 3.6 — Recap
Azure DevOps Secure Files Theory
Before Lab 3.1 — Pipeline Identity and Secure Delivery
Before Lab 3.2 — Quality Gates: Type Checking and Tests
Before Lab 3.3 — Security Gates: Semgrep, Trivy, and SBOM
Before Lab 3.4: Infrastructure-as-Code Security with Checkov
Before Lab 3.5: API Security Testing with OWASP ZAP
Before Lab 3.6: Artifact Promotion, Environment Gates, and Rollback
CI/CD Fundamentals
Day 3 — DevSecOps and API Security
Day 3 Wrap-up — Secure Development Lifecycle
Deployment Strategies Theory
Git Flow and Release Tagging
Persistent vs Non-Persistent Resources
Pipeline Stages and Jobs
What is DevSecOps?
Day 4
After Lab 4.1 — Recap
After Lab 4.2 — Recap
After Lab 4.3 — Recap
After Lab 4.4 — Recap
After Lab 4.5 — Recap
After Lab 4.6 — Recap
After Lab 4.6 — Recap
Before Lab 4.1 — From Security Gates to Runtime Visibility
Before Lab 4.2 — Logs, Metrics, Traces, and Diagnostic Settings
Before Lab 4.3 — Application Telemetry and Correlation IDs
Before Lab 4.4 — Microsoft Sentinel on Top of Log Analytics
Before Lab 4.5 — KQL for Security Investigation
Before Lab 4.6 — From Query to Detection
Before Lab 4.7 — Dashboards and Operational Readiness
Day 4 — Monitoring and Threat Detection
Day 4 Wrap-up — Runtime Monitoring and Threat Detection
DevOps Security Monitoring
Theory — Alarm (Alert) Fatigue and Sentinel Tuning
Theory — Application Insights Fundamentals
Theory — Defender for Cloud (CSPM)
Theory — Security Operations Centers (SOC)
Theory — Sentinel Playbooks and SOAR
Day 5
After Lab 5.1 — Recap
After Lab 5.2 — Recap
After Lab 5.3 — Power Automate Approval Recap
After Lab 5.5 — Auto-Remediation Recap
After Lab 5.6 — Anomaly Detection Recap
Before Lab 5.1 — Discover & Fix Compliance Violations
Before Lab 5.2 — Policy Guardrails
Before Lab 5.3 — Power Automate Approval Flow
Before Lab 5.4 — The Power of Tags
Before Lab 5.5 — Auto-Remediation
Before Lab 5.6 — Anomaly Detection
Day 5 — Compliance, Policy & Automation
Day 5 Wrap-up — Compliance, Policy & Automation
Theory — Anomaly Detection in Cloud Security
Theory — Azure Policy
Theory — Compliance and Governance in the Cloud
Theory — Security Automation