Day 1 — Identity, Access and RBAC
Day 1 — Identity, Access and RBAC
Today we start with one of the most important security topics in cloud environments:
Who or what can do which action, on which resource, and at which scope?
In traditional environments, security often started with the network perimeter.
In cloud environments, identity is often the first perimeter.
Before we secure networks, storage accounts, APIs, pipelines or compliance controls, we first need to understand access.
Day 1 storyline
Today we follow one security improvement cycle.
The goal is not only to find a misconfiguration.
The goal is to understand why the misconfiguration matters, how it can be abused, and how to fix it without breaking the application.
What we will work with
During the labs, we use a small Azure environment.
The environment contains resources such as:
- an App Service for the backend API
- a Storage Account for the frontend
- a Key Vault
- logging and monitoring resources
- a managed identity for the backend application
Screenshot suggestion
Add a screenshot of the Azure resource group overview.
Suggested screenshot:
Azure Portal → Resource Groups → <student-resource-group> → OverviewHighlight the main resources:
- App Service
- Storage Account
- Key Vault
- Log Analytics Workspace
- Application Insights
Day 1 labs
| Lab | Focus |
|---|---|
| Lab 1.1 | Discover overprivileged access |
| Lab 1.2 | Demonstrate impact of excessive and incorrect permissions |
| Lab 1.3 | Fix the RBAC model |
| Lab 1.4 | Reflect using Zero Trust access thinking |
Teaching rhythm
Each topic is introduced in a small theory block.
short theory
→ lab
→ recap
→ next short theory
→ lab
→ recapThe theory before each lab gives just enough context to start.
The recap after each lab explains what the result means.