Skip to content
MCW Security baseline on Azure
JavaScript C# PowerShell HTML CSS Ruby Other
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
Hands-on lab Update HOL step-by step - Security baseline on Sep 14, 2019
Whiteboard design session

Security baseline on Azure

Contoso Ltd is a multinational corporation, headquartered in the United States that provides insurance solutions worldwide. Its products include accident and health insurance, life insurance, travel, home, and auto coverage. Contoso manages data collection services by sending mobile agents directly to the insured to gather information as part of the data collection process for claims from an insured individual. These mobile agents are based all over the world and are residents of the region in which they work. Mobile agents are managed remotely through regional corporate offices.

They are exploring a lift and shift strategy to Azure, but have a large focus on Azure Security and Privacy features.

Target audience

  • Cloud Administrators
  • Cloud Architects
  • Security Analysts
  • Security Architects



In this workshop, you will learn how to design an implementation of Azure Security Center and Microsoft Compliance Manager tools to ensure a secure and privacy-focused Azure cloud-based architecture.

At the end of this workshop, you will be better able to secure your cloud-based applications and services, while ensuring privacy standards are followed and your architecture is compliant.

Whiteboard design session

In this whiteboard design session, you will work with a group to design an end-to-end solution that leverages many of Microsoft Azure’s security features.

At the end of this session, you will be better able to design and recommend solutions that help organizations properly secure their cloud-based applications while protecting their sensitive data.

Hands-on lab

In this hands-on lab, you will implement many of the Azure Security Center features to secure their cloud-based Azure infrastructure (IaaS) and applications (PaaS). Specifically, you will ensure that any internet exposed resources have been properly secured and any non-required internet access disabled. Additionally, you will implement a “jump machine” for admins with Application Security enabled to prevent admins from installing non-approved software and potentially exposing cloud resources. You will then utilize custom alerts to monitor for TCP/IP Port Scans and then fire alerts and run books based on those attacks.

At the end of this hands-on lab, you will be better able to design and build secure cloud-based architectures, and to improve the security of existing applications hosted within Azure.

Azure services and related products

  • Azure Virtual Machines and Networks with Network Security Groups
  • Virtual Private Networks (Point to Point, Site to Site)
  • Azure Web Apps
  • Azure SQL DB and corresponding security features (Threat Detection, TDE, Column Level Encryption, etc.)
  • Azure Storage Encryption
  • SQL Server Virtual Machines
  • Azure IAM
  • Azure Monitor and Log Analytics
  • Azure Sentinel
  • Azure Policy
  • Power BI
  • Azure Security Center
  • Secure Score
  • Azure Key Vault Integrations
  • Microsoft Azure Active Directory
  • Microsoft Intune
  • Conditional Access controls

Azure solutions

Security and Management

Related References

You can’t perform that action at this time.