Skip to content

Azure Security Study Plan

This page is updated based on jassics/security-study-plan/azure-security-study-plan

This study plan is designed to help you master Azure Security, from foundational concepts to advanced security engineering and operations. It aligns with Microsoft certifications like AZ-500 and the SC series.

Also, I assume you have already checked and are comfortable with the Common Security Skills study plan.

ToC

  1. Azure Fundamentals - 2 weeks
  2. Identity and Access Management - 2 weeks
  3. Platform Protection - 2 weeks
  4. Security Operations - 2 weeks
  5. Resources

Azure Fundamentals

Duration: 2 weeks

Start here if you are new to Azure.

Week 1-2: Cloud Basics (AZ-900 level)

  1. Core Concepts:
  2. Regions, Availability Zones, Subscriptions, Resource Groups.
  3. IaaS, PaaS, SaaS in the Azure context.
  4. Core Services:
  5. Compute (VMs, App Service, AKS).
  6. Networking (VNet, NSG, Load Balancers).
  7. Storage (Blob, File, Disk).
  8. Basic Security:
  9. Shared Responsibility Model.
  10. Azure Policy & Blueprints basics.
  11. Microsoft Defender for Cloud (Free tier).

Identity and Access Management

Duration: 2 weeks

Identity is the new perimeter.

Week 3-4: Microsoft Entra ID (formerly Azure AD)

  1. Core Identity:
  2. Users, Groups, Service Principals, Managed Identities.
  3. Hybrid Identity (Azure AD Connect).
  4. Access Control:
  5. RBAC: Built-in roles, custom roles, scope (Management Group > Subscription > Resource Group > Resource).
  6. Conditional Access: Policies based on location, device state, risk.
  7. Identity Protection:
  8. PIM (Privileged Identity Management).
  9. MFA and passwordless auth.
  10. Identity Protection (risk detection).

Platform Protection

Duration: 2 weeks

Securing the infrastructure and data.

Week 5-6: Network & Compute

  1. Network Security:
  2. NSGs vs ASGs.
  3. Azure Firewall & Azure Firewall Manager.
  4. DDoS Protection (Basic vs Standard).
  5. Private Link & Service Endpoints.
  6. Compute & Container Security:
  7. VM security (Bastion, JIT access, Disk Encryption).
  8. AKS Security (network policies, private clusters) - see also this site's Kubernetes Security Study Plan.
  9. Data Security:
  10. Key Vault (Secrets, Keys, Certs).
  11. Storage Security (SAS tokens, Access Keys, Encryption).
  12. SQL Database Security (TDE, Firewall, Auditing).

Security Operations

Duration: 2 weeks

Monitoring and responding to threats.

Week 7-8: Defender & Sentinel

  1. Microsoft Defender for Cloud:
  2. CSPM (Cloud Security Posture Management) - Secure Score.
  3. CWP (Cloud Workload Protection) - alerts for VMs, Storage, SQL, Containers.
  4. Microsoft Sentinel (SIEM/SOAR):
  5. Connecting data sources.
  6. KQL (Kusto Query Language) basics for hunting.
  7. Creating Analytics Rules and Incidents.
  8. Automation with Playbooks (Logic Apps).

Resources

Certifications

  • AZ-500: Azure Security Technologies (core certification)
  • SC-900: Security, Compliance, and Identity Fundamentals
  • SC-200: Security Operations Analyst (Sentinel/Defender focus)
  • SC-300: Identity and Access Administrator (Entra ID focus)

Learning Paths

Labs & Practice

Practice next: this site's own Azure Security Overview, and jassics/security-interview-questions for interview prep (Azure-specific questions are on the roadmap for that repo).