Azure Security Study Plan
This page is updated based on jassics/security-study-plan/azure-security-study-plan
This study plan is designed to help you master Azure Security, from foundational concepts to advanced security engineering and operations. It aligns with Microsoft certifications like AZ-500 and the SC series.
Also, I assume you have already checked and are comfortable with the Common Security Skills study plan.
ToC
- Azure Fundamentals - 2 weeks
- Identity and Access Management - 2 weeks
- Platform Protection - 2 weeks
- Security Operations - 2 weeks
- Resources
Azure Fundamentals
Duration: 2 weeks
Start here if you are new to Azure.
Week 1-2: Cloud Basics (AZ-900 level)
- Core Concepts:
- Regions, Availability Zones, Subscriptions, Resource Groups.
- IaaS, PaaS, SaaS in the Azure context.
- Core Services:
- Compute (VMs, App Service, AKS).
- Networking (VNet, NSG, Load Balancers).
- Storage (Blob, File, Disk).
- Basic Security:
- Shared Responsibility Model.
- Azure Policy & Blueprints basics.
- Microsoft Defender for Cloud (Free tier).
Identity and Access Management
Duration: 2 weeks
Identity is the new perimeter.
Week 3-4: Microsoft Entra ID (formerly Azure AD)
- Core Identity:
- Users, Groups, Service Principals, Managed Identities.
- Hybrid Identity (Azure AD Connect).
- Access Control:
- RBAC: Built-in roles, custom roles, scope (Management Group > Subscription > Resource Group > Resource).
- Conditional Access: Policies based on location, device state, risk.
- Identity Protection:
- PIM (Privileged Identity Management).
- MFA and passwordless auth.
- Identity Protection (risk detection).
Platform Protection
Duration: 2 weeks
Securing the infrastructure and data.
Week 5-6: Network & Compute
- Network Security:
- NSGs vs ASGs.
- Azure Firewall & Azure Firewall Manager.
- DDoS Protection (Basic vs Standard).
- Private Link & Service Endpoints.
- Compute & Container Security:
- VM security (Bastion, JIT access, Disk Encryption).
- AKS Security (network policies, private clusters) - see also this site's Kubernetes Security Study Plan.
- Data Security:
- Key Vault (Secrets, Keys, Certs).
- Storage Security (SAS tokens, Access Keys, Encryption).
- SQL Database Security (TDE, Firewall, Auditing).
Security Operations
Duration: 2 weeks
Monitoring and responding to threats.
Week 7-8: Defender & Sentinel
- Microsoft Defender for Cloud:
- CSPM (Cloud Security Posture Management) - Secure Score.
- CWP (Cloud Workload Protection) - alerts for VMs, Storage, SQL, Containers.
- Microsoft Sentinel (SIEM/SOAR):
- Connecting data sources.
- KQL (Kusto Query Language) basics for hunting.
- Creating Analytics Rules and Incidents.
- Automation with Playbooks (Logic Apps).
Resources
Certifications
- AZ-500: Azure Security Technologies (core certification)
- SC-900: Security, Compliance, and Identity Fundamentals
- SC-200: Security Operations Analyst (Sentinel/Defender focus)
- SC-300: Identity and Access Administrator (Entra ID focus)
Learning Paths
Labs & Practice
- Azure Citadel
- Microsoft GitHub Labs (search for AZ-500)
Practice next: this site's own Azure Security Overview, and jassics/security-interview-questions for interview prep (Azure-specific questions are on the roadmap for that repo).