Microsoft Azure Security – Study Notes

A collection of all my study notes and lab work while working towards passing the badge Microsoft Certified Security Engineer Associate by passing the AZ-500 exam

These notes are in no order and are not focused towards any exam content other than sharing my experience of configuring and automating security within Azure in the run up to the final exam.

  1. Azure – Setup Azure Blueprints
  2. Azure – Advisor
  3. Azure – AD Identity Protection
  4. Azure – Install and Configure Antimalware On A Virtual Machine
  5. Creating Security Baselines In Microsoft Azure
  6. Azure – Log Analytics Workspace and AzureVirtual Machine Agent Install
  7. Azure – Access Control and Role Assignment
  8. Azure – Configure Management Locks – Prevent Accidental Deletion Of Core Resources
  9. AZURE – Control Storage Access by Networks
  10. Azure – Update Management
  11. Azure – Monitoring Alert On Virtual Machine CPU Usage
  12. Azure – Register An Application in AD and Generate App Password
  13. Azure – Activity Log
  14. Azure – Route Tables – How To Force Traffic Down A Specific Route
  15. Azure – Content Trust in ACR and Roles
  16. Azure – Creating Key Vaults
  17. Azure – Create Kubernetes Cluster with ACR Integration
  18. Azure – Monitor / Alerts – Create Action Group to Notify Admin/User by SMS & Email
  19. Azure – Security Center and Pricing
  20. Azure Conditional Access Policies – Greyed Out
  21. Azure – Configure Web App Custom Domain and TLS
  22. Azure – Configure Web App and Licenses
  23. AZ-500: Microsoft Azure Security Technologies – EXAM PASSED!!!

Azure – Configure Web App Custom Domain and TLS

Under B1 license features you have the option to use Custom domain names and SSL.

These can be configured under app service > settings > Custom Domains

You will need to verify the ownership of the domain name entered. Follow the on screen instructions.

Under TLS/SSL settings

You can define HTTPS & Minimum TLS Version.

You can also import the .pfx or .cer Certificates from this area


Azure – Configure Web App and Licenses

Deploying a web application and the difference between an F1 Dev/Test Free license and a B1 Dev/Test/ Production license features

Reference material

https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

https://azure.microsoft.com/en-us/updates/app-service-and-functions-hosted-apps-can-now-update-tls-versions/

Prep – Lab Resource Group

Start in App Services. To create a basic test app in the free tier using I’m using the prep resource group – lab_study_2020

Deployment takes a minute or two, so patients before jumping to the next steps

Now you have a basic app running and accessible via a URL from the internet.

If you delete and recreate the app you can change the license options to include more advanced features, try selecting Production B1.

Dev/Test or Production B1 Features

  • Custom domain /SSL options
  • Manual Scale

Stop Web App, Delete Web App > Enter Web App name and Delete


Redeploy using B1 license for additional options


Now you will see additional options