AZ-900T0x_Module 04: Security

Connect your VMs to Azure Sentinel.

Create an application control rule in Azure Security Center.

Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn't be running.

Collect security data in Azure Sentinel.

Build a custom tool that collects security data, and displays a report through a web application.

Look through each security log daily and email a summary to your team.

Place the certificates on a network share.

Store them on a VM that's protected by a password.

Store the certificates in Azure Key Vault.

Configure the network to ensure that VMs on the same physical host are isolated.

Configure the network to ensure that VMs on the same physical host are isolated.

Run the VMs on Azure Dedicated Host.

Azure Firewall

Network security groups

Azure DDoS Protection

Configure Azure DDoS Protection to limit network access to trusted ports and hosts.

Create application rules in Azure Firewall.

Ensure that all running applications communicate with only trusted ports and hosts.

Allocate each VM on its own virtual network.

Create a network security group rule that prevents access from another VM on the same network.

Configure Azure DDoS Protection to limit network access within the virtual network.