Course 29 - AZ-500 Microsoft Azure Security Technologies | Episode 14: Securing Data and Applications in Microsoft Azure

OverviewFocus: Protecting cloud data and applications using Azure-native tools.Balance of theory (security principles, SDLC) and hands-on labs for exam readiness.1. Database and Storage SecurityAzure Cosmos DBDefense-in-Depth:Network: Firewalls, Virtual NetworksEncryption: At rest & in transitAuthorization:Master Keys (full access, high risk)Resource Tokens (time-bound, limited access for untrusted clients)Azure Data Lake (Gen 2)Hierarchical Namespace: Supports structured, fine-grained accessPOSIX-style ACLs: Manage permissions on files & directoriesAzure AD Authentication: Ensures secure query execution for services like Data Lake Analytics2. Application Security and LifecycleSecure SDLC PracticesThreat modeling during design phaseStatic and dynamic code analysis for vulnerabilities (e.g., SQL injection)Security champions embedded in agile teamsAzure App Service SecurityAuthentication & Access Control: OAuth 2.0, RBACSecrets Management: Azure Key Vault integrationInfrastructure Protection:Web Application Firewall (WAF)Azure DDoS Protection (Basic & Standard tiers) for layer 7 and volumetric attacks3. Practical Implementation & Exam PrepCosmos DB Labs: SQL queries, diagnostic logging, SAS token managementApp Service Labs: Custom domain setup, SSL/TLS bindingExam-Style Scenarios:Revoking compromised SAS tokensAssigning database roles to Azure AD usersEnsuring proper access segregation and secure network configurationKey TakeawaysApply defense-in-depth at database, storage, and application layersPrefer resource-limited access over full-access keys for securityIntegrate SDLC security practices and Azure-native protection servicesPractice hands-on labs to reinforce exam-relevant configurationsYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy