October 9, 2018 Mayank Baweja

Pricing information

100 credits


8 Hours


Application developers

Cloud administrators

Cloud architects

Security architects


Azure Key Vault




Cosmos DB

Azure Search

Azure Security Center

Log Analytics

App Insights

Azure Monitor

App Service Environment

App Gateway with WAF

SQL Database

Azure Storage

Securing PaaS  – 8 HRS Hands-on Workshop

This workshop is designed to provide exposure to many of Microsoft Azure’s Platform-as-a-Service (PaaS) security features. The goal is to show a secure end-to-end solution that addresses concerns around sensitive data, controlling access to sensitive stores of information, controlling access to production systems and enabling secure processes for developers. In this hands-on-lab, you will design an end-to-end PaaS solution that combines many of Azure’s security features, while protecting sensitive data from both internal and external users


1 H

Creating and securing Azure Active Directory accounts

Create Azure Active Directory groups
Create Azure Active Directory accounts
Enable Azure Identity Protection features

2 H

Securing Azure Key Vault with Azure IAM

Create a new Azure Key Vault
Assign IAM based Azure Key Vault permissions
Assign access policy based Azure Key Vault permissions
Verify Azure Key Vault permissions

0.5 H

Azure deployments using Azure Key Vault

Create new secrets
Deploy an ARM template using Azure Key Vault resources

3 H

Securing the web application and database

Setup the database
Test the web application solution
Utilize data masking
Utilize column encryption with Azure Key Vault
Enable Azure SQL Auditing & Threat Detection
Ensure SQL Azure Transparent Data Encryption (TDE) is enabled

2 H

Migrating web.config settings to Azure Key Vault

Create an Azure Key Vault secret
Create an Azure Active Directory application
Assign the new Application Azure Key Vault permissions
Install NuGet packages
Test the solution

2 H

Securing PaaS web applications with App Service Environment and Web Application Firewal

Deploy web application to App Service Environment
Configure the Web Application Firewall
Enable Application Gateway logging
Attack a ASE Web Application with Detection Only
Enable Web Application Firewall Prevention
Reattack an ASE Web Application with Prevention enabled

2 H

Securing Azure Functions with Managed Service Identities

Create an Azure Function
Create a Managed Service Identity
Assign Managed Service Identity Azure Key Vault permissions
Test your Azure Function

0.5 H

Creating PaaS Audit and Compliance Power BI Reports

Export a Power Query formula from Log Analytics