SC-500 : Implement end‑to‑end security controls for cloud and AI workloads

SC-500 : Implement end‑to‑end security controls for cloud and AI workloads


  Intermediate

Regular Price : $2400.00
Offer Price :$1999.00

Course Overview

This course prepares you to design, implement, and manage end-to-end security controls across Microsoft Azure and Microsoft 365 environments — including the emerging landscape of AI workloads and autonomous agents. Through a combination of instructor-led sessions and hands-on labs, you build practical skills in identity security, cloud infrastructure protection, threat detection, and posture management. This course is intended for security engineers who are responsible for planning and implementing security controls across cloud, hybrid, and multi-cloud environments using Microsoft security technologies.

Course Outline

Learning path 1: Identity Governance and Access Control

          

  • The Standing Access Problem

  • Privileged Identity Management (PIM)

  • Entra Agent IDs and Managed Identity

  • Conditional Access — Beyond Security Defaults

  • Entra ID Protection and Sign-In Risk

  • Risk-Based CA Policy Structure

  • App Registration Model

 

Learning Path 2: Securing Azure Key Vault

 

  • The AI secrets problem and risk model

  • Key Vault object types: secrets, keys, certificates

  • RBAC versus access policies

  • Managed identity secret access flow

  • Network controls, soft delete, and purge protection

  • Defender for Key Vault and mention-only exam topics

 

Learning Path 3: Security Governance and Role Management

 

  • Compliance audit scenario and governance goals

  • Azure Policy model and policy effects

  • Compliance dashboard and policy deployment via Bicep

  • RBAC scope hierarchy and role assignment model

  • Built-in versus custom roles

  • Overprivileged access detection and resource locks

 

Learning Path 4: Security for Azure Storage Accounts

  • Storage Accounts – default configuration

  • Storage Firewall

  • Data plane versus Management plane

  • SAS tokens

  • Stored access policies

  • Storage service encryption

  • Defender for Storage

 

Learning Path 5: Security for Azure Databases

  • Common Database security faults

  • SQL Authentication versus Microsoft Entra ID Authentication

  • Migration to Entra Authentication

  • Azure SQL Firewall

  • Azure Private Link

  • Azure SQL auditing

  • Microsoft Sentinel Events logging

  • Defender for Databases

 

Learning Path 6: Security for Azure Networking

  • Common issue – Subnet sitting on the Internet

  • Network Security Groups (NSG)

  • NSG – Defaults and Rule Sets

  • Application Security Groups (ASG)

  • Azure Firewall

  • Hub and Spoke Topology

  • Service Endpoints versus Private Endpoints

  • Microsoft Entra Private Access versus VPN

  • Network Watcher

 

Learning Path 7: Security for Servers and Virtual Machines

  • Common security scenario with Servers and VMs

  • Just-in-Time (JIT)

  • Azure Arc

  • Defender for Servers

  • Agent based versus Agentless scanning

  • Finding vulnerabilities

  • Server disk encryption

  • Other exam related topics

 

Learning path 8: AI data risk and exposure with Microsoft Purview DSPM

          

  • Data exposure challenge

  • Potential AI risk with data exposure

  • Purview DSPM

  • Find potential risks

  • SharePoint oversharing

  • Reviewing Purview DSPM findings

  • Remediation

  • Other topics

 

Learning Path 9: AI agent identity and access security in Microsoft Entra

 

  • Common security scenario with AI Agents

  • Defining Microsoft Entra Agent ID

  • Agent ID versus Workload ID

  • What happens if an Agent ID is compromised?

  • Defender XDR

  • Specific Agent Identity concepts

  • MFA and Agent ID?

  • What Conditional Access covers

  • Entra Agent ID governance and Microsoft 365

 

Learning Path 10: Microsoft Foundry and AI Gateway Security

 

  • Common security issues with Microsoft Foundry

  • API risks to AI Endpoints

  • Prompt injection attacks

  • API Gateway

  • Two layer defense model

  • Gateway controls and Foundry guardrails

  • Defender for AI Services

  • Supplemental exam topics

 

Learning Path 11: AI Security Monitoring with Defender for Cloud

  • Defender for Cloud – Security Dashboard

  • Risks and Recommendations

  • Interpret Severity

  • Monitoring Posture

  • AI Focused dashboard versus Unified Defender for Cloud dashboard

 

Learning Path 12: Security for Application Platform Services

  • Common security scenario with container – monitoring

  • Container threat model

  • Defender for Containers

  • Container registry security

  • Container network security

  • AKS process flow for security implementation

  • Common security scenario – API exposure

  • Web Application Firewall (WAF)

  • Shared security controls for Apps and APIs

  • Gateway policies for Apps and APIs

  • Other exam related topics discussion

 

Learning Path 13: Defender for Cloud Security Posture Management

  • Security dashboard

  • Secure Score

  • Alerts versus Recommendations

  • Regulatory Dashboard and Standards

  • Key Vault security value

  • CSPM Secret Scanning

  • Remediation

  • Secure Score for AWS and GCP

  • CSPM depth plans versus security defaults

  • Other exam related topics

 

Learning Path 14: Microsoft Sentinel Data Collection and Configuration

  • Microsoft Sentinel architecture

  • What is a connector

  • Connect health and status

  • Defender XDR connector

  • Automation rules

  • Sentinel Playbooks and Azure Logic Apps

  • Sentinel configuration process

  • Other exam related topics

 

Learning Path 15: Microsoft Security Copilot Configuration

  • Security Copilot – Standalone versus Embedded Experience

  • What is a Security Compute Unit (SCU)

  • Least Privileged – Security Copilot Roles

  • Data and Privacy settings

  • Security PlugIns

  • Automate Security Copilot tasks

  • Other exam related topics

Course Objectives

By the end of this course, learners will be able to:

 

  • Secure access to resources using Microsoft Entra ID, Conditional Access, Privileged Identity Management (PIM), and Azure Key Vault.

  • Implement identity, access, and governance controls across Azure and Microsoft 365 environments.

  • Secure storage, databases, networking, and cloud infrastructure resources.

  • Protect virtual machines, containers, applications, and AI workloads.

  • Configure and manage Microsoft Defender for Cloud and Microsoft Defender XDR for threat protection and workload security. 

  • Implement security controls and governance for AI-enabled applications, agents, and cloud services

  • Manage and monitor security posture using Microsoft security solutions and best practices. 

  • Use Microsoft Security Copilot and security operations tools to strengthen detection and response capabilities.

Pre-requisites

Before attending this course, learners should have:

 

  • Practical experience administering Microsoft Azure environments. 

  • Experience managing hybrid cloud environments, including compute, networking, and storage services.

  • Strong familiarity with Microsoft Entra ID and identity management concepts.

  • Working knowledge of Microsoft 365 administration. 

  • Understanding of core cloud security concepts including identity, networking, application, data, and compute security. 

  • Familiarity with Azure security and governance services is recommended.

For any custom schedule, please email us at info@gtechlearn.com or Call us at 1-844-355-9898(Toll Free - North America) or 1800 212 9096 (Toll Free - India)


This course includes:

  • Official MS Learn Courseware
  • Exam Preps
  • Achievement Badge from Microsoft
  • Course Completion Certificate
  • Post Training Support
  • Experienced & Certified Instructors
  • Train from AnyWhere
  • Interactive Hands-On Labs
  • Personalized Learning Plans
  • Flexible Scheduling
  • Accredited Training
  • Cost-Effective Pricing

  • Need an expert opinion? Contact us today!    CONTACT US NOW