Azure Network Security workshop
Details
In this hands‑on, architecture‑focused workshop, we will explore how to design and implement secure network architectures in Microsoft Azure, following Zero Trust and Defense in Depth principles and real‑world enterprise scenarios.
The session is intended for Azure administrators, cloud and security engineers, architects, and IT professionals who want to move beyond theory and understand how Azure network security is actually implemented in practice—from core building blocks to advanced services such as Azure Firewall, WAF, Private Link, and DDoS Protection.🧭 Workshop Agenda
1️⃣ Foundations & Security Architecture
Azure Network Security overview
Zero Trust security model
Verify explicitly
Use least‑privilege access
Assume breach
Defense in Depth in Azure
Mapping enterprise security requirements to Azure networking services
2️⃣ Virtual Network & Perimeter Security
Azure Virtual Network (VNet) design fundamentals
Hub‑and‑Spoke topology
Network segmentation and micro‑segmentation
Network Security Groups (NSGs)
Application Security Groups (ASGs)
User Defined Routes (UDRs) and Network Virtual Appliances (NVAs)
3️⃣ DDoS Protection & Traffic Control
DoS vs DDoS attacks – concepts and threats
Azure DDoS Protection (Basic vs Standard)
DDoS IP Protection vs Network Protection
Best practices for protecting internet‑facing workloads
4️⃣ Azure Firewall & Advanced Perimeter Controls
Azure Firewall Standard vs Premium
Azure Firewall policies and Azure Firewall Manager
Layer 3–7 traffic filtering (Network & Application rules)
Forced tunneling scenarios (VPN / Firewall)
Centralized firewall design for enterprise environments
5️⃣ Hybrid Connectivity & Secure Access
Site‑to‑Site VPN (S2S)
Point‑to‑Site VPN (P2S)
VNet‑to‑VNet connectivity
Azure ExpressRoute
ExpressRoute with IPsec encryption
Virtual WAN and Secured Virtual Hub
6️⃣ Private Access to Azure Services
Service Endpoints
Private Endpoints & Azure Private Link
Private connectivity for:
Azure SQL / SQL Managed Instance
Azure Storage
App Service and Azure Functions
Public vs Private exposure trade‑offs
7️⃣ Application Layer Security
Azure Application Gateway
Web Application Firewall (WAF)
Azure Front Door and CDN
TLS termination and secure application access
Multi‑layered application protection
8️⃣ Monitoring & Visibility
Azure Network Watcher
NSG Flow Logs
Traffic Analytics
Network troubleshooting and forensics
Achieving visibility across Azure network traffic
9️⃣ Live Demos & Labs (Hands‑On)
VNet peering
NSG and ASG configuration
Azure Firewall deployment
Routing and UDR scenarios
Real‑world troubleshooting examples