Skip to content

Details

This session will focus on how cloud security professionals can strengthen governance, reduce excessive permissions, protect critical backup data, and embed security controls into infrastructure deployment workflows.

As organizations continue to adopt Azure for business-critical workloads, security governance must go beyond policy documentation. It must be enforced through identity controls, backup protection, secure configuration, infrastructure-as-code validation, and continuous security posture improvement.

In Part 2 of this topic, we will explore how to apply practical cloud governance controls across Azure environments by focusing on:

  • Right-sizing RBAC role assignments using least-privilege principles
  • Identifying and remediating overprivileged access
  • Protecting Azure Backup data from accidental deletion, ransomware, and unauthorized administrative actions
  • Applying Azure Backup security features such as soft delete, vault immutability, Multi-User Authorization, Resource Guard, and RBAC controls
  • Embedding security checks into Infrastructure as Code workflows
  • Using Microsoft Defender for DevOps and Azure Policy to prevent noncompliant Azure resources from reaching production

## Learning paths covered

This session is based on the following Microsoft Learn modules:

  1. Manage and right-size RBAC role assignments for least privilege
  2. Protect backup data with Azure Backup security features
  3. Implement security controls in infrastructure as code

## What you will learn

By the end of this session, participants will understand how to:

  • Apply least-privilege access governance across Azure and Microsoft Entra ID
  • Assign Azure built-in roles at the right scope
  • Understand when custom roles may be required
  • Identify and reduce excessive permissions in Azure environments
  • Use Microsoft Entra access reviews and Defender for Cloud insights to support access governance
  • Protect backup recovery points using Azure Backup security features
  • Understand how soft delete, immutable vaults, Multi-User Authorization, and Resource Guard help protect backup data
  • Integrate security scanning into Infrastructure as Code workflows
  • Use Defender for DevOps and Azure Policy to support secure deployment pipelines
  • Strengthen governance and compliance through preventive, detective, and corrective security controls

## Who should attend?

This session is ideal for:

  • Cloud and AI Security Bootcamp participants
  • Azure security engineers
  • Cloud administrators
  • Identity and access management professionals
  • Security analysts
  • Infrastructure engineers
  • DevOps and platform engineers
  • Governance, risk, and compliance professionals
  • Learners preparing for the SC-500 Cloud and AI Security Engineer certification

Mentor: Oluwatosin Ajala (Azure IAM Expert)

## Why you should attend

Security governance is a core capability for every Cloud and AI Security Engineer. It helps organizations reduce risk, enforce standards, protect critical assets, and maintain stronger compliance across cloud environments.

This session will help participants connect governance concepts to real Azure security implementation patterns across identity, backup protection, and secure deployment workflows.

Come ready to learn, ask questions, and strengthen your practical understanding of Azure security governance and regulatory compliance.

Learn. Connect. Secure the Future.

Related topics

Cloud Security
Cybersecurity
Network Security
Cloud Services
Data Protection

You may also like