Introduction

The network security perimeter is changing as more companies move to hybrid cloud or fully cloud-based environments. Protecting your organization's assets, resources, and data requires a layered approach to security that evolves with the threat landscape.

Threats can come from any direction: a volumetric DDoS attack that overwhelms your services, malicious network traffic trying to reach your virtual machines, or a web application targeted by SQL injection. Azure provides a range of infrastructure security services that you can combine to address these threats at multiple layers.

In this module, you explore the core infrastructure security services in Azure, from network-level protection to secure remote access and cryptographic key management.

After completing this module, you should be able to:

• Describe Azure DDoS Protection and the tiers available.
• Describe Azure Firewall and its key capabilities.
• Describe Web Application Firewall (WAF) and the types of attacks it protects against.
• Describe network segmentation with Azure Virtual Networks.
• Describe Azure Network Security Groups and how they filter network traffic.
• Describe Azure Bastion and how it provides secure remote access to virtual machines.
• Describe Azure Key Vault and how it helps manage secrets, keys, and certificates.