Summary and resources

In this module, you explored a range of network security features.

The main takeaways from this module are:

• Microsoft Defender for Cloud helps streamline the process for meeting network regulatory compliance requirements.

• Azure DDoS Protection protects resources in a virtual network. Protection includes virtual machine public IP addresses, load balancers, and application gateways. DDoS Protection can mitigate volumetric attacks, protocol attacks, and resource layer attacks. DDoS Protection offers two tiers: DDoS IP Protection, and DDoS Network Protection.

• A Network Security Group (NSG) in Azure allows you to filter network traffic to and from Azure resources in an Azure virtual network. An NSG contains default security rules that allow or deny inbound or outbound network traffic.

• Azure Firewall is a managed, cloud-based network security service that protects your Azure virtual network resources. Azure Firewall has three SKUs: Basic, Standard, and Premium. In the Azure Firewall, you can configure NAT rules, network rules, and applications rules.

• Azure Firewall Manager provides centralized configuration and management across multiple Azure Firewall instances. Azure Firewall Manager lets you create one or more firewall policies and rapidly apply them to multiple firewalls. Firewall Manager can provide security management for secured virtual hubs and hub virtual networks.

• Web Application Firewall provides centralized protection of your web applications from common exploits and vulnerabilities. There are two WAF policy modes: Detection and Prevention. WAF works with the Application Gateway, Azure Front Door Service, and the Azure CDN Service.

Learn more with Copilot

Copilot can assist you in configuring Azure infrastructure solutions. Copilot can compare, recommend, explain, and research products and services where you need more information. Open a Microsoft Edge browser and choose Copilot (top right) or navigate to copilot.microsoft.com. Take a few minutes to try these prompts and extend your learning with Copilot.

• Provide a description of common Azure network security features. Provide usage examples.

• List best practices for implementing Azure network security.

Learn more with self-paced training

• Introduction to Azure DDoS Protection. Learn how to guard your Azure services from a denial of service attack using Azure DDoS Protection.

• Configure network security groups. Learn how to implement network security groups, and ensure network security group rules are correctly applied.

• Introduction to Azure Firewall. Describe how Azure Firewall protects Azure virtual network resources. Topics include features, rules, and deployment options.

• Introduction to Azure Firewall Manager. Describe whether you can use Azure Firewall Manager to provide central security policy and route management. Evaluate whether Azure Firewall Manager can help secure your cloud perimeters.

• Introduction to Azure Web Application Firewall. Describe how Azure Web Application Firewall protects Azure web applications from common attacks.