| Module 1: Understand how Microsoft Defender for Cloud supports AI security and governance in Azure |
| Microsoft Defender for Cloud plays a central role in securing AI workloads across Azure. Learn how Microsoft Defender for Cloud supports AI security across Azure. Explore the layers of an AI workload, the unique risks AI systems introduce, and the guardrails that protect model inputs and outputs. See how Microsoft Purview, Microsoft Entra ID, and Microsoft Foundry work together to support a unified security and governance strategy. |
| Lessons: |
|
|
- How Azure security and governance tools support AI workloads
|
- Understand AI services in Azure
|
|
- Understand AI security risks in Azure
|
|
- AI guardrails and protections in Azure
|
|
| Module 2: Protect AI workloads with Microsoft Defender for Cloud |
| Microsoft Defender for Cloud helps secure AI workloads by combining discovery, posture management, and runtime protection in one platform. You’ll learn how to enable the AI workloads plan, review insights in the Data & AI security dashboard, assess posture using Cloud Security Posture Management (CSPM), detect runtime threats with Cloud Workload Protection (CWP), and investigate incidents in Microsoft Defender XDR. These capabilities work together to identify configuration gaps, detect suspicious behavior, and provide end-to-end visibility across your AI environments. |
| Lessons: |
|
|
- Detect AI threats at runtime with Cloud Workload Protection (CWP)
|
- Enable the AI workloads plan
|
- Investigate AI security alerts with prompt evidence in Microsoft Defender XDR
|
- Review insights in the Data & AI security dashboard
|
|
- Assess and improve AI security posture with Cloud Security Posture Management (CSPM)
|
|
| Module 3: Configure and manage guardrails in Microsoft Foundry |
| Microsoft Foundry guardrails help secure AI workloads by applying configurable safety controls that evaluate both prompts and responses. You’ll learn how to understand built-in safety models, test and refine guardrails, create blocklists, configure content filters, and validate that protections work as intended. These capabilities help organizations prevent unsafe or policy-violating interactions, protect sensitive data, and maintain trust in AI-assisted applications. |
| Lessons: |
|
|
- Create and manage blocklists in Microsoft Foundry
|
- Understand guardrails and Microsoft Content Safety
|
- Configure and apply guardrails in Microsoft Foundry
|
- Understand safety controls in Microsoft Foundry
|
- Choose and refine the right guardrails for your AI workloads
|
- Try out built-in guardrails
|
|
| Module 4: Secure Microsoft Foundry environments |
| To secure Microsoft Foundry environments requires layered protections that control access, safeguard credentials, isolate network communication, and maintain visibility across connected resources. The approach includes defining access boundaries with Microsoft Entra ID and project roles, and integrating Key Vault for secret management. It also uses managed virtual networks, Private Link, and diagnostic logging to maintain privacy, visibility, and compliance. These practices create secure, traceable AI environments that support collaboration without compromising protection. |
| Lessons: |
|
|
- Isolate networks with managed virtual network and Private Link
|
- Control access to Microsoft Foundry with Microsoft Entra ID
|
- Enable diagnostic logging in Microsoft Foundry
|
- Manage access within Microsoft Foundry projects
|
|
- Secure Microsoft Foundry secrets with Azure Key Vault (preview)
|
|
| Module 5: Understand identity architecture for AI workloads |
| Identity architecture defines who can deploy, invoke, and manage AI workloads in Azure. Microsoft Entra ID governs access across management and data planes, authentication flows establish trust boundaries for AI endpoints, and role scope decisions determine blast radius. Identity types, role assignments, and scope boundaries shape AI security outcomes long before enforcement controls are applied. |
| Lessons: |
|
|
- Human and workload identities in AI workloads
|
- Identity as the control layer for AI solutions
|
- Role assignments and scope in AI environments
|
- Management plane and data plane access in AI workloads
|
- Common identity misconfigurations in AI deployments
|
- Authentication flows for AI endpoints in Microsoft Foundry
|
|
| Module 6: Implement access management for Azure resources |
| Explore how to use built-in Azure roles, managed identities, and RBAC-policy to control access to Azure resources. Identity is the key to secure solutions. |
| Lessons: |
|
|
- Analyze Azure role permissions
|
|
|
- Configure Azure Key Vault RBAC policies
|
- Configure custom Azure roles
|
- Retrieve objects from Azure Key Vault
|
- Create and configure managed identities
|
|
- Access Azure resources with managed identities
|
|
| Module 7: Plan, implement, and administer Conditional Access |
| Conditional Access gives a fine granularity of control over which users and identities can do specific activities, access which resources, and how to ensure data and systems are safe—including AI agent identities managed through Microsoft Entra Agent ID. |
| Lessons: |
|
|
- Implement application controls
|
|
|
- Implement session management and continuous access evaluation
|
- Exercise – Work with security defaults
|
- Exercise – Configure authentication session controls
|
- Plan Conditional Access policies
|
- Microsoft Entra Conditional Access Optimization agent
|
- Implement Conditional Access policy controls and assignments
|
|
- Exercise – Implement Conditional Access policies roles and assignments
|
|
- Test and troubleshoot Conditional Access policies
|
|
| Module 8: Manage Microsoft Entra Identity Protection |
| Protecting a user’s identity by monitoring their usage and sign-in patterns ensure a secure cloud solution. Explore how to design and implement Microsoft Entra Identity protection. |
| Lessons: |
|
|
- Monitor, investigate, and remediate elevated risky users
|
- Review identity protection basics
|
- Implement security for workload identities
|
- Implement and manage user risk policy
|
- Explore Microsoft Defender for Identity
|
- Exercise enable sign-in risk policy
|
- Explore the Identity Risk Management Agent
|
- Exercise configure Microsoft Entra multifactor authentication registration policy
|
|
