- Title: Microsoft Azure security technologies certification and beyond
- Author: David Okeyode
- Edition: Packt
- First publication date: 2021
- Price (as of 10/01/2023): 50.37€ (Amazon)
- Pages: 505 (489 of technical content)
Outline of the book is available on Packt’s website.
- Section 1: Implement Identity and Access Security for Azure
- Chapter 1: Introduction to Azure Security
- Chapter 2: Understanding Azure AD
- Chapter 3: Azure AD Hybrid Identity
- Chapter 4: Azure AD Identity Security
- Chapter 5: Azure AD Identity Governance
- Section 2: Implement Azure Platform Protection
- Chapter 6: Implementing Perimeter Security
- Chapter 7: Implementing Network Security
- Chapter 8: Implementing Host Security
- Chapter 9: Implementing Container Security
- Section 3: Secure Storage, Applications, and Data
- Chapter 10: Implementing Storage Security
- Chapter 11: Implementing Database Security
- Chapter 12: Implementing Secrets, Keys, and Certificate Management with Key Vault
- Chapter 13: Azure Cloud Governance and Security Operations
While the above seems like a lot to read, chapters are rather short and well cut into sections so you never get lost.
The book is designed as a reference one, so you can skip chapters or just read a few without issues. There are a some references to other chapters though.
It includes hands-on exercises which require an Azure tenant but the free plan from Microsoft can be used for all of it.
I bought this book to have a better understanding of Microsoft Azure, after reading another book where David Okeyode is a co-author: Penetration testing Azure for ethical hackers. Eventually I will take the AZ-500 exam but you can read the book as an exam resource or just for knowledge, it does not matter.
Note that Microsoft provides free content covering AZ-500 subjects on its learning website: Exam AZ-500: Microsoft Azure Security Technologies - Certifications | Microsoft Learn (scroll to page’s bottom). This is worth remembering to understand what this books gives compare to that content described in the below lines.
First thing first, I think the price is high. While I appreciated the content, I think the value of the book is not worth the money and that is not to despise Okeyode’s work, it is a critic of the commercial choice of making it that expensive. To me, such specific technical books (on one technology) should not exceed 30€. Especially when part of the material covered is already offered on Microsoft’s websites for free.
That being said, the book goes deeper than what Microsoft gives. The style of writing also does not include the more than annoying “Microsoft is the best” propaganda of the free Microsoft material. It is precise and synthetic but still covering all aspects of Azure security. To be honnest, if your goal is just to pass the exam, you probably do not need to read that book. Now, if you want to further your knowledge in Azure security, this is a good option.
I feel like all aspects of security in Azure are covered in the book, it is presenting concepts for all types of Microsoft commercial offers. It is nice to have an exhaustive view even if your organization will not have Premium P2 Azure licenses. Then you know what more you can do in terms of protection.
Each chapter present security concepts declined for the cloud. For example, protection of secrets is covered in the Azure key vault chapter: there is a presentation of what can be protected, how it is protected and how to assign permissions to provide access to these secrets. As expected, some concepts are quite different from on-premises administration, especially the native separation of duties between control plane and data plane (see Control plane and data plane operations - Azure Resource Manager | Microsoft Learn).
The content of the book goes deep into implementation of Azure’s concepts, thanks to the hands-on exercises. Most value of the book comes from it as you can see with screenshots how to implement the presented concepts and follow along with your own Azure tenant. This definitely improve practical skills. The only thing with that is I feel the book is not going to age well seen at what speed Microsoft updates and releases Azure features.
Parts I liked the most were the ones on storage protection, Sentinel, security policies and all the RBAC and AAD identities related chapters as this is useful insight for pentesting. The book feels like a bible you can go back to when conducting such assessments and you are trying to find a hole but do not remember all detail of an Azure concept.
After reading the book, I feel like I understand way more Azure concepts, where the implementation of these are on the Azure portal and how to enable and set things up.
I can not tell as of today if it is good material for the exam as I have not taken the AZ-500.
I recommend reading that book if you wish to either start or further your knowledge on Microsoft Azure.
Kudos to David Okeyode @asegunlolu for writing quality content.