Cloud Security Training

AZURE CLOUD SECURITY TRAINING

Moving to the cloud doesn't automatically bring security; Half of the responsibility still lies with the institution.

Azure Cloud Security Training; Microsoft Azure ortamında kimlik ve erişim ynetimi (Entra ID), ağ güvenliği, veri şifreleme, gizli anahtar ynetimi (Key Vault), Microsoft Defender for Cloud ile security durumu ynetimi, Sentinel ile SIEM, kayıt ve uyum izleme süreçlerini bütünleşik olarak ele alır. Eğitim, ürün ekran turu olmaktan kaçınır; mimari prensipler, paylaşılan sorumluluk modeli ve denetim metodolojisi üzerinden yürütülür.

Check out the Training Flow Request a Training Plan
Shared Responsibility Model Microsoft Entra ID Defender for Cloud Microsoft Sentinel Azure Policy and Compliance
Azure Security Maturity Dashboard
ARCHITECTURE + MONITORING
identity protection
MFA + PIM
Network isolation
NSG + WAF
Security score
Defender
%99MFA prevents identity attacks
NSGnetwork isolation core component
CSPMcloud security status management
OrtakMicrosoft’un altyapı, müşterinin yapılandırma sorumluluğunu üstlendiği paylaşılan model.
Entra IDFormerly known as Azure AD; The center of modern cloud identity management.
CSPMDiscipline that provides continuous configuration evaluation within Defender for Cloud.
Zero TrustMicrosoft’un Azure üzerinde nerdiği sıfır güven mimarisinin pratiği.
PURPOSE OF EDUCATION

Cloud security is not about relying on the provider's infrastructure; is to build the right architecture on that infrastructure.

Pek çok kurum buluta taşındığında “artık security Microsoft’un sorumluluğunda” düşüncesine kapılır. Oysa Microsoft’un yayımladığı paylaşılan sorumluluk modeli açıkça gsterir ki; veri sınıflandırması, kimlik ynetimi, ağ yapılandırması, uygulama güvenliği ve operasyonel izleme her zaman müşterinin sorumluluğundadır. Yanlış yapılandırılmış bir saklama hesabı (storage), aşırı yetkilendirilmiş bir hizmet hesabı veya açık bırakılmış bir ağ security grubu kuralı, en güvenilir bulutta bile veri sızıntısına yol açar.

Azure Cloud Security Training; bu sorumluluk haritasını net çizerek başlar. Sonra Microsoft Entra ID ile kimlik ynetimi, koşullu erişim ve Privileged Identity Management; sanal ağ tasarımı, ağ security grupları ve Azure Firewall; veri şifreleme ve Key Vault ile gizli anahtar ynetimi; Microsoft Defender for Cloud ile sürekli security durumu ynetimi; Microsoft Sentinel ile SIEM ve olay müdahale; Compliance with Azure Policy otomasyonu konularını mimari prensipler ve denetim gzüyle birlikte ele alır. Eğitim, tek bir tıklama turu olmaktan kaçınır; her başlık kuruma uyarlanabilir mimari kararlar üzerinden yürütülür.

Purpose: Participants will be able to internalize the shared responsibility model, design identity, network, data and application security at the architectural level in the Azure environment, establish continuous monitoring and intervention capability with Defender for Cloud and Sentinel, perform compliance automation with Azure Policy and manage audit preparation.
Cloud security is a configuration error, not an attack.The vast majority of cloud breaches are not zero-day exploits; Configuration errors such as overly authorized identities, open storage accounts, missing encryption, or incorrect network rules. Education teaches the discipline to avoid these mistakes.
Kimlik, yeni perimeter’dır.The classic network boundary disappears in the cloud; employee, customer and system identity form the new security boundary. Entra ID, Conditional Access, MFA and Privileged Identity Management are the pillars of modern cloud security.
Misconfiguration does not remain invisible, it is tracked.Defender for Cloud sürekli security durumu ynetimi (CSPM) sağlar; her yanlış yapılandırma puan düşürür ve nerilerle birlikte raporlanır. Bu disiplini kurmadan bulut güvenliği “umarım iyidir” düzeyinde kalır.
KVKK and ISO 27001 do not make it easier to move to the cloud, they tighten the control.International transfer, data residence, KVKK data processor obligations, ISO 27001 Annex A controls do not disappear when transferred to the cloud; On the contrary, it should be implemented in a more sensitive and controllable manner. The tutorial shows how to set up this alignment on Azure.
CLASSIC DATA CENTER AND CLOUD SECURITY

This training adds cloud native architectural principles to classical data center security logic.

Classic data center security is wall-based: a firewall, an intrusion detection system, an antivirus, and a VPN. In the cloud, security controls consist of code, configuration and identity. This training adds a cloud native mindset without denying classic knowledge.

Classic Data Center Approach Hardware-focused, perimeter defense

  • Single firewall border defense
  • Hardware-based encryption devices
  • Active Directory limited to internal network
  • Manual configuration change management
  • Signature-based intrusion detection systems
  • Static IP and fixed network topology
  • Annual security audit discipline
  • Result: slow, manual, security that doesn't scale

Azure Cloud Security Approach Code, identity and continuous monitoring

  • Identity-based zero trust architecture
  • Encryption keys managed with Key Vault
  • Cloud native identity management with Entra ID
  • Automatic compliance check with Azure Policy
  • Defender for Cloud behavior-based detection
  • Dynamic network and micro segmentation
  • Continuous SIEM and response with Sentinel
  • The result: measurable, automated, scalable security
EDUCATIONAL ACHIEVEMENTS

Participants learn to evaluate Azure security together around identity, network, data, monitoring and compliance.

The tutorial avoids being a product display tour. Each topic starts with architectural principles, continues with its Azure product counterpart, and is evaluated through an auditing lens. If it is desired to work on an institution-specific environment, an additional workshop is planned by the instructor.

SHARED RESPONSIBILITY

It clarifies who does cloud security.

Distribution of responsibilities between Microsoft and the customer in IaaS, PaaS and SaaS models; The principle that data classification, identity management, network and application security always belong to the organization.

  • Line of demarcation by service model
  • Data classification responsibility
  • Common areas and clear distinctions
IDENTITY AND ACCESS

It establishes a modern identity architecture with Entra ID.

Microsoft Entra ID user lifecycle, groups, conditional access policies, multiple authentication (MFA), Privileged Identity Management (PIM), and service account management.

  • Conditional access design
  • Time limited upgrade with PIM
  • Service account and managed identity
NETWORK SECURITY

Reimagines the virtual network in the cloud.

Virtual network (VNet) design, network security groups (NSG), Azure Firewall, Application Gateway WAF, Private Endpoint, Bastion and end-to-end network isolation architecture.

  • NSG and application security group
  • Private Endpoint discipline
  • Hub-spoke topology principles
DATA AND ENCRYPTION

It encrypts the data lifecycle from start to finish.

Encryption in storage (at-rest), encryption in communication (in-transit), encryption in use (in-use), secret key management with Key Vault, customer managed keys (CMK) and data classification.

  • Key Vault and certificate management
  • Customer managed keys
  • Storage Account security
DEFENDER FOR CLOUD

Continuously measures cloud security status.

Cloud security posture management (CSPM), workload protection (CWPP), secure score, recommendation management, compliance monitoring and regulation mapping with Microsoft Defender for Cloud.

  • Safety score and recommendation flow
  • Workload protection plans
  • Regulatory compliance monitoring
SENTINEL AND POLICY

Automates monitoring, response and compliance.

Cloud native SIEM and SOAR with Microsoft Sentinel, use case design; Policy-based compliance, automatic remediation, and document generation with Azure Policy.

  • Sentinel use case design
  • Compliance with Azure Policy
  • Autocorrection flows
TRAINING FLOW

Two-day intensive program; Comprehensive content ranging from shared responsibility to audit preparation.

Program; It can be adapted as a 1-day summary, 2-day implementer or 3-day auditor competency depending on the cloud maturity of the institution and the participant profile. The entire flow is supported by practical laboratory studies.

01Shared responsibility and Azure architectureCustomer responsibility map, IaaS / PaaS / SaaS boundaries, Azure subscription structure, management groups and resource groups with Microsoft.
02Microsoft Entra ID and identity architectureUser lifecycle, groups, external users (B2B), conditional access policies, and MFA design.
03Authorization, RBAC and PIMAzure RBAC, custom roles, time-limited upgrades with Privileged Identity Management, service accounts, and managed identity.
04Virtual network and network isolationVNet design, subnets, NSG, Azure Firewall, Application Gateway WAF, Private Endpoint, Bastion and hub-spoke topology.
05Data security and Key VaultStorage Account security, encryption in storage-communication-in-use, Key Vault, customer managed keys (CMK) and secrets management.
06Microsoft Defender for CloudCSPM, CWPP, secure score, recommendation management, regulation mapping (ISO 27001, KVKK, PCI-DSS) and plan selection.
07Microsoft Sentinel and incident responseSentinel architecture, data sources, usage scenarios, automatic response (playbook) and real event simulation.
08Azure Policy, compliance and audit readinessPolicy design, automatic correction, blueprint, document production, ISO 27001 and KVKK audit preparation, 90-day road map.
TRAINING MODULES

Architecture, product and control disciplines come together in a single program.

M1
Azure architecture and shared responsibilityAzure subscription hierarchy, management groups, resource groups, tagging strategy, service models (IaaS / PaaS / SaaS) and responsibility map.
M2
Entra ID and identity lifecycleUser, group, external user, conditional access, MFA, passwordless login, identity protection and hybrid identity design.
M3
Authorization, RBAC and privileged accessAzure RBAC, custom roles, Privileged Identity Management, service account discipline, managed identity, access reviews and audit records.
M4
Network security and data protectionVNet design, NSG, Azure Firewall, Application Gateway WAF, Private Endpoint, DDoS protection; encryption in storage and communication; Key Vault and customer managed keys.
M5
Defender for Cloud and SentinelCSPM, CWPP, secure score, recommendation flow; Sentinel architecture, data collection, usage scenarios, automatic response and real incident scenario.
M6
Azure Policy, compliance and auditingAzure Policy design, blueprint, auto-remediation; ISO 27001, KVKK, PCI-DSS audit map; document production and 90-day road map.
DOMALI ATÖLYELER

Training makes learning permanent through the real Azure portal and sample scenarios.

Participants don't just listen; designs conditional access policy, writes NSG rule, configures Key Vault, analyzes Defender recommendation flow, designs Sentinel use case and creates road map for their own institutions.

CONDITIONAL ACCESSPolicy design workshopFor a critical application, a conditional access policy is designed step by step according to the user, device, location and risk context.
RBAC AND PIMAuthority mapRBAC and PIM configuration for a cloud administrator, a developer, and an auditor; The principle of least privilege is discussed.
NETWORK ISOLATIONNSG and Private EndpointClosing public access to a database, establishing a connection to the Private Endpoint, and writing NSG rules.
KEY VAULTSecrets and certificate managementKey Vault configuration, access policy, secrets rotation and managed identity integration are studied for an application.
DEFENDER RECOMMENDATIONSAnalysis of a subscriptionThe Defender for Cloud secure score of a sample Azure subscription is examined; The 10 most critical suggestions are categorized and an action plan is created.
SENTINEL USE CASEThreat hunting scenarioŞüpheli bir oturum açma senaryosu için Sentinel’de kullanım senaryosu, tetikleme ve otomatik müdahale playbook’u tasarlanır.
WHO SHOULD JOIN

Adaptive training for all critical roles that design, operate or monitor the Azure environment.

Cloud Architects
Cloud and DevOps Engineers
Information Security Managers
System and Network Administrators
SOC and Monitoring Teams
Identity and Access Managers
Internal Audit Experts
IT Architects and Strategy
ÇIKTILAR

At the end of the training, the organization's Azure security maturity becomes measurable and sustainable.

Participant gains

  • Ability to clearly apply the shared responsibility model
  • Ability to design modern identity architecture with Entra ID
  • Ability to set conditional access and PIM policy
  • Virtual network design and micro segmentation capability
  • Ability to establish secrets management discipline with Key Vault
  • Ability to manage Defender for Cloud recommendation flow
  • Ability to design Sentinel use cases and playbooks
  • Ability to set up compliance automation with Azure Policy

Institutional outputs

  • Shared responsibility map template
  • Conditional access policy library
  • RBAC and PIM configuration guide
  • Virtual network and NSG reference architecture
  • Key Vault and secrets management procedure
  • Defender for Cloud recommendation management flow
  • Sentinel use case library
  • ISO 27001 / KVKK and Azure control map
  • Enterprise-specific 90-day Azure security roadmap
EDUCATION IDENTIFICATION

Everything you want to know about education at a glance.

Duration, format, number of participants, certificate, content scope and delivered materials have been clarified. In institution-specific programs, parameters are adapted according to need.

Training Duration 14 Hours / 2 Full Days 1-day summary or 3-day auditor competency option depending on the maturity of the institution.
Training Format Face to Face or Online Classroom training at the institution location, online live session or hybrid structure.
Certification Certificate of Participation OKlayan tüm katılımcılara Secure Fors imzalı dijital sertifika.
Language of Education Türkçe English training and material presentation upon request.
Training NameAzure Cloud Security Training
Süre2 days (14 hours). It can be adapted as a 1-day summary or 3-day auditor competency program depending on the maturity of the institution.
Training Format Face to Face (Institution Location) Online Live (Zoom / Teams) Hibrit
Training TopicsShared responsibility model · Azure subscription architecture · Microsoft Entra ID identity management · Conditional access and MFA · Privileged Identity Management · Azure RBAC · Virtual network design · NSG, Azure Firewall, WAF · Private Endpoint · Storage and data security · Key Vault · Microsoft Defender for Cloud (CSPM, CWPP) · Microsoft Sentinel (SIEM, SOAR) · Azure Policy · ISO 27001 and KVKK compliance map.
Target AudienceCloud architects, cloud and DevOps engineers, information security managers, system and network administrators, SOC and monitoring teams, identity and access managers, internal audit professionals, IT architects and strategy teams.
PrerequisiteTemel ağ kavramları (TCP/IP, DNS, security duvarı), Active Directory’ye aşinalık ve genel bulut bilgisi tavsiye edilir. Microsoft Azure sertifikasyonu (AZ-900, AZ-104) zorunlu değildir; eğitim sıfırdan başlayan ekipler için de uyarlanabilir.
Number of ParticipantsOptimum verim için 8 – 20 kişi. Kuruma zel programlarda en fazla 25 kişiye kadar grup açılabilir.
Sertifika Certificate of Participation When the training is completed, a signed digital participation certificate is issued by Secure Fors. Contains verifiable QR code.
Educational MaterialPresentation file (PDF) · Workshop workbook · Shared responsibility map template · Conditional access policy library · RBAC and PIM configuration guide · Virtual network and NSG reference architecture · Key Vault and secrets management procedure · Defender for Cloud recommendation management flow · Sentinel use case library · ISO 27001 / KVKK and Azure control map · 90-day roadmap template.
UygulamaIt includes workshops on Conditional Access Policy Design, RBAC and PIM Authority Mapping, NSG and Private Endpoint Setup, Key Vault Secrets and Certificate Management, Defender for Cloud Recommendation Analysis and Sentinel Use Case Design. In case of demand, a workshop is held on the real Azure environment of the institution.
EğitmenISO 27001 Lead Auditor, CEH ve bulut güvenliği alanında deneyimli kıdemli danışman. Türkiye’nin nde gelen havayolu, banka ve teknoloji şirketlerinde Azure security mimarisi projeleri yürütmüş; ürün eğitiminden kaçınan, mimari ve denetim odaklı yaklaşım.
PricingSpecial offer for the institution. The price is determined according to the number of participants, format (face-to-face / online), program duration, institution-specific workshop environment and customization needs.
FREQUENTLY ASKED QUESTIONS

Answers to questions you may have before the training.

Is the training geared towards Microsoft certification?

No. Eğitim, AZ-500 (Azure Security Engineer) veya SC-100 (Cybersecurity Architect) gibi Microsoft sertifikasyon sınavlarına ynelik bir hazırlık kursu değildir. Sertifikasyon sınavı ezberlenmesi gereken bilgilerle yüklüdür; bu eğitim ise mimari prensipler, yapılandırma disiplini ve denetim metodolojisine odaklanır. Sertifikasyon hedefleyen katılımcılar bu eğitim sonrasında sertifikasyon kaynaklarına çok daha hazır biçimde yaklaşır.

We use AWS or GCP, would training be helpful?

Eğitim Azure’a zeldir; AWS veya GCP’nin ürün isimleri ve servisleri farklıdır. Ancak paylaşılan sorumluluk modeli, kimlik tabanlı sıfır güven, ağ izolasyonu ve sürekli security durumu ynetimi gibi mimari prensipler her bulutta geçerlidir. AWS veya GCP odaklı ayrı eğitim programları talep durumunda hazırlanabilir.

Are workshops held in our Azure environment?

Standart eğitimde atlyeler eğitmen tarafından sağlanan demo ortamı veya rnek senaryolar üzerinde yapılır; kurumun kendi ortamına dokunulmaz. Talep durumunda eğitim sonrası kuruma zel “uygulama çalıştayı” planlanır; bu çalıştayda kurumun gerçek Azure ortamı üzerinde rehberlik edilir.

Are additional licenses required for Defender for Cloud and Sentinel?

Yes, both products require additional licensing. Defender for Cloud plans are charged per resource per month; Sentinel, on the other hand, is charged based on daily data consumption. The training also explains licensing models, cost calculation approaches, and which plan should be chosen in which situation.

Is Azure safe in terms of KVKK and international transfers?

Azure’un teknik security altyapısı KVKK uyumu için yeterlidir; ancak yurt dışı aktarım rejimi, blge seçimi (data residency), KVKK Kurulu kararları ve veri sınıflandırmasına gre kurumun kendi yapılandırma disiplini belirleyicidir. Eğitim, Azure üzerinde KVKK uyumu için yapılması gerekenleri detaylandırır; veri ikamet yeri seçimi (Türkiye, Avrupa, ABD blgeleri) somut biçimde tartışılır.

Will we be ready for the ISO 27001 audit after the training?

The tutorial maps the controls on the Azure side to ISO 27001 Annex A clauses; However, ISO 27001 audit is within the scope of the entire institution. Controls on Azure are an important set of evidence, but they are not sufficient on their own. The tutorial clearly provides the Azure-ISO 27001 control map and concretely shows missing areas.

Transform Azure security from a product screen tour into a measurable architecture and control discipline.

Kurumunuzun bulut olgunluğuna ve hedef takvimine zel hazırlanan Azure Cloud Security Training ile mimariden uyuma kadar tüm sorumluluk alanını disipline edin.

Request a Training Plan

Reference frames: Microsoft Cloud Adoption Framework (CAF) · Microsoft Azure Well-Architected Framework — Security Pillar · Microsoft Cybersecurity Reference Architectures (MCRA) · Microsoft Zero Trust Guidance · ISO/IEC 27001:2022 and ISO/IEC 27017 Cloud Security Implementation Guide · CIS Microsoft Azure Foundations Benchmark · NIST SP 800-53 and NIST SP 800-171 · Cloud Security Alliance Cloud Controls Matrix (CCM).