SC-5002: Secure Azure services and workloads with Microsoft Defender for Cloud regulatory compliance controls

Course Description:

Learn how to strengthen your cloud security posture and ensure regulatory compliance across your Azure workloads with Microsoft Defender for Cloud. This instructor-led course empowers security professionals to assess risk, implement security recommendations, and automate compliance monitoring across hybrid and multicloud environments.

You’ll explore how Defender for Cloud helps protect Azure resources, virtual machines, containers, and databases through real-time threat detection, CSPM (Cloud Security Posture Management), and CWPP (Cloud Workload Protection Platform) capabilities. Gain hands-on experience configuring regulatory policies, interpreting security scores, and remediating vulnerabilities with Microsoft’s integrated security tools.

The course includes 40%–50% hands-on activities in a live Azure environment for practical skill-building.

Target Audience:

This course is ideal for:

• Security engineers, cloud architects, and compliance professionals securing Azure resources

• DevOps engineers responsible for embedding security and compliance into deployments

• Professionals preparing for roles in cloud security operations, governance, or risk management

• Learners working toward the Microsoft Certified: Security Operations Analyst Associate (SC-200) or related certifications

Prerequisites:
A general understanding of Microsoft Azure services and basic security concepts is recommended.

Course Outline:

Module 1: Introduction to Microsoft Defender for Cloud and Azure Security Posture

• Understand the role of Microsoft Defender for Cloud in securing Azure services

• Explore Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP)

• Navigate the Microsoft Defender for Cloud portal, recommendations, and security score

Module 2: Configure and Manage Regulatory Compliance in Azure

• Set up built-in and custom regulatory compliance policies in Defender for Cloud

• Map Azure resources to compliance frameworks such as NIST, ISO 27001, and HIPAA

• Review compliance dashboards, alerts, and evidence collection features

Module 3: Secure Azure Resources and Workloads

• Enable Defender plans for key services including VMs, App Service, SQL, and Kubernetes

• Implement just-in-time VM access, adaptive application controls, and file integrity monitoring

• Use Microsoft Defender for Storage, Key Vault, and Container Registries to secure sensitive data and workloads

Module 4: Detect and Respond to Threats in Microsoft Defender for Cloud

• Analyze alerts and incidents with Defender for Cloud threat detection

• Use Microsoft Sentinel integration for SIEM visibility

• Apply threat intelligence and automation to investigate and remediate security issues

Module 5: Automate Remediation and Govern Security at Scale

• Configure Azure Policy, initiatives, and remediation tasks

• Automate security recommendations using Logic Apps and workbooks

• Implement DevSecOps practices with Defender for Cloud integrations in CI/CD pipelines

Delivery Format:

• Instructor-led training by Microsoft-certified experts

• 40%–50% hands-on experience using Microsoft Defender for Cloud tools in Azure

• Real-world configuration and compliance management scenarios included