AZ‐500 Microsoft Azure Security Technologies Study Guide_14 - itnett/FTD02H-N GitHub Wiki

---

📋 5. Hands-On Labs for AZ-500

Students preparing for the exam should work on practical hands-on labs to get familiar with real-world configurations.

# 🛠️ Hands-On Labs for AZ-500 Preparation

## 🔐 **Lab 1: Configuring Azure AD Conditional Access**
### Goal: Set up Conditional Access to enforce MFA for high-risk users.
1. 🚀 **Step 1:** Log into the **Azure AD portal** and navigate to **Security > Conditional Access**.
2. ⚙️ **Step 2:** Create a new policy targeting all users, with a condition for **sign-in risk**.
3. ✅ **Step 3:** In the **Access Controls**, select **Grant** and require **MFA**.
4. 📝 **Step 4:** Test the policy by attempting a sign-in from a new IP address and triggering the MFA requirement.

---

## 🔐 **Lab 2: Enabling Just-in-Time (JIT) VM Access**
### Goal: Configure JIT access for a VM and monitor access requests.
1. 🖥️ **Step 1:** Open **Azure Security Center** and select the virtual machine you want to secure.
2. ⏲️ **Step 2:** Click **Just-in-Time VM Access** and configure the access policy for RDP/SSH.
3. ✅ **Step 3:** Specify a limited time window (e.g., 1 hour) and trusted IP ranges.
4. 📊 **Step 4:** Monitor access requests and review activity logs to verify security.

---

## 🧠 **Lab 3: Automating Security with Azure Logic Apps**
### Goal: Automate an incident response with Logic Apps and Azure Security Center.
1. 🛠️ **Step 1:** Go to **Azure Sentinel** and create a **Security Playbook** using **Logic Apps**.
2. 🔧 **Step 2:** Define a trigger for the playbook (e.g., multiple failed sign-ins from a suspicious IP).
3. 🔁 **Step 3:** Add actions to block the IP or notify security admins via email.
4. 🚀 **Step 4:** Test the playbook by simulating an attack, and verify that the playbook executes successfully.