Freshen repo for Nov 2024 delivery

.github/workflows/check-readme-links.yml

@@ -1,4 +1,4 @@
-name: Check README Links
+name: Check Markdown Links
 
 on:
   push:
@@ -16,8 +16,10 @@ jobs:
         id: lychee
         uses: lycheeverse/lychee-action@v1.9.3
         with:
-          args: --verbose --no-progress README.md
+          args: --verbose --no-progress './*.md'
           fail: true
+          format: markdown
+          output: ./lychee/out.md
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -27,4 +29,12 @@ jobs:
         with:
           title: Link Checker Report 🔗
           content-filepath: ./lychee/out.md
-          labels: report, automated issue
+          labels: report, automated issue
+          body: |
+            A link checker scan has found broken links in the repository's markdown files.
+            
+            ### Files Scanned
+            - All markdown (*.md) files in the root directory
+            
+            ### Results
+            See below for the detailed report of broken links:

AZ-500-cert-study-blueprint.md → AZ-500-cert-study-resources.md

@@ -1,8 +1,6 @@
 # Exam AZ-500 Certification Study Resources
 
-Last updated: March 26, 2024
-
-
+Last updated: November 22, 2024
 
 ## Theoretical Knowledge
 

AZ-500-course-plan.md

@@ -0,0 +1,139 @@
+# AZ-500 Crash Course: Key Discussion and Demo Topics
+
+## Course Structure
+- **Duration:** 5 hours (4 segments of ~1 hour each, 8 min break at the top of each hour)
+- **Focus:** Concise discussion and demos of core AZ-500 topics
+- **Style:** Interactive and practical 
+
+---
+
+## 🛡️ Segment 1: Manage Identity and Access (25–30%)
+- **🔑 Microsoft Entra Management**  
+  - Manage users and groups  
+  - Implement multi-factor authentication (MFA)  
+  - Configure passwordless authentication  
+  - Implement Conditional Access policies  
+
+- **🗝️ Role Management**  
+  - Assign and manage Azure roles  
+  - Configure Privileged Identity Management (PIM)  
+  - Create custom roles  
+
+- **🔐 Application Access**  
+  - Manage app registrations and OAuth permissions  
+  - Configure managed identities for Azure resources  
+
+---
+
+## 🌐 Segment 2: Secure Networking (20–25%)
+- **🔒 Virtual Network Security**  
+  - Configure Network Security Groups (NSGs) and Application Security Groups (ASGs)  
+  - Plan and implement Virtual Network peering and VPN gateways  
+  - Monitor security with Network Watcher  
+
+- **🛡️ Private Access**  
+  - Configure Private Endpoints and Private Link services  
+  - Plan secure access to Azure App Services and Functions  
+
+- **🚀 Public Access Security**  
+  - Implement Azure Firewall and Web Application Firewall (WAF)  
+  - Use Azure DDoS Protection Standard  
+
+---
+
+## 💾 Segment 3: Secure Compute, Storage, and Databases (20–25%)
+- **🖥️ Compute Security**  
+  - Plan secure remote access (Azure Bastion, JIT VM access)  
+  - Configure AKS network isolation and monitoring  
+  - Manage container security (ACI, ACR, ACA)  
+
+- **🗄️ Storage Security**  
+  - Configure access control for storage accounts  
+  - Enable encryption (ADE, BYOK, double encryption)  
+  - Protect data with soft delete, backups, and versioning  
+
+- **📊 Database Security**  
+  - Enable database auditing and data classification  
+  - Configure Transparent Data Encryption (TDE)  
+  - Implement Always Encrypted for Azure SQL  
+
+---
+
+## 🔍 Segment 4: Manage Security Operations (25–30%)
+- **⚙️ Governance and Compliance**  
+  - Create and assign security policies with Azure Policy  
+  - Configure secure infrastructures with Blueprints  
+  - Manage Key Vault access and key rotation  
+
+- **🛠️ Microsoft Defender for Cloud**  
+  - Assess risks using Secure Score  
+  - Enable workload protection (Storage, SQL, Containers)  
+  - Remediate vulnerabilities and monitor alerts  
+
+- **📈 Monitoring and Automation**  
+  - Configure Microsoft Sentinel analytics and data connectors  
+  - Respond to incidents and automate workflows  
+  - Evaluate vulnerability scans and alerts  
+
+---
+
+## Resources
+- [🔗 Microsoft Learn AZ-500 Documentation](https://learn.microsoft.com/en-us/certifications/exams/az-500/)
+- [🛠️ GitHub for Azure Security](https://github.com/topics/azure-security)
+- [🎥 Azure Security Demos](https://azure.microsoft.com/en-us/resources/videos/)
+
+### Good luck, and let's secure the cloud! 🚀
+
+## 🎯 Demo Scenario: Securing a Multi-tier Application
+Follow along with this scenario to practice key security concepts covered in the course.
+
+### Scenario Overview
+You're a security engineer at Contoso Ltd, tasked with securing a new three-tier application:
+- Web frontend (Azure App Service)
+- API layer (Azure Functions) 
+- Database (Azure SQL)
+
+### 🔄 Implementation Steps
+
+#### 1. Identity & Access Setup (30 mins)
+- Configure Azure AD authentication for the web app
+- Set up managed identities for service-to-service communication
+- Implement Conditional Access policy for admin access
+
+#### 2. Network Security (30 mins)
+- Create network isolation using VNets and NSGs
+- Configure Private Endpoints for the database
+- Set up Azure Application Gateway with WAF
+
+#### 3. Data Protection (30 mins)
+- Enable TDE and Always Encrypted for sensitive data
+- Configure backup policies and soft delete
+- Implement key rotation using Key Vault
+
+#### 4. Monitoring & Response (30 mins)
+- Set up Microsoft Defender for Cloud
+- Configure diagnostic settings and log analytics
+- Create custom alert rules in Microsoft Sentinel
+
+### 🎯 Success Criteria
+- ✅ All services use managed identities for authentication
+- ✅ No direct public access to backend services
+- ✅ All sensitive data encrypted at rest and in transit
+- ✅ Comprehensive logging and monitoring in place
+
+## Additional Resources
+
+### 🔨 Practice Labs
+- [Azure Security Labs on Microsoft Learn](https://learn.microsoft.com/en-us/certifications/exams/az-500)
+- [Whizlabs AZ-500 Hands-on Labs](https://www.whizlabs.com/blog/top-azure-hands-on-labs/)
+- [Azure GOAT - Vulnerable Azure Environment for Practice](https://github.com/Akriti-S/AzGOAT)
+- [425Show Secure Azure Function Samples](https://github.com/425show/SecureAzureFunctionMiW)
+
+### 📚 Documentation
+- [Azure Security Best Practices](https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns)
+- [Microsoft Security Documentation](https://learn.microsoft.com/en-us/security/)
+- [Azure Architecture Center - Security](https://learn.microsoft.com/en-us/azure/architecture/framework/security/overview)
+
+### 🎥 Video Resources
+- [Microsoft Security YouTube Channel](https://www.youtube.com/c/MicrosoftSecurity)
+- [Azure Security Center in Action](https://www.youtube.com/playlist?list=PLLasX02E8BPBxGouWlJV-u_XVcXfkdscl)

README.md

@@ -1,6 +1,6 @@
 # 🛡️ Exam AZ-500 Certification Study Resources
 
-Last updated November 21, 2024
+This file was last updated: November 22, 2024
 
 ## 📋 Table of Contents
 - 🎯 [Exam-Specific Resources](#exam-specific-resources)
@@ -13,9 +13,9 @@ Last updated November 21, 2024
 - 📱 [Community & Support](#community--support)
 
 ## 🎯 Exam-Specific Resources
-- [AZ-500 Study Guide](https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-500)
+- [AZ-500 Study Guide (2024)](https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-500)
 - [AZ-500 Free Practice Assessment](https://learn.microsoft.com/en-us/credentials/certifications/azure-security-engineer/practice/assessment?assessment-type=practice)
-- [AZ-500 Exam Sandbox](https://aka.ms/examdemo)
+- [Microsoft Learning AZ-500 Labs](https://microsoftlearning.github.io/AZ500-AzureSecurityTechnologies/)
 - [Official Microsoft Learning Path](https://learn.microsoft.com/en-us/training/courses/az-500t00)
 
 ## 📚 Microsoft Learn Paths
@@ -87,4 +87,55 @@ Last updated November 21, 2024
 - **YouTube**: [Tech Trainer Tim](https://www.youtube.com/channel/UCim7PFtynyPuzMHtbNyYOXA)
 - **Website**: [techtrainertim.com](https://techtrainertim.com)
 - **Bluesky**: [@techtrainertim](https://bsky.app/profile/techtrainertim.bsky.social)
-- **Mastodon**: [@techtrainertim](https://mastodon.social/@techtrainertim)
+- **Mastodon**: [@techtrainertim](https://mastodon.social/@techtrainertim)
+
+## 📚 New & Updated Learning Paths
+- [Secure Azure services and workloads](https://learn.microsoft.com/en-us/training/paths/secure-azure-services-workloads/)
+- [Configure security for hybrid environments](https://learn.microsoft.com/en-us/training/paths/configure-security-for-hybrid-environments/)
+- [Microsoft Defender for Cloud Implementation](https://learn.microsoft.com/en-us/training/paths/implement-microsoft-defender-for-cloud/)
+
+## 🛡️ 2024 Security Focus Areas
+### Zero Trust Security
+- [Microsoft Zero Trust Implementation Guide](https://learn.microsoft.com/en-us/security/zero-trust/)
+- [Azure Zero Trust Network Architecture](https://learn.microsoft.com/en-us/security/zero-trust/azure-infrastructure)
+- [Zero Trust Deployment Center](https://learn.microsoft.com/en-us/security/zero-trust/deploy/)
+
+### Cloud-Native Security
+- [Microsoft Entra Workload ID](https://learn.microsoft.com/en-us/entra/workload-id/)
+- [Azure Container Apps Security](https://learn.microsoft.com/en-us/azure/container-apps/security-concept)
+- [Azure Kubernetes Service (AKS) Security](https://learn.microsoft.com/en-us/azure/aks/concepts-security)
+
+### AI Security & Governance
+- [Azure OpenAI Service Security](https://learn.microsoft.com/en-us/azure/ai-services/openai/security)
+- [Responsible AI Guidelines](https://learn.microsoft.com/en-us/azure/ai-services/responsible-ai-standards)
+- [AI Security Best Practices](https://learn.microsoft.com/en-us/security/ai-security/)
+
+## 🔧 New Tools & Resources (2024)
+### Security Assessment Tools
+- [Microsoft Defender External Attack Surface Management](https://learn.microsoft.com/en-us/defender/external-attack-surface-management/)
+- [Microsoft Sentinel Solution for IoT](https://learn.microsoft.com/en-us/azure/sentinel/iot-solution)
+- [Azure Security Benchmark v3](https://learn.microsoft.com/en-us/security/benchmark/azure/overview)
+
+### DevSecOps Tools
+- [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/github-security-features)
+- [Azure DevOps Security Scanner](https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-scanner)
+- [Microsoft Defender for DevOps](https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction)
+
+## 💻 Modern Practice Scenarios
+- Multi-cloud Security Configuration
+- Zero Trust Implementation
+- Microservices Security Architecture
+- Container and Kubernetes Security
+- AI/ML Workload Protection
+- IoT Security Implementation
+
+## 📱 Additional Resources
+### Security Blogs & Channels
+- [Microsoft Security Insider](https://www.microsoft.com/security/blog/topic/security-insider/)
+- [Azure Security Center Tech Community](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloudBlog)
+- [Microsoft Security YouTube Channel](https://www.youtube.com/@MSFTSecurity)
+
+### Training Platforms
+- [Microsoft Virtual Training Days](https://events.microsoft.com/en-us/mvtd)
+- [Microsoft Learn TV](https://learn.microsoft.com/en-us/shows/browse)
+- [Cloud Skills Challenge](https://learn.microsoft.com/en-us/training/challenges)

key-vault.azcli → scripts/key-vault.azcli

@@ -1,31 +1,31 @@
-# Manage Key Vault with CLI
-
-# Ref: timw.info/1fg
-
-# Preliminary info
-az login
-
-az configure
-
-az account set --name "Microsoft Azure Sponsorship"
-
-az account list -o table
-
-# Add a secret
-az keyvault secret set --vault-name "twaz500vault1" --name "VMPassword" --value "hVFkk965BuUv "
-
-# View secrets
-az keyvault secret list --vault-name "twaz500vault1"
-
-# Retrieve a secret
-az keyvault secret show --name "VMPassword" --vault-name "<your-unique-keyvault-name>" --query "value"
-
-# Register service principal
-az ad sp create-for-rbac -n "KeyVaultSP" --password "hVFkk965BuUv" --role Contributor
-# If you don't specify a password, one will be created for you
-
-# Allow SP to read secrets
-az keyvault set-policy --name "twaz500vault1" --spn 8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed --secret-permissions get
-
-
-
+# Manage Key Vault with CLI
+
+# Ref: timw.info/1fg
+
+# Preliminary info
+az login
+
+az configure
+
+az account set --name "Microsoft Azure Sponsorship"
+
+az account list -o table
+
+# Add a secret
+az keyvault secret set --vault-name "twaz500vault1" --name "VMPassword" --value "hVFkk965BuUv "
+
+# View secrets
+az keyvault secret list --vault-name "twaz500vault1"
+
+# Retrieve a secret
+az keyvault secret show --name "VMPassword" --vault-name "<your-unique-keyvault-name>" --query "value"
+
+# Register service principal
+az ad sp create-for-rbac -n "KeyVaultSP" --password "hVFkk965BuUv" --role Contributor
+# If you don't specify a password, one will be created for you
+
+# Allow SP to read secrets
+az keyvault set-policy --name "twaz500vault1" --spn 8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed --secret-permissions get
+
+
+