This content is designed for developers who want to learn how to use Azure networking services to secure their applications. It is not meant to make you an expert in Azure networking, but to give you enough knowledge to create secure network designs and discuss and collaborate with confidence with network administrators.

It is designed as an instructor lead course, so you can discuss best practices, pros and cons while guiding guidance along the way.

The exercises are designed to be completed in order and the narrative for the work you are doing is in the story below.

The Company has created an internal web application for managing employee benefits that is exclusively used by their HR department. However, the data stored within the system is subject to privacy regulations and needs to be kept regionally sensitive. Therefore, The Company is planning to deploy two independent applications: one for the European region and the other for the US region. Each application will contain its respective dataset and will not be allowed to cross regions. Nevertheless, a shared read-only control dataset is utilized to manage certain basic functionalities of the application, which The Company prefers to store in a single location. Since the shared data is accessed infrequently, The Company has decided that it does not need to be in the same region. The Company's HR team must be able to access the service within their internal network. However, their internal IT department is currently overloaded with work, and it will take some time for them to set up a site-to-site VPN or an ExpressRoute. Instead they have proposed that we setup a secure Remote Access for HR teams. The webapp needs to be periodically updated, and customer will use automated GitHub Actions to deploy the code from the repository.

The Company has implemented an initial version of the application as a test environment in two resource groups on Azure. Currently, the application is accessible to the public internet without any restrictions, and they are seeking our assistance in securing it from a networking standpoint.

Before starting you need to have an Azure subscription and setup the prerequisites.

1. Virtual networks
2. Private networks
3. Virtual network peering
4. Gaining access to secured resources
5. Firewall and routing
6. ASGs and NSGs
7. Public access

The PowerPoint slides are accompanied by demos with setup script used to help you demonstrate some of the concepts. The demos are not meant to be used as exercises, but to help you demonstrate the concepts.