Understand how Microsoft Defender for Cloud supports AI security and governance in Azure

Microsoft Defender for Cloud plays a central role in securing AI workloads across Azure. Learn how Microsoft Defender for Cloud supports AI security across Azure. Explore the layers of an AI workload, the unique risks AI systems introduce, and the guardrails that protect model inputs and outputs. See how Microsoft Purview, Microsoft Entra ID, and Microsoft Foundry work together to support a unified security and governance strategy.

• Understand AI services in Azure
• Understand AI security risks in Azure
• AI guardrails and protections in Azure
• How Azure security and governance tools support AI workloads

Protect AI workloads with Microsoft Defender for Cloud

Microsoft Defender for Cloud helps secure AI workloads by combining discovery, posture management, and runtime protection in one platform. You'll learn how to enable the AI workloads plan, review insights in the Data & AI security dashboard, assess posture using Cloud Security Posture Management (CSPM), detect runtime threats with Cloud Workload Protection (CWP), and investigate incidents in Microsoft Defender XDR. These capabilities work together to identify configuration gaps, detect suspicious behavior, and provide end-to-end visibility across your AI environments.

• Enable the AI workloads plan
• Review insights in the Data & AI security dashboard
• Assess and improve AI security posture with Cloud Security Posture Management (CSPM)
• Detect AI threats at runtime with Cloud Workload Protection (CWP)
• Investigate AI security alerts with prompt evidence in Microsoft Defender XDR

Configure and manage guardrails in Microsoft Foundry

Microsoft Foundry guardrails help secure AI workloads by applying configurable safety controls that evaluate both prompts and responses. You'll learn how to understand built-in safety models, test and refine guardrails, create blocklists, configure content filters, and validate that protections work as intended. These capabilities help organizations prevent unsafe or policy-violating interactions, protect sensitive data, and maintain trust in AI-assisted applications.

• Understand guardrails and Microsoft Content Safety
• Understand safety controls in Microsoft Foundry
• Try out built-in guardrails
• Create and manage blocklists in Microsoft Foundry
• Configure and apply guardrails in Microsoft Foundry
• Choose and refine the right guardrails for your AI workloads

Secure Microsoft Foundry environments

To secure Microsoft Foundry environments requires layered protections that control access, safeguard credentials, isolate network communication, and maintain visibility across connected resources. The approach includes defining access boundaries with Microsoft Entra ID and project roles, and integrating Key Vault for secret management. It also uses managed virtual networks, Private Link, and diagnostic logging to maintain privacy, visibility, and compliance. These practices create secure, traceable AI environments that support collaboration without compromising protection.

• Control access to Microsoft Foundry with Microsoft Entra ID
• Manage access within Microsoft Foundry projects
• Secure Microsoft Foundry secrets with Azure Key Vault (preview)
• Isolate networks with managed virtual network and Private Link
• Enable diagnostic logging in Microsoft Foundry

Understand identity architecture for AI workloads

Identity architecture defines who can deploy, invoke, and manage AI workloads in Azure. Microsoft Entra ID governs access across management and data planes, authentication flows establish trust boundaries for AI endpoints, and role scope decisions determine blast radius. Identity types, role assignments, and scope boundaries shape AI security outcomes long before enforcement controls are applied.

• Identity as the control layer for AI solutions
• Management plane and data plane access in AI workloads
• Authentication flows for AI endpoints in Microsoft Foundry
• Human and workload identities in AI workloads
• Role assignments and scope in AI environments
• Common identity misconfigurations in AI deployments

Implement access management for Azure resources

Explore how to use built-in Azure roles, managed identities, and RBAC-policy to control access to Azure resources. Identity is the key to secure solutions.

• Assign Azure roles
• Configure custom Azure roles
• Create and configure managed identities
• Access Azure resources with managed identities
• Analyze Azure role permissions
• Configure Azure Key Vault RBAC policies
• Retrieve objects from Azure Key Vault

Plan, implement, and administer Conditional Access

Conditional Access gives a fine granularity of control over which users and identities can do specific activities, access which resources, and how to ensure data and systems are safe—including AI agent identities managed through Microsoft Entra Agent ID.

• Plan security defaults
• Exercise - Work with security defaults
• Plan Conditional Access policies
• Implement Conditional Access policy controls and assignments
• Exercise - Implement Conditional Access policies roles and assignments
• Test and troubleshoot Conditional Access policies
• Implement application controls
• Implement session management and continuous access evaluation
• Exercise - Configure authentication session controls
• Microsoft Entra Conditional Access Optimization agent

Manage Microsoft Entra Identity Protection

Protecting a user's identity by monitoring their usage and sign-in patterns ensure a secure cloud solution. Explore how to design and implement Microsoft Entra Identity protection.

• Review identity protection basics
• Implement and manage user risk policy
• Exercise enable sign-in risk policy
• Exercise configure Microsoft Entra multifactor authentication registration policy
• Monitor, investigate, and remediate elevated risky users
• Implement security for workload identities
• Explore Microsoft Defender for Identity
• Explore the Identity Risk Management Agent