Mastering: Azure for Developers

Familiar with Azure? Learn how to master it with this course.

About This Course

It's hardly a secret that cloud-based computing is everywhere these days. That also means that as a developer, you should know what it is and how to use it. This Mastering course is the third part in my Azure for Developers series, the follow-up to the Getting Started and Deep Dive courses. The two main topics in this course are security and automation. You can expect a deep dive into the many aspects of Entra ID, from securing machine-to-machine communication between Azure resources over securely logging in and out, right using Easy Auth and MSAL (Microsoft.Identity.Web), right up to workplace and external federation scenarios. After that, there's a full section dedicated to Azure Key Vault. Finally, you'll learn how to work with ARM and, mostly, Bicep, to automate your Azure infrastructure.

Course Curriculum

12h 10m 10 sections

Welcome

00:37 Free preview

What will you learn in this course?

01:45 Free preview

Who is the course for and prerequisites

02:21 Free preview

Introduction

01:25

Getting Your Environment Ready and Creating the Infrastructure

04:33

Inspecting and Deploying the Demo Code

04:49

What IS Azure Security?

03:47

Delegating (C)IAM to Microsoft Entra ID

11:59

App Registrations and Enterprise Apps

08:08

Security Principals are Key

04:17

Section Recap

02:07

Introduction

02:25

The Application Service Principal

06:49

Creating App Registrations for Machine to Machine Communication

14:43

The Microsoft Identity Platform, MSAL and Microsoft.Identity.Web

03:52

Securing App Service to App Service Access (Frontend to API): Blocking Access

07:45

Securing App Service to App Service Access (Frontend to API): Regaining Access

09:41

Manually Acquiring a Token with ITokenAcquisition

06:42

Configuring and Using Token Content

08:11

Testing Entra ID Integration From Your Favorite Tool

03:46

Managing System-based Access Tokens

01:50

Publishing The Secured Components

04:38

Securing Frontend to Function Communication with Easy Auth: Setting Up Easy Auth

12:23

Securing Frontend to Function Communication with Easy Auth: Updating the Client

07:52

Delegating Token Logic to APIM

19:15

Delegated Permissions, Application Roles, Access Control Lists and Authorized Client Applications

06:07

Section Recap

04:11

Introduction

01:14

The Managed Identity

07:09

Managed Identities Beneath the Covers

08:32

Using a System-assigned Managed Identity to Secure Database Access

11:16

Using the DefaultAzureCredential for a Better Development Experience

08:37

Creating and Assigning Permissions to User-assigned Managed Identities

03:53

Using a User-assigned Managed Identity for Application Insights

08:10

Hybrid Approach: Securing Downstream Access in APIM with a User-based Managed Identity

10:47

Hybrid Approach: Securing Downstream Access in APIM with a User-based Managed Identity and Easy Auth

06:40

User-Assigned vs System-Assigned: What to Use When?

04:10

Section Recap

05:55

Introduction

01:52

Managing User Principals

08:53

User-based Authentication with Easy Auth

05:08

Microsoft.Identity.Web and Easy Auth

01:52

Authenticating with Easy Auth - Logging In

08:52

Authenticating with Easy Auth - Logging Out

03:44

Reading Out and Manipulating User Information with Easy Auth

10:18

Configuring Easy Auth for Accessing an API on Behalf of the User - The Basics

05:17

Configuring Easy Auth for Accessing an API on Behalf of the User - Configuring the Access Token

08:56

Accessing an API on Behalf of the User with Easy Auth

08:01

Gaining Long-lived Access with Easy Auth - The Basics

03:15

Gaining Long-lived Access with Easy Auth - Implementation

11:11

User-based Authentication with Microsoft.Identity.Web

01:57

Implementing User-based Authentication with Microsoft.Identity.Web - Logging In

09:12

Implementing User-based Authentication with Microsoft.Identity.Web - Logging Out

05:26

Accessing an API on Behalf of the User with Microsoft.Identity.Web

07:16

Gaining Long-lived Access with Microsoft.Identity.Web

01:07

How Single Sign-on Works on Entra ID

07:05

Configuring Token Lifetime with Conditional Access

05:56

Role-based Access Control in Azure: Azure RBAC, Entra RBAC, and Application Roles

07:51

Section Recap

07:45

Introduction

01:26

Introducing External Identities

06:25

B2B Collaboration with External Identities in a Workforce Tenant

04:29

Categorizing Users in a Workforce Tenant

06:32

Inviting Guest Users

06:46

Enabling a Self-service Sign-up/Sign-in User Flow

06:19

Creating and Using Custom Attributes

01:26

Supporting Social Providers

08:14

Section Recap

04:22

Introduction

02:00

Creating and Inspecting an External Tenant

03:04

Categorizing Users in an External Tenant

04:53

Enabling a Self-service Sign-up/Sign-in User Flow

04:06

Testing a Self-service Sign-up/Sign-in User Flow

11:23

Customizing Flows and Applications with Custom Authentication Extensions

02:55

Creating a Custom Authentication Extension Endpoint

12:17

Configuring and Linking Custom Authentication Extensions

09:43

Improving Custom Authentication Extension Security

05:48

Federating with an OpenID Connect Identity Provider

06:42

What About Native Authentication?

03:51

Section Recap

03:56

Introduction

02:12

Introducing Azure Key Vault

06:06

Provisioning a Key Vault

10:52

Managing Secrets, Keys, and Certificates

10:49

Using a Secret from Key Vault in a Web App

11:22

Loading a Connection String from Key Vault in an Azure Function

04:17

Using a Key from Key Vault For Encryption/Decryption

10:40

What About Using Certificates for Encryption/Decryption

07:37

Using a Certificate from Key Vault for Signing

17:44

Versioning Secrets

06:16

Rotating Secrets (and Keys)

03:34

Rotating Certificates

03:10

Auditing and Monitoring: Logs, Alerts, Access Control and Workbooks

09:53

Auditing and Monitoring: Best Practices

01:50

Section Recap

07:58

Introduction

02:47

Introduction and Fundamentals

04:30

What Tool Should You Use When?

02:17

ARM Template Basic Structure

02:10

Exporting and Deploying ARM Templates

11:18

Dry-running ARM Deployments

03:36

Section Recap

03:29

Introduction

01:07

Getting Our Environment Ready for Bicep

01:40

Inspecting a Bicep File

05:11

Dry-running Bicep Deployments

02:00

Working with Bicep Parameters, Variables, and Outputs: The Basics

06:47

Working with Bicep Parameters, Variables, and Outputs: Putting It All Together

11:39

Decompiling ARM Templates to Bicep

03:55

Working with Bicep Deployment Scope

05:54

Creating our Azure Functions Infrastructure

17:21

Understanding Dependencies

04:01

Modularization with Bicep Modules: The Basics

10:37

Modularization with Bicep Modules: Scopes and Structure

06:51

Using Parameter Files for Multiple Environments

04:46

Secrets Management with Key Vault References

04:15

Overall Best Practices

02:42

Section Recap

06:46

Course Details

Level Mastering

Duration

$199.99

Lifetime access

Go Pro for Full Access

Get unlimited access to all Dometrain courses with a Pro subscription

Learn more about Dometrain Pro

Meet Your Instructor

Kevin Dockx

Kevin Dockx

Kevin is a freelance solution architect, author & consultant, living in Antwerp (Belgium). He started working in the IT sector over 20 years ago, and is an 11-time Microsoft MVP. He's focused on architecture & security for web applications & integration components, using .NET and Azure. He's a keen proponent of open-source software. Also: wine.

View all courses by Kevin Dockx

© 2026 Dometrain. All rights reserved.