| Secure storage, databases, and networking | Storage account security and firewall rules, Defender for Storage, Azure SQL platform security and auditing, Defender for Databases. Then networking: NSGs and ASGs, Azure Virtual Network Manager, Virtual WAN, VPN, Entra Private Access, private endpoints, Private Link, Azure Firewall, Network Watcher. The largest domain. | 25 to 30% |
| Manage identity, access, and governance | Entra ID (PIM, conditional access, MFA and passwordless, app registrations, OAuth consent, managed identities), Azure Key Vault end to end, then governance: Azure Policy, regulatory compliance in Defender for Cloud, resource locks, RBAC and custom roles, overprivileged access, Azure Backup protection, security controls in infrastructure as code. | 20 to 25% |
| Secure compute (this is where the AI is) | Security for AI: data overexposure in SharePoint, Copilot and AI app risk via Purview DSPM, real-time protection for Copilot Studio agents, conditional access for Entra Agent ID, blast-radius analysis in Defender XDR, AI Gateway in API Management for Microsoft Foundry, Defender for AI Service, guardrails in Foundry. Plus servers and VMs (disk encryption, Bastion, JIT access, Azure Arc, Defender for Servers, secure boot, vTPM) and app platform (Defender for Containers, AKS, ACR, Container Apps, Functions, Logic Apps, App Service, WAF, API Management). | 20 to 25% |
| Manage and monitor security posture | Defender for Cloud (CSPM, compliance frameworks, workload protection plans, connecting AWS and GCP, Defender Vulnerability Management, Defender EASM), Microsoft Sentinel (workspaces, roles, content hub, connectors, syslog and CEF, data collection rules, custom log tables, automation rules and playbooks, retention), and Microsoft Security Copilot (workspaces, permissions, plugins, agents). | 20 to 25% |