search

Overview

hashtag
Describe Identity, Governance, Privacy and Compliance Features (20-25%)

hashtag
Describe core Azure Identity Services

  • Explain the difference between authentication and authorization

  • Define Azure Active Directory

  • Describe the functionality and usage of Azure Active Directory

  • Describe the functionality and usage of Conditional Access, Multi-Factor Authentication (MFA) and Single Sign-On (SSO)

hashtag
Describe Azure governance features

  • Describe the functionality and usage of Role-Based Access Control (RBAC)

  • Describe the functionality and usage of resource locks

  • Describe the functionality and usage of tags

  • Describe the functionality and usage of Azure Policy

  • Describe the functionality and usage of Azure Blueprints

  • Describe the Cloud Adoption Framework for Azure

hashtag
Describe privacy and compliance resources

  • Describe the Microsoft core tenets of Security, Privacy and Compliance

  • Describe the purpose of the Microsoft Privacy Statement, Online Service Terms (OST) and Data Protection Amendment (DPA)

  • Describe the purpose of the Trust Center

  • Describe the purpose of the Azure compliance documentation

  • Describe the purpose of Azure Sovereign Regions (Azure Government cloud services and Azure China cloud Services)

hashtag
Identity

  • In computing "identity" is a representation of a person, application or device

Examples of Identity:

  • John Henry Doe

  • [email protected]

  • Monthly Payroll Application

  • The laser printer at 6th Floor West

Usually requires a password, secret key or a certificate to prove that you are who you say you are

Many Applications require you to log in to use some of its functionality

hashtag
How it's traditionally handled

Client App/Web Browser/Mobile App --> USER ID, PASSWORD --> Server/Web Site --> DB

  • Traditionally, companies have written their own code to handle this

  • Some of the more famous "hacks" have been on custom created identity systems

Hacks:

  • were storing passwords in plain text

  • were using a simple, reversible hash algorithm (MD5)

  • were storing the salt along with the data

  • not enforcing password change policies

  • not enforcing password complexity policies

hashtag
Azure provides an identity management system based on their popular "Active Directory"

hashtag
Azure Active Directory (Azure AD or AAD)

  • It's not the same as Active Directory

  • Traditional AD does not work with Internet Protocols (LDAP = does not work on internet)

  • Azure AD provides "identity as a service"

  • Instead of having to write code to handle users, passwords, passwords reset you have a middleman

  • Open Standards that work over internet: (SAML, OpenID, WS Federation)

PreviousAzure Identity ServicesNextBenefits

Last updated