Overview
Describe Identity, Governance, Privacy and Compliance Features (20-25%)
Describe core Azure Identity Services
Explain the difference between authentication and authorization
Define Azure Active Directory
Describe the functionality and usage of Azure Active Directory
Describe the functionality and usage of Conditional Access, Multi-Factor Authentication (MFA) and Single Sign-On (SSO)
Describe Azure governance features
Describe the functionality and usage of Role-Based Access Control (RBAC)
Describe the functionality and usage of resource locks
Describe the functionality and usage of tags
Describe the functionality and usage of Azure Policy
Describe the functionality and usage of Azure Blueprints
Describe the Cloud Adoption Framework for Azure
Describe privacy and compliance resources
Describe the Microsoft core tenets of Security, Privacy and Compliance
Describe the purpose of the Microsoft Privacy Statement, Online Service Terms (OST) and Data Protection Amendment (DPA)
Describe the purpose of the Trust Center
Describe the purpose of the Azure compliance documentation
Describe the purpose of Azure Sovereign Regions (Azure Government cloud services and Azure China cloud Services)
Identity
In computing "identity" is a representation of a person, application or device
Examples of Identity:
John Henry Doe
johndoe@example.com
Monthly Payroll Application
The laser printer at 6th Floor West
Usually requires a password, secret key or a certificate to prove that you are who you say you are
Many Applications require you to log in to use some of its functionality
How it's traditionally handled
Client App/Web Browser/Mobile App --> USER ID, PASSWORD --> Server/Web Site --> DB
Traditionally, companies have written their own code to handle this
Some of the more famous "hacks" have been on custom created identity systems
Hacks:
were storing passwords in plain text
were using a simple, reversible hash algorithm (MD5)
were storing the salt along with the data
not enforcing password change policies
not enforcing password complexity policies
Azure provides an identity management system based on their popular "Active Directory"
Azure Active Directory (Azure AD or AAD)
It's not the same as Active Directory
Traditional AD does not work with Internet Protocols (LDAP = does not work on internet)
Azure AD provides "identity as a service"
Instead of having to write code to handle users, passwords, passwords reset you have a middleman
Open Standards that work over internet: (SAML, OpenID, WS Federation)
Last updated