# Overview ## Describe Identity, Governance, Privacy and Compliance Features (20-25%) ## Describe core Azure Identity Services * Explain the difference between authentication and authorization * Define Azure Active Directory * Describe the functionality and usage of Azure Active Directory * Describe the functionality and usage of Conditional Access, Multi-Factor Authentication (MFA) and Single Sign-On (SSO) ## Describe Azure governance features * Describe the functionality and usage of Role-Based Access Control (RBAC) * Describe the functionality and usage of resource locks * Describe the functionality and usage of tags * Describe the functionality and usage of Azure Policy * Describe the functionality and usage of Azure Blueprints * Describe the Cloud Adoption Framework for Azure ## Describe privacy and compliance resources * Describe the Microsoft core tenets of Security, Privacy and Compliance * Describe the purpose of the Microsoft Privacy Statement, Online Service Terms (OST) and Data Protection Amendment (DPA) * Describe the purpose of the Trust Center * Describe the purpose of the Azure compliance documentation * Describe the purpose of Azure Sovereign Regions (Azure Government cloud services and Azure China cloud Services) ## Identity * In computing "identity" is a representation of a person, application or device Examples of Identity: * John Henry Doe * * Monthly Payroll Application * The laser printer at 6th Floor West Usually requires a password, secret key or a certificate to prove that you are who you say you are Many Applications require you to log in to use some of its functionality ## How it's traditionally handled Client App/Web Browser/Mobile App --> USER ID, PASSWORD --> Server/Web Site --> DB * Traditionally, companies have written their own code to handle this * Some of the more famous "hacks" have been on custom created identity systems **Hacks:** * were storing passwords in plain text * were using a simple, reversible hash algorithm (MD5) * were storing the salt along with the data * not enforcing password change policies * not enforcing password complexity policies #### Azure provides an identity management system based on their popular "Active Directory" ## Azure Active Directory (Azure AD or AAD) * It's not the same as Active Directory * Traditional AD does not work with Internet Protocols (LDAP = does not work on internet) * Azure AD provides "identity as a service" * Instead of having to write code to handle users, passwords, passwords reset you have a middleman * Open Standards that work over internet: (SAML, OpenID, WS Federation)