Overview

Describe Identity, Governance, Privacy and Compliance Features (20-25%)

Describe core Azure Identity Services

  • Explain the difference between authentication and authorization

  • Define Azure Active Directory

  • Describe the functionality and usage of Azure Active Directory

  • Describe the functionality and usage of Conditional Access, Multi-Factor Authentication (MFA) and Single Sign-On (SSO)

Describe Azure governance features

  • Describe the functionality and usage of Role-Based Access Control (RBAC)

  • Describe the functionality and usage of resource locks

  • Describe the functionality and usage of tags

  • Describe the functionality and usage of Azure Policy

  • Describe the functionality and usage of Azure Blueprints

  • Describe the Cloud Adoption Framework for Azure

Describe privacy and compliance resources

  • Describe the Microsoft core tenets of Security, Privacy and Compliance

  • Describe the purpose of the Microsoft Privacy Statement, Online Service Terms (OST) and Data Protection Amendment (DPA)

  • Describe the purpose of the Trust Center

  • Describe the purpose of the Azure compliance documentation

  • Describe the purpose of Azure Sovereign Regions (Azure Government cloud services and Azure China cloud Services)

Identity

  • In computing "identity" is a representation of a person, application or device

Examples of Identity:

  • John Henry Doe

  • johndoe@example.com

  • Monthly Payroll Application

  • The laser printer at 6th Floor West

Usually requires a password, secret key or a certificate to prove that you are who you say you are

Many Applications require you to log in to use some of its functionality

How it's traditionally handled

Client App/Web Browser/Mobile App --> USER ID, PASSWORD --> Server/Web Site --> DB

  • Traditionally, companies have written their own code to handle this

  • Some of the more famous "hacks" have been on custom created identity systems

Hacks:

  • were storing passwords in plain text

  • were using a simple, reversible hash algorithm (MD5)

  • were storing the salt along with the data

  • not enforcing password change policies

  • not enforcing password complexity policies

Azure Active Directory (Azure AD or AAD)

  • It's not the same as Active Directory

  • Traditional AD does not work with Internet Protocols (LDAP = does not work on internet)

  • Azure AD provides "identity as a service"

  • Instead of having to write code to handle users, passwords, passwords reset you have a middleman

  • Open Standards that work over internet: (SAML, OpenID, WS Federation)

Last updated