Identity, Governance, Privacy, and Compliance Flashcards
Authentication
- Identifies the person or service seeking access to a resource
- Requests legitimate access credentials
- Basis for creating secure identity and access control principles
Authorization
- Determines and authenticated person’s or service’s level of access
- Defines which data they can access and what they can do with it
Azure Multi-Factor Authentication
Provides additional security for your identities by requiring two or more elements for full authentication. (something you know, possess, are).
Azure Active Directory (AAD)
Microsoft Azure’s cloud-based identity and access management service.
• Authentication (employees sign-in to access resources).
• Single sign-on (SSO).
• Application management.
• Business to Business (B2B).
• Business to Customer (B2C) identity services.
• Device management.
Conditional Access
Used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies. • User or Group Membership • IP Location • Device • Application • Risk Detection
Role-Based Access Control (RBAC)
- Fine-grained access management
- Segregate duties within the team and grant only the amount of access to users that they need to perform their jobs
- Enables access to the Azure portal and controlling access to resources
Resource Locks
Protect your Azure resources from accidental deletion or modification. Manage locks at subscription, resource group, or individual resource levels within Azure Portal.
Tags
- Provides metadata for your Azure resources.
- Logically organizes resources into a taxonomy.
- Consists of a name-value pair.
- Very useful for rolling up billing information.
Azure Policy
Helps to enforce organizational standards and to assess compliance at scale. Provides governance and resource consistency with regulatory compliance, security, cost, and management.
• Evaluates and identifies Azure resources that do not comply with your policies.
• Provides built-in policy and initiative definitions, under categories such as Storage, Networking, Compute, Security
Center, and Monitoring.
CanNotDelete Lock Type
Read - Yes
Update - Yes
Delete - No
ReadOnly Lock Type
Read - Yes
Update - No
Delete - No
Azure Blueprints
• Makes it possible for development teams to rapidly build and stand up new environments.
• Development teams can quickly build trust through organizational compliance with a set of built-in components
(such as networking) in order to speed up development and delivery.
Azure Blueprints Functionality
- Role Assignments
- Policy Assignments
- Azure Resource Manager Templates
- Resource Groups
Cloud Adoption Framework
- Strategy – define biz justification and expected outcomes
- Migrate – migrate and modernize existing workloads
- Manage – operations mgmt. for cloud and hybrid solutions
- Plan – align actionable adoption plans to biz outcomes
- Innovate – develop new cloud-native or hybrid solutions
- Ready – prepare the cloud environ for planned changes
- Govern – govern environment and workloads
Security
• Secure by design.
• With built in intelligent security, Microsoft helps to protect against known and unknown cyberthreats, using
automation and artificial intelligence.
