Secure Cloud Solutions Flashcards
GRAPH
What is Microsoft Graph?
Is a gateway to data and intelligence in Microsoft 465, Windows 10 and Enterprise Mobility + Security
GRAPH
What apps does Graph work with?
(1) Office 365
(2) Excel
(3) Windows 10
(4) Calendar
(5) Enterprise Mobility + Security
(6) Mail
GRAPH
Features of Graph?
(1) Provides an unified programming model that you can use to access data in various apps
(2) Single End Point (https://graph.microsoft.com)
(3) Use REST API’s or SDK’s
Azure Key Vault
What components are in Azure Key Vault
(1) Keys
(2) Secrets
(3) Certificates
Azure Key Vault
Pricing Tiers
Standard and Premium
Premier contains Standard + HSM-protected
Azure Key Vault
PowerShell command to create an Key Vault
New-AzKeyVault
-VaultName $name
-ResourceGroupName $rgname
-Location $location
Azure Key Vault
Az Command to create a Secret in Key Vault
az keyvault secret
–name $name
[–description
–disabled
–encoding
–expires
–file
–not-before
–subscription
–tags
–value]
Azure Key Vault
Az Command to create a Key Vault
az keyvault create
–name
–resource-group
–location
Azure Key Vault
Authentication types for Azure Key Vault
(1) Use Azure AD App Registration
(2) Use Managed Identity
(3) Use Key Vault References
Azure Key Vault
What is the recommend option for Azure Key Vault
Managed Identity
Azure Key Vault
What is recommended option for Azure Key Vault for App Functions and App Services
Use Key Vault References
Azure Key Vault
What is the steps to assign Manage Identity
(1) After creating an App Service, click on “Identity” link and get the system system assigned identity (ObjectId)
(2) In Azure Key Vault, “Add Access Policy” and select the principal
(select the secret permissions)
Azure Key Vault
Describe a basic C# application to retrieve a secret
using Azure.Security.KeyVault.Secrets;
string url = “https://myvault.vault.azure.net;
SecretClient client = new SecretClient(new Uri(url), new DefaultAzureCredential());
string secret = client.GetSecretAsync(“secretmessage”).Result.Value;
Azure Key Vault
Accessing a secret in App Settings
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecrets/ec944ffg3992iff2)
Azure Key Vault
Steps to migrate app configurations to Key Vault
(1) Move configuration to Key Vault
(2) Create a system assigned identity for your app
(3) Update the configuration values with the KV reference syntax
(4) Deploy your App Service or Azure Function
(5) Give Get KV Secrets access to the app identity
(6) Verify app functionality