Please enable JavaScript.
Coggle requires JavaScript to display documents.
(70-535) - 4 - Design Security and Identity Solutions (20-25%) (a. Design…
(70-535) - 4 - Design Security and Identity Solutions (20-25%)
a. Design an identity solution
Design AD Connect synchronization
design federated identities using Active Directory Federation Services (AD FS)
design solutions for Multi-Factor Authentication (MFA)
design an architecture using Active Directory on-premises and Azure Active Directory (AAD)
determine when to use Azure AD Domain Services
design security for Mobile Apps using AAD
b. Secure resources by using identity providers
Design solutions that use external or consumer identity providers such as Microsoft account, Facebook, Google, and Yahoo
determine when to use Azure AD B2C and Azure AD B2B
design mobile apps using AAD B2C or AAD B2B
c. Design a data security solution
Design data security solutions for Azure services
determine when to use Azure Storage encryption, Azure Disk Encryption, Azure SQL Database security capabilities, and Azure Key Vault
design for protecting secrets in ARM templates using Azure Key Vault
design for protecting application secrets using Azure Key Vault
design a solution for managing certificates using Azure Key Vault
design solutions that use Azure AD Managed Service Identity
d. Design a mechanism of governance and policies for administering Azure resources
Determine when to use Azure RBAC standard roles and custom roles
define an Azure RBAC strategy
determine when to use Azure resource policies
determine when to use Azure AD Privileged Identity Management
design solutions that use Azure AD Managed Service Identity
determine when to use HSM-backed keys
e. Manage security risks by using an appropriate security solution
Identify, assess, and mitigate security risks by using Azure Security Center, Operations Management Suite Security and Audit solutions, and other services; determine when to use Azure AD Identity Protection
determine when to use Advanced Threat Detection
determine an appropriate endpoint protection strategy