Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 3 - Identity Services, Security Tools & Features (Multi Factor…
Module 3 - Identity Services, Security Tools & Features
-
Authentication is the process of establishing the identity of a person or service looking to access a resource
Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it.
Azure AD
Internal resources might include apps on your corporate network and intranet, along with any cloud apps developed by your own organization
External resources might include Microsoft Office 365, the Azure portal, and thousands of other software as a service (SaaS) applications
Services
Authentication. This includes verifying identity to access applications and resources, and providing functionality such as self-service password reset, multi-factor authentication (MFA), a custom banned password list, and smart lockout services.
Single-Sign-On (SSO). SSO enables users to remember only one ID and one password to access multiple applications. A single identity is tied to a user, simplifying the security model.
Application management. You can manage your cloud and on-premises apps using Azure AD Application Proxy, SSO, the My apps portal (also referred to as Access panel), and SaaS apps.
Business to business (B2B) identity services. Manage your guest users and external partners while maintaining control over your own corporate data
Business-to-Customer (B2C) identity services. Customize and control how users sign up, sign in, and manage their profiles when using your apps with services.
-
Multi Factor Auth (MFA)
-
Something you possess might be a mobile app that receives a notification, or a token-generating device.
Something you are is typically some sort of biometric property, such as a fingerprint or face scan used on many mobile devices.
-
-
-
Azure Security Center
Features
Provide security recommendations based on your configurations, resources, and networks.
Monitor security settings across on-premises and cloud workloads, and automatically apply required security to new services as they come online.
Continuously monitor all your services and perform automatic security assessments to identify potential vulnerabilities before they can be exploited.
Use machine learning to detect and block malware from being installed on your virtual machines and services. You can also define a list of allowed applications to ensure that only the apps you validate can execute.
Analyze and identify potential inbound attacks and help to investigate threats and any post-breach activity that might have occurred.
Provide just-in-time access control for ports, reducing your attack surface by ensuring the network only allows traffic that you require.
Versions
Free. Available as part of your Azure subscription, this tier is limited to assessments and recommendations of Azure resources only.
Standard. This tier provides a full suite of security-related services including continuous monitoring, threat detection, just-in-time access control for ports, and more.
Key Vault
Usage Scenarios
Secrets management. You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, Application Programming Interface (API) keys, and other secrets.
Key management. You also can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys used to encrypt your data.
Certificate management. Key Vault lets you provision, manage, and deploy your public and private Secure Sockets Layer/ Transport Layer Security (SSL/ TLS) certificates for your Azure, and internally connected, resources more easily.
Store secrets backed by hardware security modules (HSMs). The secrets and keys can be protected either by software, or by FIPS 140-2 Level 2 validated HSMs.
Benefits
Centralized application secrets. Centralizing storage for application secrets allows you to control their distribution and reduces the chances that secrets may be accidentally leaked.
Securely stored secrets and keys. Azure uses industry-standard algorithms, key lengths, and HSMs, and access requires proper authentication and authorization.
Monitor access and use. Using Key Vault, you can monitor and control access to company secrets.
Simplified administration of application secrets. Key Vault makes it easier to enroll and renew certificates from public Certificate Authorities (CAs). You can also scale up and replicate content within regions and use standard certificate management tools.
Integrate with other Azure services. You can integrate Key Vault with storage accounts, container registries, event hubs and many more Azure services.
-