Please enable JavaScript.
Coggle requires JavaScript to display documents.
Design for security in Azure (Identity Management (Single sign-on (SSO…
Design for security in Azure
Defense in
Depth
Zero Trust model
Security Layers
Shared Responsibility
Continuous Improvement
Azure Security
Center
Layered Approach
Confidentiality
Integrity
Availability
Identity Management
Identity as a layer of security
Single sign-on
SSO with Azure Active Directory
Synchronize directories with AD Connect
Authentication & access
Multi-factor authentication (know, possess, are)
Conditional access policies
Securing legacy applications
Azure AD Application Proxy
Working with consumer identities
Azure AD B2C
Infrastructure Protection
Criticality of infrastructure
Role-based access control
Roles and management groups
Privileged Identity Management
Azure AD Premium P2
Enterprise Mobility + Security (EMS) E5
Providing identities to services
Service principals
Managed identities for Azure resources
Encryption
Encryption Types
Symmetric
Asymetric
Encryption at rest
Encryption in transit
Identify and classify data
Restricted (SSN, CCN, personal health records)
Private (Address, Phone numbers, personal pref.)
Public (Product documentation for customers)
Identify applicable law, compiance and regulations
Encryption on Azure
Encrypting raw storage
Azure Storage Service Encryption (SSE)
Encrypting virtual machines
Azure Disk Encryption (ADE)
Encrypting databases
Transparent data encryption (TDE) - default on
Encrypting secrets
Azure Keyvault
Encrypting backups
automatically encrypted with AES256
Network Security
What is network security
Securing traffic flow
between applications and the internet
Securing traffic flow
amongst applications
Securing traffic flow
between users and the application
Layered approach
Internet protection
Virtual network security
Network Security Groups (NSG)
Network integration
Application Security
