Please enable JavaScript.
Coggle requires JavaScript to display documents.
AZ-900 Describe identity, governance, privacy, and compliance features ,…
AZ-900
Describe identity, governance, privacy, and compliance features
Describe core Azure Identity Services
Authentication
Establish identity of person or service
Challenge person or service to proof who they are
Used to create service principle for access control
Authorisation
Establishes level of access for authenticated user or service
Do they have rights to data or service?
Azure Active Directory (AAD)
Authentication provider
Single Sign On
Sign in once, & use identity across various services/apps
Application Management
Device Management
Can connect to On Prem AD via AD Connect
Multi Factor Authentication (MFA)
Combines username/pass with something user has
eg. biometric, auth app or one time code
Conditional Access
Combines signals (idnenity properites) to decide if user has access
Eg. location of PC for some apps might be restricted
only allow access to services from certain apps rather than all
Describe Governance features
Role-Based Access Control
Ability to restrict roles to certain apps, services or data
Can define scope across Management groups, subscriptions, resource group or resource
Hierarchical, top level allows access to those below
Resource Locks
Prevents change or deletion of resource
Canotdelete (can change but not modify)
ReadOnly (no change to resource config or delete)
Hierarchical, apply to group for all resources in group
Tags
Organise resources by providing custom tags
Add by portal, api, or policy
Can retriece all resources with a tag, across groups or subscriptions
Azure Policy
Specify requirements for resources, like VM size, locations, mfa etc
Multiple policies form initiative
Blueprints
Orchestrates deployment of policies, roles, ARM templates, reousce groups across subscriptions
Templates for various industry standards available
Cloud Adoption Framework
Proven tools, practices and documentation for successful Cloud adoption
Define
Plan
Ready
Adopt
Govern
Manage
Describe Privacy & Compliance Resources
Compliance Terms
Industry standard definitions as well as governmental or regional
Each one builds on core security, but is certified
Privacy Statement
WHat data is collated, how MS uses it & Why
Online Services Terms\
agreement between MS & customer, describing obligations of both parties
Data Protection Addendum
Additional Data processing & security terms depending on sector/region
Trust Centre
All policies, compliance & features etc for all MS products and services
Azure Compliance Documentation
Repository of all the standards and how they apply
Azure Sovereign regions
Government (US)
Physical seperation from non-gov.
Screen personnel
China
Only local companies can do cloud services
Wholley seperate & run by Vianet
Created by
LinkeD365