Please enable JavaScript.
Coggle requires JavaScript to display documents.
5. Describe identity, governance, privacy, and compliance features (15…
5. Describe identity, governance, privacy, and compliance features (15-20%)
5.1 Describe core Azure identity services
Azure Active Directory-
A cloud-based identity service in Azure that can help you authenticate and authorize users.
Azure AD can give users access to Azure resources, also give users access to third party resources used by your company and on-premises resources, all using the same username and password.
Users can be assigned to groups; Groups make it easier to manage a larger number of similar users.
Azure AD B2B (business-to business) collaboration that allows you to add users who don’t belong to your company.
Azure AD B2C allows to give users access to Azure AD apps by signing in with existing accounts, such as a Facebook or Google account.
Conditional Access-
Azure Conditional Access allows you to create policies that are applied against users. These policies use assignments and access controls to configure access to your resources.
Multifactor authentication (MFA)
-The concept behind multifactor authentication is that you must authenticate using a combination of:
Something you know, such as a username and password
Something you have, such as a phone or mobile device
Something you are, such as facial recognition or a fingerprint
Single sign-on (SSO)
-With SSO users can access corporate resources at their companies without having to enter a username and password. Instead , they are authenticated using the log-in credentials they supplied when logging into the device.
For a device to work with SSO, it must be joined to Azure AD.
SSO to on-premise resources is implemented using a component called Azure AD Connect.
Authentication
- The act of determining who is accessing a
resource.
Authorization
- is the act of enforcing what the authenticated user can and cannot do.
5.2 Describe Azure Governance Features
Role-based access control (RBAC)-
A generic term that refers to the concept of authorizing users to a system that is based on defined roles to which the user belongs.
Resource locks-
used to prevent changes to a resource or prevent that resource from being deleted.
Tags-
Consists of a name and a value and is used to organize resources. You can apply a tag to most Azure resources, not just resource groups is also used to organize Azure billing expenses.
Azure Policy-
Allows one to define rules that are applied when Azure resources are created and managed.
Azure Blueprints-
A service that can make the process of deploying to the cloud easier.
Cloud Adoption Framework for Azure-
Brings together all the best practices from Microsoft employees, Microsoft partners, and lessons learned from Microsoft customers
5.3 Describe privacy and compliance resources
Security, Privacy and Compliance-
Three pillars of trust between you and your cloud provider. Microsoft respects these standards and provides tools related to each.
Online Service Terms (OST)-
Outlines what one can and cannot use a service for and ensuring that no one uses Microsoft services to cause harm to someone else.
Data Protection Addendum (DPA)-
outlines the data processing and security terms when using Microsoft services.
Trust Center-
A web portal where you can learn all about Microsoft’s approach to security, privacy, and compliance
Azure compliance documentation-
Comprehensive documentation on regulations from around the globe
Azure sovereign regions-
Microsoft developed completely isolated Azure data centers that make up the Azure Government cloud.
Microsoft operates another separate cloud in China called Microsoft Azure China.