Azure Fundamentals -Module 5
Azure Sovereign Regions
a physically separated instance of cloud services located in China.
Azure Government
a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. -offers physical isolation from non-US government deployments and provides screened US personnel. services handle data that is subject to certain government regulations and requirements: -Federal Risk and Authorization Management Program (FedRAMP) -National Institute of Standards and Technology (NIST) 800.171 Defense Industrial Base (DIB) -International Traffic in Arms Regulations (ITAR) -Internal Revenue Service (IRS) 1075 -Department of Defense (DoD) L4 -Criminal Justice Information Service (CJIS)
Authorization
establishes the user's identity, but is the process of establishing what level of access an authenticated person or service has. -It specifies what data they're allowed to access and what they can do with it.
Data Protection Addendum (DPA)
further defines the data processing and security terms for online services. These terms include: -Compliance with laws. -Disclosure of processed data. -Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing. -Data transfer, retention, and deletion.
Azure compliance documentation
includes detailed information about legal and regulatory standards and compliance on Azure. Here you find compliance offerings across these categories: -Global -US government -Financial services -Health -Media and manufacturing -Regional
Online Services Terms (OST)
is a legal agreement between Microsoft and the customer. -The ____ details the obligations by both parties with respect to the processing and security of customer data and personal data. -The _____ applies specifically to Microsoft's online services that you license through a subscription, including Azure, Dynamics 365, Office 365, and Bing Maps.
multifactor authentication (MFA) [Identity service]
is a process where a user is prompted during the sign-in process for an additional form of identification. -Examples include a code on their mobile phone or a fingerprint scan. -Something the user knows - Email address & password -Something the user has - Code on separate device -Something the user is - Biometrics
Azure Conditional Access [Identity service]
is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from. Conditional Access helps IT administrators: Empower users to be productive wherever and whenever. Protect the organization's assets.
Authentication
is the process of establishing the identity of a person or service that wants to access a resource. -It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control. -It establishes whether the user is who they say they are.
Resource Lock [Resource management tool]
prevents resources from being accidentally deleted or changed -You can apply locks to a subscription, a resource group, or an individual resource. You can set the lock level to CanNotDelete or ReadOnly.
Azure Compliance documentation
provides you with detailed documentation about legal and regulatory standards and compliance on Azure. Here you find compliance offerings across these categories: -Global -US government -Financial services -Health -Media and manufacturing -Regional
Azure Role-Based Access Control (RBAC) [Resource management tool]
-Azure provides built-in roles that describe common access rules for cloud resources. You can also define your own roles. Each role has an associated set of access permissions that relate to that role. When you assign individuals or groups to one or more roles, they receive all of the associated access permissions. -is applied to a scope, which is a resource or set of resources that this access applies to. Use _____when you need to: -Allow one user to manage VMs in a subscription and another user to manage virtual networks. -Allow a database administrator group to manage SQL databases in a subscription. -Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets. -Allow an application to access all resources in a resource group. -You manage access permissions on the Access control (IAM) pane in the Azure portal. This pane shows who has access to what scope and what roles apply. You can also grant or remove access from this pane.
Azure Active Directory (AAD) [Identity service]
-Microsoft's cloud-based identity and access management service. -you control the identity accounts, but Microsoft ensures that the service is available globally. Provides: -Authentication -Single Sign-On (SSO) -Application management -Device management
single sign-on (SSO)
-enables a user to sign in one time and use that credential to access multiple resources and applications from different providers.
Azure Policy [GRC service]
-enables you to define both individual policies and groups of related policies, known as initiatives. -evaluates your resources and highlights resources that aren't compliant with the policies you've created. -can also prevent noncompliant resources from being created. -comes with a number of built-in policy and initiative definitions that you can use, under categories such as Storage, Networking, Compute, Security Center, and Monitoring. Implementing a policy involves these three steps: -Create a policy definition. -Assign the definition to resources. -Review the evaluation results.
Microsoft Trust Center
-provides you with documentation about compliance standards and how Azure can support your business. -showcases Microsoft's principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. -is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community.
Cloud Adoption Framework (CAF)
-provides you with proven guidance to help with your cloud adoption journey. -helps you create and implement the business and technology strategies needed to succeed in the cloud. includes these stages: 1. Define your strategy. 2. Make a plan. 3. Ready your organization. 4. Adopt the cloud. 5. Govern and manage your cloud environments.
Azure Blueprints [GRC service]
-you can define a repeatable set of governance tools and standard Azure resources that your organization requires. In this way, development teams can rapidly build and deploy new environments with the knowledge that they're building within organizational compliance with a set of built-in components that speed the development and deployment phases. Orchestrates the deployment of various resource templates and other artifacts, such as: -Role assignments -Policy assignments -Azure Resource Manager templates -Resource groups -the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.
Resource tags [Resource management tool]
Allow you to apply custom metadata to your Azure resources to logically organize them and build out custom taxonomies. Useful for: -Resource Management -Cost management & optimization -Operations management -Security -Governance & regulatory compliance -Workload optimization & automation
Microsoft Privacy Statement
Explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes. Covers all of Microsoft's services, websites, apps, software, servers, and devices. This list ranges from enterprise and server products to devices that you use in your home to software that students use at school.
Define your strategy [step 1 in CAF]
Here, you answer why you're moving to the cloud and what you want to get out of cloud migration. -Do you need to scale to meet demand or reach new markets? -Will it reduce costs or increase business agility? -When you define your cloud business strategy, you should understand cloud economics and consider business impact, turnaround time, global reach, performance, and more.
Govern and manager your cloud environments [step 5 in CAF]
Here, you begin to form your cloud governance and cloud management strategies. As the cloud estate changes over time, so do cloud governance processes and policies. You need to create resilient solutions that are constantly optimized.
Adopt the cloud [step 4 in CAF]
Here, you begin to migrate your applications to the cloud. Along the way, you might find ways to modernize your applications and build innovative solutions that use cloud services. -The Cloud Adoption Framework breaks this stage into two parts: migrate and innovate.
Make a plan [step 2 in CAF]
Here, you build a plan that maps your aspirational goals to specific actions. A good plan helps ensure that your efforts map to the desired business outcomes.
Ready your organization [step 3 in CAF]
Here, you create a landing zone, or an environment in the cloud to begin hosting your workloads.
