AZ 900 Obj 3 - Security, Privacy, and Compliance
Difference between authentication and authorization
-Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it
use cases and benefits of Azure Monitor and Azure Service Health
-Azure monitor is for reviewing the metrics about your services. -Azure Service Health is for information about Azure Datacenters, planned maintenances and changes to azure services that require your attention.
Azure Trust Center
-Security - Learn how all the Microsoft Cloud services are secured. • Privacy - Understand how Microsoft ensures privacy of your Data in the Microsoft cloud. • Compliance - Discover how Microsoft helps organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals' data. • Transparency - View how Microsoft believes that you control your data in the cloud and how Microsoft helps you know as much as possible about how that data is handled. • Products and Services - See all the Microsoft Cloud products and services in one place • Service Trust Portal - Obtain copies of independent audit reports of Microsoft cloud services, risk assessments, security best practices, and related materials.
Azure Germany services
-is a physically isolated instance of Microsoft Azure. It uses world-class security and compliance services that are critical to German data privacy regulations for all systems and applications built on its architecture. Operated by a data trustee, Azure Germany supports multiple hybrid scenarios for building and deploying solutions on-premises or in the cloud
Azure Firewall
-managed, cloud-based network security service that protects your Azure Virtual Network resources. -It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability -uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network
Azure DDoS Protection
A DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users. -There are two service tiers: Basic & Standard. Basic is the automatically included level
Locks
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
Azure Active Directory
Cloud-based identity service and it has built in support for synchronizing with your existing on-premises Active Directory or can be used stand-alone. -Azure AD is not Windows Server Active Directory running on Virtual Machines in Microsoft Azure -Provides services such as Authentication, Single Sign On, Application management, B2B Identity Services, Device Management.
NIST
Its mission is to promote innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement.
Compliance Manager
Microsoft Cloud solution that helps you meet complex compliance obligations with ongoing risk assessments, actionable insights, and a simplified compliance process.
Role-Based Access Control (RBAC)
Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. • Here are some examples of what you can do with RBAC: o Allow one user to manage virtual machines in a subscription and another user to manage virtual networks o Allow a DBA group to manage SQL databases in a subscription o Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets o Allow an application to access all resources in a resource group
GDPR
The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU
Service Trust Portal
The Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data therein.
Microsoft Privacy Statement
This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.
Network Security Group - NSG
allows or denies inbound network traffic to your Azure resources
Azure Service Health
customizable dashboard which tracks the health of your Azure services in the regions where you use them
Azure Government services
delivers a dedicated cloud enabling government agencies and their partners to transform mission-critical workloads to the cloud. -handles data that is subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. In order to provide you with the highest level of security and compliance, Azure Government uses physically isolated datacenters and networks (located in U.S. only).
Azure Advisor security assistance
has a security recommendation section which provides a consolidated view of recommendations for all your Azure resources. It integrates with Azure Security Center to bring you security recommendations. You can get security recommendations from the Security tab on the Advisor dashboard. prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources
ISO
international standard-setting body composed of representatives from various national standards organizations.
Azure Advanced Threat Protection (ATP)
is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to: o Monitor users, entity behavior, and activities with learning-based analytics o Protect user identities and credentials stored in Active Directory o Identify and investigate suspicious user activities and advanced attacks throughout the kill chain o Provide clear incident information on a simple timeline for fast triage
Azure Information Protection (AIP)
is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
Azure governance methodologies
is a service in Azure that you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. evaluating your resources for non-compliance with assigned policies
Azure Monitor
maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on
Azure Multi-Factor Authentication
provides additional security for your identities by requiring two or more elements for full authentication. These elements fall into three categories: Something you know - Example: Password or pin Something you possess - Example: Your Phone Something you are - Example: Fingerprint, Face Scan, Eye Scan
Azure Security center usage scenarios
unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.
Key Vault
use Key Vault to safeguard and manage cryptographic keys and secrets used by cloud applications and services • Secrets Management • Key Management (Encryption Keys) • Certificate Management • Store secrets backed by Hardware Security Modules
