4 - Implement Azure security (10-15%).md

Implement Azure security (10-15%)

You may want to consider taking the Microsoft Implementing Authentication and Secure Data course.

Implement authentication

• Implement authentication by using certificates, forms-based authentication, or tokens
  • What is authentication?
  • What are authentication methods?
• Implement multi-factor or Windows authentication by using Azure AD
  • Deploy cloud-based Azure Multi-Factor Authentication
  • Configure Azure Multi-Factor Authentication settings
• Implement OAuth2 authentication
  • Authorize access to Azure Active Directory web applications using the OAuth 2.0 code grant flow
• Implement Managed Service Identity (MSI)/Service Principal authentication
  • What is managed identities for Azure resources?
  • Use a Windows VM system-assigned managed identity to access Resource Manager
  • Use a Linux VM system-assigned managed identity to access Azure Resource Manager

Implement access control

• Implement CBAC (Claims-Based Access Control) authorization
  • Claims-based Authorization
  • A Guide to Claims-Based Identity and Access Control, Second Edition - Book Download
  • Azure Identity Management and access control security best practices
• Implement RBAC (Role-Based Access Control) authorization
  • Understand role definitions for Azure resources
  • What is role-based access control (RBAC) for Azure resources?
  • Tutorial: Grant a user access to Azure resources using RBAC and the Azure portal
  • Tutorial: Grant a user access to Azure resources using RBAC and Azure PowerShell
  • Tutorial: Create a custom role for Azure resources using Azure CLI
  • Complete all five tutorials
• Create shared access signatures
  • Using shared access signatures (SAS)
  • Shared Access Signatures, Part 2: Create and use a SAS with Blob storage
  • Getting Started with Shared Access Signatures (SAS)

Implement secure data solutions

• Encrypt and decrypt data at rest and in transit
  • Define data protection strategy for your hybrid identity solution
• Create, read, update, and delete keys, secrets, and certificates by using the KeyVault API
  • What is Azure Key Vault?
  • Azure Key Vault Developer's Guide