Skip to main content

Authentication vs Authorization

Authentication

  • Tries to identify the person or service seeking access to resource.
  • Requests access credentials.
  • Basis for creating secure identity and access control principles.

Authorization

  • Determines the authenticated person's or service's access level.
  • Defines what they can do with the accessible data.

Azure Multi-Factor Authentication

Provides additional security for your identities by requiring two or more elements for full authentication.

Something you know <---> Something you possess <---> Something you are

Azure Active Directory

Azure Active Directory is Microsoft Azure's cloud-based identity and access management service.

  • Enables employees to sign in and access resources securely.
  • Allows users to sign in once and access multiple applications without any need to sign in again.
  • Provides tools to manage access to various applications within the organization.
  • Facilitates collaboration by allowing external partners and vendors to access resources securely.
  • Manages customer identities and allows them to sign in and access services.
  • Ensures that only authorized and compliant devices can access resources.

Conditional Access

Conditional Access helps enforce organizational policies by considering various signals to decide when and how users can access resources.

  • Policies can apply to specific users or groups.
  • Access can be restricted based on the user's IP address.
  • Policies can require that access is only granted from specific devices.
  • Access can be controlled based on the application being used.
  • Uses signals to detect potential risks and adjust access policies accordingly. Example: If a user signs in from an unfamiliar location, they might be prompted for additional verification.

Role-based Access Control(RBAC)

RBAC is a system used to manage who has access to Azure resources and what they can do with them.

  • You can control permissions at a detailed level. Example: Allowing a user to view a database but not edit it.
  • Divides responsibilities to minimize the risk of errors or misuse.
  • Users get only the permissions they need to do their jobs.
  • Controls access to the Azure management interface. Example: Admins can manage all resources, while developers see only their projects.

Resource Locks

  • Resource locks are a way to protect your Azure resources from accidental deletion or modification.
  • Locks can be applied at different levels: subscription, resource group, or individual resource.
  • Lock type: CanNotDelete, ReadOnly

Tags

  • Tags are metadata elements you can apply to your Azure resources to help organize and manage them.
  • Tags help you organize resources into a taxonomy, making it easier to manage and search.
  • Each tag consists of a name and a value.
  • Tags are very useful for rolling up billing information. Example: Tagging resources by cost center to track expenses per department.

Azure Policy

Azure Policy is a service in Microsoft Azure that helps you set rules for how your Azure resources (like virtual machines, databases, and storage accounts) should be configured and used. Think of it as a way to make sure that everyone in your organization follows the same rules for managing their Azure resources.

  • Azure Policy evaluates your resources against the rules you’ve set.
  • Azure Policy comes with pre-defined policies and initiatives that cover common scenarios like security and cost management.
  • For example, there are policies to ensure that only certain types of virtual machines are used, or to make sure that encryption is enabled for storage accounts.

Azure Blueprints

Azure Blueprints is a service that helps you set up new Azure environments quickly and consistently. It’s like a template for creating and managing all the things you need for a new project or environment in Azure. Azure Blueprints allows you to create new environments (like development or production) quickly by using a predefined set of resources and rules. It helps you make sure that your new environments follow organizational standards and compliance requirements.

  • Assign roles to users or groups to define who can access or manage resources.
  • Apply policies to enforce rules for resources.
  • Templates that describe the resources needed for your environment. These templates define what resources to create (like VMs, networks, databases) and how to configure them.
  • Organize resources into logical groups.

Cloud Adoption Framework

The Cloud Adoption Framework is a set of best practices, tools, and guidance from Microsoft. It helps you plan, implement, and manage your cloud strategy effectively.

  • Tools for managing your cloud environment.
  • Guidance for creating a plan and strategies for moving to Azure.
  • Helps you with everything from initial planning to ongoing management.

Security, Privacy and Compliance

Security

Security in Azure is about keeping your data and applications safe from threats and attacks.

  • Azure is built with security as a top priority from the start.
  • Uses automation and artificial intelligence (AI) to detect and prevent threats.
  • Helps protect against known (like malware) and unknown (like new types of attacks) cyberthreats.

Privacy

Privacy is about ensuring that your data is handled confidentially and that you have control over it.

  • Microsoft provides contracts that define how your data is used and protected.
  • You have control over your data and can see how it is being used.

Compliance

Compliance refers to following laws, regulations, and standards for data security and management. Microsoft follows local laws and international regulations to ensure legal compliance.

Compliance Terms and Requirements

Microsoft provides the most comprehensive set of compliance offerings (including certifications and attestations) of any cloud service provider.

  • CJIS: Criminal Justice Information Services
  • HIPAA: Health Insurance Portability and Accountability Act
  • CSA STAR Certification
  • ISO/TEC 27018
  • EU Model Clauses
  • NIST: National Institute of Standards and Technology

Microsoft Privacy Statement

The Microsoft Privacy Statement is a document that explains how Microsoft handles user data collected from its products and services. It is designed to be transparent and honest about data practices. The Privacy Statement explains three main things about your data:

  • Data that Microsoft collects from you when you use their products and services.
  • The methods and procedures Microsoft uses to handle your data.
  • The reasons why Microsoft collects and processes your data.

Online Services Terms and Data Protection Addendum

Online Services Terms: A set of rules and conditions for using Microsoft products and services you buy through Volume Licensing. Data Protection Addendum: A document that explains Microsoft’s responsibilities for handling and protecting your data.

Trust Center

A website by Microsoft where you can find information about the security, privacy, and compliance of their cloud products.

  • In-Depth Information: Detailed explanations about how Microsoft handles security, privacy, and compliance.
  • Recommended Resources: A list of useful materials organized by topic to help you find what you need.
  • Role-Specific Info: Information tailored for different roles, like business managers, administrators, engineers, and legal teams.

Azure Compliance Documentation

A collection of resources from Microsoft that helps you meet legal and industry standards for handling data.

Azure Sovereign Regions (US Government Services)

A special version of Azure designed to meet the security and compliance needs of US government agencies and their partners.

  • Separate Instance: A distinct version of Azure just for US government use.
  • Physically Isolated: Completely separate from Azure services for non-US government customers.
  • Restricted Access: Only authorized, screened personnel can access this environment.

Azure Sovereign Regions (Azure China)

A version of Azure specifically for China, operated in compliance with Chinese government regulations.

  • Physically Separate: A distinct Azure environment operated by a local partner, 21Vianet, separate from the global Azure cloud.
  • Data Compliance: All data remains within China to meet local regulations.