Azure Fundamentals part 5: Describe identity, governance, privacy, and compliance features
Secure access to your applications by using Azure identity services
Below is the knowledge check from the end of this module:
Tailwind Traders needs to ensure that only its workforce can access its growing set of cloud applications, both from any location and from any device.
In building out its plan, Tailwind Traders learns that:
- Authentication (AuthN) establishes the user’s identity.
- Authorization (AuthZ) establishes the level of access that an authenticated user has.
- Single sign-on (SSO) enables a user to sign in one time and use that credential to access multiple resources and applications.
- Azure Active Directory (Azure AD) is a cloud-based identity and access management service. Azure AD enables an organization to control access to apps and resources based on its business requirements.
- Azure AD Multi-Factor Authentication provides additional security for identities by requiring two or more elements to fully authenticate. In general, multifactor authentication can include something the user knows, something the user has, and something the user is.
- Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals such as the user’s location.
With these ideas in place, the software development and IT administrator teams can begin to replace their existing authentication systems with ones that use multiple factors and allow access to multiple applications.
Learn more
Here are more resources to help you go further:
- Compare Active Directory to Azure Active Directory
- Azure Active Directory
- What is single sign-on (SSO)?
- Azure Active Directory Seamless Single Sign-On
- What is Azure AD Connect?
- Azure AD Multi-Factor Authentication
- Azure AD Conditional Access
Build a cloud governance strategy on Azure
Below is the knowledge check from the end of this module:
You’ve been tasked with defining and implementing the governance strategy for Tailwind Traders.
Cloud governance requires good analysis and requirement gathering. Luckily, the Cloud Adoption Framework for Azure can help you define and implement your governance strategy. There are several services and features in Azure to support these efforts:
- Azure role-based access control (Azure RBAC) enables you to create roles that define access permissions.
- Resource locks prevent resources from being accidentally deleted or changed.
- Resource tags provide extra information, or metadata, about your resources.
- Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources.
- Azure Blueprints enables you to define a repeatable set of governance tools and standard Azure resources that your organization requires.
With these points in mind, you’re ready to take the next step toward building a good cloud governance strategy.
Learn more
The Control and organize Azure resources with Azure Resource Manager module is a good next step. There you’ll go deeper on how to use Azure Resource Manager to organize resources, enforce standards, and protect critical assets from deletion.
Here are additional resources to help you go further:
- Get started with the Cloud Adoption Framework for Azure.
- Learn more about Azure subscription and service limits, quotas, and constraints.
- Review the complete list of Azure built-in roles for Azure RBAC.
- To learn how Azure Policy can enforce tagging rules and conventions, see Assign policies for tag compliance.
- For recommendations on how to implement your own tagging strategy, see Resource naming and tagging decision guide.
- Explore additional Azure Policy samples.
- For a more advanced topic, see Creating a custom policy definition. This tutorial gets you started.
Examine privacy, compliance, and data protection standards on Azure
Below is the knowledge check from the end of this module:
In this module, you learned about Microsoft’s approach to privacy, security, and compliance. You explored resources specific to online services, including Azure, and how governments can use Azure to meet their specific security and compliance needs.
The security team at Tailwind Traders now has a better understanding of what resources are available to help it protect its data in the cloud and stay compliant:
- The Microsoft Privacy Statement provides trust in how Microsoft collects, protects, and uses customer data.
- The Trust Center provides you with documentation about compliance standards and how Azure can support your business.
- The Azure compliance documentation includes detailed information about legal and regulatory standards and compliance on Azure.
Keep in mind that compliance status for Azure products and services doesn’t automatically translate to compliance for the service or application you build or host on Azure. You’re responsible for ensuring that you achieve compliance with the legal and regulatory standards that you must follow.
Most services are the same on both Azure Government and global Azure. But there are some differences that you should be aware of. To learn more, compare Azure Government and global Azure.
Azure Fundamentals learning path
This module is part of the Azure Fundamentals part 5: Describe identity, governance, privacy, and compliance features learning path, which is one of six learning paths for Azure Fundamentals.
Here are the learning paths in this series:
- Azure Fundamentals part 1: Describe core Azure concepts
- Azure Fundamentals part 2: Describe core Azure services
- Azure Fundamentals part 3: Describe core solutions and management tools on Azure
- Azure Fundamentals part 4: Describe general security and network security features
- Azure Fundamentals part 5: Describe identity, governance, privacy, and compliance features
- Azure Fundamentals part 6: Describe Azure cost management and service level agreements