eBook - ePub

Microsoft Azure Security Technologies (AZ-500) - A Certification Guide

Name: Microsoft Azure Security Technologies (AZ-500) - A Certification Guide
Author: Jayant Sharma

Get qualified to secure Azure AD, Network, Compute, Storage and Data services through Security Center, Sentinel and other Azure security best practices

Jayant Sharma

Share book

English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Microsoft Azure Security Technologies (AZ-500) - A Certification Guide

Get qualified to secure Azure AD, Network, Compute, Storage and Data services through Security Center, Sentinel and other Azure security best practices

Jayant Sharma

Book details

Book preview

Table of contents

Citations

About This Book

With Azure security, you can build a prosperous career in IT security.

Key Features
? In-detail practical steps to fully grasp Azure Security concepts.
? Wide coverage of Azure Architecture, Azure Security services, and Azure Security implementation techniques.
? Covers multiple topics from other Azure certifications (AZ-303, AZ-304, and SC series).

Description
'Microsoft Azure Security Technologies (AZ-500) - A Certification Guide' is a certification guide that helps IT professionals to start their careers as Azure Security Specialists by clearing the AZ-500 certification and proving their knowledge of Azure security services. Authored by an Azure security professional, this book takes readers through a series of steps to gain a deeper insight into Azure security services.This book will help readers to understand key concepts of the Azure AD architecture and various methods of hybrid authentication. It will help readers to use Azure AD security solutions like Azure MFA, Conditional Access, and PIM. It will help readers to maintain various industry standards for an Azure environment through Azure Policies and Azure Blueprints. This book will also help to build a secure Azure network using Azure VPN, Azure Firewall, Azure Front Door, Azure WAF, and other services. It will provide readers with a clear understanding of various security services, including Azure Key vault, Update management, Microsoft Endpoint Protection, Azure Security Center, and Azure Sentinel in detail.This book will facilitate the improvement of readers' abilities with Azure Security services to sprint to a rewarding career.

What you will learn
? Configuring secure authentication and authorization for Azure AD identities.
? Advanced security configuration for Azure compute and network services.
? Hosting and authorizing secure applications in Azure.
? Best practices to secure Azure SQL and storage services.
? Monitoring Azure services through Azure monitor, security center, and Sentinel.
? Designing and maintaining a secure Azure IT infrastructure.

Who this book is for
This book is for security engineers who want to enhance their career growth in implementing security controls, maintaining the security posture, managing identity and access, and protecting data, applications, and networks of Microsoft Azure. Intermediate-level knowledge of Azure terminology, concepts, networking, storage, and virtualization is required.

Table of Contents
1. Managing Azure AD Identities and Application Access
2. Configuring Secure Access by Using Azure Active Directory
3. Managing Azure Access Control
4. Implementing Advance Network Security
5. Configuring Advance Security for Compute
6. Configuring Container Security
7. Monitoring Security by Using Azure Monitor
8. Monitoring Security by Using Azure Security Center
9. Monitoring Security by Using Azure Sentinel
10. Configuring Security for Azure Storage
11. Configuring Security for Azure SQL Databases

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Microsoft Azure Security Technologies (AZ-500) - A Certification Guide an online PDF/ePUB?

Yes, you can access Microsoft Azure Security Technologies (AZ-500) - A Certification Guide by Jayant Sharma in PDF and/or ePUB format, as well as other popular books in Informatik & MCSE. We have over one million books available in our catalogue for you to explore.

Information

Publisher

BPB Publications

Year

2021

ISBN

9789389898811

Topic

Informatik

Subtopic

MCSE

CHAPTER 1 Managing Azure AD Identities and Application Access

In this chapter, you will learn how, as a Microsoft Azure security engineer, you can check whether Azure Active Directory (AD) is configured securely to serve as an identity store for your Azure-based cloud applications. In this chapter, there are some of the major topics that we will cover such as administering Azure AD users and groups, configuring authentication methods in Azure AD, and configuring application registrations in Azure AD. By the end of this chapter, you will be able to improve your company’s Azure AD security posture. Along with these major topics, we will also go through architecture and building block of Azure AD. Let’s start the journey to learn Azure AD application security with the configuring Azure AD for Microsoft Azure Workloads.

Azure AD is a cloud-based identity and access management tool provided by Microsoft. This helps you to provide authentication and authorization capabilities for your users. This can be used by IT administrators, application developers, Office 365, Microsoft 365 subscribers, and many more. There are different kinds of licenses of Azure AD. They provide different features; you can buy the license based on your business requirement. The available licenses are Azure AD Free, Azure AD Premium P1, Azure AD Premium P2, and Pay-as-you-go feature license.

Structure

In this chapter, we will learn the following topics:

An overview of Azure AD
Creating new domain in Azure AD
Adding a custom domain in Azure AD
Adding a company brand to Azure AD
Creating and adding an Azure subscription to your Azure AD
Managing Azure AD users and groups
Configuring authentication methods in Azure AD
Setting up password writeback through Azure AD Connect
Password less authentication options in Azure AD
Creating the app registration in Azure AD
Configuring and managing app registration permission scopes and consent
Conclusion
Multiple choice questions (MCQ)

Objectives

The objective of this chapter is to understand the architecture and building blocks of Azure AD, and different versions of Azure AD. You will also go through the process of deploying and managing Azure AD tenant. After Azure AD tenant management, you will study about creating, managing, and moving subscriptions across the tenants. You will study users and groups management in Azure AD and their authentication methods. You will study different methods to sync on-premises active directory with Azure AD. You will also study about application registration in Azure AD.

Azure AD overview

Azure AD is a new identity and access management service provided by Microsoft. Azure AD is a cloud-based identity and access management service. You can use Azure AD for authentication and authorization for multiple clouds and on-premises services.

You can use Azure AD with external and internal resources. External resources include Microsoft Office 365, the Azure portal, and many SaaS applications and internal resources include your cloud-based or native on-premises applications and services.

Building blocks and objects of Azure AD

Before working on Azure AD, it is important that you know about the building blocks and components of Azure AD. While working on Azure AD, you will need to take care of Azure AD components and, you should also have some technical understanding of their internal relation:

Account: In Azure AD, an account represents an identity, and this identity has some attributes associated with it. You cannot have an account in Azure AD without the identity attributes. The identity attributes may have a resource ID, username, application ID, location, address, phone number, and so on.
Azure AD account: You can create an identity through Azure AD or Office 365. These identities are stored in Azure AD. You can use these identities to access your cloud services, applications, and resources. This kind of account is also called a work or school account.
Account administrator: An account administrator is a classic subscription administrator role. This is conceptually the billing owner of a subscription. The account administrator can access Azure Account Center and manage all subscriptions in an account.
Azure AD global administrator: This administrator role is automatically assigned to whoever created the Azure AD tenant. Global administrators can do all the administrative functions for Azure AD and any services that federate to Azure AD such as Exchange Online, SharePoint Online, and Skype for Business Online. Note that this administrator role is called a global administrator in the Azure portal, but it is called a company administrator in the Microsoft Graph API and Azure AD PowerShell.
Azure subscription: It is a logical collection of Azure cloud services. You need a subscription to deploy any component in Azure. You can have many subscriptions. The subscriptions are linked to a credit card for billing. The subscription can have different pricing models such as, pay-as-you-go, enterprise agreement, and so on.
Azure tenant: An Azure tenant represents a single organization. This is the top of your Microsoft cloud service umbrella. A dedicated and trusted instance of Azure AD automatically gets created when your organization signs up for a Microsoft cloud service such as Microsoft Azure, Microsoft Intune, or Office 365.
Azure AD directory: Each Azure tenant has a dedicated and trusted Azure AD directory. The Azure AD directory includes the tenant’s users, groups, and apps, and it is used to perform identity and access management functions for tenant resources.
Custom domain: Every new Azure AD directory comes with an initial default domain name, domainname.onmicrosoft.com. In addition to that default domain name, you can also add your organization’s domain names. A custom domain name helps you to create usernames that are familiar to your users such as [email protected], [email protected].
Identity: A thing that can get authenticated. An identity can be a user with a username and password. Identities can include applications.
Microsoft account: It is a personal account that provides access to Microsoft products and cloud services such as Outlook, OneDrive, Xbox Live, or Office 365. Microsoft accounts are created and stored in the Microsoft consumer identity account system that is run by Microsoft.
Multi-tenant: Azure tenants that access other services in a shared environment, across multiple organizations, are considered multi-tenant.
Owner: This is a built in Role-Based Access Control (RBAC) role that helps you to manage all Azure resources and accesses. This is a resource-based RBAC role.
Service administrator: This is a classic subscription administrator role. This enables you to manage all Azure resources, including access. This role has the equivalent access of a user who is assigned the owner role at the subscription scope.
Single tenant: Azure tenants that access services in a dedicated environment are considered single tenant.

These were some of the building components of Azure AD. You will use them very frequently while working on Azure AD and studying coming chapters.

Available version of Azure AD

Microsoft Online business services such as Office 365 or Microsoft Azure, require Azure AD for sign-in and to help with identity protection. If you subscribe to any Microsoft Online business service, you will automatically get Azure AD with access to all the free features. To enhance your Azure AD features, you can also add paid capabilities by upgrading to Azure AD Premium...