Microsoft Azure Security Technologies (AZ-500) - A Certification Guide
eBook - ePub

Microsoft Azure Security Technologies (AZ-500) - A Certification Guide

Get qualified to secure Azure AD, Network, Compute, Storage and Data services through Security Center, Sentinel and other Azure security best practices

Jayant Sharma

  1. English
  2. ePUB (adapté aux mobiles)
  3. Disponible sur iOS et Android
eBook - ePub

Microsoft Azure Security Technologies (AZ-500) - A Certification Guide

Get qualified to secure Azure AD, Network, Compute, Storage and Data services through Security Center, Sentinel and other Azure security best practices

Jayant Sharma

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

With Azure security, you can build a prosperous career in IT security.

Key Features
? In-detail practical steps to fully grasp Azure Security concepts.
? Wide coverage of Azure Architecture, Azure Security services, and Azure Security implementation techniques.
? Covers multiple topics from other Azure certifications (AZ-303, AZ-304, and SC series).

Description
'Microsoft Azure Security Technologies (AZ-500) - A Certification Guide' is a certification guide that helps IT professionals to start their careers as Azure Security Specialists by clearing the AZ-500 certification and proving their knowledge of Azure security services. Authored by an Azure security professional, this book takes readers through a series of steps to gain a deeper insight into Azure security services.This book will help readers to understand key concepts of the Azure AD architecture and various methods of hybrid authentication. It will help readers to use Azure AD security solutions like Azure MFA, Conditional Access, and PIM. It will help readers to maintain various industry standards for an Azure environment through Azure Policies and Azure Blueprints. This book will also help to build a secure Azure network using Azure VPN, Azure Firewall, Azure Front Door, Azure WAF, and other services. It will provide readers with a clear understanding of various security services, including Azure Key vault, Update management, Microsoft Endpoint Protection, Azure Security Center, and Azure Sentinel in detail.This book will facilitate the improvement of readers' abilities with Azure Security services to sprint to a rewarding career.

What you will learn
? Configuring secure authentication and authorization for Azure AD identities.
? Advanced security configuration for Azure compute and network services.
? Hosting and authorizing secure applications in Azure.
? Best practices to secure Azure SQL and storage services.
? Monitoring Azure services through Azure monitor, security center, and Sentinel.
? Designing and maintaining a secure Azure IT infrastructure.

Who this book is for
This book is for security engineers who want to enhance their career growth in implementing security controls, maintaining the security posture, managing identity and access, and protecting data, applications, and networks of Microsoft Azure. Intermediate-level knowledge of Azure terminology, concepts, networking, storage, and virtualization is required.

Table of Contents
1. Managing Azure AD Identities and Application Access
2. Configuring Secure Access by Using Azure Active Directory
3. Managing Azure Access Control
4. Implementing Advance Network Security
5. Configuring Advance Security for Compute
6. Configuring Container Security
7. Monitoring Security by Using Azure Monitor
8. Monitoring Security by Using Azure Security Center
9. Monitoring Security by Using Azure Sentinel
10. Configuring Security for Azure Storage
11. Configuring Security for Azure SQL Databases

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Microsoft Azure Security Technologies (AZ-500) - A Certification Guide est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Microsoft Azure Security Technologies (AZ-500) - A Certification Guide par Jayant Sharma en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Informatique et MCSE. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Année
2021
ISBN
9789389898811
Sous-sujet
MCSE

CHAPTER 1

Managing Azure AD Identities and Application Access

In this chapter, you will learn how, as a Microsoft Azure security engineer, you can check whether Azure Active Directory (AD) is configured securely to serve as an identity store for your Azure-based cloud applications. In this chapter, there are some of the major topics that we will cover such as administering Azure AD users and groups, configuring authentication methods in Azure AD, and configuring application registrations in Azure AD. By the end of this chapter, you will be able to improve your company’s Azure AD security posture. Along with these major topics, we will also go through architecture and building block of Azure AD. Let’s start the journey to learn Azure AD application security with the configuring Azure AD for Microsoft Azure Workloads.
Azure AD is a cloud-based identity and access management tool provided by Microsoft. This helps you to provide authentication and authorization capabilities for your users. This can be used by IT administrators, application developers, Office 365, Microsoft 365 subscribers, and many more. There are different kinds of licenses of Azure AD. They provide different features; you can buy the license based on your business requirement. The available licenses are Azure AD Free, Azure AD Premium P1, Azure AD Premium P2, and Pay-as-you-go feature license.

Structure

In this chapter, we will learn the following topics:
  • An overview of Azure AD
  • Creating new domain in Azure AD
  • Adding a custom domain in Azure AD
  • Adding a company brand to Azure AD
  • Creating and adding an Azure subscription to your Azure AD
  • Managing Azure AD users and groups
  • Configuring authentication methods in Azure AD
  • Setting up password writeback through Azure AD Connect
  • Password less authentication options in Azure AD
  • Creating the app registration in Azure AD
  • Configuring and managing app registration permission scopes and consent
  • Conclusion
  • Multiple choice questions (MCQ)

Objectives

The objective of this chapter is to understand the architecture and building blocks of Azure AD, and different versions of Azure AD. You will also go through the process of deploying and managing Azure AD tenant. After Azure AD tenant management, you will study about creating, managing, and moving subscriptions across the tenants. You will study users and groups management in Azure AD and their authentication methods. You will study different methods to sync on-premises active directory with Azure AD. You will also study about application registration in Azure AD.

Azure AD overview

Azure AD is a new identity and access management service provided by Microsoft. Azure AD is a cloud-based identity and access management service. You can use Azure AD for authentication and authorization for multiple clouds and on-premises services.
You can use Azure AD with external and internal resources. External resources include Microsoft Office 365, the Azure portal, and many SaaS applications and internal resources include your cloud-based or native on-premises applications and services.

Building blocks and objects of Azure AD

Before working on Azure AD, it is important that you know about the building blocks and components of Azure AD. While working on Azure AD, you will need to take care of Azure AD components and, you should also have some technical understanding of their internal relation:
  • Account: In Azure AD, an account represents an identity, and this identity has some attributes associated with it. You cannot have an account in Azure AD without the identity attributes. The identity attributes may have a resource ID, username, application ID, location, address, phone number, and so on.
  • Azure AD account: You can create an identity through Azure AD or Office 365. These identities are stored in Azure AD. You can use these identities to access your cloud services, applications, and resources. This kind of account is also called a work or school account.
  • Account administrator: An account administrator is a classic subscription administrator role. This is conceptually the billing owner of a subscription. The account administrator can access Azure Account Center and manage all subscriptions in an account.
  • Azure AD global administrator: This administrator role is automatically assigned to whoever created the Azure AD tenant. Global administrators can do all the administrative functions for Azure AD and any services that federate to Azure AD such as Exchange Online, SharePoint Online, and Skype for Business Online. Note that this administrator role is called a global administrator in the Azure portal, but it is called a company administrator in the Microsoft Graph API and Azure AD PowerShell.
  • Azure subscription: It is a logical collection of Azure cloud services. You need a subscription to deploy any component in Azure. You can have many subscriptions. The subscriptions are linked to a credit card for billing. The subscription can have different pricing models such as, pay-as-you-go, enterprise agreement, and so on.
  • Azure tenant: An Azure tenant represents a single organization. This is the top of your Microsoft cloud service umbrella. A dedicated and trusted instance of Azure AD automatically gets created when your organization signs up for a Microsoft cloud service such as Microsoft Azure, Microsoft Intune, or Office 365.
  • Azure AD directory: Each Azure tenant has a dedicated and trusted Azure AD directory. The Azure AD directory includes the tenant’s users, groups, and apps, and it is used to perform identity and access management functions for tenant resources.
  • Custom domain: Every new Azure AD directory comes with an initial default domain name, domainname.onmicrosoft.com. In addition to that default domain name, you can also add your organization’s domain names. A custom domain name helps you to create usernames that are familiar to your users such as [email protected], [email protected].
  • Identity: A thing that can get authenticated. An identity can be a user with a username and password. Identities can include applications.
  • Microsoft account: It is a personal account that provides access to Microsoft products and cloud services such as Outlook, OneDrive, Xbox Live, or Office 365. Microsoft accounts are created and stored in the Microsoft consumer identity account system that is run by Microsoft.
  • Multi-tenant: Azure tenants that access other services in a shared environment, across multiple organizations, are considered multi-tenant.
  • Owner: This is a built in Role-Based Access Control (RBAC) role that helps you to manage all Azure resources and accesses. This is a resource-based RBAC role.
  • Service administrator: This is a classic subscription administrator role. This enables you to manage all Azure resources, including access. This role has the equivalent access of a user who is assigned the owner role at the subscription scope.
  • Single tenant: Azure tenants that access services in a dedicated environment are considered single tenant.
These were some of the building components of Azure AD. You will use them very frequently while working on Azure AD and studying coming chapters.

Available version of Azure AD

Microsoft Online business services such as Office 365 or Microsoft Azure, require Azure AD for sign-in and to help with identity protection. If you subscribe to any Microsoft Online business service, you will automatically get Azure AD with access to all the free features. To enhance your Azure AD features, you can also add paid capabilities by upgrading to Azure AD Premium...

Table des matiĂšres

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Dedication Page
  5. About the Author
  6. About the Reviewers
  7. Acknowledgements
  8. Preface
  9. Errata
  10. Table of Contents
  11. 1. Managing Azure AD Identities and Application Access
  12. 2. Configuring Secure Access by Using Azure Active Directory
  13. 3. Managing Azure Access Control
  14. 4. Implementing Advance Network Security
  15. 5. Configuring Advance Security for Compute
  16. 6. Configuring Container Security
  17. 7. Monitoring Security by Using Azure Monitor
  18. 8. Monitoring Security by Using Azure Security Center
  19. 9. Monitoring Security by Using Azure Sentinel
  20. 10. Configuring Security for Azure Storage
  21. 11. Configuring Security for Azure SQL Databases
  22. Index
Normes de citation pour Microsoft Azure Security Technologies (AZ-500) - A Certification Guide

APA 6 Citation

Sharma, J. (2021). Microsoft Azure Security Technologies (AZ-500) - A Certification Guide ([edition unavailable]). BPB Publications. Retrieved from https://www.perlego.com/book/3036598/microsoft-azure-security-technologies-az500-a-certification-guide-get-qualified-to-secure-azure-ad-network-compute-storage-and-data-services-through-security-center-sentinel-and-other-azure-security-best-practices-pdf (Original work published 2021)

Chicago Citation

Sharma, Jayant. (2021) 2021. Microsoft Azure Security Technologies (AZ-500) - A Certification Guide. [Edition unavailable]. BPB Publications. https://www.perlego.com/book/3036598/microsoft-azure-security-technologies-az500-a-certification-guide-get-qualified-to-secure-azure-ad-network-compute-storage-and-data-services-through-security-center-sentinel-and-other-azure-security-best-practices-pdf.

Harvard Citation

Sharma, J. (2021) Microsoft Azure Security Technologies (AZ-500) - A Certification Guide. [edition unavailable]. BPB Publications. Available at: https://www.perlego.com/book/3036598/microsoft-azure-security-technologies-az500-a-certification-guide-get-qualified-to-secure-azure-ad-network-compute-storage-and-data-services-through-security-center-sentinel-and-other-azure-security-best-practices-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Sharma, Jayant. Microsoft Azure Security Technologies (AZ-500) - A Certification Guide. [edition unavailable]. BPB Publications, 2021. Web. 15 Oct. 2022.