Professional Documents
Culture Documents
Module 9 Lecture
Module 9 Lecture
August 8, 2023
AGENDA
CONFIDENTIAL 2
GENERAL AZURE SECURITY
OVERVIEW
CONFIDENTIAL 3
Microsoft Defender for Cloud
CONFIDENTIAL 4
Microsoft Sentinel
• A scalable, cloud-
native solution that
delivers intelligent
security analytics and
threat intelligence
across the enterprise.
CONFIDENTIAL 5
Azure Key Vault
• A secure secrets
store for the
passwords,
connection
strings, and
other
information you
need to keep
your apps
working.
CONFIDENTIAL 6
Azure Monitor logs
CONFIDENTIAL 7
STORAGE SECURITY
OVERVIEW
CONFIDENTIAL 8
Azure Storage Service Encryption
CONFIDENTIAL 9
Client-Side encryption for blobs
CONFIDENTIAL 10
Azure StorSimple Virtual Array
CONFIDENTIAL 11
Azure Storage shared access signatures and Storage
Account Keys
• A shared access signature
(SAS) provides delegated
access to resources in your
storage account.
• Key is access control method
for Azure storage that is used
authorize requests to the
storage account using either
the account access keys or an
Azure Active Directory (Azure
AD) account (default).
CONFIDENTIAL 12
DATABASE SECURITY
OVERVIEW
CONFIDENTIAL 13
Azure SQL Firewall
• A network access
control feature that
protects against
network-based
attacks to database.
CONFIDENTIAL 14
Azure SQL Connection Encryption and Azure SQL Always
Encrypted
• To provide security, SQL Database controls access with
firewall rules limiting connectivity by IP address,
authentication mechanisms requiring users to prove
their identity, and authorization mechanisms limiting
users to specific actions and data..
CONFIDENTIAL 15
IDENTITY AND ACCESS MANAGEMENT
OVERVIEW
CONFIDENTIAL 16
Azure role-based access control
CONFIDENTIAL 17
Azure Active Directory B2C
CONFIDENTIAL 18
Azure AD Multi-Factor Authentication
CONFIDENTIAL 19
TERRAFORM SECURITY
OVERVIEW
CONFIDENTIAL 20
Secure variables
CONFIDENTIAL 21
Terraform State encrypting
CONFIDENTIAL 22
State lock
• organization.
CONFIDENTIAL 23
The Lifecycle