chapter six

6 Security

This chapter covers

Understanding Azure security fundamentals, including defense in depth, shared responsibility, and zero-trust approach
Creating new identities in Entra ID
Improving your security posture using Microsoft Defender for Cloud
Enabling MFA for Entra ID

Every aspect of Azure involves security. After all, we’re trusting someone else with all of our data, processing, transfers, and top-secret business logic. Luckily, Azure is designed and built from the ground up with security as a top priority, which means we can trust it, right?

This chapter focuses on that built-in security, all the things that you get for free when you use the cloud services that Azure offers. However, we’ll also dive into the parts that you can control, configure, and, of course, mess up. As security is another foundational part of Azure, this chapter won’t be delving into each product and how to make it the most secure for your project or application. Instead, we’ll focus on the security concepts that run through all the products like a shining vein of titanium-plated armor and secures your architectural wonders.

6.1 A secure foundation

6.1.1 Defense in depth

6.2 Shared responsibility model

6.2.1 On premises

6.2.2 IaaS

6.2.3 PaaS

6.2.4 SaaS

6.2.5 Compliance and data classification

6.2.6 Using cloud-enabled security

6.3 The zero-trust approach and Entra ID

6.4 Microsoft Defender for Cloud

6.4.1 Security recommendations

6.4.2 Secure Score

6.4.3 Security alerts

6.5 Multifactor authentication

6.5.1 Passwordless

6.6 Managing users with Entra ID

6.6.1 Understanding tenants, subscriptions, users, and more

6.6.2 Creating service principals for application access to Azure resources

6.6.3 Managed identity

Summary