6 Security

This chapter covers

Understanding Azure security fundamental concepts including defense in depth, shared responsibility and zero-trust approach
Creating new identities in Entra ID
Improving your security posture using Microsoft Defender for Cloud
Enabling multi-factor authentication for Entra ID

Every aspect of Azure involves security. After all, we are trusting someone else with all our data, processing, transfers and top-secret business logic. Luckily, Azure is designed and built from the ground up with security as a top priority, which means we can trust it, right?

This chapter focuses on that built-in security, all the things that you get for free when you use the cloud services that Azure offers. However, we will also dive into the parts that you can control, configure, and, of course, mess up. As security is in a sense another foundational part of Azure, this chapter won’t be delving into each product and how to make it the most secure for your project or application. Instead, we focus on the security concepts that run through all the products like a shining vein of titanium-plated armor and secures your architectural wonders.

6.1 A secure foundation

6.1.1 Defense in depth

6.2 Shared responsibility model

6.2.1 On-premises

6.2.2 IaaS

6.2.3 PaaS

6.2.4 SaaS

6.2.5 Compliance and data classification

6.2.6 Leveraging cloud-enabled security

6.3 The Zero Trust approach and Entra ID

6.4 Microsoft Defender for Cloud

6.4.1 Security recommendations

6.4.2 Secure score

6.4.3 Security alerts

6.5 Multi-Factor Authentication

6.5.1 Passwordless

6.6 Managing users with Entra ID

6.6.1 Understanding tenants, subscriptions, users and more

6.6.2 Creating Service Principals for application access to Azure resources

6.6.3 Managed Identity

6.7 Role Based Access Control

6.7.1 Security Principal

6.7.2 Role definition

6.7.3 Scope

6.8 Azure Key Vault

6.8.1 Creating an Azure Key Vault

6.8.2 Adding and retrieving a secret

6.9 Summary