Let's go through some important points when it comes the topics discussed in this section
This is your identity system in Azure. Here you can define users and groups and provide them permissions to your resources.
Here you can also define external users who can have access to resources in Azure.
Multi-Factor Authentication
You can also enable Multi-Factor authentication for users. Here users need to use an additional mechanism in addition to the user name and password to log into Azure.
You can also make use of Conditional Access policies to create conditions to allow or deny users to log into Azure.
GDPR (General Data Protection Regulation)
This is a set of rules that helps EU citizens have more control over their personal data
Under this compliance schema, organizations have to ensure that personal data is gathered legally and under strict conditions.
Also organizations have to manage the data in such a way that it is protected from misuse or exploitation.
ISO (International Organization for Standardization)
This is an international body that is responsible for setting international standards.
This is an independent, non-government organization.
It consists of members from around 160+ member countries.
NIST (National Institute of Standards and Technology)
This is an organization which looks at U.S. innovation.
They do this by looking at measurement of science, standards and technology.
This is a service that allows you to define a repeatable set of Azure resources.
The definition of the Azure resources can adhere to an organizations standards, patterns and requirements.
Using blueprints , you can orchestrate the deployment of resources such as role assignments, policy assignments, Azure resource manager templates and resource groups.
Some differences between Azure blueprints and resource manager templates
You can use blueprints to upgrade several subscriptions at once .
The relationship between the blueprint definition and the blueprint assignment is reserved.
This is an infrastructure security management system.
You can use this tool to improve the security of your Azure based resources and on-premise resources as well.
Azure Security Center has in-built support for services such as Azure virtual machines , Function Apps, Azure SQL Server databases.
You can also allow Azure Security Center to give recommendations on what to do for on-premise Windows and Linux servers.
On these servers, you need to ensure you install the Microsoft Monitoring agent.
This service also helps detect and prevent threats at an Infrastructure layer
This is a service that can help detect suspicious actions related to user identities
This helps add more security to the sign-ins to your Azure AD Account.
This service can help detect the following
Users with leaked credentials
Sign-ins from anonymous IP addresses
Sign-ins from infected devices
Sign-ins from IP addresses with suspicious activity
Sign-ins from unfamiliar locations
Impossible travel to atypical locations
This is a service that can help manage, control and monitor access to important resources in your organization.
With this service, you can provide just-in-time privileged access to Azure AD and Azure resources.
Provide time-bound access to resources using start and end dates.
Enforce multi-factor authentication to activate any role.
Get notifications when privileged roles are activated.
Conduct access reviews to ensure users still require the roles.