Let's go through some important points when it comes the topics discussed in this section

Azure Active Directory

This is your identity system in Azure. Here you can define users and groups and provide them permissions to your resources.

Here you can also define external users who can have access to resources in Azure.

Multi-Factor Authentication

You can also enable Multi-Factor authentication for users. Here users need to use an additional mechanism in addition to the user name and password to log into Azure.

You can also make use of Conditional Access policies to create conditions to allow or deny users to log into Azure.

Other security related aspects

GDPR (General Data Protection Regulation)

• This is a set of rules that helps EU citizens have more control over their personal data

• Under this compliance schema, organizations have to ensure that personal data is gathered legally and under strict conditions.

• Also organizations have to manage the data in such a way that it is protected from misuse or exploitation.

  
  

ISO (International Organization for Standardization)

• This is an international body that is responsible for setting international standards.

• This is an independent, non-government organization.

• It consists of members from around 160+ member countries.

NIST (National Institute of Standards and Technology)

• This is an organization which looks at U.S. innovation.

• They do this by looking at measurement of science, standards and technology.

Azure Blueprints

• This is a service that allows you to define a repeatable set of Azure resources.

• The definition of the Azure resources can adhere to an organizations standards, patterns and requirements.

• Using blueprints , you can orchestrate the deployment of resources such as role assignments, policy assignments, Azure resource manager templates and resource groups.

• Some differences between Azure blueprints and resource manager templates

• You can use blueprints to upgrade several subscriptions at once .

• The relationship between the blueprint definition and the blueprint assignment is reserved.

Azure Security Center

• This is an infrastructure security management system.

• You can use this tool to improve the security of your Azure based resources and on-premise resources as well.

• Azure Security Center has in-built support for services such as Azure virtual machines , Function Apps, Azure SQL Server databases.

• You can also allow Azure Security Center to give recommendations on what to do for on-premise Windows and Linux servers.

• On these servers, you need to ensure you install the Microsoft Monitoring agent.

• This service also helps detect and prevent threats at an Infrastructure layer

Azure AD Identity Protection

• This is a service that can help detect suspicious actions related to user identities

• This helps add more security to the sign-ins to your Azure AD Account.

• This service can help detect the following

  
  

1. Users with leaked credentials

2. Sign-ins from anonymous IP addresses

3. Sign-ins from infected devices

4. Sign-ins from IP addresses with suspicious activity

5. Sign-ins from unfamiliar locations

6. Impossible travel to atypical locations

Azure AD Privileged Identity Management

• This is a service that can help manage, control and monitor access to important resources in your organization.

• With this service, you can provide just-in-time privileged access to Azure AD and Azure resources.

• Provide time-bound access to resources using start and end dates.

• Enforce multi-factor authentication to activate any role.

• Get notifications when privileged roles are activated.

• Conduct access reviews to ensure users still require the roles.