AZ-900 Microsoft Azure Fundamentals (Security)
Terms in this set (14)
Application Security Groups
Enables you to group together similar types of servers and control traffic between those groups. Each ASG is a given a logical name and traffic is allowed or denied based on the logical name rather than IP address.
Network Security Groups
Enables you to group resources together and control the flow of traffic, using firewall rules, between the groups. It's essentially a layer 3 cloud inner firewall at the network layer.
Azure Security Center
Provides a series of security best practice recommendations to help improve your Azure secure score. It does this by monitoring your security settings and automating policy enforcement. It also blocks VM malware using machine learning.
Azure Key Vault
Safely store your encryption keys and control access through role-based access controls (RBAC). Option to use FIPS 140-2 Level 2 HSMs for highly sensitive data. Also capable of storing tokens, passowrds, certificates, secrets and API keys. Simplify and automate tasks for SSL/TLS certificates.
Azure Information Protection
Classify and protect your data using manual labels or intelligent auto labelling. Prompt users to reclassify documents when sensitive data is detected. Protect using encryption and role-based access control both within and outside your organisation. Integrated with Office 365 data classification features.
Azure Advanced Threat Protection
Detect and investigate advanced threats in your hybrid cloud. Detect compromised identities and investigate malicious insider actions. Provides clear attack information to gain situational aware prior to, during or after a security incident.
Identify resources that are not compliant with your software policy (Policy-as-Code). Remediate resources and configurations. Group together policy control items as initiatives and align to Agile initiatives. Used to automate auditing of the environment to reduce audit costs.
Provides a range of best practice recommendations on your Azure environment covering: high availability, security, performance and cost. Security recommendations link to the Azure Security Center.
Azure Multi-Factor Authentication (MFA)
Provides a second form of authentication via various methods. This can include security questions, Azure authenticator app, hardware token, voice call or SMS.
Azure Active Directory
Provides a directory service to manage authentication and authorisation of your hybrid cloud resources. Includes single-sign-on, federation, application management, b2b solutions, b2c solutions and the management of mobile devices.
Azure Application Gateway
The primary function is application-level load balancing but offers web application firewall (WAF) functionality to protect from common vulnerabilities outlined in the OWASP Top 10, i.e. SQL injection and cross-site scripting. Includes efficient SSL offload and certificate management.
Used in tandem with security groups for perimeter protection from outside threats. It blocks traffic based on IP rules. Includes network address translation and threat intelligence-based filtering. Integrated with Azure Monitor for logging and analytics. Integrates with VPN and ExpressRoute gateways for hybrid connectivity.
Automates the deployment of resources using Azure Resource Manager (ARM) templates. Includes the control of role assignments, resource groups and integrates with Azure DevOps to link together artifacts. Templates can be pre-approved by security teams and enable compliant development practices.
Azure DDoS Protection
Protect your resources from a distributed denial of service (DDoS) attack. Includes advanced intelligence to automatically configure and tune your protection. Use in concert with the Azure Application Gateway for WAF functionality to protect against the OWASP Top 10. Provides detailed attack analytics to improve situational awareness prior, during or after a security incident.