AZ-900 Certification Notes

Chapter 10.10 - Summary

Security Summary

• Defense in Depth

  • You need multiple layers of defense for your infrastructure. Azure has physical, identity, perimeter, network, compute, gateways and firewalls, and data as protection layers

• Securing Network Connectivity

  • A firewall controls the data coming and out of a network based on rules. Azure protects against DDoS attacks with no downtime to you. A network security group protects a subnet or virtual machine

• Public and Private Endpoints

  • Most Azure PaaS services are publicly reachable by default. Private endpoints enable private access to PaaS services. Can also disable public access for truly private services

• Microsoft Defender for Cloud (formerly Azure Security Center)

  • Monitor security hygiene for VMs. Define policies to protect your resources better and respond to incidents

• Azure Key Vault

  • A secure way to share access to applications and resources with third parties without ever revealing any credentials

• Azure Information Protection

  • Share files and data inside and outside of Azure and still maintain control over that data. You can control who views, edits, prints, and more

• Azure Sentinel

  • Collect, aggregate, analyze, and present security issues automatically for you to take action

• Azure Dedicated Hosts

  • Your own dedicated Azure hardware to install Windows, Linux, or SQL Server VMs on. Gives you control without losing cloud benefits like scaling, scale sets, fault isolation, and availability zones

• Microsoft Defender for Identity (formerly Advanced Threat Protection)

  • You secure and manage users of your organization. Monitor users' behavior, create a baseline of this behavior, and report on any anomalies from it