Skip to content

Latest commit

 

History

History
executable file
·
146 lines (79 loc) · 6.86 KB

File metadata and controls

executable file
·
146 lines (79 loc) · 6.86 KB

Design for identity and security (20-25%)

AZURE ACTIVE DIRECTORY DEVELOPER SUPPORT TEAM

Design identity management

Design authentication

Authentication Method Usage
Password MFA and SSPR
Security questions SSPR Only
Email address SSPR Only
Microsoft Authenticator app MFA and SSPR
OATH Hardware token Public preview for MFA and SSPR
SMS MFA and SSPR
Voice call MFA and SSPR
App passwords MFA only in certain cases

Design authorization

  • choose an authorization approach

    • Use RBAC, define user groups and assigns users to user groups to manage access to resources

    • Take adventage of built in Azure roles

      • ReadOnly
      • Contributor
      • Owner
  • define access permissions and privileges

    • Access persmissions can be defined for users directly or via user groups or also to applications
  • design secure delegated access

  • recommend when and how to use API Keys

    • Use API Keys to carry claims and ohter authorozation info between APIs, for this leverage Azure API Management

Design for risk prevention for identity

Design a monitoring strategy for identity and security

  • design for alert notifications

  • design an alert and metrics strategy

    • Secure access into applications using identity by synchronize your on prem AD with Azure AD Connect

    • Use Azure AD Connect Health to monitor identity synchronization between Azure AD and on-premises identity

    • Enable integration with Azure Log Analytics to monitor identity related logs in detail

  • recommend authentication monitors