Successfully reported this slideshow.
Your SlideShare is downloading. ×

AZ-204 : Implement Azure security

Ad

1
Starting at 7 PM IST

Ad

https://azureezy.com
© 2020 AzureEzy and AzureTalk. All rights reserved!
Session 4
AZ-204: Implement Azure
security
2

Ad

https://azureezy.com
© 2020 AzureEzy and AzureTalk. All rights reserved!
AzureTalk Core Team
3

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Loading in …3
×

Check these out next

1 of 39 Ad
1 of 39 Ad

AZ-204 : Implement Azure security

Speakers:
1. Sanjib Panigrahi, https://www.linkedin.com/in/sanjibpanigrahi/
2. Vpin Jha, https://www.linkedin.com/in/vipinkumarjha/

Topics Covered:
1. AZ-204 Exam benefit and Certification Roadmap.
2. Implement user authentication and authorization
3. Implement secure cloud solutions

Complete AZ-204 Training Playlist

https://youtube.com/playlist?list=PLBUNlq0o5irSs3XR3nanSVWCbreCvWKG_

Slide deck : https://azureezy.com/az-204-training/

AzureTalk community references:
1. AzureTalk Telegram Group: https://t.me/azuretalk
2. Azure DevOps Telegram Group: https://t.me/azuredevopspro
3. AzureEzy Website: https://azureezy.com

Azure Reference Links
Azure Reference Links
1. Popular Microsoft Azure training: https://docs.microsoft.com/en-us/learn/?WT.mc_id=sitertzn_homepage_learn-redirect-handsonlabs
2. Azure Docs: https://docs.microsoft.com/en-us/azure/

Speakers:
1. Sanjib Panigrahi, https://www.linkedin.com/in/sanjibpanigrahi/
2. Vpin Jha, https://www.linkedin.com/in/vipinkumarjha/

Topics Covered:
1. AZ-204 Exam benefit and Certification Roadmap.
2. Implement user authentication and authorization
3. Implement secure cloud solutions

Complete AZ-204 Training Playlist

https://youtube.com/playlist?list=PLBUNlq0o5irSs3XR3nanSVWCbreCvWKG_

Slide deck : https://azureezy.com/az-204-training/

AzureTalk community references:
1. AzureTalk Telegram Group: https://t.me/azuretalk
2. Azure DevOps Telegram Group: https://t.me/azuredevopspro
3. AzureEzy Website: https://azureezy.com

Azure Reference Links
Azure Reference Links
1. Popular Microsoft Azure training: https://docs.microsoft.com/en-us/learn/?WT.mc_id=sitertzn_homepage_learn-redirect-handsonlabs
2. Azure Docs: https://docs.microsoft.com/en-us/azure/

Advertisement
Advertisement

More Related Content

Similar to AZ-204 : Implement Azure security

Advertisement

AZ-204 : Implement Azure security

  1. 1. 1 Starting at 7 PM IST
  2. 2. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Session 4 AZ-204: Implement Azure security 2
  3. 3. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! AzureTalk Core Team 3
  4. 4. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Today’s Session Speaker Sanjib Panigrahi AzureEzy Core Team MCP, Sr Software Engineer 4 Vipin Jha AzureEzy Core Team Consultant, MCT
  5. 5. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Win Azure Exam Vouchers • Participate in quiz during session • 6 Selected participants will get free Azure Exam Vouchers • 1 selected participant will get free print copy of Demystifying Azure DevOps Services • Must be registered on Eventbrite • Winner will be announced in next session • #AzureEzy 5 Free Azure Exam Vouchers
  6. 6. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Developer Associate- Cert Path 6
  7. 7. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! AZ-204: Skills Measured • Develop Azure compute solutions (25-30%) • Develop for Azure storage (15-20%) • Implement Azure security (20-25%) • Monitor, troubleshoot, and optimize Azure solutions (15-20%) • Connect to and consume Azure services and third- party services (15-20%) 7
  8. 8. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Prerequisites • Hands-on experience with Azure IaaS, PaaS solutions, and Azure Portal • Experience writing in an Azure supported language at the intermediate level. (C#, JavaScript, Python, or Java) • Ability to write code to connect and perform operations on, a SQL or NoSQL database product. (SQL Server, Oracle, MongoDB, Cassandra or similar) • Experience writing code to handle authentication, authorization, and other security principles at the intermediate level • Understanding of HTML, HTTP protocol and REST API interfaces 8
  9. 9. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Agenda •Implement user authentication and authorization •Microsoft Identity Platform v2.0 •Authentication using the Microsoft Authentication Library •Using Microsoft Graph •Authorizing data operations in Azure Storage •Implement secure cloud solutions •Manage keys, secrets, and certificates by using the KeyVault API •Implement Managed Identities for Azure resources •Secure app configuration data by using Azure App Configuration 9
  10. 10. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Identity Platform v2.0 10
  11. 11. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Identity Platform 11 • Authentication service • Users/Customer sign in with Microsoft identities or social accounts • Provide authorized access
  12. 12. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Components 12 • OAuth 2.0 and OpenID Connect Supported • Open-source libraries: Microsoft Authentication Libraries (MSAL) and support for other standards-compliant libraries • Application management portal • Application configuration API and PowerShell • Developer content
  13. 13. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Authentication Library 14 • Acquire tokens from Microsoft identity platform • Secure Access To Microsoft Graph, Microsoft APIs, Third-party Web API • Supports many application Platforms .Net, Javascript, Java, Python, Android
  14. 14. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! MSAL Benefits 15 • Acquires and maintain tokens • Handle token expiration Automatically • Specify audience for application sign in
  15. 15. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! ADAL and MSAL • AADL V1.0 • Supports work accounts, • Doesn’t support personal accounts • MSAL v2.0 • Support Microsoft personal accounts, work account • Get authentications for Azure AD B2C, Facebook, Google etc. 16
  16. 16. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph 19
  17. 17. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph • Gateway to data in Microsoft 365 • Use to access data in Microsoft 365, Windows 10, and Enterprise Mobility + Security • Use data to build apps for organizations and consumers 20
  18. 18. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph 21 Reference : Microsoft Docs
  19. 19. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Authorizing data operations in Azure Storage 22
  20. 20. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Access Data in Azure Storage 23 Shared Key (storage account key) Shared access signature (SAS) Azure Active Directory (Azure AD) On-premises AD Anonymous public read access Azure Blobs Supported Supported Supported Not Supported Supported Azure Files (SMB) Supported Not Supported Supported, only with AAD Domain Services Supported, credentials must be synced to Azure AD Not Supported Azure Files (REST) Supported Supported Not Supported Not Supported Not Supported Azure Queues Supported Supported Supported Not Supported Not Supported Azure Tables Supported Supported Not Supported Not Supported Not Supported
  21. 21. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Account Access Keys • Created during Storage account creation • Two 512-bit storage account access keys • Authorize access to storage account • Similar to root password of storage account • Be careful to protect your access keys • Use Azure Key Vault to manage and rotate access keys 24
  22. 22. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Shared Access Signature (SAS) • String contains security token that can be attached to a URI • Delegated access to resources in storage account • Granular control • Resources access • Permissions on resources • SAS is validity 25
  23. 23. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! SAS Example https://myaccount.blob.core.windows.net/sascontainer/sasblob.txt?sv=20 19-02-02&st=2019-04-29T22%3A18%3A26Z&se=2019-04- 30T02%3A23%3A26Z&sr=b&sp=rw&sip=168.1.5.60- 168.1.5.70&spr=https&sig=Z%2FRHIX5Xcg0Mq2rqI3OlWTjEg2tYkboXr1P 9ZUXDtkk%3D 26
  24. 24. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! CORS • HTTP feature enables web application from one domain to access resources in another domain • Set CORS rules for • Blob • File • Table • Queue 27
  25. 25. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Manage keys, secrets, and certificates by using the KeyVault API 28
  26. 26. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Key Vault • Secrets Management • Key Management • Certificate Management 29
  27. 27. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Key Vault Benefits • Increase security and control over keys and passwords • Create and import encryption keys in minutes • Applications have no direct access to keys • Use FIPS 140-2 Level 2 and Level 3 validated HSMs • Reduce latency with cloud scale and global redundancy • Simplify and automate tasks for SSL/TLS certificates 30 Reference : Microsoft Docs
  28. 28. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Key Vault Authentication • Managed identities for Azure resources • Service principal and certificate • Service principal and secret 31
  29. 29. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Implement Managed Identities for Azure resources 32
  30. 30. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managed Identities • Identity for applications for Azure AD authentication • Applications may use managed identity • To obtain Azure AD tokens • To access resources like Azure Key Vault where developers can store credentials in a secure manner or to access storage accounts 33
  31. 31. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managed Identities Types • System-assigned • Identity directly on a service instance • Tied to lifecycle of service instance • Automatically deletes identity with service deletion • User-assigned • Created as a standalone Azure resource • Assign it to one or more instances • Managed separately from resources 34
  32. 32. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! System-Assigned Managed Identity 35 Reference : Microsoft Docs
  33. 33. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Secure app configuration data by using Azure App Configuration 36
  34. 34. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure App Configuration • Service to centrally manage application settings and feature flags • Store all the settings for your application • Encryption of sensitive information at rest and in transit • Native integration with popular frameworks 37
  35. 35. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Break 38
  36. 36. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Demo 1. Authenticating to and querying Microsoft Graph by using MSAL and .NET SDKs 1. Create an Azure Active Directory (Azure AD) application registration 2. Obtain a token by using the MSAL.NET library 3. Query Microsoft Graph by using the .NET SDK 2. Access resource secrets more securely across services 1. Configure secrets and identities 2. Build an Azure Functions app 3. Access Azure Blob Storage data 39
  37. 37. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Quiz 42 https://q.azureezy.com/az-204 Free Azure Exam Vouchers Winners' announcement in next session on 18th July 2021 Register for next session at azureezy.com/az-204 Update your skills on LinkedIn and enter a chance to win Surface Go!! More info @ https://azureezy.com/azure-skills-feb21
  38. 38. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Winners Announcements • Winners for Previous Session “Develop for Azure storage” 43
  39. 39. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! 44 https://bharatguru.in https://www.linkedin.com/in/vipinkumarjha/ https://www.linkedin.com/in/ashishrajsrivastava https://azuredevopspro.com https://youtube.com/AshishRajSrivastava @ashishrajs https://www.linkedin.com/in /sanjibpanigrahi/ Thanks! https://azureezy.com/az-204 https://t.me/AzureTalk https://youtube.com/AzureTalk https://t.me/AzureDevOpsPro

×