SlideShare a Scribd company logo

AZ-204 : Implement Azure security

A
AzureEzy1

Speakers: 1. Sanjib Panigrahi, https://www.linkedin.com/in/sanjibpanigrahi/ 2. Vpin Jha, https://www.linkedin.com/in/vipinkumarjha/ Topics Covered: 1. AZ-204 Exam benefit and Certification Roadmap. 2. Implement user authentication and authorization 3. Implement secure cloud solutions Complete AZ-204 Training Playlist https://youtube.com/playlist?list=PLBUNlq0o5irSs3XR3nanSVWCbreCvWKG_ Slide deck : https://azureezy.com/az-204-training/ AzureTalk community references: 1. AzureTalk Telegram Group: https://t.me/azuretalk 2. Azure DevOps Telegram Group: https://t.me/azuredevopspro 3. AzureEzy Website: https://azureezy.com Azure Reference Links Azure Reference Links 1. Popular Microsoft Azure training: https://docs.microsoft.com/en-us/learn/?WT.mc_id=sitertzn_homepage_learn-redirect-handsonlabs 2. Azure Docs: https://docs.microsoft.com/en-us/azure/

Technology
1 of 39
1 Starting at 7 PM IST
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Session 4 AZ-204: Implement Azure security 2
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! AzureTalk Core Team 3
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Today’s Session Speaker Sanjib Panigrahi AzureEzy Core Team MCP, Sr Software Engineer 4 Vipin Jha AzureEzy Core Team Consultant, MCT
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Win Azure Exam Vouchers • Participate in quiz during session • 6 Selected participants will get free Azure Exam Vouchers • 1 selected participant will get free print copy of Demystifying Azure DevOps Services • Must be registered on Eventbrite • Winner will be announced in next session • #AzureEzy 5 Free Azure Exam Vouchers
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Developer Associate- Cert Path 6
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! AZ-204: Skills Measured • Develop Azure compute solutions (25-30%) • Develop for Azure storage (15-20%) • Implement Azure security (20-25%) • Monitor, troubleshoot, and optimize Azure solutions (15-20%) • Connect to and consume Azure services and third- party services (15-20%) 7
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Prerequisites • Hands-on experience with Azure IaaS, PaaS solutions, and Azure Portal • Experience writing in an Azure supported language at the intermediate level. (C#, JavaScript, Python, or Java) • Ability to write code to connect and perform operations on, a SQL or NoSQL database product. (SQL Server, Oracle, MongoDB, Cassandra or similar) • Experience writing code to handle authentication, authorization, and other security principles at the intermediate level • Understanding of HTML, HTTP protocol and REST API interfaces 8
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Agenda •Implement user authentication and authorization •Microsoft Identity Platform v2.0 •Authentication using the Microsoft Authentication Library •Using Microsoft Graph •Authorizing data operations in Azure Storage •Implement secure cloud solutions •Manage keys, secrets, and certificates by using the KeyVault API •Implement Managed Identities for Azure resources •Secure app configuration data by using Azure App Configuration 9
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Identity Platform v2.0 10
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Identity Platform 11 • Authentication service • Users/Customer sign in with Microsoft identities or social accounts • Provide authorized access
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Components 12 • OAuth 2.0 and OpenID Connect Supported • Open-source libraries: Microsoft Authentication Libraries (MSAL) and support for other standards-compliant libraries • Application management portal • Application configuration API and PowerShell • Developer content
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Authentication Library 14 • Acquire tokens from Microsoft identity platform • Secure Access To Microsoft Graph, Microsoft APIs, Third-party Web API • Supports many application Platforms .Net, Javascript, Java, Python, Android
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! MSAL Benefits 15 • Acquires and maintain tokens • Handle token expiration Automatically • Specify audience for application sign in
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! ADAL and MSAL • AADL V1.0 • Supports work accounts, • Doesn’t support personal accounts • MSAL v2.0 • Support Microsoft personal accounts, work account • Get authentications for Azure AD B2C, Facebook, Google etc. 16
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph 19
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph • Gateway to data in Microsoft 365 • Use to access data in Microsoft 365, Windows 10, and Enterprise Mobility + Security • Use data to build apps for organizations and consumers 20
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph 21 Reference : Microsoft Docs
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Authorizing data operations in Azure Storage 22
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Access Data in Azure Storage 23 Shared Key (storage account key) Shared access signature (SAS) Azure Active Directory (Azure AD) On-premises AD Anonymous public read access Azure Blobs Supported Supported Supported Not Supported Supported Azure Files (SMB) Supported Not Supported Supported, only with AAD Domain Services Supported, credentials must be synced to Azure AD Not Supported Azure Files (REST) Supported Supported Not Supported Not Supported Not Supported Azure Queues Supported Supported Supported Not Supported Not Supported Azure Tables Supported Supported Not Supported Not Supported Not Supported
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Account Access Keys • Created during Storage account creation • Two 512-bit storage account access keys • Authorize access to storage account • Similar to root password of storage account • Be careful to protect your access keys • Use Azure Key Vault to manage and rotate access keys 24
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Shared Access Signature (SAS) • String contains security token that can be attached to a URI • Delegated access to resources in storage account • Granular control • Resources access • Permissions on resources • SAS is validity 25
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! SAS Example https://myaccount.blob.core.windows.net/sascontainer/sasblob.txt?sv=20 19-02-02&st=2019-04-29T22%3A18%3A26Z&se=2019-04- 30T02%3A23%3A26Z&sr=b&sp=rw&sip=168.1.5.60- 168.1.5.70&spr=https&sig=Z%2FRHIX5Xcg0Mq2rqI3OlWTjEg2tYkboXr1P 9ZUXDtkk%3D 26
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! CORS • HTTP feature enables web application from one domain to access resources in another domain • Set CORS rules for • Blob • File • Table • Queue 27
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Manage keys, secrets, and certificates by using the KeyVault API 28
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Key Vault • Secrets Management • Key Management • Certificate Management 29
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Key Vault Benefits • Increase security and control over keys and passwords • Create and import encryption keys in minutes • Applications have no direct access to keys • Use FIPS 140-2 Level 2 and Level 3 validated HSMs • Reduce latency with cloud scale and global redundancy • Simplify and automate tasks for SSL/TLS certificates 30 Reference : Microsoft Docs
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Key Vault Authentication • Managed identities for Azure resources • Service principal and certificate • Service principal and secret 31
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Implement Managed Identities for Azure resources 32
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managed Identities • Identity for applications for Azure AD authentication • Applications may use managed identity • To obtain Azure AD tokens • To access resources like Azure Key Vault where developers can store credentials in a secure manner or to access storage accounts 33
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managed Identities Types • System-assigned • Identity directly on a service instance • Tied to lifecycle of service instance • Automatically deletes identity with service deletion • User-assigned • Created as a standalone Azure resource • Assign it to one or more instances • Managed separately from resources 34
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! System-Assigned Managed Identity 35 Reference : Microsoft Docs
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Secure app configuration data by using Azure App Configuration 36
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure App Configuration • Service to centrally manage application settings and feature flags • Store all the settings for your application • Encryption of sensitive information at rest and in transit • Native integration with popular frameworks 37
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Break 38
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Demo 1. Authenticating to and querying Microsoft Graph by using MSAL and .NET SDKs 1. Create an Azure Active Directory (Azure AD) application registration 2. Obtain a token by using the MSAL.NET library 3. Query Microsoft Graph by using the .NET SDK 2. Access resource secrets more securely across services 1. Configure secrets and identities 2. Build an Azure Functions app 3. Access Azure Blob Storage data 39
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Quiz 42 https://q.azureezy.com/az-204 Free Azure Exam Vouchers Winners' announcement in next session on 18th July 2021 Register for next session at azureezy.com/az-204 Update your skills on LinkedIn and enter a chance to win Surface Go!! More info @ https://azureezy.com/azure-skills-feb21
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Winners Announcements • Winners for Previous Session “Develop for Azure storage” 43
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! 44 https://bharatguru.in https://www.linkedin.com/in/vipinkumarjha/ https://www.linkedin.com/in/ashishrajsrivastava https://azuredevopspro.com https://youtube.com/AshishRajSrivastava @ashishrajs https://www.linkedin.com/in /sanjibpanigrahi/ Thanks! https://azureezy.com/az-204 https://t.me/AzureTalk https://youtube.com/AzureTalk https://t.me/AzureDevOpsPro

Recommended

Az 104 session 3 azure compute
Az 104 session 3 azure compute Az 104 session 3 azure compute
Az 104 session 3 azure compute AzureEzy1
 
Az 104 session 4: azure storage
Az 104 session 4: azure storageAz 104 session 4: azure storage
Az 104 session 4: azure storageAzureEzy1
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudAtanas Gergiminov
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2AzureEzy1
 
Getting started with containers on Azure
Getting started with containers on AzureGetting started with containers on Azure
Getting started with containers on AzureMicrosoft Tech Community
 
AZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure SolutionsAZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure SolutionsAzureEzy1
 
Azure 10 major services
Azure 10 major servicesAzure 10 major services
Azure 10 major servicesArnab Chakraborty,PMP
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 

Recommended

Az 104 session 3 azure compute
Az 104 session 3 azure compute Az 104 session 3 azure compute
Az 104 session 3 azure compute AzureEzy1
 
Az 104 session 4: azure storage
Az 104 session 4: azure storageAz 104 session 4: azure storage
Az 104 session 4: azure storageAzureEzy1
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudAtanas Gergiminov
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2AzureEzy1
 
Getting started with containers on Azure
Getting started with containers on AzureGetting started with containers on Azure
Getting started with containers on AzureMicrosoft Tech Community
 
AZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure SolutionsAZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure SolutionsAzureEzy1
 
Azure 10 major services
Azure 10 major servicesAzure 10 major services
Azure 10 major servicesArnab Chakraborty,PMP
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Az 104 session 8 azure monitoring
Az 104 session 8 azure monitoringAz 104 session 8 azure monitoring
Az 104 session 8 azure monitoringAzureEzy1
 
Az 104 session 5: Azure networking
Az 104 session 5: Azure networkingAz 104 session 5: Azure networking
Az 104 session 5: Azure networkingAzureEzy1
 
Full stack monitoring across apps & infrastructure with Azure Monitor
Full stack monitoring across apps & infrastructure with Azure MonitorFull stack monitoring across apps & infrastructure with Azure Monitor
Full stack monitoring across apps & infrastructure with Azure MonitorSquared Up
 
Azure storage
Azure storageAzure storage
Azure storageAdam Skibicki
 
Az 104 session 2 implement and manage azure webapps and container
Az 104 session 2 implement and manage azure webapps and containerAz 104 session 2 implement and manage azure webapps and container
Az 104 session 2 implement and manage azure webapps and containerAzureEzy1
 
Az 900 session 2-core azure services
Az 900 session 2-core azure servicesAz 900 session 2-core azure services
Az 900 session 2-core azure servicesAzureEzy1
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure FunctionsCallon Campbell
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentalsRaju Kumar
 
Azure container instances
Azure container instancesAzure container instances
Azure container instancesKarthikeyan VK
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPTAniket Kanitkar
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arcrajramab
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container AppsKen Sykora
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual MachinesClint Edmonson
 
Azure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-CloudAzure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-CloudKumton Suttiraksiri
 
Azure Web Apps - Introduction
Azure Web Apps - IntroductionAzure Web Apps - Introduction
Azure Web Apps - IntroductionChristopher Gomez
 
Migrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureMigrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureChris Dufour
 
Azure storage
Azure storageAzure storage
Azure storageRaju Kumar
 
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...Simplilearn
 
Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2AzureEzy1
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...AzureEzy1
 

More Related Content

What's hot

Az 104 session 8 azure monitoring
Az 104 session 8 azure monitoringAz 104 session 8 azure monitoring
Az 104 session 8 azure monitoringAzureEzy1
 
Az 104 session 5: Azure networking
Az 104 session 5: Azure networkingAz 104 session 5: Azure networking
Az 104 session 5: Azure networkingAzureEzy1
 
Full stack monitoring across apps & infrastructure with Azure Monitor
Full stack monitoring across apps & infrastructure with Azure MonitorFull stack monitoring across apps & infrastructure with Azure Monitor
Full stack monitoring across apps & infrastructure with Azure MonitorSquared Up
 
Az 104 session 2 implement and manage azure webapps and container
Az 104 session 2 implement and manage azure webapps and containerAz 104 session 2 implement and manage azure webapps and container
Az 104 session 2 implement and manage azure webapps and containerAzureEzy1
 
Az 900 session 2-core azure services
Az 900 session 2-core azure servicesAz 900 session 2-core azure services
Az 900 session 2-core azure servicesAzureEzy1
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure FunctionsCallon Campbell
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentalsRaju Kumar
 
Azure container instances
Azure container instancesAzure container instances
Azure container instancesKarthikeyan VK
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arcrajramab
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container AppsKen Sykora
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual MachinesClint Edmonson
 
Azure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-CloudAzure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-CloudKumton Suttiraksiri
 
Azure Web Apps - Introduction
Azure Web Apps - IntroductionAzure Web Apps - Introduction
Azure Web Apps - IntroductionChristopher Gomez
 
Migrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureMigrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureChris Dufour
 
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...Simplilearn
 

What's hot (20)

Az 104 session 8 azure monitoring
Az 104 session 8 azure monitoringAz 104 session 8 azure monitoring
Az 104 session 8 azure monitoring
 
Az 104 session 5: Azure networking
Az 104 session 5: Azure networkingAz 104 session 5: Azure networking
Az 104 session 5: Azure networking
 
Full stack monitoring across apps & infrastructure with Azure Monitor
Full stack monitoring across apps & infrastructure with Azure MonitorFull stack monitoring across apps & infrastructure with Azure Monitor
Full stack monitoring across apps & infrastructure with Azure Monitor
 
Azure storage
Azure storageAzure storage
Azure storage
 
Az 104 session 2 implement and manage azure webapps and container
Az 104 session 2 implement and manage azure webapps and containerAz 104 session 2 implement and manage azure webapps and container
Az 104 session 2 implement and manage azure webapps and container
 
Az 900 session 2-core azure services
Az 900 session 2-core azure servicesAz 900 session 2-core azure services
Az 900 session 2-core azure services
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure Functions
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentals
 
Azure container instances
Azure container instancesAzure container instances
Azure container instances
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPT
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arc
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container Apps
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
 
Azure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-CloudAzure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-Cloud
 
Azure Web Apps - Introduction
Azure Web Apps - IntroductionAzure Web Apps - Introduction
Azure Web Apps - Introduction
 
Migrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureMigrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft Azure
 
Azure storage
Azure storageAzure storage
Azure storage
 
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
 

Similar to AZ-204 : Implement Azure security

Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2AzureEzy1
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...AzureEzy1
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
AZ-204: Connect to and consume Azure services and third-party services - Part 1
AZ-204: Connect to and consume Azure services and third-party services - Part 1AZ-204: Connect to and consume Azure services and third-party services - Part 1
AZ-204: Connect to and consume Azure services and third-party services - Part 1AzureEzy1
 
AZ-400 Session 1: Facilitate communication and collaboration
AZ-400 Session 1: Facilitate communication and collaborationAZ-400 Session 1: Facilitate communication and collaboration
AZ-400 Session 1: Facilitate communication and collaborationAzureEzy1
 
Develop for Azure storage
Develop for Azure storageDevelop for Azure storage
Develop for Azure storageAzureEzy1
 
AZ-400: Define and implement a continuous delivery and release management str...
AZ-400: Define and implement a continuous delivery and release management str...AZ-400: Define and implement a continuous delivery and release management str...
AZ-400: Define and implement a continuous delivery and release management str...AzureEzy1
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azurekloia
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Security Conference
 
EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....Peter Selch Dahl
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
AZ-400: Define and implement continuous integration – Part 2
AZ-400: Define and implement continuous integration – Part 2AZ-400: Define and implement continuous integration – Part 2
AZ-400: Define and implement continuous integration – Part 2AzureEzy1
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackWinWire Technologies Inc
 
Containers on azure web apps
Containers on azure web appsContainers on azure web apps
Containers on azure web appsRajesh Kolla
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision IT
 
SecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptxSecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptxUdaiappa Ramachandran
 
Secure deployments keeping your application secrets private - condensed
Secure deployments keeping your application secrets private - condensedSecure deployments keeping your application secrets private - condensed
Secure deployments keeping your application secrets private - condensedHenry Been
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Robert Crane
 
CIAOPS Need to Know Azure Webinar - January 2018
CIAOPS Need to Know Azure Webinar - January 2018CIAOPS Need to Know Azure Webinar - January 2018
CIAOPS Need to Know Azure Webinar - January 2018Robert Crane
 
Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019Frans Lytzen
 

Similar to AZ-204 : Implement Azure security (20)

Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
AZ-204: Connect to and consume Azure services and third-party services - Part 1
AZ-204: Connect to and consume Azure services and third-party services - Part 1AZ-204: Connect to and consume Azure services and third-party services - Part 1
AZ-204: Connect to and consume Azure services and third-party services - Part 1
 
AZ-400 Session 1: Facilitate communication and collaboration
AZ-400 Session 1: Facilitate communication and collaborationAZ-400 Session 1: Facilitate communication and collaboration
AZ-400 Session 1: Facilitate communication and collaboration
 
Develop for Azure storage
Develop for Azure storageDevelop for Azure storage
Develop for Azure storage
 
AZ-400: Define and implement a continuous delivery and release management str...
AZ-400: Define and implement a continuous delivery and release management str...AZ-400: Define and implement a continuous delivery and release management str...
AZ-400: Define and implement a continuous delivery and release management str...
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
 
EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
AZ-400: Define and implement continuous integration – Part 2
AZ-400: Define and implement continuous integration – Part 2AZ-400: Define and implement continuous integration – Part 2
AZ-400: Define and implement continuous integration – Part 2
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 
Containers on azure web apps
Containers on azure web appsContainers on azure web apps
Containers on azure web apps
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
 
SecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptxSecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptx
 
Secure deployments keeping your application secrets private - condensed
Secure deployments keeping your application secrets private - condensedSecure deployments keeping your application secrets private - condensed
Secure deployments keeping your application secrets private - condensed
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
 
CIAOPS Need to Know Azure Webinar - January 2018
CIAOPS Need to Know Azure Webinar - January 2018CIAOPS Need to Know Azure Webinar - January 2018
CIAOPS Need to Know Azure Webinar - January 2018
 
Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019
 

Recently uploaded

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

AZ-204 : Implement Azure security

  • 2. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Session 4 AZ-204: Implement Azure security 2
  • 3. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! AzureTalk Core Team 3
  • 4. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Today’s Session Speaker Sanjib Panigrahi AzureEzy Core Team MCP, Sr Software Engineer 4 Vipin Jha AzureEzy Core Team Consultant, MCT
  • 5. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Win Azure Exam Vouchers • Participate in quiz during session • 6 Selected participants will get free Azure Exam Vouchers • 1 selected participant will get free print copy of Demystifying Azure DevOps Services • Must be registered on Eventbrite • Winner will be announced in next session • #AzureEzy 5 Free Azure Exam Vouchers
  • 6. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Developer Associate- Cert Path 6
  • 7. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! AZ-204: Skills Measured • Develop Azure compute solutions (25-30%) • Develop for Azure storage (15-20%) • Implement Azure security (20-25%) • Monitor, troubleshoot, and optimize Azure solutions (15-20%) • Connect to and consume Azure services and third- party services (15-20%) 7
  • 8. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Prerequisites • Hands-on experience with Azure IaaS, PaaS solutions, and Azure Portal • Experience writing in an Azure supported language at the intermediate level. (C#, JavaScript, Python, or Java) • Ability to write code to connect and perform operations on, a SQL or NoSQL database product. (SQL Server, Oracle, MongoDB, Cassandra or similar) • Experience writing code to handle authentication, authorization, and other security principles at the intermediate level • Understanding of HTML, HTTP protocol and REST API interfaces 8
  • 9. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Agenda •Implement user authentication and authorization •Microsoft Identity Platform v2.0 •Authentication using the Microsoft Authentication Library •Using Microsoft Graph •Authorizing data operations in Azure Storage •Implement secure cloud solutions •Manage keys, secrets, and certificates by using the KeyVault API •Implement Managed Identities for Azure resources •Secure app configuration data by using Azure App Configuration 9
  • 10. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Identity Platform v2.0 10
  • 11. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Identity Platform 11 • Authentication service • Users/Customer sign in with Microsoft identities or social accounts • Provide authorized access
  • 12. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Components 12 • OAuth 2.0 and OpenID Connect Supported • Open-source libraries: Microsoft Authentication Libraries (MSAL) and support for other standards-compliant libraries • Application management portal • Application configuration API and PowerShell • Developer content
  • 13. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Authentication Library 14 • Acquire tokens from Microsoft identity platform • Secure Access To Microsoft Graph, Microsoft APIs, Third-party Web API • Supports many application Platforms .Net, Javascript, Java, Python, Android
  • 14. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! MSAL Benefits 15 • Acquires and maintain tokens • Handle token expiration Automatically • Specify audience for application sign in
  • 15. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! ADAL and MSAL • AADL V1.0 • Supports work accounts, • Doesn’t support personal accounts • MSAL v2.0 • Support Microsoft personal accounts, work account • Get authentications for Azure AD B2C, Facebook, Google etc. 16
  • 16. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph 19
  • 17. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph • Gateway to data in Microsoft 365 • Use to access data in Microsoft 365, Windows 10, and Enterprise Mobility + Security • Use data to build apps for organizations and consumers 20
  • 18. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Microsoft Graph 21 Reference : Microsoft Docs
  • 19. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Authorizing data operations in Azure Storage 22
  • 20. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Access Data in Azure Storage 23 Shared Key (storage account key) Shared access signature (SAS) Azure Active Directory (Azure AD) On-premises AD Anonymous public read access Azure Blobs Supported Supported Supported Not Supported Supported Azure Files (SMB) Supported Not Supported Supported, only with AAD Domain Services Supported, credentials must be synced to Azure AD Not Supported Azure Files (REST) Supported Supported Not Supported Not Supported Not Supported Azure Queues Supported Supported Supported Not Supported Not Supported Azure Tables Supported Supported Not Supported Not Supported Not Supported
  • 21. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Account Access Keys • Created during Storage account creation • Two 512-bit storage account access keys • Authorize access to storage account • Similar to root password of storage account • Be careful to protect your access keys • Use Azure Key Vault to manage and rotate access keys 24
  • 22. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Shared Access Signature (SAS) • String contains security token that can be attached to a URI • Delegated access to resources in storage account • Granular control • Resources access • Permissions on resources • SAS is validity 25
  • 23. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! SAS Example https://myaccount.blob.core.windows.net/sascontainer/sasblob.txt?sv=20 19-02-02&st=2019-04-29T22%3A18%3A26Z&se=2019-04- 30T02%3A23%3A26Z&sr=b&sp=rw&sip=168.1.5.60- 168.1.5.70&spr=https&sig=Z%2FRHIX5Xcg0Mq2rqI3OlWTjEg2tYkboXr1P 9ZUXDtkk%3D 26
  • 24. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! CORS • HTTP feature enables web application from one domain to access resources in another domain • Set CORS rules for • Blob • File • Table • Queue 27
  • 25. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Manage keys, secrets, and certificates by using the KeyVault API 28
  • 26. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Key Vault • Secrets Management • Key Management • Certificate Management 29
  • 27. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Key Vault Benefits • Increase security and control over keys and passwords • Create and import encryption keys in minutes • Applications have no direct access to keys • Use FIPS 140-2 Level 2 and Level 3 validated HSMs • Reduce latency with cloud scale and global redundancy • Simplify and automate tasks for SSL/TLS certificates 30 Reference : Microsoft Docs
  • 28. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Key Vault Authentication • Managed identities for Azure resources • Service principal and certificate • Service principal and secret 31
  • 29. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Implement Managed Identities for Azure resources 32
  • 30. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managed Identities • Identity for applications for Azure AD authentication • Applications may use managed identity • To obtain Azure AD tokens • To access resources like Azure Key Vault where developers can store credentials in a secure manner or to access storage accounts 33
  • 31. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managed Identities Types • System-assigned • Identity directly on a service instance • Tied to lifecycle of service instance • Automatically deletes identity with service deletion • User-assigned • Created as a standalone Azure resource • Assign it to one or more instances • Managed separately from resources 34
  • 32. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! System-Assigned Managed Identity 35 Reference : Microsoft Docs
  • 33. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Secure app configuration data by using Azure App Configuration 36
  • 34. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure App Configuration • Service to centrally manage application settings and feature flags • Store all the settings for your application • Encryption of sensitive information at rest and in transit • Native integration with popular frameworks 37
  • 35. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Break 38
  • 36. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Demo 1. Authenticating to and querying Microsoft Graph by using MSAL and .NET SDKs 1. Create an Azure Active Directory (Azure AD) application registration 2. Obtain a token by using the MSAL.NET library 3. Query Microsoft Graph by using the .NET SDK 2. Access resource secrets more securely across services 1. Configure secrets and identities 2. Build an Azure Functions app 3. Access Azure Blob Storage data 39
  • 37. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Quiz 42 https://q.azureezy.com/az-204 Free Azure Exam Vouchers Winners' announcement in next session on 18th July 2021 Register for next session at azureezy.com/az-204 Update your skills on LinkedIn and enter a chance to win Surface Go!! More info @ https://azureezy.com/azure-skills-feb21
  • 38. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Winners Announcements • Winners for Previous Session “Develop for Azure storage” 43
  • 39. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! 44 https://bharatguru.in https://www.linkedin.com/in/vipinkumarjha/ https://www.linkedin.com/in/ashishrajsrivastava https://azuredevopspro.com https://youtube.com/AshishRajSrivastava @ashishrajs https://www.linkedin.com/in /sanjibpanigrahi/ Thanks! https://azureezy.com/az-204 https://t.me/AzureTalk https://youtube.com/AzureTalk https://t.me/AzureDevOpsPro