AZ-204 - Developer associate - Implementing security solutions
Last updated Jul 6, 2022
Published Jun 6, 2022
Implementing security
Azure active directory
- offers authentication and authorization
- Identity provider
- Licenses
- AD Free
- Role based access control
- Authorization for resources under a subscription
- Groups holds control to many users
- Application objects
- uses package Azure.Identity
- ClientSecretCredentials
Azure key vault
- used for host secrets (encryption keys, certificates, secrets)
Azure CLI
- az keyvault create
- az keyvaul secret set
Encryption keys
- Package used for key vault in c# is Azure.Security.KeyVault.Keys
- Encrypts a text
- fetches the ClientSecretCredentials
- Fetches the encryption key through the class KeyClient
- Uses the package CryptographicClient to perform cryptographic operations
- Method CryptographicClient.Decrypt is used to decrypt
Policies vs RBAC
Managed identities
- Access token
- makes an request to a vm and get access to a resource
- User assigned
Disk encryption
- Encryption keys
- Stored in azure
- Encrypted at rest
- By default azure encrypts the data using server side encryption (azure uses its own keys, but it is possible to use custom ones)
- disk encryption set
- it is possible to enable disk encryption at rest after the vm has been created, for such, first, the vm should be stopped
- az vm encryption enable
Authentication and authorization
- oauth 2 standard
- getting access token to access storage account resources
Table of contents
Got a question?
If you have question or feedback, don't think twice and click here to leave a comment. Just want to support me? Buy me a coffee!