AZ-204 - Developer associate - Implementing security solutions

Last updated Jul 6, 2022 Published Jun 6, 2022

Implementing security

Azure active directory

  • offers authentication and authorization
  • Identity provider
  • Licenses
    • AD Free
  • Role based access control
    • Authorization for resources under a subscription
    • Groups holds control to many users
  • Application objects
    • uses package Azure.Identity
    • ClientSecretCredentials

Azure key vault

  • used for host secrets (encryption keys, certificates, secrets)

Azure CLI

Encryption keys

  • Package used for key vault in c# is Azure.Security.KeyVault.Keys
  • Encrypts a text
  • fetches the ClientSecretCredentials
  • Fetches the encryption key through the class KeyClient
  • Uses the package CryptographicClient to perform cryptographic operations
  • Method CryptographicClient.Decrypt is used to decrypt

Policies vs RBAC

Managed identities

  • Access token
    • makes an request to a vm and get access to a resource
  • User assigned

Disk encryption

  • Encryption keys
  • Stored in azure
  • Encrypted at rest
  • By default azure encrypts the data using server side encryption (azure uses its own keys, but it is possible to use custom ones)
  • disk encryption set
  • it is possible to enable disk encryption at rest after the vm has been created, for such, first, the vm should be stopped
  • az vm encryption enable

Authentication and authorization

  • oauth 2 standard
  • getting access token to access storage account resources