Skip to content

Identity, governance, privacy and compliance

Identity services

  • Authentication: User priving who they are (user ID and password)

  • Authorization: Ensuring that s user is permitted to perform an action

  • Azure Active Directory (AD)

  • IDentity as a Service (IDaaS)
  • Authentication mechanism
  • Supports synchronizing with organizational AD
  • Single-Sign On (SSO): Same user id and password for multiple applications
  • LDAP: Lightweight Directory Access Protocol
  • Multi-Factor Authentication (MFA): Third factor is a phone sms, application confirm, etc
  • Conditional Access: Block suspicious access

Governance

  • Role-Based Access Control (RBAC)

  • It's an authorization mechanism

  • Create roles that represent the common tasks of the job
  • Granular permissions to the roles
  • Assign users to roles

  • Built-in roles: Reader, Contributor, Owner

  • Locks

  • Read only lock

  • Can not delete lock

  • Access to locked resources can be restricted with RBAC

  • Policies

  • Policies are restrictions imposed to services

    • Examples of built-in policies: require SQL 12+, allowed locations, allows SKUs, require tags

  • A set of policies grouped together are policy initiatives

    • E.g., every resource and resource group must have these five tags

  • Blueprints

  • Create subscription template with roles and policies already defined

  • Cloud Adoption Framework for Azure

  • Set of documentation, guidance, tools to migrate to the cloud

  • Define Strategy, PLan, Ready, Adopt, Govern, Manage

Privacy and Compliance

  • Compliance is a general term that means the standards and rules (outside of the company or internal) that you need to follow:

  • General Data Protection Regulation (GDPR): Give EU citizens data protection. Affect companies outside of the EU that handle EU citizen's data

  • Internation Organization Standardization (ISO): standards about quality assurance

  • NIST Cybersecurity Framework (CSF)

  • Compliance Manager: Workflow-based risk assessment tool to help you manage regulatory compliance

  • Trusted Cloud: Security, Privacy, Compliance, Resiliency, Intellectual Property Protection
  • Online Service Terms: Terms and conditions for use
  • Data Protection Addendum (DPA): How MS handle personal data.