Defense in depth uses a layered approach to security
- Identity and access
The responsibilities vary based on where the workload is hosted:
- Software as a Service
- Platform as a Service
- Infrastructure as a Service
- On-premises datacenter (On-prem)
CIA – A way to think about security trade-offs.
- Confidentiality refers to the need to keep confidential sensitive data such as customer information, passwords, or financial data.
- Data breach
- Spear phishing
- Tech support scams
- SQL injection
- Malware designed to steal passwords or bank details
- Dictionary attack
- Disruptive attacks
Encrption is the process of making data unreadable and unusable to unauthorized viewers.
Hashing uses an algorithm to cobert the original text to a unique fixed-lenghth hash value.
請支持《Sectools.tw》原創文章。原文標題：Microsoft Security 虛擬培訓日筆記，原文網址：https://sectools.tw/microsoft-security/
Consisits of documentation,implementation guidance, & best practices that support increases security and compliance
Types of security threats
- Password-based attacks
- Spear phishing
Identity has become the new security perimeter that enables organizations to secure their assets.
An identtity is how someone or so,ething can be verified and authenticated and may be associated with:
Modern authentication is an umbrella term for authentication and authorization methods between a client and a server.
- identity provider (IdP)
- The website uses the authentication services of IdP-A
- The user authenticates with IdP-B
- A directory is a hierarchical structure that stores information about objects on the network
- A directory service stores directory data and makes it available to network users, administrators
- The best-known service of this kind is Active Directory Domain Service (AD DS), a central component
- Learned about some important security concepts and methodologies.
- Learned about some import identity concepts
由 Micosoft 365 專家進行問答
What is authorization and authentication with example?
Azure AD is Microsoft’s cloud-based identity and access management service. Capabilities of Azure AD
- Service principal
- Managed identity
- something you know
- something you have
- something you are
Different authentication methods that can be used with MFA
- Password & additional verification
- Phone (voice or SMS)
- Microsoft Authenticator
- Open Authentication (OATH) with software or hardware tokens
- Benefits of Self-service password reset
- Self-service password reset works in the following scenarious
- Authentication method of SSPR
- User or group membership
- Named location information
- Real-time sign-in risk detection
- Cloud apps or actions
- User risk
- Block access
- Grant access
- Require one or more conditions to be met before granting access
- Built-in roles
- Custom roles
- Azure AD role-based access control
- Only grant the access users need
- Govern the identity llifecycle
- Govern access lifecycle
- Secure privileged access for administration
- Join: A new digital identity is created
- Move: Update access authorizations
- Leave: Access may need to be removed
- Entitlement management
- Access reviews
PIM enables toy to manage, control, and monitor access to important resources in your organization.
Network securrity groups (NSG) let you allow or deny network traffic to and from Azure resources that exist in your Azure Virtual Network.
Azure Resource Manager locks
- Prevent resources from being accidentally deleted or changed.
Scope of Azure Defender
- App Service
- Container registries
- Key Bault SQL
collect data from accrss the whole estate