Book Image

Microsoft Azure Fundamentals Certification and Beyond

By : Steve Miles
Book Image

Microsoft Azure Fundamentals Certification and Beyond

By: Steve Miles

Overview of this book

This is the digital and cloud era, and Microsoft Azure is one of the top cloud computing platforms. It’s now more important than ever to understand how the cloud functions and the different services that can be leveraged across the cloud. This book will give you a solid understanding of cloud concepts and Microsoft Azure, starting by taking you through cloud concepts in depth, then focusing on the core Azure architectural components, solutions, and management tools. Next, you will understand security concepts, defense-in-depth, and key security services such as Network Security Groups and Azure Firewall, as well as security operations tooling such as Azure Security Center and Azure Sentinel. As you progress, you will understand how identity, governance, privacy, and compliance are managed in Azure. Finally, you will get to grips with cost management, service-level agreements, and service life cycles. Throughout, the book features a number of hands-on exercises to support the concepts, services, and solutions discussed. This provides you with a glimpse of real-world scenarios, before finally concluding with practice questions for AZ-900 exam preparation. By the end of this Azure book, you will have a thorough understanding of cloud concepts and Azure fundamentals, enabling you to pass the AZ-900 certification exam easily.
Table of Contents (21 chapters)
1
Section 1: Cloud Concepts
4
Section 2: Core Azure Services
7
Section 3: Core Solutions and Management Tools
10
Section 4: Security
12
Section 5: Identity, Governance, Privacy, and Compliance
16
Section 6: Cost Management and Service-Level Agreements

Role-based access control

We learned about the basic concepts of RBAC in Chapter 3, Core Azure Architectural Components, when we looked at assigning access to manage Azure subscriptions for billing and resource management.

To recap this functionality provided by Azure AD, RBAC is a concept that refers to authorized user access based on defined roles that have been assigned. It allows you to create granular access control to Azure resources through defined roles, as well as through custom roles, and you can segregate duties by granting only the access that's required to perform the required tasks.

It is a good practice for governance to only allow the minimum access required to complete a task. This is the basis for the principle of least privilege and should always be adopted. So, users are only given access through a role(s) that's the most appropriate for the tasks they need to carry out.

This enhances governance and control of user access management as the permissions...