Section 4: Authentication and Secure Data

Implement and Authenticate Secure Data (5-10%)
Implement authentication

Implement authentication by using certificates, forms-based authentication, tokens, or Windows-integrated authentication; implement multi-factor authentication by using Azure AD; implement OAuth2 authentication; implement Managed Service Identity (MSI) Service Principal authentication

• What methods are available for authentication?

• Authentication and authorization in Azure App Service

• Windows Authentication and Azure Multi-Factor Authentication Server

• Advanced certificate signing options in the SAML token for gallery apps in Azure Active Directory

• How it works: Azure Multi-Factor Authentication

• Understanding the OAuth2 implicit grant flow in Azure Active Directory (AD)

• What is managed identities for Azure resources?

• Use a Windows VM system-assigned managed identity to access Resource Manager

• Use a Linux VM system-assigned managed identity to access Azure Resource Manager

Implement secure data solutions

Encrypt and decrypt data at rest and in transit; encrypt data with Always Encrypted; implement Azure Confidential Compute and SSL/TLS communications; create, read, update, and delete keys, secrets, and certificates by using the KeyVault API

• Azure Data Encryption-at-Rest

• Always Encrypted: Protect sensitive data and store encryption keys in the Windows certificate store

• Always Encrypted: Protect sensitive data and store encryption keys in Azure Key Vault

• Transparent data encryption or always encrypted?

• Azure confidential computing

• Azure Data Security and Encryption Best Practices

• What is Azure Key Vault?

• Azure Key Vault REST API reference

• Azure Key Vault Developer's Guide

  Download the pdf here