Foundational Security Concepts

• Shared Responsibility Model: A fundamental concept in cloud computing where cloud providers (like Microsoft) and customers share security responsibilities. Microsoft secures the "cloud itself" (physical infrastructure, host OS, network controls), and you are responsible for security in the cloud (your data, applications, OS configurations, network security groups, identities).
• Defense in Depth: A strategy using multiple layers of security to protect data. If one layer is breached, another layer stands ready to prevent further access. Think of it like an onion: physical security, identity & access, perimeter, network, compute, application, and data.
• Zero Trust Model: A security philosophy based on the principle "never trust, always verify." It assumes breach and requires continuous verification for every access attempt, regardless of location. Key tenets are: verify explicitly, use least privileged access, and assume breach.
• Encryption: The process of converting information or data into a code to prevent unauthorized access.
• Hashing Hashing is a one-way function that transforms data into a fixed-size string of characters, ensuring data integrity (e.g., verifying file downloads) and secure password storage.
• Salting adds a unique, random value to each password before hashing, preventing attackers from using precomputed hash tables (rainbow tables) to crack passwords. This enhances security by ensuring identical passwords produce different hashes, even if multiple users choose the same password.
• Governance, Risk, and Compliance (GRC): A structured approach to aligning IT with business objectives, managing risks, and meeting regulatory requirements.

Entra ID

• Identity Secure Score: Measures how aligned you are with Microsoft's best practices.

Identity Types

1. User Identities

• Employees and External Users
  • Can have either guest or member status

2. Workload Identities

• Assigned to software workloads (e.g., apps, services, VMs, containers).
• Used for authenticating and accessing resources in Microsoft Entra ID.
• Can be implemented as Managed Identities or Service Principals, depending on the management requirements.
• Helps automate authentication for cloud-based workloads without requiring user credentials.