Active Directory Federation Service
authentication and authorization
authentication methods
on-premises
secured identity federation
Ad Hoc configuration protocols (AHCP)
Advanced security information model (ASIM)
Advanced threat protection (ATP)
Application development team
Application layer principles
Application proxy connector
Application security
availability
Azure AD multifactor authentication
BYOD
confidentiality
identity management
integrity
layered security approach
security layers
zero trust cloud security
Application security group (ASG)
Asynchronous/synchronous communication
Azure Active directory security model
Azure AD application proxy
components
with conditional access
features
on-premises web applications
remote users access
secure and remote access
use cases
workflow
Azure AD Business 2 Business collaboration (Azure AD B2B)
Azure AD business to customers (Azure AD B2C)
Azure AD federated authentication
Azure AD federation service
Azure AD multifactor authentication
Azure AD password protection
Azure AD security defaults
Azure AD security model
hybrid identity
identity assessment score
secure organizations checklist
Azure AD with password hash sync
Azure Application Gateway
Azure app service environment
Azure governance visualizer
Azure monitor
alerts
application insights
applications
auto-scaling
container insights
events
information
logs
metrics
VM insights
Azure PaaS/SaaS responsibility
Azure privileged identity management
Azure Resource Manager (ARM)
Azure’s defense-in-depth security architecture
application gateway
cloud computing
data
identity and access
network
OSI model
perimeter
physical security
security implementation
security risk management approach
Azure Sentinel
connectors
enabling
microsoft defender
regional availability
Azure’s key management parameters
Azure’s public cloud infrastructure
Azure’s services and resources
checklist
data storage
disk encryption with SSE
identity and access management
RBAC
Azure tenant security (AzTS)
activities
Azure active directory
Azure functions
Azure services
deployment script
layered security architecture
process
Azure web application firewall
Border Gateway Protocol (BGP)
Bring Your Own Device (BYOD)
Built-in Azure security controls
application insight
ARM template deployment
Azure Advisor
Azure Advisor security recommendations
Azure app service environment
Azure Monitor Logs
Azure platform
Azure Resource Manager
Azure’s public cloud infrastructure
Azure web application firewall
end customer/cloud consumer
layered security architecture
public cloud service
shared responsibility
traditional vs. cloud
WAF
Built-in storage encryption
Carrier sense multiple access (CSMA)
Centralized integration layer
Change-management process
Cloud computing
model
network security risks
security breaches
security controls
security policies
shared resources
virtual workloads
Cloud dematerialized zone (DMZ)
Cloud, Microsoft defender
Cloud-native architecture
Cloud-ready applications
boundaries
cultural change
definition
infrastructure
principles
resilience patterns
security practices
Cloud security
boundaries
challenges
configurations
considerations
measures
organization’s consideration
pillars
risk assessment
Command and Query Responsibility Segregation (CQRS)
Common configuration enumeration (CCE)
Common platform enumeration (CPE)
Common vulnerabilities and exposure (CVE)
Common vulnerability scoring system (CVSS)
Confidentiality, integrity, and availability (CIA)
Container security
K8 network isolation
K8 security checklist
Kubelet
Kubernetes cluster
node, pod, volume and node process
RBAC
whitelisting
Continuous integration/continuous deployment pipelines (CI/CD)
Controlling routing behavior
BGP
custom routes
default routing rules
optional default routes
system routes
user-defined routes
virtual network
VPN gateway route propagation
Cross-site scripting (XSS)
Database Administrators (DBAs)
Data classification
confidential
general
highly confidential
linking metadata process
Microsoft Azure SQL DB
dashboards
data discovery and classification
discovery and recommendations
export option
information protection policy labels
lables
recommendations
SQL information protection policy
Microsoft standard
non-business
public
Data discovery and classification
Data encryption patterns
Azure services
Azure’s key management parameters
client encryption model
cloud
data protection and security
features
Microsoft Azure
server-side encryption
Data protection
access control
data types
monitoring
network security, data access
principles
Development, test, acceptance, and production (DTAP)
Disaster recovery (DR)
automated testing
Azure availability zones
Azure PaaS services
Azure regional pairs
creation
definition
design and implementation
management
RLO
RPO
RTO
Dynamic host configuration protocol (DHCP)
Identity and access management (IAM)
application types
Azure AD security model
definition
identity platform
Identity assessment score
definition
make strong credentials
resisting common attacks
Identity based access control
Infrastructure and application deployment
application deployment governance
automate security releases
data movement
IaC
least privilege
pipeline secrets
security vulnerability management
security vulnerability scans
Infrastructure as a Code (IaC)
Microsoft Azure SQL DB
ATP
dashboards
data discovery and classification
discovery and recommendations
export option
information protection policy labels
lables
Microsoft defender, cloud
Microsoft information policy
recommendations
SQL Information Protection Policy
Microsoft defender
best practices
cloud
goal
security initiatives
Microsoft identity platform
Microsoft information policy
Microsoft Sentinel
connectors
data
features
hunting dashboards
hunting queries
incident management and response process
integration
logs
parsers
playbooks
prerequisites and resources
workbooks
Monolithic vs. microservice architecture
Multifactor authentication (MFA)
Multiple VNET with VNET peering
Passthrough authentication
Password expiration policy
Pattern-based security
compartmentalization
consumer layer
dimensions
holistic approach
integration layer
modernized architecture
provider layer
scalability
service-oriented architecture
software layers
threats
Physical security
Azure regions
compliance
data bearing devices
data centers and resources
Microsoft Azure team
reviews
Privileged identity management (PIM)
access control
access reviewers
admin
approvers
Azure AD and Azure roles management
definition
features
role activation
Public cloud architectures
Public key infrastructure (PKI)
Secure socket layer (SSL)
Security Assertion Markup Language (SAML)
Security information event management (SIEM)
Security operations team (SOC)
Security policies
overview
score
security initiatives
security posture details
security recommendations
Security testing
attackers
cloud security attacks
cloud security testing
design
ethical hacking
goal
integration testing
penetration scanning
requirements
risk assessment
security auditing
security scanning
system testing
types
unit testing
vulnerability testing
Security training
employee’s behavioral changes
frequency
phishing
security culture
tackle security issues
validation
Segmenting subnets
advantages
ASG
Azure firewall
Azure subscription
Azure virtual network
create software-defined perimeters
enterprises
multiple VNET with VNET peering
NSGs
single VNET
Server-side web application
Service-oriented approaches
Shared access signature (SAS)
Single sided page applications (SPA)
Azure AD
definition
page app configuration
Single sign-on (SSO)
configuration
password hash synchronization/passthrough authentication
SAML 2.0
users
Software-defined networks (SDNs)
cloud-based networks
create cloud-based virtual networks
networking decision guide
types of virtual networking architectures
Software development lifecycle process
SQL information protection policy
Standard automatic configuration (SAC)
Threat modeling process
applications and services
brainstorm/prioritize threats
definition
design phase
developers
enterprises
form team
pattern-based security
phases
potential security risk
resiliency and fault isolation
risk mitigation
scope
security controls
security layers
security threats
security zones
software security
steps
STRIDE model
Traditional application security
Traditional security architectures
Traditional security controls
Transparent data encryption (TDE)
Transport layer security (TLS)
Types of data
data at rest
data in transit
in use
Types of virtual networking architectures
cloud-native
DMZ
hub and spoke model
hybrid
PaaS