https://cd.infostar.me/ 2026-04-07T07:07:45+00:00 https://cd.infostar.me/ https://cd.infostar.me/_media/wiki:logo.png text/html 2023-02-03T23:58:16+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:application_management?rev=1675468696&do=diff Application Management * App Registration The purpose of registering an app with Azure AD is to authorize a client/app to access some resource that AAD controls access to (for which AAD is the authorization server). For example, the MS Graph Powershell module (client) needs to be granted access to the MS Graph text/html 2023-02-07T16:50:53+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:az-500_study_guide?rev=1675788653&do=diff AZ-500 Study Guide * AZ-500 Study Notes * Azure Organization * Identity and Access Management * Azure Subscriptions * Hybrid Identity * Identity Protection * Role Based Access Control * Privileged Identity Management * Application Management * Azure Policy * Azure Blueprints * Azure Networking * DDoS Protection * Azure Firewall * Service Endpoints and Private Endpoints * Azure Storage * Container Security * Monitoring and Logging * Microsoft Defender for … text/html 2022-07-23T13:16:45+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_blueprints?rev=1658582205&do=diff Azure Blueprints Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as: * Role Assignments * Policy Assignments * Azure Resource Manager templates (ARM templates) * Resource Groups text/html 2023-03-02T15:52:23+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_devops?rev=1677772343&do=diff Azure DevOps Branch Policies " Branch policies include options like requiring a pull request, a successful build, or a code review before changes can merge into a branch." " Policies enforce your team's code quality and change management standards. text/html 2022-07-26T18:23:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_key_vault?rev=1658859834&do=diff Azure Key Vault * <https://docs.microsoft.com/en-us/learn/modules/azure-key-vault/> * Key Vault is used to store and manage tokens, passwords, certificates, encryption keys, API keys, and other secrets. * Authentication and authorization for Key Vault is handled by Azure AD. * There are two levels of the service, standard and premium. text/html 2023-02-02T19:35:13+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_networking?rev=1675366513&do=diff Azure Networking * All network interfaces used in an ASG must be within the same VNet * If ASGs are used in the source and destination, they must be within the same VNet text/html 2023-02-07T21:14:03+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_organization?rev=1675804443&do=diff Azure Organization Billing Methods * Azure pay-as-you-go, also called Microsoft Online Services Program (MSOP), is a direct from Microsoft purchase of Azure for organizations of all sizes * Microsoft Customer Agreement * Enterprise Agreement (EA) text/html 2023-02-06T20:43:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_policy?rev=1675716213&do=diff Azure Policy " Azure Policy is a service you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements. text/html 2023-02-07T15:42:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_security_center?rev=1675784535&do=diff Azure Security Center * Azure Security Center is now called Microsoft Defender for Cloud * ASC is largely powered by Azure Policy * A Log Analytics Workspace is used to capture data from VMs for ASC findings specific to VMs. * There are two tiers of ASC—ASC with and without Defender. The tier without Defender is text/html 2022-07-27T12:36:52+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_sentinel?rev=1658925412&do=diff Azure Sentinel * Sentinel takes in logs and telemetry and detects threats * Sentinel also can be used for threat hunting text/html 2023-02-07T14:42:26+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_storage?rev=1675780946&do=diff Azure Storage * <https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction> * data is always encrypted at rest — can use Microsoft Managed Keys or Customer Managed Keys Azure Storage Accounts * storage accounts provide the logical container/namespace for storage services like, blob containers, file shares, queues and tables. text/html 2023-02-01T20:58:57+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:azure_subscriptions?rev=1675285137&do=diff Azure Subscriptions Moving Subscription To Tenant Consequences of moving a subscription " For example, all role assignments and custom roles in Azure role-based access control (Azure RBAC) are permanently deleted from the source directory and are not transferred to the target directory. text/html 2023-02-07T14:48:26+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:container_security?rev=1675781306&do=diff Container Security * <https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles> * CNI (container network interface is plug-in to k8s that creates a NIC in a container and integrates that with the host network. * When a new AKS cluster is created a managed identity is automatically created. This identity can be assigned the to the AcrPull role to allow the cluster to access and Azure Container Registry. text/html 2023-02-06T21:16:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:database_security?rev=1675718206&do=diff Database Security * <https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview> * <https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview> SQL Database Authentication * AAD is recommended over native SQL Server authentication for database authentication * <https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell#using-an-azure-ad-identity-to-connect-using-ssms-or-ssdt> … text/html 2023-03-03T20:29:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:hybrid_identity?rev=1677875364&do=diff Hybrid Identity * <https://docs.microsoft.com/en-us/learn/modules/hybrid-identity> * Hybrid Identity refers to identity that integrates traditional/on-prem Active Directory with Azure AD. * Azure AD Connect is the service that integrates on-prem AD with Azure AD. * Keep in mind the difference between authentication and authorization. text/html 2023-02-11T21:02:58+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:identity_and_access_management?rev=1676149378&do=diff Identity and Access Management * <https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles> * Role Based Access Control/RBAC * Hybrid Identity Azure AD * Custom AAD roles require a P1 or P2 license * Because Azure AD is HTTP/HTTPS based, it does not use Kerberos authentication. Instead, it uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for authentication (and OAuth for authorization). text/html 2022-08-07T21:54:10+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:identity_protection?rev=1659909250&do=diff Identity Protection * Identity Protection provides policies for a few common scenarios. * These policies require an AAD P2 license * Conditional Access policies could be used in place of Identity Protection policies to achieve similar things. It is broader in scope, but includes capabilities that overlap with Identity Protection. text/html 2023-03-02T16:20:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:microsoft_defender_for_cloud?rev=1677774014&do=diff Microsoft Defender for Cloud " Microsoft Defender for Cloud is your central location for setting and monitoring your organizations security posture." * Microsoft Defender for Cloud was previously known as Azure Security Center. * The free/basic tier text/html 2023-02-09T20:40:56+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:microsoft_purview?rev=1675975256&do=diff Microsoft Purview " Microsoft Purview is a governance (GRC) solution that includes information protection and data loss prevention (DLP) capabilities. It was previously known as Microsoft Information Protection" * Sensitivity Labels can be created and applied to data to classify data and impose controls on it. text/html 2023-04-16T01:03:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:monitoring_and_logging?rev=1681606999&do=diff Monitoring and Logging Azure Monitor Azure Monitor is a service that delivers a comprehensive solution for collecting, analyzing, and acting on telemetry (metrics and logs) from your cloud and on-premises environments. * Platform Logs * By default the Activity Log keeps logs for 90 days. text/html 2022-07-25T17:36:45+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:private_endpoints_and_service_endpoints?rev=1658770605&do=diff Private Endpoints and Service Endpoints Service Endpoints * Service Endpoints allow you to restrict access to your PaaS resources to traffic coming from your Azure Virtual Network. By default many Azure services allow access from the Internet to the service's public endpoint/IP. In many cases this is not needed and it reduces the attack surface to only allow access from select customer networks. text/html 2023-02-03T15:39:23+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:privileged_identity_management?rev=1675438763&do=diff Privileged Identity Management * PIM (Privilege Identity Management) allows access to be granted in a just-in-time manner. It can apply to AAD roles and general ARM roles. * <https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure> * <https://docs.microsoft.com/en-us/learn/modules/azure-ad-privileged-identity-management/4-privileged-identity-management> * <https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/… text/html 2022-08-05T20:19:32+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:resource_locks?rev=1659730772&do=diff Resource Locks * Resource Locks are a mechanism to prevent accidental or malicious modification or deletion of resources. * They function at the control plane level, not the data plane. text/html 2023-02-06T22:44:56+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-500:alt:role_based_access_control?rev=1675723496&do=diff Role Based Access Control/RBAC " RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources." * A security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure resources. You can assign a role to any of these security principals.