2 - Design for Identity and Security (20-25%).md

Design for Identity and Security (20-25%)

Start by completing the following course on openedx:

• Designing for Identity and Security

Design Identity Management

May include but not limited to: Choose an identity management approach; design an identity delegation strategy, identity repository (including directory, application, systems, etc.); design self-service identity management and user and persona provisioning; define personas and roles; recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based).

Note that the Cloud Adoption Framework and the Azure security best practices and patterns documentation are the key materials to review for this exam objective. THey are relatively lengthy so please plan accordingly.

• Choose an identity management approach
• Design an identity delegation strategy, identity repository (including directory, application, systems, etc.)
• Design self-service identity management and user and persona provisioning
• Define personas and roles
• Recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)

Design Authentication

May include but not limited to: Choose an authentication approach; design a single-sign on approach; design for IPSec, logon, multi-factor, network access, and remote authentication.

• Choose an authentication approach

• Design a single-sign on approach

  • Azure Active Directory Seamless Single Sign-On
  • Azure Active Directory Seamless Single Sign-On: Technical deep dive
  • User Privacy and Azure AD Seamless Single Sign-On
  • Azure Active Directory Seamless Single Sign-On: Quick start

• Design for IPSec, logon, multi-factor, network access, and remote authentication

Design Authorization

May include but not limited to: Choose an authorization approach; define access permissions and privileges; design secure delegated access (e.g., oAuth, OpenID, etc.); recommend when and how to use API Keys.

• Choose an authorization approach

  • Security best practices for Azure
  • Choose the right authentication method for your Azure Active Directory hybrid identity solution
  • Azure security best practices and patterns
  • Role-based and resource-based authorization

• Design secure delegated access (e.g., oAuth, OpenID, etc.)

• Recommend when and how to use API Keys

  • What is API Management?
  • How to secure back-end services using client certificate authentication in Azure API Management

Design for Risk Prevention for Identity

May include but not limited to: Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access); evaluate agreements involving services or products from vendors and contractors; update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures.

• Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access)
• Evaluate agreements involving services or products from vendors and contractors
• Update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures

 

Design a Monitoring Strategy for Identity and Security

May include but not limited to: Design for alert notifications; design an alert and metrics strategy; recommend authentication monitors.

• Design for alert notifications
• Design an alert and metrics strategy
• Recommend authentication monitors

For this exam objective please complete the following:

• Security, responsibility and trust in Azure
• Design for security in Azure