Design Identity and Security (25-30%)
Design authentication
- recommend a solution for single-sign on
See the simple yet fantastic explanation from Mr.Swaroop Krishnamurthy @ YouTube on How to setup the Single Sign-On (AD , ADFS and Passthrough Authentication)
https://www.youtube.com/watch?v=PyeAC85Gm7w and also Azure AD Passthrough Authentication
- recommend a solution for authentication
- recommend a solution for Conditional Access, including multi-factor authentication
- recommend a solution for network access authentication
- recommend a solution for a hybrid identity including Azure AD Connect and Azure AD
- Connect Health
- recommend a solution for user self-service
- recommend and implement a solution for B2B integration
Design authorization
- choose an authorization approach
- recommend a hierarchical structure that includes management groups, subscriptions and
- resource groups
- recommend an access management solution including RBAC policies, access reviews,
- role assignments, physical access, Privileged Identity Management (PIM), Azure AD
- Identity Protection, Just In Time (JIT) access
Design governance
- recommend a strategy for tagging
- recommend a solution for using Azure Policy
- recommend a solution for using Azure Blueprint
Design security for applications
- recommend a solution that includes KeyVault
o What can be stored in KeyVault
o KeyVault operations
o KeyVault regions
- recommend a solution that includes Azure AD Managed Identities
- recommend a solution for integrating applications into Azure AD