8.2 Azure Security and Identity

00:09

we'll come back, you cloud creepy crawlers. And in this module, a point to we're going to spend some time reviewing some of the great Security and Identity Management Service is in this amazing cloud platform. Microsoft Azure. So security could never be overemphasized, but it sure can be underutilized, which, unfortunately we see all too often and 90 organizations out there,

00:28

the challenges with I t security or vast and it seems like you can never get on top of it. And then when you finally do,

00:33

the threats have changed. The conditions have changed, and the risk to your organizations are different now than they were even six months ago. But we have to talk about some of the fundamentals of securing our I T infrastructure. Regardless of if our network is premise based or cloud based, we have to protect our data. And when we are protecting our data, it's all about the C. I. A.

00:52

Triad the confidentiality, integrity and availability of our data. Our data has to be kept confidential. Onley Those users that are on a need to know basis should be given access to our data. We have to maintain the integrity of our data and

01:04

data can't be changed or manipulated to read as being something else than it should be. And our data is not good to us if we don't have access to it when we need it. So our data must be available. And it's not just our cyber or security data silos that we need to protect. We have to lock our file cabinets. We have to lock our I T closets.

01:23

We have to protect the physical access to our data.

01:25

And we have to protect our data through our people through strong security, social training to make sure we aren't emailing confidential information out of our company, that we don't have our passwords written on sticky notes under our keyboard and that we're verifying who really is on the other side of the phone call before we share any information about our company.

01:45

Triple A's been around a long time authentication, authorization and accounting. Before you get onto our network, we have to agree that you really are who you claim to be. And once we agree on who you are, we need to authorize access. You can read this data you can read, write this other data and you're quarantined from this other set of data

02:01

restricted. Don't pass, go don't collect $200

02:05

and we need to create an audit trail. So we know who has been on our network, where they went and how long they were there. And we do all of this with our fourth pillar of identity administration. It's through security administration that we create our policies and rules that the other three pillars comply. Ended here, too,

02:22

as your security management has a lot of components that work in tandem to ensure the confidentiality, integrity and availability of your data. India's your cloud, some of the key components and ensuring that your data arrest is protected is through encryption. Service is off your storage disks, files and blobs.

02:38

Your network EJ and your infrastructure is a service. In your platform is the service or protected by next generation firewalls,

02:45

Web application firewalls and VP and encryption technologies. Protecting your data in motion as you transport your data between your on premise storage and your data center to your azure cloud platform and with azure security Center, you have visibility to any threats that might be directed at your service is through Behavior Analytics and through

03:04

azure is Advanced Threat Protection Service that helps you understand when abnormal traffic patterns and abnormal behavior

03:09

could really mean attack is occurring. So less false positives but its identity and access management that were focusing on Next. As your active directory is authenticating and authorizing network access,

03:22

Microsoft is your A D can secure identities and access based on the user location, device data and application context. Active Directory manages your organization's passwords and provide service is like self service. Password reset.

03:35

You don't have to bother your admin because you got locked out of your system. 80 provides role based policies in group management so you can put a person into the sales team. A specific read write folder file, drives an application access and then manage the entire sales team through group policy. I create a new rule for network access that I want to apply to the sales team,

03:54

and I create the rule once and apply it to the group

03:58

rather than having to tag each individual on the sales team to apply. Our new security Rule 80 allows us to control outside partners and customers who might need access to some of our company's data. And resource is like when partners come into the office, we give them printing rights and Internet access and our customers online. We only allow access,

04:15

for example, to their billing records. So I'm using an example where we are using active directory to control the sales teams and partners when they are inside our company's brick and mortar.

04:26

But controlling our customers access to billing records that are being stored and a sequel database in is your and our access via Web application that we have in Azure as well. So what we're really trying to accomplish is using a D insider network and then in the cloud

04:41

and then maybe even using 80 to protect our user identities for Oliver Organization Service's and not just Azure.

04:47

Now we're talking about Azure A D. Connect

04:51

as your A D Connect is the Microsoft Tool, designed to meet an accomplished your hybrid identity goals hybrid, meaning the service. In this case, Active directory lives both on premise, and then the Azure Cloud 80 Connect synchronizes our users on premise passwords with the Azure Active Directory. Instance.

05:08

A D connect provides our users assigned in method that allows users to use the same password on premise

05:13

and in the cloud, but doesn't require additional infrastructure to make it happen. The synchronization I'm referencing extends to 80 configuration parameters, such as when we create users, groups and other objects. So an object might be a conference room or printer, and we want to manage them as any other network resource. The synchronization of 80 Connect

05:30

means that when we create a ruler, a change in a D.

05:33

It is synchronized between both are on premise and azure instances of the active directory. It would be super lame if we hired a new employee and created them as a new user in our premise based active directory just to do it all over again and our azure A D. Instance. So 80 Connect is a hugely popular feature and a huge win for the enterprise

05:53

who more times than not, is using Microsoft Active Directory

05:56

as their organizations, directory service and identity management platform.

06:01

We're back to her as your counsel home page, and so over here on the left, we're gonna go ahead and click Azure Active directory.

06:08

And so this is our active directory instance in the azure cloud my happy packets dot com And then over here on the right, you can see we've got some one click wizards to create users, guest users, group users. Ah, And then over here on the left, we could manage our users, manager groups,

06:26

manager rules and administrators in our organizational

06:29

Ah, units are Oh, you.

06:30

We can select here and and play with her identity and governance policies. Look at licensing. Start playing with her azure A d connect

06:42

and start doing things that password reset or mobile device management. So being able to identify in control and manage

06:48

things like tablets and smartphones being on our network, eh? So what we're going to do now is we're gonna go appear to groups. And so here we're gonna go ahead and create a new group.

07:00

So here's our security or an office 3 65 options. So we're gonna go ahead and create a security group type on a group name. We're gonna call this happy users group description. We're gonna call it standard users.

07:14

And here we choose our owners. Do we have any of these individuals that might be owners of this group, and then we can come in here and select members. So any users we've already created we can bring over here and assign them to be members of this group. And we also can't eat, can take any object or any application that we might want to use and manage.

07:33

Using active directory as our

07:35

authenticator and our authorize er of our service is ah, we can take any of those roles and responsibilities in our network and assign them is users and be managed by active directory. So we're gonna go ahead and take our Microsoft

07:49

privileged identity management service our application, and we're gonna go ahead and take this application. And once we assign it to a group

07:58

and then start assigning roles and members to that group and then policies anybody that wants to use our privilege identity management service, Well, they got authenticate to it, and then they got to be authorized what they can do within that service. So that's how we start with kind of this active directory identity management.

08:16

And so we're gonna go ahead and select

08:18

that, and then we're gonna create the new group.

08:22

All right, so there's our happy users group. And now, if you want users to be added to that group, we gotta go create. Those users will go back here, and this is where we would create those new users. So we go created new user here. Ah, we give them a name, we give them a user name like new user at my happy packets, Doc

08:41

com And then we come in here, we give them rules and responsibilities. So we're going to make them a user. We're going to make them a

08:48

global administrator. So we give them God rights and privileges over everything in our domain, or we'll make them a limited administrator. So a limited administrator. So if you see click on this, we can make them an administrator of just the application or give them developer rights and privileges, or let them

09:05

manager devices in the cloud or our cloud application service is. So if we give them limited admin rates,

09:13

we're doing it on Lee in the cloud, and but we're leaving them completely out of an admin role from our premise based service. Right. Anyway, pretty cool stuff here. All part of active directory and how we can use active directory to manage and control our service is and our security and identity management and

09:31

Azure

09:33

in our premise. Using Microsoft Active Directory Really cool stuff.

09:39

So it's time to give you your homework for this module. So we're going to skip all the learning checks against everything in modulate and start pushing you to really rolling up your sleeves and doing some homework. If you want to play Cloud, you must know azure. So get your 12 months free account in Azure and start getting some stick time.

09:54

Build your own platforms, your own computer and some of that attack on the blob storage, going and start learning Active directory and Cyber is amazing. Teaching assistants and lab developers have created some really great drive thru labs and study guides to Well, frankly, I assure you're learning your cloud. And yes,

10:11

that's a really lame use of pun.

10:13

So thanks for joining us. Next time we get together, we're going to stack it deep with the azure stack. So for now, on behalf of all of us that the cyber Security and I t learning Team, we want to say thank you so much for joining us. We want you to take care. Be well,