Design for Identity and Security (20-25%)
Note that the following documentation is recommended to review for this exam objective. The content is relatively lengthy so please plan accordingly.
- Cloud Adoption Framework - Azure Identity Management and access control security best practices
- Identity and access management
- Azure Architecture Center security pillar
Design Identity Management
- choose an identity management approach
- design an identity delegation strategy
- design an identity repository
- design self-service identity management
- design user and persona provisioning
- define personas
- define roles
- recommend appropriate access control strategy
Design Authentication
- choose an authentication approach
- design a single-sign on approach
- design for IPSec authentication
- design for logon authentication
- design for multi-factor authentication
- design for network access authentication
- design for remote authentication
Design Authorization
- choose an authorization approach
- define access permissions and privileges
- design secure delegated access
- recommend when and how to use API Keys
Design for Risk Prevention for Identity
- design a risk assessment strategy
- evaluate agreements involving services or products from vendors and contractors
- update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
Design a Monitoring Strategy for Identity and Security
- design for alert notifications
- design an alert and metrics strategy
- recommend authentication monitors