SC-900 Certification

An Industrial Internship Report

submitted by

BHAVYA JAIN

20BIT0247
in partial fulfilment for the award of the degree of

Bachelor of Technology
in

Information Technology

SCHOOL OF COMPUTER SCIENCE ENGINEERING

AND INFORMATION SYSTEMS

November, 2023

Page 1
 DECLARATION BY THE CANDIDATE

I hereby declare that the Industrial Internship report entitled “SC-900

certification” submitted by me to Vellore Institute of Technology,
Vellore in partial fulfilment of the requirement for the award of the
degree of Bachelor in Technology in Information Technology is a
record of bonafide industrial training undertaken by me under the
supervision of Harsh Chhabra, etrain education pvt ltd. I further
declare that the work reported in this report has not been submitted and
will not be submitted, either in part or in full, for the award of any other
degree or diploma in this institute or any other institute or university.

S
i
s
Signature of the student

Name: Bhavya Jain

Reg. Number: 20BIT0247

Page 2
 (A typical specimen of Bonafide Certificate)

School of Computer Science and Engineering

BONAFIDE CERTIFICATE

This is to certify that the Industrial Internship report entitled “SC900

Certification” submitted by Bhavya Jain (20BIT0247) to Vellore
Institute of Technology, Vellore in partial fulfilment of the requirement
for the award of the degree of Bachelor of Technology in information
technology is a record of bonafide Industrial Internship undertaken by
him/her under my supervision. The training fulfils the requirements as
per the regulations of this Institute and in my opinion, meets the
necessary standards for submission. The contents of this report have not
been submitted and will not be submitted either in part or in full, for the
award of any other degree or diploma in this institute or any other
institute or university.

Page 3
 ACKNOWLEDGEMENT

I Would like to express my special thanks of gratitude to my Career Development

Cell of VIT Vellore as well as Our Internship Coordinator who gave me the golden
opportunity to do this wonderful course which also helped me in getting good
knowledge of cloud and I come to know about so many new things. I am thankful to
them. Secondly, I would also like to thank my family and friends who helped me a
lot in finishing this certification within the limited period. It helped me increase my
knowledge and skills.

Place : Vellore
Bhavya Jain
Date : 23/11/2023

Page 4
 CERTIFICATE

Verfication Details Link :

https://www.certiport.com/Portal/Pages/CredentialVerification.aspx
Identification Code: QrLo-4wLJ
Student ID: 20BIT0247
Birthdate: 08-02-2002

Page 5
 TABLE OF CONTENTS

CHAPTER NO. TITLE PAGE NO.

Course Content
1. Introduction 1
1.1 What is the SC900 certification?
1

1.2 Why is it important?

1

1.3 Who should get certified? 2

1.4 What are the benefits of certification?
2

2. Chapter 1: Cloud Security Fundamentals 3

2.1 What is cloud security 3
2.2 The shared responsibility model 4
2.3 Common cloud security threats 6
2.4 Best practices for cloud security 8
3 Chapter 2: Cloud compliance fundamentals 8
3.1 What is cloud compliance 8
3.2 Common cloud compliance standards 9
3.3 How to implement cloud compliance 10
3.4 Best Practices for cloud compliance 11
4 Chapter 3: Identity Management Fundamentals 12
4.1 What is identity management 12
4.2 Different types of Identity management solutions 13
4.3 Best practices for identity management 15
5 Conclusion 16
6 References 18

Page 6
1. Introduction:

1.1 What SC900

The SC-900 exam is a Microsoft certification exam that validates your foundational
knowledge of security, compliance, and identity concepts. It is designed for IT
professionals who want to demonstrate their expertise in these areas, regardless of
their role or experience level.

The SC-900 exam covers a wide range of topics, including:

 Security fundamentals, such as threat modeling, risk management, and

incident response
 Compliance fundamentals, such as industry regulations and standards, and
data protection
 Identity fundamentals, such as identity management, access control, and
authentication

To pass the SC-900 exam, you need to have a good understanding of these topics and
be able to apply them to real-world scenarios.

The SC-900 certification is a valuable credential for IT professionals who want to

advance their careers in security, compliance, or identity management. It is also a
good starting point for IT professionals who want to learn more about these areas.

1.2 Why is it important?

The SC-900 certification is important for a number of reasons:

 It demonstrates your foundational knowledge of security, compliance, and

identity concepts.
 It makes you more competitive in the job market and can increase your
earning potential.
 It can help you advance your career in security, compliance, or identity
management.
 It is a good starting point for IT professionals who want to learn more about
these areas.

In addition to these benefits, the SC-900 certification can also help you:

 Increase your confidence in your security, compliance, and identity skills.

 Stay up-to-date on the latest trends and technologies in these areas.

Page 7
  Build a network with other professionals who are certified in Microsoft
security, compliance, and identity.

1.3 Who should get certified

The SC-900 certification is appropriate for a wide range of IT

professionals, including:

 New IT professionals. The SC-900 certification is a good foundation

for new IT professionals who are interested in security, compliance,
or identity management.
 IT professionals who are changing careers. The SC-900 certification
can help IT professionals who are changing careers to demonstrate
their skills and knowledge in security, compliance, and identity
management.
 IT professionals who want to advance their careers. The SC-900
certification can help IT professionals who are already working in
security, compliance, or identity management to advance their
careers.
 IT professionals who want to learn more about security, compliance,
and identity management. The SC-900 certification is a good starting
point for IT professionals who want to learn more about security,
compliance, and identity management, even if they are not planning
to work in these areas specifically.

1.4 What are the benefits of certification

The SC-900 certification offers a number of benefits, including:

 Increased earning potential. Studies have shown that certified professionals

earn more on average than non-certified professionals. For example, a 2023
CompTIA study found that certified IT professionals earn an average of
$111,334 per year, 7% more than non-certified professionals.
 Improved job prospects. Certification can make you more competitive in the
job market by demonstrating your skills and knowledge to potential
employers. A 2022 LinkedIn survey found that 91% of hiring managers say
certification is an important criterion for hiring.
 Enhanced credibility and reputation. Certification shows that you have met
certain standards and are committed to your profession. This can boost your
credibility and reputation among your peers and colleagues.

Page 8
  Greater job satisfaction. Certified professionals are more likely to be satisfied
with their jobs because they feel more confident and competent in their skills.
A 2023 study by Global Knowledge found that 87% of certified professionals
say certification has made them more satisfied with their jobs.

2. Chapter 1: Cloud security Fundamentals:

2.1 What is cloud security

Cloud security is the practice of protecting data and applications stored in the cloud
from unauthorized access, use, disclosure, disruption, modification, or destruction. It
is a shared responsibility between the cloud provider and the customer. The cloud
provider is responsible for the security of the underlying infrastructure, while the
customer is responsible for the security of their data and applications.

There are a number of different cloud security threats and risks, including:

 Data breaches: Data breaches can occur when unauthorized individuals gain
access to sensitive data, such as customer records, financial data, or
intellectual property.
 Malware attacks: Malware attacks can occur when malicious software is
installed on cloud systems or applications. This software can steal data,
disrupt operations, or even take control of systems.
 Denial-of-service (DoS) attacks: DoS attacks can occur when attackers flood
cloud systems or applications with traffic, making them unavailable to
legitimate users.
 Insider threats: Insider threats can occur when malicious actors within an
organization exploit their access to cloud systems or applications to steal
data, disrupt operations, or sabotage systems.

There are a number of different cloud security controls that can be implemented to
mitigate these threats and risks. These controls include:

 Encryption: Encryption is the process of converting data into a format that

can only be read by authorized individuals with the correct decryption key.
This can be used to protect data at rest (stored on cloud servers) and in transit
(traveling between cloud systems).
 Identity and access management (IAM): IAM controls are used to manage
user identities and access to cloud systems and applications. This includes
implementing strong passwords, multi-factor authentication, and role-based
access control.
 Network security: Network security controls are used to protect cloud
systems and applications from unauthorized access and attack. This includes
firewalls, intrusion detection and prevention systems, and web application
firewalls.

Page 9
  Security monitoring: Security monitoring controls are used to detect and
respond to security incidents in real time. This includes logging and auditing,
security information and event management (SIEM) systems, and incident
response planning.

Cloud security is a complex and ever-evolving field. However, by implementing the

appropriate controls and best practices, organizations can protect their data and
applications in the cloud.

Here are some additional tips for improving cloud security:

 Use strong passwords and multi-factor authentication (MFA). This will help
to protect your cloud accounts from unauthorized access.
 Keep your software up to date. Software updates often include security
patches that can help to protect your systems from known vulnerabilities.
 Be careful about what you share in the cloud. Only share sensitive data with
trusted users and applications.
 Implement security monitoring and incident response plans. This will help
you to detect and respond to security incidents in real time.
 Use a cloud security solution. A cloud security solution can provide a
comprehensive set of security controls to protect your data and applications in
the cloud.

2.2 The shared responsibility model

The shared responsibility model is a security framework that outlines the

responsibilities of cloud providers and their customers for securing cloud
environments. It is a collaborative approach to security, where both parties play a
role in protecting data and applications.

Cloud provider responsibilities

The cloud provider is responsible for the security of the underlying infrastructure,
including physical data centers, networks, and virtualization layers. This includes
implementing physical security measures, such as access control and perimeter
security, as well as deploying security technologies, such as firewalls and intrusion
detection systems.

Customer responsibilities

The customer is responsible for the security of their data and applications in the
cloud. This includes:

Page
10
  Data encryption: Encrypting data at rest and in transit helps to protect it from
unauthorized access.
 Identity and access management (IAM): Implementing strong IAM controls,
such as multi-factor authentication and role-based access control, helps to
ensure that only authorized users have access to cloud resources.
 Configuration management: Configuring cloud resources securely is essential
for protecting them from attack.
 Security monitoring: Monitoring cloud activity for suspicious activity and
responding to security incidents promptly is critical for mitigating damage.

Benefits of the shared responsibility model

The shared responsibility model offers a number of benefits, including:

 Reduced costs: Cloud providers can invest in security at scale, which can help
to reduce costs for customers.
 Increased expertise: Cloud providers have deep expertise in security and can
provide customers with access to the latest security tools and technologies.
 Improved agility: The shared responsibility model allows customers to focus
on their core business activities, while the cloud provider takes care of
security.

Challenges of the shared responsibility model

The shared responsibility model also presents some challenges, including:

 Complexity: The shared responsibility model can be complex, and it can be

difficult for customers to understand their specific responsibilities.
 Lack of visibility: Customers often have limited visibility into the cloud
provider's security posture. This can make it difficult to assess the overall
security of the cloud environment.
 Misaligned incentives: In some cases, the incentives of the cloud provider
and the customer may not be aligned. For example, the cloud provider may
have an incentive to reduce security costs, while the customer may have an
incentive to maximize security.

Conclusion

The shared responsibility model is a complex but effective approach to cloud

security. By understanding their respective responsibilities, cloud providers and
customers can work together to protect data and applications in the cloud.

Here are some additional tips for implementing the shared responsibility model:

Page
11
  Communicate regularly. Cloud providers and customers should communicate
regularly about security to ensure that everyone is aligned on their
responsibilities.
 Use a risk-based approach. Customers should use a risk-based approach to
security, focusing on the areas that pose the greatest risk to their data and
applications.
 Monitor security continuously. Cloud providers and customers should
monitor security continuously and respond to incidents promptly.

2.3 Common cloud security threats

 Data breaches: Data breaches can occur when unauthorized individuals gain
access to sensitive data, such as customer records, financial data, or
intellectual property.
 Malware attacks: Malware attacks can occur when malicious software is
installed on cloud systems or applications. This software can steal data,
disrupt operations, or even take control of systems.
 Denial-of-service (DoS) attacks: DoS attacks can occur when attackers flood
cloud systems or applications with traffic, making them unavailable to
legitimate users.
 Insider threats: Insider threats can occur when malicious actors within an
organization exploit their access to cloud systems or applications to steal
data, disrupt operations, or sabotage systems.

Data breaches

Data breaches are one of the most common cloud security threats. They can occur
when unauthorized individuals gain access to sensitive data, such as customer
records, financial data, or intellectual property.

Data breaches can be caused by a number of factors, including:

 Hacking: Hackers can use a variety of techniques to gain access to cloud

systems, including phishing attacks, brute-force attacks, and exploiting
vulnerabilities in software.
 Human error: Human error is another common cause of data breaches. For
example, an employee may accidentally share sensitive data with an
unauthorized person or leave their computer unlocked.
 Malicious insiders: Malicious insiders are individuals who have authorized
access to cloud systems but use that access to steal data or disrupt operations.

Malware attacks

Page
12
Malware attacks are another common cloud security threat. Malware is malicious
software that can steal data, disrupt operations, or even take control of systems.

Malware can be installed on cloud systems or applications through a variety of

means, including:

 Phishing attacks: Phishing attacks are emails or websites that are designed to
trick users into revealing their login credentials or other sensitive information.
 Drive-by downloads: Drive-by downloads are malicious files that are
downloaded to a user's computer without their knowledge or consent.
 Zero-day attacks: Zero-day attacks are exploits of vulnerabilities in software
that are unknown to the software vendor.

Denial-of-service (DoS) attacks

DoS attacks are another common cloud security threat. DoS attacks occur when
attackers flood cloud systems or applications with traffic, making them unavailable
to legitimate users.

DoS attacks can be caused by a number of factors, including:

 Botnets: Botnets are networks of compromised computers that can be used to

launch DoS attacks.
 Reflector attacks: Reflector attacks are DoS attacks that exploit
vulnerabilities in servers to redirect traffic to the victim's system.
 Volumetric attacks: Volumetric attacks are DoS attacks that overwhelm the
victim's system with traffic.

Insider threats

Insider threats are individuals who have authorized access to cloud systems but use
that access to steal data or disrupt operations.

Insider threats can be caused by a number of factors, including:

 Malicious intent: Some insider threats are motivated by malicious intent, such
as financial gain or revenge.
 Negligence: Other insider threats are caused by negligence, such as failing to
follow security policies or procedures.
 Lack of awareness: Some insider threats are caused by a lack of awareness of
security risks.

Page
13
2.4 Best practices for cloud security

There are a number of things that organizations can do to mitigate cloud security
threats, including:

 Implementing strong security policies and procedures. This includes

developing and implementing policies and procedures for password
management, access control, and data protection.
 Educating employees about security risks. Employees should be trained on
security risks and best practices.
 Using a cloud security solution. A cloud security solution can provide a
comprehensive set of security controls to protect data and applications in the
cloud.

By following these tips, organizations can help to mitigate cloud security threats and
protect their data and applications.

Here are some additional tips for mitigating cloud security threats:

 Use strong passwords and multi-factor authentication (MFA). This will help
to protect your cloud accounts from unauthorized access.
 Keep your software up to date. Software updates often include security
patches that can help to protect your systems from known vulnerabilities.
 Be careful about what you share in the cloud. Only share sensitive data with
trusted users and applications.
 Implement security monitoring and incident response plans. This will help
you to detect and respond to security incidents in real time.

3. Chapter 2: Cloud compliance fundamentals

3.1 What is cloud compliance

Cloud compliance is the process of ensuring that an organization's use of cloud

computing services meets all applicable laws and regulations. This includes both
industry-specific regulations, such as the Health Insurance Portability and
Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), as well as
general data privacy and security regulations, such as the General Data Protection
Regulation (GDPR).

Cloud compliance is important for a number of reasons. First, it helps to protect

organizations from fines and penalties for violating regulations. Second, it helps to
build trust with customers and partners, who want to know that their data is safe and

Page
14
secure. Third, it can help organizations to avoid costly data breaches and other
security incidents.

There are a number of things that organizations can do to achieve cloud compliance,
including:

 Conduct a risk assessment. This will help to identify the specific risks that the
organization faces in its use of cloud computing.
 Develop a cloud compliance plan. This plan should outline the steps that the
organization will take to mitigate the identified risks.
 Implement cloud security controls. This includes implementing security
controls such as data encryption, access control, and security monitoring.
 Monitor cloud compliance on an ongoing basis. This includes monitoring the
organization's use of cloud computing services and making adjustments to the
cloud compliance plan as needed.

Many cloud providers offer a variety of tools and resources to help their customers
achieve cloud compliance. These tools and resources can help organizations to assess
their risk, develop a cloud compliance plan, implement cloud security controls, and
monitor cloud compliance on an ongoing basis

3.2 Common cloud compliance standards

There are a number of cloud compliance standards that apply to Microsoft Azure,
including:

 General Data Protection Regulation (GDPR): The GDPR is a regulation in

EU law on data protection and privacy for all individuals within the European
Union (EU) and the European Economic Area (EEA). It also addresses the
transfer of personal data outside the EU and EEA areas.
 ISO/IEC 27001: ISO/IEC 27001 is an international standard that provides a
framework for an information security management system (ISMS). It is
designed to help organizations manage and improve their information
security risks.
 PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a
set of security standards designed to ensure that all companies that accept,
process, store, or transmit credit card information maintain a secure
environment.
 HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) is
a U.S. law that protects the privacy of individually identifiable health
information. It sets standards for the security and confidentiality of protected
health information (PHI).

Page
15
  FedRAMP: The Federal Risk and Authorization Management Program
(FedRAMP) is a U.S. government program that provides a standardized
approach to security assessment, authorization, and continuous monitoring of
cloud products and services.

Microsoft Azure is compliant with all of these standards. In addition, Microsoft

Azure also offers a number of other compliance certifications, such as MTCS, IRAP,
and ENS.

The SC900 exam covers the basics of cloud compliance, including the different types
of compliance standards and how to implement them in Microsoft Azure.

Here are some additional tips for achieving cloud compliance in Microsoft Azure:

 Use the Azure Security Center. The Azure Security Center is a

comprehensive security monitoring and management solution that can help
you to identify and respond to security threats.
 Use Azure Policy. Azure Policy is a service that helps you enforce
organizational security and compliance policies.
 Use Azure Blueprints. Azure Blueprints are a way to automate the
deployment of compliant cloud environments.
 Get help from Microsoft. Microsoft offers a variety of resources to help you
achieve cloud compliance, including documentation, training, and consulting
services.

3.3 How to implement cloud compliance

To implement cloud compliance in Azure, you can follow these steps:

1. Identify the compliance standards that apply to your organization. This will
vary depending on your industry and location. Some common cloud
compliance standards include the General Data Protection Regulation
(GDPR), ISO/IEC 27001, PCI DSS, HIPAA, and FedRAMP.
2. Assess your current Azure environment. This will help you to identify any
areas where you need to improve your compliance posture. You can use the
Azure Security Center to help you with this assessment.
3. Develop a compliance plan. This plan should outline the steps that you will
take to achieve and maintain compliance with the applicable standards.
4. Implement cloud security controls. This includes implementing security
controls such as data encryption, access control, and security monitoring. You
can use Azure Policy and Azure Blueprints to help you implement these
controls.

Page
16
 5. Monitor compliance on an ongoing basis. This includes monitoring your
Azure environment for changes and making adjustments to your compliance
plan as needed.

Here are some additional tips for implementing cloud compliance in Azure:

 Get buy-in from senior management. Cloud compliance should be a priority

for the entire organization, not just the IT department.
 Get help from experts. There are a number of consultants and other experts
who can help you to implement cloud compliance in Azure.
 Use a cloud compliance solution. A cloud compliance solution can help to
automate the process of achieving and maintaining compliance.

Here are some specific examples of how to implement cloud compliance in Azure:

 To comply with GDPR, you can use Azure Policy to enforce data encryption
and access control policies. You can also use Azure Blueprints to deploy
compliant Azure environments for GDPR workloads.
 To comply with ISO/IEC 27001, you can use the Azure Security Center to
monitor your Azure environment for security threats and compliance
issues. You can also use Azure Policy to enforce ISO/IEC 27001 security
controls.
 To comply with PCI DSS, you can use Azure Key Vault to manage your
encryption keys. You can also use Azure Policy to enforce PCI DSS security
controls.
 To comply with HIPAA, you can use Azure Health Data Services to store and
manage your healthcare data. You can also use Azure Policy to enforce
HIPAA security controls.
 To comply with FedRAMP, you can use Azure Government to deploy and
manage your cloud workloads in a FedRAMP-compliant environment. You
can also use Azure Policy to enforce FedRAMP security controls.

3.4 Best practices for cloud compliance

Here are some best practices for cloud compliance in Azure and SC900:

 Understand the compliance requirements for your organization. This includes

identifying the applicable laws and regulations, as well as any industry-
specific requirements.
 Assess your current Azure environment to identify any gaps in
compliance. You can use the Azure Security Center to help you with this
assessment.

Page
17
  Develop a compliance plan. This plan should outline the steps that you will
take to achieve and maintain compliance.
 Implement cloud security controls. This includes implementing security
controls such as data encryption, access control, and security monitoring. You
can use Azure Policy and Azure Blueprints to help you implement these
controls.
 Monitor compliance on an ongoing basis. This includes monitoring your
Azure environment for changes and making adjustments to your compliance
plan as needed.

Here are some additional best practices:

 Get buy-in from senior management. Cloud compliance should be a priority

for the entire organization, not just the IT department.
 Get help from experts. There are a number of consultants and other experts
who can help you to implement cloud compliance in Azure.
 Use a cloud compliance solution. A cloud compliance solution can help to
automate the process of achieving and maintaining compliance.

By following these best practices, you can help to ensure that your use of Azure is
compliant with all applicable laws and regulations.

Here are some specific examples of best practices for cloud compliance in Azure:

 Use strong passwords and multi-factor authentication (MFA) for all Azure
accounts.
 Encrypt all sensitive data at rest and in transit.
 Implement role-based access control (RBAC) to restrict access to Azure
resources.
 Use Azure Monitor and Azure Security Center to monitor your Azure
environment for security threats and compliance issues.
 Regularly review your Azure security and compliance policies.

4. Chapter 3: Identity Management fundamentals

4.1 What is identity management

Identity management in Azure is the process of managing user identities and access
to Azure resources. This includes creating and managing user accounts, assigning
roles and permissions, and enforcing security policies.

Azure identity management is based on the following principles:

Page
18
  Centralized identity management: All user identities are managed in a central
location, which makes it easier to manage access to resources and enforce
security policies.
 Role-based access control (RBAC): RBAC allows you to assign roles and
permissions to users, groups, and service principals. This helps to ensure that
users only have access to the resources that they need.
 Multi-factor authentication (MFA): MFA adds an extra layer of security to
your Azure accounts by requiring users to provide two or more factors of
authentication, such as a password and a one-time code.

Azure identity management is managed by Azure Active Directory (Azure AD).

Azure AD is a cloud-based identity and access management service that provides a
single set of credentials for users to access all of their Microsoft cloud resources,
including Azure, Microsoft 365, and Dynamics 365.

Azure AD provides a number of features for managing user identities, including:

 User accounts: Azure AD allows you to create and manage user accounts.
You can also import user accounts from on-premises directories.
 Groups: Azure AD allows you to create and manage groups. Groups can be
used to assign roles and permissions to users.
 Roles and permissions: Azure AD allows you to assign roles and permissions
to users and groups. Roles define the actions that users can perform on Azure
resources. Permissions are specific tasks that users can perform.
 Authentication: Azure AD provides a number of authentication methods,
including password-based authentication, MFA, and social login.
 Authorization: Azure AD authorizes users to access Azure resources based on
their roles and permissions.

The SC900 exam covers the basics of Azure identity management, including the
different features of Azure AD and how to use them to manage user identities and
access to Azure resources.

Here are some additional tips for implementing identity management in Azure:

 Use a central identity store. This will make it easier to manage user identities
and access to resources.
 Use role-based access control (RBAC). This will help to ensure that users
only have access to the resources that they need.
 Use multi-factor authentication (MFA). This will add an extra layer of
security to your Azure accounts.
 Monitor your Azure AD environment for suspicious activity. You can use
Azure Monitor and Azure Security Center to help you with this monitoring.

Page
19
  Regularly review your Azure AD security and compliance policies.

4.2 Different types of identity management solutions

There are a number of different types of identity management solutions for Azure,
including:

 Azure Active Directory (Azure AD): Azure AD is a cloud-based identity and

access management service that provides a single set of credentials for users
to access all of their Microsoft cloud resources, including Azure, Microsoft
365, and Dynamics 365. Azure AD provides a number of features for
managing user identities, including user accounts, groups, roles and
permissions, authentication, and authorization.
 Azure Active Directory B2C: Azure Active Directory B2C (Azure AD B2C)
is a cloud-based identity as a service (IDaaS) solution that helps you
authenticate users to your customer-facing applications. Azure AD B2C
supports a variety of authentication protocols, including social login,
passwordless authentication, and multi-factor authentication.
 Azure Active Directory Domain Services (Azure AD DS): Azure AD DS is a
cloud-based managed directory service that provides domain services to
Azure-based virtual machines. Azure AD DS integrates with Azure AD, so
you can use your existing Azure AD user accounts and groups to manage
access to your domain resources.
 Azure Active Directory Application Proxy: Azure Active Directory
Application Proxy (Azure AD Application Proxy) is a cloud-based reverse
proxy service that allows you to publish on-premises applications to the
internet. Azure AD Application Proxy uses Azure AD to authenticate users
and authorize them to access the published applications.
 Azure Active Directory Identity Protection: Azure Active Directory Identity
Protection is a cloud-based security service that helps you protect your Azure
AD identities from unauthorized access. Azure Active Directory Identity
Protection uses risk-based analysis to detect and respond to suspicious
activity on your Azure AD accounts.

These are just a few examples of the different types of identity management solutions
for Azure. There are a number of other solutions available, both from Microsoft and
from third-party vendors.

The best identity management solution for your organization will depend on your
specific needs and requirements. If you are not sure which solution is right for you,
you can contact Microsoft or a certified Microsoft partner for assistance.

4.3 Best practices for identity management

Page
20
  Use a strong central identity store. This will make it easier to manage user
identities and access to resources.
 Use role-based access control (RBAC). This will help to ensure that users
only have access to the resources that they need.
 Use multi-factor authentication (MFA). This will add an extra layer of
security to your accounts.
 Monitor your identity management environment for suspicious activity. You
can use security information and event management (SIEM) tools to help you
with this monitoring.
 Regularly review your security and compliance policies. Make sure that your
policies are up-to-date and that they meet the needs of your organization.

Some additional best practices for identity management:

 Use a password manager. A password manager can help you create and
manage strong passwords for all of your accounts.
 Be careful about what information you share online. Only share personal
information with trusted websites and applications.
 Be aware of phishing scams. Phishing scams are attempts to trick you into
revealing personal information, such as your passwords or credit card
numbers.
 Educate your employees about security best practices. Your employees
should be aware of the latest security threats and how to protect themselves.

By following these best practices, you can help to protect your identity and your
organization from cyberattacks.

Some specific examples of best practices for identity management in Azure:

 Use Azure Active Directory (Azure AD) for central identity

management. Azure AD is a cloud-based identity and access management
service that provides a single set of credentials for users to access all of their
Microsoft cloud resources, including Azure, Microsoft 365, and Dynamics
365.
 Use Azure AD role-based access control (RBAC) to assign roles and
permissions to users and groups. RBAC allows you to define what actions
users can perform on Azure resources.
 Use Azure AD multi-factor authentication (MFA) to add an extra layer of
security to your Azure accounts. MFA requires users to provide two or more
factors of authentication, such as a password and a one-time code, when
logging in to their Azure accounts.
 Use Azure Monitor and Azure Security Center to monitor your Azure identity
management environment for suspicious activity. Azure Monitor and Azure

Page
21
 Security Center can help you to detect and respond to security threats and
compliance issues.
 Regularly review your Azure AD security and compliance policies. Make
sure that your policies are up-to-date and that they meet the needs of your
organization.

5. Conclusion

Cloud security

Cloud security is the practice of protecting data and applications stored in the cloud
from unauthorized access, use, disclosure, disruption, modification, or destruction. It
is a shared responsibility between the cloud provider and the customer.

The cloud provider is responsible for the security of the underlying cloud
infrastructure, such as the servers, storage, and networking components. The
customer is responsible for the security of their data and applications that are stored
in the cloud.

There are a number of best practices that organizations can follow to improve their
cloud security, including:

 Use strong passwords and multi-factor authentication. This will help to

protect your cloud accounts from unauthorized access.
 Keep your software up to date. Software updates often include security
patches that can help to protect your systems from known vulnerabilities.
 Be careful about what you share in the cloud. Only share sensitive data with
trusted users and applications.
 Implement security monitoring and incident response plans. This will help
you to detect and respond to security incidents in real time.

Cloud compliance

Cloud compliance is the process of ensuring that an organization's use of cloud

computing services meets all applicable laws and regulations. This includes both
industry-specific regulations, such as the Health Insurance Portability and
Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), as well as
general data privacy and security regulations, such as the General Data Protection
Regulation (GDPR).

Cloud compliance is important for a number of reasons. First, it helps to protect

organizations from fines and penalties for violating regulations. Second, it helps to

Page
22
build trust with customers and partners, who want to know that their data is safe and
secure. Third, it can help organizations to avoid costly data breaches and other
security incidents.

There are a number of things that organizations can do to achieve cloud compliance,
including:

 Conduct a risk assessment. This will help to identify the specific risks that the
organization faces in its use of cloud computing.
 Develop a cloud compliance plan. This plan should outline the steps that the
organization will take to mitigate the identified risks.
 Implement cloud security controls. This includes implementing security
controls such as data encryption, access control, and security monitoring.
 Monitor cloud compliance on an ongoing basis. This includes monitoring the
organization's use of cloud computing services and making adjustments to the
cloud compliance plan as needed.

Identity management in Azure

Identity management in Azure is the process of managing user identities and access
to Azure resources. This includes creating and managing user accounts, assigning
roles and permissions, and enforcing security policies.

Azure identity management is based on the following principles:

 Centralized identity management: All user identities are managed in a central

location, which makes it easier to manage access to resources and enforce
security policies.
 Role-based access control (RBAC): RBAC allows you to assign roles and
permissions to users and groups. This helps to ensure that users only have
access to the resources that they need.
 Multi-factor authentication (MFA): MFA adds an extra layer of security to
your Azure accounts by requiring users to provide two or more factors of
authentication, such as a password and a one-time code.

Azure identity management is managed by Azure Active Directory (Azure AD).

Azure AD is a cloud-based identity and access management service that provides a
single set of credentials for users to access all of their Microsoft cloud resources,
including Azure, Microsoft 365, and Dynamics 365.

Best practices for identity management

Best practices for identity management include:

Page
23
  Use a strong central identity store. This will make it easier to manage user
identities and access to resources.
 Use role-based access control (RBAC). This will help to ensure that users
only have access to the resources that they need.
 Use multi-factor authentication (MFA). This will add an extra layer of
security to your accounts.
 Monitor your identity management environment for suspicious activity. You
can use security information and event management (SIEM) tools to help you
with this monitoring.
 Regularly review your security and compliance policies. Make sure that your
policies are up-to-date and that they meet the needs of your organization.
Cloud security, cloud compliance, and identity management are all important aspects
of using cloud computing services. By understanding the key concepts and best
practices in these areas, organizations can help to protect their data, applications, and
users from cyberattacks and other threats.

Microsoft Security, Compliance, and Identity Fundamentals course offers a

comprehensive exploration of the principles and practices of security, compliance,
and identity across cloud-based and related Microsoft services. It provides a robust
framework for understanding the complexities of today’s digital security landscape,
emphasizing the pivotal role of identity as the primary security perimeter.

The course meticulously unpacks the capabilities of Microsoft Identity and Access
Management Solutions, offering insights into Azure Active Directory (Azure AD),
various identity types, and diverse authentication methods. It underscores the
importance of robust authentication mechanisms in ensuring the security of digital
identities.

Furthermore, the course delves into Microsoft’s Security Solutions, elucidating the
array of tools and services designed to bolster organizational security. It also
explores Microsoft’s Compliance Solutions, highlighting the tools that aid
organizations in meeting their compliance requirements.

By demystifying these complex concepts through a structured learning approach, the

course empowers learners to navigate the intricate world of digital security with
confidence. It equips them with the knowledge and skills necessary to implement
effective security strategies in their organizations, thereby enhancing their
professional competencies.

Ultimately, this course serves as a steppingstone for individuals seeking to deepen

their understanding of Microsoft’s security, compliance, and identity solutions. It
paves the way for them to contribute effectively to their organizations’ security
posture and compliance status, thereby playing a crucial role in safeguarding their
organizations’ digital assets.

Page
24
6. References

https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-
900/?tab=tab-learning-paths

Page
25