Azure Security Concepts: Difference between revisions
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Internal= | =Internal= | ||
* [[Azure Concepts#Subjects|Azure Concepts]] | * [[Azure Concepts#Subjects|Azure Concepts]] | ||
=Overview= | |||
Accessing Azure services require a set of credentials, including the [[#Subscription_ID|subscription ID]], [[#Active_Directory_ID|Active Directory ID]], region, management and [[Azure_Storage_Concepts#Storage_Account|storage credentials]]. | |||
=Account= | |||
=Subscription= | =Subscription= | ||
A [[Azure_Concepts#Resource|resource]] | {{External|https://docs.microsoft.com/en-us/azure/guides/developer/azure-developer-guide#understanding-accounts-subscriptions-and-billing}} | ||
A subscription is a logical grouping of Azure services that is linked to an Azure [[#Account|account]]. A single Azure account can contain multiple subscriptions. Billing for Azure services is done on a per-subscription basis. Azure subscriptions have an Account Administrator who has full control over the subscription. They also have a Service Administrator who has control over all services in the subscription. The subscription is an Azure [[Azure_Concepts#Resource|resource]]. It is equivalent to [[Amazon_AWS_Security_Concepts#AWS_Account|AWS account]]. All [[Azure_Concepts#Resource|resources]] in a subscription are billed together. A subscription is associated with an [[#Active_Directory|Active Directory]] instance. | |||
==Subscription ID== | ==Subscription ID== | ||
The subscription ID can be obtained with '[[Azure_Security_Operations#Login_Status_and_Account_Information|az account list]]'; it is reported as "id". | The subscription ID can be obtained with '[[Azure_Security_Operations#Login_Status_and_Account_Information|az account list]]'; it is reported as "id". | ||
| Line 9: | Line 13: | ||
==Subscription Name== | ==Subscription Name== | ||
The subscription name can be obtained with '[[Azure_Security_Operations#Login_Status_and_Account_Information|az account list]]'; it is reported as "name". | The subscription name can be obtained with '[[Azure_Security_Operations#Login_Status_and_Account_Information|az account list]]'; it is reported as "name". | ||
=Azure Management= | |||
==Azure Management Credentials== | |||
===Azure Management Credentials Access Key=== | |||
===Azure Management Credentials Secret Key=== | |||
=Active Directory= | =Active Directory= | ||
| Line 22: | Line 31: | ||
An [[OpenShift_on_Azure#Overview|OpenShift cluster running on Azure]] has an associated service principal. | An [[OpenShift_on_Azure#Overview|OpenShift cluster running on Azure]] has an associated service principal. | ||
=Managed Identity= | =Managed Identity= | ||
{{External|https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview}} | |||
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications may use the managed identity to obtain Azure AD tokens. | |||
Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI). | |||
=CLI Login= | =CLI Login= | ||
{{Internal|Azure_Security_Operations#Login|Azure Security Operations | Login}} | {{Internal|Azure_Security_Operations#Login|Azure Security Operations | Login}} | ||
=Network Security Group= | |||
{{Internal|Azure_Networking_Concepts#Network_Security_Group|Azure Networking Concepts | Network Security Group}} | |||
Latest revision as of 19:43, 8 September 2021
Internal
Overview
Accessing Azure services require a set of credentials, including the subscription ID, Active Directory ID, region, management and storage credentials.
Account
Subscription
A subscription is a logical grouping of Azure services that is linked to an Azure account. A single Azure account can contain multiple subscriptions. Billing for Azure services is done on a per-subscription basis. Azure subscriptions have an Account Administrator who has full control over the subscription. They also have a Service Administrator who has control over all services in the subscription. The subscription is an Azure resource. It is equivalent to AWS account. All resources in a subscription are billed together. A subscription is associated with an Active Directory instance.
Subscription ID
The subscription ID can be obtained with 'az account list'; it is reported as "id".
Subscription Name
The subscription name can be obtained with 'az account list'; it is reported as "name".
Azure Management
Azure Management Credentials
Azure Management Credentials Access Key
Azure Management Credentials Secret Key
Active Directory
Active Directory ID
Tenant
Permissions
Contributor
User Access Administrator
Owner
Application Principal
Service Principal
An OpenShift cluster running on Azure has an associated service principal.
Managed Identity
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications may use the managed identity to obtain Azure AD tokens.
Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).