Azure Security Concepts

From NovaOrdis Knowledge Base
Revision as of 19:43, 8 September 2021 by Ovidiu (talk | contribs) (→‎Managed Identity)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Internal

Overview

Accessing Azure services require a set of credentials, including the subscription ID, Active Directory ID, region, management and storage credentials.

Account

Subscription

https://docs.microsoft.com/en-us/azure/guides/developer/azure-developer-guide#understanding-accounts-subscriptions-and-billing

A subscription is a logical grouping of Azure services that is linked to an Azure account. A single Azure account can contain multiple subscriptions. Billing for Azure services is done on a per-subscription basis. Azure subscriptions have an Account Administrator who has full control over the subscription. They also have a Service Administrator who has control over all services in the subscription. The subscription is an Azure resource. It is equivalent to AWS account. All resources in a subscription are billed together. A subscription is associated with an Active Directory instance.

Subscription ID

The subscription ID can be obtained with 'az account list'; it is reported as "id".

Subscription Name

The subscription name can be obtained with 'az account list'; it is reported as "name".

Azure Management

Azure Management Credentials

Azure Management Credentials Access Key

Azure Management Credentials Secret Key

Active Directory

Active Directory ID

Tenant

Permissions

Contributor

User Access Administrator

Owner

Application Principal

Service Principal

An OpenShift cluster running on Azure has an associated service principal.

Managed Identity

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications may use the managed identity to obtain Azure AD tokens.

Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).

CLI Login

Azure Security Operations | Login

Network Security Group

Azure Networking Concepts | Network Security Group