5. Implement Authentication and Secure Data.md

Implement Authentication and Secure Data (5-10%)

Implement secure data solutions

Encrypt and decrypt data ar rest

• Secure Storage Encrypten (SSE) enabled by default (connot be encrypted)
  • Azure keys or own keys
• Database encryption (SQL Server, Azure SQL db, Azure SQL)
  • Transparent Data Encryption (TDE)
  • Azure keys or own keys
  • Always Encrypted - Per column
  • To use
    • create Column Master Key (CMK)
    • create Colum Encryption Key (CEK)
    • use new connection string

Azure Confidential Computer

• In preview
• can't modify the code
• can't debug
• protected from spying

SSL/TLS

• VM's port 443
• Web apps
• SQL db
• Storage

Manage key vault

• Also from arm templates

Links

• 7.1 Encrypt and decrypt data at rest
• 7.2 Encrypt data with Always Encrypted
• 7.3 Implement Azure Confidential Compute and SSL/TLS communications
• 7.4 Manage cryptographic keys in the Azure Key Vault

Home