Implement Azure security

• Azure Active Directory is anidentity_provider.
• There are three tiers Free and Premium P1, Premium P2
• Create new user home > Default directory> Users
• New user can be created from here.
• The new user can then login with the created credentials and reset the password.
• Role based access control.
• Q. Are there any other Azure services used except Azure Active Directory for authentication andidentity_provider services?
• Q. What is Microsoft Graph, is there a different service required for same?
• Azure Key VaultAzure_key_vault
• You can put the key name in appsettings.json and will need the KeySecretVaultClient service to provide it key to get secret.
• Q. What are managed identities?
• Built in roles, user access adminstrator. Every Azure service has different default roles available.
• Storage accounts > Access control/ IAM > Assign role

Azure_Application_Objects

• One way for your application to access your storage account is by embedding the credentials and other can beAzure_Application_Objects
• We were using connection string of the Azure Storage account.
• Go to Azure Active Directory > Go to App registration> New Registration > Add role assignment
• Get the client id and tenant is from here, and then create the client s secret
• 
• Install Azure. Identity Nuget package.
• this is our application object
• 

Microsoft_Graph_API

• You can get details about teams calendar etc by this.
• 
• First to useMicrosoft_Graph_API we need to access token from Azure Active Directory.
• Create new user called postman.
• Go to API permissions for this user, and assign User.Read.All (read all users), Add calendar permission.
• All endpoints,
• 
• Get access token,
• Get user information,

Key vault

• It has 1. encryption keys, 2. secrets
• Store encryption keys, certificates
• Days to retain vault - 7 days default
• Access policy?
• Use the encryption key to access data.
• Dotnet 6
• Azure.security.keyvault.keys
• Install Nuget Azure.identity
• Put the tenant id
• namespace System.text has to be used
• use cryptoClient encrypt and decrypt method
• Azure SQL database in place, products table in place

Azure Managed Identity

• managed_identity can store access keys and that will be accessible to your Azure services. Here belowmanaged_identity helps to access keys in Azure virtual machine stored for Azure Storage Accounts.
• If your

Managed identities:

• Azure active directory
• Azure VM
• Azure storage accounts will be used for example.
• Labs:
• Implementing managed identities
  • Take details of application object, client ID, client secret etc.
  • Remove application object and directly get a token
  • This will be hosted on Azure VM
  • In the VM you will see an identity in place, another role can be assigned for storage related access
  • Now client secret credential should be replaceable by token credential
  • Everything is using VM here.
• Getting access token
• Why hasAlan_Rodrigues turned onsystem_assigned_identity in Azure virtual machine?
• Go to identity in your Azure App Service,
• Add DB connection string in your Azure Key Vault,
• Add access policy in the Azure Key Vault,
• From where do the below principal come?
• 
• 
• system_assigned_identity vsuser_assigned_identity?
• Managed identity has become a resource itself here,