Azure for Developers: Security Best Practices

Learn how to secure your apps by leveraging key Azure tools and best practices. This course can also prepare you for the Developing Solutions for Microsoft Azure (AZ-203) exam.

Introduction

• Why security matters for developers
• What you should know

1. Control access to Azure

• Azure Role Based Access Control (RBAC)
• Grant role based access to a user
• Azure RBAC roles for development
• The contributor role
• The User Access Administrator and Owner roles
• Custom Azure RBAC roles
• Create custom Azure RBAC roles
• Management pane vs data pane RBAC roles
• Challenge: Design Azure access control
• Solution: Design Azure access control design

2. Control user access to your apps

• Register an application to Azure AD
• Web application sign in with Azure AD
• Securing web application authentication with Azure AD Conditional Access
• The Microsoft Authentication Library
• Challenge: Internal web app with Azure AD
• Solution: Internal web application with Azure AD

3. Control app access to your data

• Manage Azure application secrets
• Shared Access Signatures in Azure
• Azure Key Vault service
• Adding secrets to an Azure Key Vault
• Azure Key Vault Access Policies
• Audit logs
• Managed Identity for Azure Resources
• Challenge: Design data access controls
• Solution: Design data access controls

Conclusion

• Developing solutions for Azure and beyond