New Training: Manage Access Control
In this 8-video skill, CBT Nuggets trainer Daniel Sasse guides you through the minefield of ensuring appropriate Azure access for users, devices, and applications. Watch this new Azure training.
Watch the full course: Microsoft Certified: Azure Security Engineer Associate
This training includes:
52 minutes of training
You’ll learn these topics in this skill:
Configure Custom RBAC Roles
Identify the Appropriate Role
Apply Principle of Least Privilege
Create App Registrations
Configure App Registration Permission Scopes
Manage App Registration Permission Consent
Manage API Access to Azure Subscriptions and Resources
How to Apply the Principle of Least Privilege in Azure
The principle of least privilege (POLP) is an important means in preventing computer security attacks. By granting only the permissions necessary to complete a set of tasks, you can limit the surface of attacks. Microsoft Azure allows you to apply POLP through its role-based access control (Azure RBAC) found in Azure Management Groups, Azure Active Directory Groups and Azure Privileged Identity Management.
At the heart of Azure RBAC lies three components: security principals, role definitions and scope.
A security principal is an entity requiring permissions, such as a user, a group, a Service Principal or a Managed Identity. You apply permissions to them using Azure Active Directory Groups.
A role definition is the set of permissions that you apply to a defined security principal. You can define this through Azure Resource Roles and Azure Active Directory Administrator Roles.
Finally, a scope defines what Azure resources applies to a particular role definition. You can define this through Azure Management Groups.