Azure Security and Encryption

Azure Active Directory is used for access controls. Azure AD can be used stand-alone. It offers Single sign-on, MFA, providing identities to services.

Encryption is the process of making data unreadable and unusable to unauthorized viewers. To read encrypted data, it must be decrypted, which requires the use of a secret key. There are two top-level types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt the data.

Asymmetric encryption uses a public key and private key pair. Either key can encrypt but a single key can’t decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for things like Transport Layer Security (TLS), used in HTTPS.

By default, Azure encrypt/decrypt file storage data. It’s transparent to the user. Azure SQL Database used Transparent data encryption. It performs real-time encryption/decryption of the database at rest without requiring changes to the application. It’s enabled by default. TDE uses symmetric key called database encryption key. By default, Azure provides a unique encryption key per logical SQL server instance and handles all the details.

Azure key vault is used to keep application secrets.

Azure Security Monitor. Monitoring service that provides threat protection across all of your services. Azure Security Center is offered on Standard tier subscription. It’s $15 per node per month.