Controlling Access to Azure Storage
Anonymous as access control
...
Identity Based Access - Azure Files with Azure AD DS as access control
...
Protecting Data in Azure Storage
Storage Encryption
...
Customer-Managed Encryption Keys
SSE with Microsoft Managed Keys (Account Encryption Key) could be extended with a Customer-Managed Key stored in a Key Vault.
Azure Disk Encryption
Free protection for Microsoft Virtual Machines.
...
Supports both Virtual Machines and instances of a Virtual Machine Scale Set.
A VM Extension configures OS encryption (e.g Linux or Windows).
Only the VM can access the encryption key/secret in Key Vault
Immutable Storage
Immutable can be configured with 2 types of policies :
Time-Based policy
Legal Hold policiy
We need to make sure that the data can be retained for a lon long time and users can’t necessarily modify it or delete it.
...
Controlling Access to Azure SQL Services
SQL Authentication
...
Azure AD Authentication
To authenticate with Azure AD identities, we need to associate them with SQL logins or database users.
...
Protecting Data in Azure SQL Services
Transparent Data Encryption
...
Transparent Data Encryption : Customer-Managed Keys
TDE supports Bring Your Own Key (BKYOK), managed by customers. It’s called TDE Protector, just like Azure Storage Account.
...
Always Encrypted
Encrypts data within columns that we want to secure.
...