Configure security for an Azure subscription

Configure custom Azure RBAC

• When most organizations consider using the public cloud, they are concerned about two things:
  • Ensuring that when people leave the organization, they lose access to resources in the cloud
  • Striking the right balance between autonomy and central governance
• Azure AD and RBAC make it simple for you to achieve out these goals

Configure subscription and resource permissions

• You can create additional subscriptions for your account in Azure
• To create Azure subscriptions under your organization's Enterprise Agreement (EA), you must have the Account Owner role for your organization

Identify external accounts that have Azure management access

• Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your datacenters, and provides advanced threat protection across your hybrid workloads 
• Azure Policy is a service in Azure that you use to create, assign, and manage policies

Transfer Azure subscriptions between Azure AD tenants

• Typically, large organizations assign Azure subscriptions to various business units of the company
• Occasionally, organizations need to transfer the subscription between owners and Azure AD tenants
• Azure provides a process for transferring the ownership of an Azure subscription

Manage API access to Azure subscriptions and resources

• When you publish APIs through Azure API Management, it's common to secure access to those APIs by using subscription keys
• Client applications that need to consume the published APIs must include a valid subscription key in HTTP requests when they make calls to those APIs
• API Management also supports other mechanisms for securing access to APIs, including the following examples: OAuth 2.0
  • Client certificates
  • IP whitelisting