1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Configuring Azure Application and Data Security

Configuring Security for HDInsight

Contents

keyboard_tab
Introduction
1
Introduction
PREVIEW1m 33s
Data Classification & Protection
2
Data Classification Part 1
PREVIEW2m 3s
3
How to Protect Your Data
1m 12s
4
AIP Custom Rule
2m 29s
5
Data Classification Part 2
1m 7s
Data Sovereignty
11
Configuring Data Sovereignty
46s
Metrics and Risk
30
Metrics and Risk Tolerance
4m 42s
Summary
31
Summary
3m 21s

The course is part of this learning path

AZ-500 Exam Preparation: Microsoft Azure Security Technologies
16
1
7
Start course
Overview
Difficulty
Intermediate
Duration
1h
Students
1621
Ratings
3.5/5
starstarstarstar-halfstar-border
Description
Microsoft Azure offers a wide range of options to secure and protect your data, regardless of the format. Whether you're dealing with documents, SQL databases or big data, there are multiple solutions ranging from authentication to virtual networks.
 
In this course, we will cover the protection of your data from external and internal threats, whether those threats be malicious or accidental. We will see how good design combined with the right configuration can secure your organization's most precious asset: its data.

Learning Objectives

  • Configure security policies to classify, protect, and manage data
  • Configure data retention for storage and databases
  • Set up Azure SQL security features and auditing
  • Learn how to configure storage account security and access
  • Learn how to secure HDInsight clusters
  • Configure Cosmos DB security
  • Configure Data Lake security
  • Learn good design features of an Azure application
  • See how Azure App Services can secure your app
  • See how a governance policy can help formalize security requirements

Intended Audience

  • People preparing for Microsoft’s AZ-500 exam
  • System administrators
  • App developers

Prerequisites

  • Experience with Microsoft Azure
  • Experience with Office 365
  • Basic knowledge of computer security principles
  • Basic networking knowledge

 

Transcript

Here we look at configuring security for HDInsight with Enterprise Security Package. This means enabling users to authenticate with their domain credentials. 

Setting this up involves a few steps. Firstly, we need to enable Azure Active Directory Domain Services. Then we must create and authorize a managed identity. Once these preliminary steps have been completed, we can create an HDInsight cluster with Enterprise Security Package. Just note that ESP is only available with Hadoop, Spark, and Interactive Query cluster types.

To enable Azure Active Directory Domain Services, create a new Azure AD Domain Services resource. Assign your resource group and your location. Next, if you do not have a virtual network, you will need to create one. You need to create a dedicated subnet before you deploy Azure Active Directory Domain Services. You will need to assign at least one user to a special administrative group called AAD DC Administrators, which is used for managing the Azure Active Directory Domain Services domain. Members of this group are granted administrative permissions on virtual machines that are joined to the managed domain. Next, we turn on synchronization and click OK in the summary.

Next, we need to create an authorized assigned managed identity by creating a new User assigned managed identity resource. A user assigned managed identity simplifies securing domain services operations. After creating the managed identity, we need to assign the HDInsight Domain Services contributor role to it. We do this by going into our Active Directory Domain Services resource. Select Access Control, and then select User managed identity from the find drop-down, and select your managed identity. Click Add role assignment and select the HDInsight Domain Services Contributor role. Next, we want to add users to the Managed Identity Operator role of our user assigned managed identity.

Now we create the HDInsight cluster. Give it a name and select the region. I'm going to use the Hadoop cluster type, as this supports Enterprise Security Package. You'll need to supply a cluster login username and password. I'll just stick with the default storage settings. If you chose a cluster type that did not support ESP, the Enterprise Security Package checkbox would be missing from the Security + Networking page.

About the Author
Avatar
Hallam Webber
Software Architect
Students
18710
Courses
37
Learning Paths
6

Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a  Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard. 

Covered Topics

SQLSecurityDatabasesMicrosoft AzureDatabases for AzureSecurity for Azure