Key management

Secret management

Certificate management

Identity management

Applications authenticate to a vault with the username and password of the lead developer and have full access to all secrets in the vault.

Applications and users authenticate to a vault with their Azure Active Directory identities and are authorized to perform actions on all secrets in the vault.

Applications authenticate to a vault with the username and password of a user that signs in to the web app, and is granted access to secrets owned by that user.

Applications and users authenticate to a vault with a Microsoft account and are authorized to access specific secrets

Application-assigned

Database-assigned

VM-assigned

User-assigned

Requests to storage can be HTTPS or HTTP.

Requests to storage must be SMB with encryption

Azure storage doesn't support HTTPS for custom domain names

By default, new storage accounts have secure transfer required enabled.

Advanced Threat Protection

Data Discovery and Classification

Dynamic Data Masking

Transparent Data Encryption

Embedded SQL

Graph API

Kusto Query Language

Contextual Query Language

Log alert

Metric alert

Activity log alert

Application alert