Scenario: All Azure Functions must centralize management and distribution of configuration data for different environments and geographies, encrypted by using a company-provided RSA-HSM key.
Microsoft Azure Key Vault is a cloud-hosted management service that allows users to encrypt keys and small secrets by using keys that are protected by hardware security modules (HSMs).
You need to create a managed identity for your application.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
Topic 8, Munson's Pickles and Preserves Farm
Munson's Pickles and Preserves Farm is an agricultural cooperative corporation based in Washington, US, with farms located across the United States. The company supports agricultural production resources by distributing seeds, fertilizers, chemicals, fuel, and farm machinery to the farms.
The company is migrating all applications from an on-premises datacenter to Microsoft Azure. Applications support distributors, farmers, and internal company staff.
Corporate website
* The company hosts a public website located at http://www.munsonspicklesandpreservesfarm.com. The site supports farmers and distributors who request agricultural production resources.
Farms
* The company created a new customer tenant in the Microsoft Entra admin center to support authentication and authorization for applications.
Distributors
* Distributors integrate their applications with data that is accessible by using APIs hosted at http://www.
munsonspicklesandpreservesfarm com/api to receive and update resource data.
The application components must meet the following requirements:
Corporate website
* The site must be migrated to Azure App Service.
* Costs must be minimized when hosting in Azure.
* Applications must automatically scale independent of the compute resources.
* All code changes must be validated by internal staff before release to production.
* File transfer speeds must improve, and webpage-load performance must increase.
* All site settings must be centrally stored, secured without using secrets, and encrypted at rest and in transit.
* A queue-based load leveling pattern must be implemented by using Azure Service Bus queues to support high volumes of website agricultural production resource requests.
Farms
* Farmers must authenticate to applications by using Microsoft Entra ID.
Distributors
* The company must track a custom telemetry value with each API call and monitor performance of all APIs.
* API telemetry values must be charted to evaluate variations and trends for resource data.
Internal staff
* App and API updates must be validated before release to production.
* Staff must be able to select a link to direct them back to the production app when validating an app or API update.
* Staff profile photos and email must be displayed on the website once they authenticate to applications by using their Microsoft Entra ID.
Security
* All web communications must be secured by using TLS/HTTPS.
* Web content must be restricted by country/region to support corporate compliance standards
* The principle of least privilege must be applied when providing any user rights or process access rights
* Managed identities for Azure resources must be used to authenticate services that support Microsoft Entra ID authentication.
Corporate website
* Farmers report HTTP 503 errors at the same time as internal staff report that CPU and memory usage are high.
* Distributors report HTTP 502 errors at the same time as internal staff report that average response times and networking traffic are high.
* Internal staff report webpage load sizes are large and take a long time to load.
* Developers receive authentication errors to Service Bus when they debug locally.
Distributors
* Many API telemetry values are sent in a short period of time. Telemetry traffic, data costs, and storage costs must be reduced while preserving a statistically correct analysis of the data points sent by the APIs.