Summary and resources
In this module, you explored foundational security and compliance concepts that underpin Microsoft security, compliance, and identity solutions.
You learned how the shared responsibility model divides security accountability between you and your cloud provider across on-premises, IaaS, PaaS, and SaaS environments—including AI workloads—and that you always retain responsibility for your data, identities, endpoints, and configuration choices.
You explored defense in depth as a layered security strategy and the CIA triad—confidentiality, integrity, and availability—as the goals that every security effort ultimately protects.
You learned about the Zero Trust model and its three guiding principles: verify explicitly, use least privileged access, and assume breach. You saw how these principles are applied across seven foundational pillars—identities, devices, applications, data, infrastructure, networks, and visibility/automation/orchestration—where the seventh pillar integrates signals from the other six to enable coordinated threat detection and response.
You covered encryption and hashing: symmetric and asymmetric encryption, digital signatures, protecting data at rest, in transit, and in use, key management, and how hashing with salting protects stored passwords.
Finally, you explored Governance, Risk, and Compliance (GRC) concepts—governance, risk management, and compliance—along with related data concepts: data residency, data sovereignty, and data privacy.
Now that you've completed this module, you should be able to:
- Describe the shared responsibility model and how responsibilities shift across on-premises, IaaS, PaaS, and SaaS environments, including AI services.
- Describe defense-in-depth as a layered security strategy and explain the confidentiality, integrity, and availability (CIA) triad.
- Describe the Zero Trust model, its guiding principles, and its seven foundational pillars.
- Describe encryption and hashing as mechanisms for protecting data at rest, in transit, and in use.
- Describe Governance, Risk, and Compliance (GRC) concepts, including data residency, data sovereignty, and data privacy.
Learn more
The following resources provide additional information on the topics covered in this module.