Status: OUT
Azure security converges through three independently enforced pillars that must all be configured consistently for workload-level protection: identity (Entra→RBAC→Key Vault data-plane access via tiered FIPS protection), governance (Policy+RBAC cascading through management group hierarchy with additive-then-deny evaluation), and network (zero-trust dual-layer filtering at infrastructure IP and NSG/firewall levels).