Scribd
Upload
30 views14 pages

Microsoft Entra

microsoft entra - azure ad, mfa, identity management

Uploaded by

julianabarbosa.pivaro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views14 pages

Microsoft Entra

microsoft entra - azure ad, mfa, identity management

Uploaded by

julianabarbosa.pivaro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Week 4

Microsoft Entra – Azure AD, MFA,


Identity Management
Shared Security Model
Responsibility On-Premises IaaS PaaS SaaS
Data governance and Customer Customer Customer Customer
Rights Management
Migrating from customer-controlled to cloud- Client endpoints Customer Customer Customer Customer
based datacenters shifts the responsibility for Account and access Customer Customer Customer Customer
security. management
Security becomes a shared concern between Identity and directory Customer Customer Microsoft/ Microsoft/
cloud providers and customers. infrastructure Customer Customer
Application Customer Customer Microsoft/ Microsoft
Customer
Network controls Customer Customer Microsoft/ Microsoft
Customer
Operating system Customer Customer Microsoft Microsoft
Physical hosts Customer Microsoft Microsoft Microsoft
Physical network Customer Microsoft Microsoft Microsoft
Physical datacenter Customer Microsoft Microsoft Microsoft
Authentication vs Authorization
Two concepts are fundamental to understanding identity and access.
Azure Active Directory
Four Editions of Azure AD

Free: This edition is included when you create a new tenant and is created with the
provisioning of a Microsoft online service such as Microsoft 365, Dynamics 365, and Azure.

Office 365 Apps: This edition is included with Microsoft 365. It includes a Service- Level
Agreement (SLA) of 99.9% availability and additional functionality such as organization
branding and two-way synchronization of objects between AD and Azure AD.
Premium P1 and P2: These editions provide additional identity protection and identity
governance functionality on top of the basic functionality included in the free and Microsoft
365 editions.
Azure AD Security Principals

User: An entity that Azure AD can manage; this user can be a member of the organization's tenancy or a guest user that does not
belong to your organization.

Azure AD supports guest users through a feature called B2B. This allows access to resources in your organization's tenancy
for users that are not part of your organization, such as business partners. Azure AD also supports B2C, allowing access to
Azure AD resources via an external IDP account such as from Facebook or Google.

Application service principal: An entity that represents an identity of a service or application in Azure.

Managed identity service principal: An entity representing a special kind of service principal identity for a service or
application to use in place of a user identity; there are system-assigned and user-assigned managed identities.

Device: A physical entity: laptop, tablet, phone, virtual machine, and so on.
To Be or Not To Be AD
SSO ( Single Sign On )

SSO means only needing one set of


credentials that you enter once to access all
resources enabled to use SSO in your
organization; you are not prompted to sign in
again.
MFA ( Multi Factor Authentication )
MFA is based on the following principles:
•Knowledge: Something that only the user knows, such as a password or pin.
•Possession: Something that only the user has, such as a code sent to a phone, a token, or a key.
•Inherent: Something that only the user is, such as biometrics.

https://www.microsoft.com/en-us/videoplayer/embed/RE4KVJA?postJsllMsg=true
Conditional Access Policies

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Azure Role Based Access Control
• Fine-grained access management
• Segregate duties within your team and grant only
the amount of access to users that they need to Azure
Active Directory
perform their jobs.
• Enables allowing or disallowing access to the
Azure portal and controlling access to resources.

Azure
subscription

User Apps User groups


Resource group

Resource group

https://learn.microsoft.com/en-us/azure/role-based-access-control/
Zero Trust Model

You might also like