Azure identity services and access control
1. Azure identity services and access control
In this lesson, we'll explore how Azure facilitates identity and access management.2. Azure authentication methods
Authentication is the process of verifying the identity of an individual, service, or device by presenting credentials to prove who they are. It's similar to presenting your passport at the airport. This action validates your identity, yet the destination you're flying to requires a distinct verification process. Azure offers various authentication methods, which we'll explore shortly.3. Multi-factor authentication (MFA)
Multi-factor authentication, or MFA, enhances security by requiring an additional form of identification during sign-in. This safeguards against unauthorized access, even in situations where the password of an account has been compromised. Multi-factor authentication provides additional security by requiring two or more elements to fully authenticate.4. Multi-factor authentication
This could involve a code sent to a user's phone, a biometric property like a fingerprint or asking the user to respond to a challenge question. By combining two or more elements, it reduces the impact of credential exposure, making it more secure than single-factor authentication, where just a username and password are required. Enabling multi-factor authentication is crucial for strong security.5. Passwordless authentication
While features like MFA enhance organization security, users may find the added layer inconvenient. Passwordless authentication methods eliminate the need for passwords, making the process more user-friendly. To enable passwordless authentication, devices like computers need to be registered, associating them with the user. Once registered, authentication can occur using something the user has, knows, or is, without relying on a password. Passwordless authentication methods include Windows Hello for Business, Microsoft Authenticator app, and FIDO2 security keys.6. Windows Hello for Business
Windows Hello for Business is ideal for individuals with their own Windows computer within the organization. Users can access their computer using biometric (fingerprint or face recognition) or a PIN code, preventing unauthorized access by other colleagues or wrong intended individuals.7. Microsoft Authenticator App
Microsoft Authenticator App is a mobile application that offers multi-factor authentication options. It can transform any iOS or Android phone into a secure passwordless tool. Users can sign in by receiving a notification on their phone, matching displayed numbers, confirming with biometric (fingerprint or face) or a PIN code.8. FIDO2 security keys
A FIDO2 security key offers a secure and passwordless authentication method. FIDO2, an open standard by the FIDO Alliance, aims to enhance online security. The key is available in different forms, including USB devices. To authenticate yourself when connecting to your computer, simply insert the FIDO2 USB device into the computer's USB port instead of entering a password.9. Conditional access
Microsoft Entra ID uses conditional access, a tool that determines resource access based on properties such as user identity, location, and device used. This empowers users to be productive anywhere while safeguarding organizational assets. Additionally, conditional access offers a nuanced multi-factor authentication experience. For instance, users may not need a second authentication factor at a known location but might be prompted if sign-in occurs at an unexpected location. The tool collects and analyzes such details at login, deciding to allow access, deny it, or enforce multi-factor authentication.10. Conditional access use cases
Conditional access becomes handy when you need to enforce multi-factor authentication based on roles, location, or network, like requiring MFA for administrators or external collaborators.11. Conditional access use cases
You can allow access to services exclusively through approved client applications, controlling which applications can connect to specific services. As an example, access to the database containing employee information and other sensitive documents should exclusively occur through the company's VPN.12. Conditional access use cases
Additionally, you can restrict application access to users on managed devices that meet security and compliance standards. To prevent potential malicious activities, a computer lacking the latest security updates may be restricted from accessing company resources.13. Conditional access use cases
Lastly, you can prevent access from untrusted sources, including unknown or unexpected locations. You may consider allowing user access only from countries where your offices are located. Alternatively, raising a red flag might be necessary if a user connects from one country and, shortly after, connects from another distant country.14. Let's practice!
Let's practice!Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.