Azure Identity, Authentication, and Authorization

Question 1

What is the difference between identity, authentication, and authorization in the context of Azure?

Answer 1

Identity is the unique identifier for a digital object (user, application, etc.). Authentication proves that identity is genuine. Authorization defines the specific permissions an identity has.

Question 2

What service in Azure provides identity, authentication, and authorization features?

Answer 2

Microsoft Entra ID (formerly Azure AD) is the service in Azure that provides identity, authentication, and authorization.

Question 3

Explain the relationship between an Azure account, an Azure tenant, and Microsoft Entra ID.

Answer 3

Every Azure account has the Entra ID service. An Azure tenant is a dedicated instance of Entra ID that represents an organization in Azure.

Question 4

What is the core principle behind Zero Trust?

Answer 4

The core principle of Zero Trust is that all users are assumed untrustworthy unless proven otherwise, regardless of their location.

Question 5

Describe the purpose of Multi-Factor Authentication (MFA) and its components.

Answer 5

MFA provides layered security for user identity by requiring at least two components of something you know, something you have, or something you are.

Question 6

How do Conditional Access rules enhance security in Azure?

Answer 6

Conditional Access rules are if/then statements that permit or deny access based on specific conditions being met, providing an additional layer of security.

Question 7

What is the benefit of using passwordless authentication?

Answer 7

Passwordless authentication increases convenience while maintaining security by replacing passwords with alternative, more user-friendly authentication methods.

Question 8

Explain the difference between business-to-business and business-to-customer external guest access in Entra ID.

Answer 8

Business-to-business access provides a federated level of trust between two different tenants, while business-to-customer access improves integration with customer systems, like applications.

Question 9

What is the primary purpose of Azure Active Directory Domain Services?

Answer 9

Azure Active Directory Domain Services provides legacy Active Directory features inside of Azure as a managed service, often used for migrating or integrating older applications.

Question 10

How does Role-Based Access Control (RBAC) help manage access to Azure resources?

Answer 10

RBAC controls access to Azure resources and services based on the role assigned to an identity, ensuring least privilege by granting only necessary permissions.

Question 11

What is Identity?

Answer 11

A unique identifier for any digital object, such as a user, computer, or application.

Question 12

What is Authentication?

Answer 12

The process of verifying an identity and proving it is genuine.

Question 13

What is Authorization?

Answer 13

The process of granting specific permissions to an authenticated identity, determining what actions it can perform.

Question 14

What is Microsoft Entra ID?

Answer 14

The Azure service that provides identity, authentication, and authorization capabilities. Formerly known as Azure Active Directory (Azure AD).

Question 15

What is a Tenant?

Answer 15

A dedicated instance of Microsoft Entra ID representing an organization in Azure.

Question 16

What is a Subscription?

Answer 16

A billing entity in Azure that resources belong to.

Question 17

What is Zero Trust?

Answer 17

A security principle and framework assuming all users are untrustworthy unless proven otherwise, emphasizing identity validation and least privilege access.

Question 18

What is Multi-Factor Authentication (MFA)?

Answer 18

A security method requiring users to provide at least two different factors (something they know, something they have, or something they are) to verify their identity.

Question 19

What is Conditional Access?

Answer 19

An Azure feature that provides an additional layer of security by enforcing policies (if/then statements) based on conditions related to the user, device, location, or application.

Question 20

What is Passwordless Authentication?

Answer 20

Authentication methods that replace traditional passwords with alternative, more convenient, yet still secure methods.

Question 21

What is External Guest Access?

Answer 21

Enabling secure access to organizational resources for users outside of the organization’s primary tenant.

Question 22

What is Business-to-Business (B2B)?

Answer 22

External guest access scenario providing a federated level of trust between different Entra ID tenants.

Question 23

What is Business-to-Customer (B2C)?

Answer 23

External guest access scenario allowing for improved integration with customer systems or applications.

Question 24

What is Azure Active Directory Domain Services (Azure AD DS)?

Answer 24

A managed service in Azure providing legacy Active Directory features for compatibility with older applications.

Question 25

What is Role-Based Access Control (RBAC)?

Answer 25

A system for managing access to resources by assigning roles to users, devices, or applications, granting specific permissions based on that role.

Question 26

What is Least Privilege?

Answer 26

A security principle where users are granted only the minimum permissions necessary to perform their job functions.

Question 27

What is Defense in Depth?

Answer 27

A security strategy that employs multiple layers of security controls to protect assets, ensuring that if one layer is breached, others remain to provide protection.