Describe Azure identity, access, and security Flashcards
Describe Azure directory services
Azure Active Directory (Azure AD) is a directory service that enables you to sign in and access both Microsoft Cloud applications and the cloud applications that you develop. It can also help you maintain your on-premise Active Directory deployment.
What is Azure Active Directory Domain Services?
Azure AD DS is a service that provides managed domain services such as a domain join, group policy, lightweight directory access protocol, and Kerberos authentication. With it you get the benefit of domain services without the need to deploy, manage, and patch domain controllers in the cloud.
Azure AD DS managed domain lets you run legacy applications in the cloud that can’t use modern authentication methods, or where you don’t want directory lookups to always go back to an on-premise AD DS environment.
What’s single sign-on?
Single sign-on (SSO) enables a user to sign in one time and use that credential to access multiple resources and applications from different providers.
What’s Azure AD Multi-Factor Authentication?
Azure AD Multi-Factor Authentication is a Microsoft service that provides multifactor authentication capabilities. It enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.
What’s passwordless authentication?
Features like MFA are a great way to secure your organization, but users often get frustrated with the additional security layer on top of having to remember their passwords.
Define the 3 passwordless authentications.
1) Windows Hello for Business: it is ideal for information workers that have their own designated Windows PC and they just need an added pin.
2) Microsoft Authenticator App: You can allow your employee’s phone to become a passwordless authentication method.
3) FIDO2 security keys: The FIDO (Fast Identity Online) Alliance helps to promote open authentication standards and reduce the use of passwords as a form of authentication. They do this by using an external security key or a platform key built into a device.
Describe Azure’s external identities
An external identity is a person, device, service, etc. that is outside your organization.
The following 3 make up the external identities:
1) B2B collaboration - Collaborate with external users by letting them use their preferred identity to sign-in to your MS apps or other enterprise apps.
2) B2B direct connect - Establish a mutual, two-way trust with another Azure AD organization for seamless collaboration. This supports Tams
3) Azure AD business to customer (B2C): Publish modern Saas apps or custom-developed apps to consumers and customers, while using Azure AD B2C for identity and access management.
Describe Azure’s role-based access control
Azure RBAC says that depending on the role an individual has will determine the access they will have. It makes it easier to manage roles.
They group it by scope which can be a management group, a single sub, a resource group, or a single resource. So they can do it at different levels.
Describe zero trust model
It is a security model that assumes the worst case scenario and protects resources with that expectation.
Describe defense-in-depth
The objective of defense in depth is to protect and prevent it from being stolen by those who aren’t authorized to access it.
There are layers of defense in depth. Each layer provides protection. There are 7 layers:
-Physical Security: access to the building and controlling access to computing hardware.
-Identity Access: It is about ensuring that identities are secure.
-Perimeter: The network perimeter protects from network-based attacks against resources.
-Network: The focus is on limiting the network connectivity across all your resources to allow only what’s required.
-Compute Malware, unpatched systems, and improperly secured open your environment to attacks.
-Application: Integrating security into the app development lifecycle helps reduce the number of vulnerabilities in the code.
-Data: Those who store and control access to data are responsible for ensuring that it’s poperly secured.
