This blog post is the twelfth blog Microsoft Azure Fundamentals Certification Series(AZ-900) of Topic 3: Security Services.
If you have not gone through the previous Topic 3.1 Azure Security Network Connectivity: firewall, DDOS, NSG read it at https://k21academy.com/az90022.
For the full list of blogs in this series, refer to https://k21academy.com/az90011
In this blog post, we’ll cover Topic 3.2 Microsoft Azure Core Identity Services which includes Azure Active Directory(Azure AD) and Multifactor Authentication(MFA).
Identity management is the process of controlling, authenticating, and authorizing security principals i.e services, applications, users, groups, etc.
Azure provides security through additional levels of validation, monitoring suspicious activity through advanced security reporting, auditing, and alerting helps mitigate potential security issues. The security services offered by Azure are:
Azure Active Directory
- Azure AD is Microsoft’s cloud-based identity and access management service which is a directory of users in Azure.
- It creates and manages a single identity for each user across the enterprise, keeping users, groups, and devices in sync.
- Provides SSO(Single sign-on) access to applications, including thousands of pre-integrated SaaS apps.
- Enables application access security by enforcing rules-based Multi-Factor Authentication for both on-premises & cloud applications.
- Provisions secure remote access to on-premises web applications through Azure AD Application Proxy.
- Azure AD device registration provides the device with an identity that it uses to authenticate the device when a user signs in.
Azure AD Application Proxy provides remote access and SSO for many types of on-premises web applications with thousands of SaaS applications that Azure AD supports.
Azure AD B2C is a global, identity management service for consumer-facing applications with millions of identities and is highly available. It can be integrated across mobile and web platforms. The consumers can sign in to all the applications through customizable experiences.
Note: SSO means being able to access all the applications and resources that you need to do business, by signing in only once using a single user account.
Azure Multi-Factor Authentication
- It is a method of authentication that requires the use of more than one verification method
- It adds a critical second layer of security to user sign-ins and transactions.
- It offers a range of verification options: phone calls, text messages, mobile app notifications, verification codes, and third-party OAuth tokens.
Note: Azure provides Role-Based Access Control on Azure Resource Manager that allows granular control of access to the users.
Here are a few sample questions from the Microsoft Azure Fundamentals Certification Exam[AZ-900] that you should be able to solve after reading this blog.
Q1: Which of the following statements are true?
A. Identities stored in an on-premises Active Directory can be synchronized to Azure Active Directory (Azure AD).
B. Identities stored in Azure Active Directory (Azure AD), third-party cloud services, and on-premises Active Directory can be used to access Azure resources.
C. Azure has built-in authentication and authorization services that provide secure access to Azure resources.
Correct Answer: A, C
Explanation: By default, on-premise AD and Azure AD are not synced but can be synced when needed.
Q2: Which of the following statements are true?
A. Azure Active Directory (Azure AD) requires the implementation of domain controllers on Azure virtual machines.
B. Azure Active Directory (Azure AD) provides authentication services for resources hosted in Azure and Microsoft 365.
C. Each user account in Azure Active Directory (Azure AD) can be assigned only one license.
Correct Answer: B
- [AZ-900] Microsoft Azure Certification Fundamental Exam: Everything You Must Know
- Learn how to create a Free Microsoft Azure Trial Account
- [AZ-900] Microsoft Azure Fundamentals: Topic 1.1 Overview & Benefits
- Topic 2.1 Azure Architecture: Region, Availability Zone & Geography
- How to Register For [AZ-900] Microsoft Azure Fundamentals Certification Exam
- Topic 3.1 Microsoft Azure Secure Network Connectivity: Firewall, DDOS, & NSG
Begin your journey towards Azure, Getting [AZ-900] Microsoft Azure Fundamentals certified, and earning a lot more in 2020 by joining our FREE Masterclass.