This blog post is the twelfth blog Microsoft Azure Fundamentals Certification Series (AZ-900) of Topic 3: Security Services.
Check out the previous Topic 3.1 Azure Security Network Connectivity: firewall, DDOS, NSG for better understanding.
In this blog post, we’ll cover Topic 3.2 Microsoft Azure Core Identity Services which includes Azure Active Directory(Azure AD) and Multifactor Authentication(MFA).
Identity management is the process of controlling, authenticating, and authorizing security principals i.e services, applications, users, groups, etc.
Azure provides security through additional levels of validation, monitoring suspicious activity through advanced security reporting, auditing, and alerting helps mitigate potential security issues. The security services offered by Azure are:
Azure Active Directory
- Azure AD is Microsoft’s cloud-based identity and access management service which is a directory of users in Azure.
- It creates and manages a single identity for each user across the enterprise, keeping users, groups, and devices in sync.
- Provides SSO(Single sign-on) access to applications, including thousands of pre-integrated SaaS apps.
- Enables application access security by enforcing rules-based Multi-Factor Authentication for both on-premises & cloud applications.
- Provisions secure remote access to on-premises web applications through Azure AD Application Proxy.
- Azure AD device registration provides the device with an identity that it uses to authenticate the device when a user signs in.
Azure AD Application Proxy provides remote access and SSO for many types of on-premises web applications with thousands of SaaS applications that Azure AD supports.
Azure AD B2C is a global, identity management service for consumer-facing applications with millions of identities and is highly available. It can be integrated across mobile and web platforms. The consumers can sign in to all the applications through customizable experiences.
Also check: Microsoft Free Certification in Microsoft Ignite 2020
Note: SSO means being able to access all the applications and resources that you need to do business, by signing in only once using a single user account.
Also read: All you need to know about Azure Resource Group
Azure Multi-Factor Authentication
- It is a method of authentication that requires the use of more than one verification method
- It adds a critical second layer of security to user sign-ins and transactions.
- It offers a range of verification options: phone calls, text messages, mobile app notifications, verification codes, and third-party OAuth tokens.
Note: Azure provides Role-Based Access Control on Azure Resource Manager that allows granular control of access to the users.
Also check: Azure DeVops Certifcation Path to know more about the certifications to be a Microsoft Certified DevOps Engineer.
Sample Questions
Here are a few sample questions from the Microsoft Azure Fundamentals Certification Exam[AZ-900] that you should be able to solve after reading this blog.
Q1: Which of the following statements are true?
A. Identities stored in an on-premises Active Directory can be synchronized to Azure Active Directory (Azure AD).
B. Identities stored in Azure Active Directory (Azure AD), third-party cloud services, and on-premises Active Directory can be used to access Azure resources.
C. Azure has built-in authentication and authorization services that provide secure access to Azure resources.
Correct Answer: A, C
Explanation: By default, on-premise AD and Azure AD are not synced but can be synced when needed.
Q2: Which of the following statements are true?
A. Azure Active Directory (Azure AD) requires the implementation of domain controllers on Azure virtual machines.
B. Azure Active Directory (Azure AD) provides authentication services for resources hosted in Azure and Microsoft 365.
C. Each user account in Azure Active Directory (Azure AD) can be assigned only one license.
Correct Answer: B
Related/References
- Learn how to create a Free Microsoft Azure Trial Account
- [AZ-900] Microsoft Azure Fundamentals: Topic 1.1 Overview & Benefits
- Topic 2.1 Azure Architecture: Region, Availability Zone & Geography
- How to Register For [AZ-900] Microsoft Azure Fundamentals Certification Exam
- Topic 3.1 Microsoft Azure Secure Network Connectivity: Firewall, DDOS, & NSG
Next Task For You
Begin your journey toward Mastering Azure Cloud and landing high-paying jobs. Just click on the register now button on the below image to register for a Free Class on Mastering Azure Cloud: How to Build In-Demand Skills and Land High-Paying Jobs. This class will help you understand better, so you can choose the right career path and get a higher paying job.
Faddy says
Hello
I believe all of them are true
Q1: Which of the following statements are true?
A. Identities stored in an on-premises Active Directory can be synchronized to Azure Active Directory (Azure AD). Yes
B. Identities stored in Azure Active Directory (Azure AD), third-party cloud services, and on-premises Active Directory can be used to access Azure resources. Yes
C. Azure has built-in authentication and authorization services that provide secure access to Azure resources. Yes
Correct Answer: A, C
Rahul Dangayach says
Hi Faddy,
Only the option A and C are correct, please check the correct explaination below:
Option A: On-premises Active Directories can be connected and synced to Azure AD via AD connect, hence it is correct.
Option B: states that identities store in on-premises Active Directory can also be used to access Azure resources. Identities in On-premise Active Directories have to be brought into Azure AD via AD connect. As it has not specifically been said that AD connect is being used, we will mark this Option as wrong.
Option C is correct.
Hope this helps.
Thanks and Regards
Rahul Dangayach
Team K21 Academy
Sunny says
The Question specifically says “Can” be. that means it has potential. Now isn’t that what is called ‘Federation’? Federation is a collection of domains that have established trust.
So I think all of them should be ‘Yes’
AJR says
Identities stored in third-party cloud services can NOT be used to access Azure resources, so the answer to B is therefore false.