Identity and Access
Authentication - you provide something that proves who you are, like userid and password; multi-factor authentication (sms or app) falls into this category
Authorization - once we know who you are, what permissions do they have
Admin/Root Access - should be reserved for the very few trusted people
Azure Active Directory (Azure AD) - Microsoft’s preferred Identity as a Service solution; soon to be renamed as “Microsoft Entra ID”
- Azure AD revolves around users, groups, and applications and managing the permissions between those objects
AD Connect - software that can synchronize your on premises Active Directory with Azure AD
Azure Active Directory Domain Services (Azure AD DS) - managed domain services on Azure
Single-Sign On - the ability to use the same user id and password to log into every application that your company has; enabled by Azure AD
Multi-Factor Authentication (MFA) - the concept of having something additional to a “password” that is required to log in; passwords are findable or guessable; but having your mobile phone on you to receive a phone call, text or run an app to get a code is harder for an unknown hacker to get
Passwordless - the password is removed and replaced with something users have, e.g., Windows 10 laptop/workstation or phone, plus something users are, or something users know, e.g., biometric or PIN
External Identities - external users can “bring their own identities” outside of your organization
Business-to-Business (B2B) Collaboration - enables secure sharing of resources with external partners, using their existing credentials, streamlining inter-organization cooperation
Business-to-Business (B2B) Direct Connect - allows the creation of a mutual trust relationship with another Azure AD organization, facilitating seamless collaboration
Azure AD Business-to-Customer (B2C) - manages customer identities, offering customizable sign-in and registration experiences, and supporting various identity providers
Conditional Access - is used as a policy engine for Azure Zero Trust architecture, defining and enforcing policies based on various signals or conditions together
Role Based Access Control (RBAC) - assigning permissions by role instead of to individuals one by one