Identity and Access

Authentication - you provide something that proves who you are, like userid and password; multi-factor authentication (sms or app) falls into this category

Authorization - once we know who you are, what permissions do they have

Admin/Root Access - should be reserved for the very few trusted people

Azure Active Directory (Azure AD) - Microsoft’s preferred Identity as a Service solution; soon to be renamed as “Microsoft Entra ID”

  • Azure AD revolves around users, groups, and applications and managing the permissions between those objects

AD Connect - software that can synchronize your on premises Active Directory with Azure AD

Azure Active Directory Domain Services (Azure AD DS) - managed domain services on Azure

Single-Sign On - the ability to use the same user id and password to log into every application that your company has; enabled by Azure AD

Multi-Factor Authentication (MFA) - the concept of having something additional to a “password” that is required to log in; passwords are findable or guessable; but having your mobile phone on you to receive a phone call, text or run an app to get a code is harder for an unknown hacker to get

Passwordless - the password is removed and replaced with something users have, e.g., Windows 10 laptop/workstation or phone, plus something users are, or something users know, e.g., biometric or PIN

External Identities - external users can “bring their own identities” outside of your organization

Business-to-Business (B2B) Collaboration - enables secure sharing of resources with external partners, using their existing credentials, streamlining inter-organization cooperation

Business-to-Business (B2B) Direct Connect - allows the creation of a mutual trust relationship with another Azure AD organization, facilitating seamless collaboration

Azure AD Business-to-Customer (B2C) - manages customer identities, offering customizable sign-in and registration experiences, and supporting various identity providers

Conditional Access - is used as a policy engine for Azure Zero Trust architecture, defining and enforcing policies based on various signals or conditions together

Role Based Access Control (RBAC) - assigning permissions by role instead of to individuals one by one