Authentication technologies are used to control who can access a system. When a process or user tries to access a system, the authentication scheme identifies if the requesting process or user is recognized by the system. When a user or process is allowed access, they're referred to as authenticated. Authentication helps to protect unwanted access to a system by allowing access only to users or processes that are authenticated.

Authorization mechanisms provide a more granular level of access control by guarding access to specific resources. When an authenticated process or user tries to access a particular resource, the authorization scheme verifies if the user or process has been granted permission to access the requested resource. Authorization also considers the type of access requested, such as read-only, write, or administrate.

Authentication and authorization work together to help you manage your corporate identities, and ensure strong protection for your organization. With these technologies, you can:

  • Control access to your organization and corporate resources.

  • Store corporate passwords and secrets in a secure manner.

  • Integrate your identity solution for users and applications into Azure AD.

Meet Tailwind Traders

Tailwind Traders is a fictitious home improvement retailer. The company operates retail hardware stores across the globe and online.

As you work through this lesson, suppose you're the CTO for Tailwind Traders. You're aware of the opportunities offered by Azure and understand the importance of authentication and authorization. Without strong identity mechanisms, the company might experience a data access breach or compromised information security. You're interested in understanding how Azure can help you manage and enforce your corporate identities.

You ask the question, "What is the Tailwind Traders identity solution?" At first, this question might seem too simple. But managing and protecting your corporate identities requires planning and careful design.

In this lesson, we answer these questions:

  • What identity providers does Azure offer?

  • What identity protections are available?

Learning objectives

In this module, you learn how to:

  • Design for identity and access management.

  • Design for Azure Active Directory (Azure AD).

  • Design for Azure Active Directory business-to-business (Azure AD B2B).

  • Design for Azure Active Directory B2C (Azure AD B2C, business-to-customer).

  • Design for conditional access.

  • Design for identity protection.

  • Design for access reviews.

  • Design for managed identities.

  • Design for service principals for applications.

  • Design for Azure Key Vault.

Skills measured

The content in the module helps you prepare for Exam AZ-305: Designing Microsoft Azure infrastructure solutions. The module concepts are covered in:

Design authentication and authorization solutions

  • Recommend an identity solution

  • Recommend an access control solution for identities

  • Recommend an authorization solution

Design identities and access for applications

  • Recommend a solution that securely stores passwords and secrets

  • Recommend solutions to allow applications to access Azure resources

  • Recommend a solution for integrating applications into Azure AD

  • Recommend a user consent solution for applications


  • Conceptual knowledge of identity assignment solutions, role-based access control (RBAC), and identity protection methods.

  • Working experience creating, assigning, and securing corporate identities.