Introduction
Authentication technologies are used to control who can access a system. When a process or user tries to access a system, the authentication scheme identifies if the requesting process or user is known. When a user or process is allowed access, they're referred to as authenticated. Authentication helps to protect unwanted access to a system by allowing access only to users or processes that are authenticated.
Authorization mechanisms provide a more granular level of access control by guarding access to specific resources. When an authenticated process or user tries to access a particular resource, the authorization scheme verifies if the user or process has permission to access the requested resource. Authorization also considers the type of access requested, such as read-only, write, or administrate.
Authentication and authorization work together to help you manage your corporate identities, and ensure strong protection for your organization. With these technologies, you can:
Control access to your organization and corporate resources.
Store corporate passwords and secrets in a secure manner.
Integrate your identity solution for users and applications into Microsoft Entra ID.
Meet Tailwind Traders
Tailwind Traders is a fictitious home improvement retailer. The company operates retail hardware stores across the globe and online.
As you work through this module, suppose you're the CTO for Tailwind Traders. You're aware of the opportunities offered by Azure and understand the importance of authentication and authorization. Without strong identity mechanisms, the company might experience a data access breach or compromised information security. You're interested in understanding how Azure can help you manage and enforce your corporate identities.
You ask the question, "What is the Tailwind Traders identity solution?" At first, this question might seem too simple. But managing and protecting your corporate identities requires planning and careful design.
In this module, we answer these questions:
What identity providers does Azure offer?
What identity protections are available?
Learning objectives
In this module, you learn how to:
Design for identity and access management.
Design for Microsoft Entra ID.
Design for Microsoft Entra business-to-business (Microsoft Entra B2B).
Design for Azure Active Directory B2C (business-to-customer).
Design for conditional access.
Design for identity protection.
Design for access reviews.
Design for managed identities.
Design for service principals for applications.
Design for Azure Key Vault.
Skills measured
The content in the module helps you prepare for Exam AZ-305: Designing Microsoft Azure infrastructure solutions. The module concepts are covered in:
Design authentication and authorization solutions
Recommend an authentication solution.
Recommend an identity management solution.
Recommend a solution for authorizing access to Azure resources.
Recommend a solution for authorizing access to on-premises resources.
Recommend a solution to manage secrets, certificates, and keys.
Prerequisites
Conceptual knowledge of identity assignment solutions, role-based access control (RBAC), and identity protection methods.
Working experience creating, assigning, and securing corporate identities.