Authentication

Question 1

Azure AD Supports what protocols?

Answer 1

WS-Federation
SAMLP
OpenID Connect

Question 2

OAuth2 Implicit Flow

Answer 2

Used for Single Page Applications because there is no way to store refresh tokens. Thus, when the user closes the browser, the they are logged out.

Question 3

Authorization Code Grant Flow

Answer 3

Used for Native Apps (Windows/Mac/Linux desktop) to provide a better experience and can store refresh tokens for a longer period of time.

Question 4

Claims-based authentication

Answer 4

User’s identity is represented as a set of claims. Claims allow developers to be a lot more expressive in describing a user’s identity than roles allow. Whereas role membership is just a Boolean value (member or non-member), a claim can include rich information about the user’s identity and membership. Most social providers return metadata about the logged-in user as a series of claims.

Question 5

Multi-factor can be enabled how?

Answer 5

enable each user - requires users to 2FA each time they sign in unless from trusted device

conditional access policy - lets Azure AD Identity Protection risk policy determine when to ask for 2FA

Question 6

Security Principal

Answer 6

An object that represents a user, group, or service principal that is requesting access to Azure resources.

Question 7

Service Principal

Answer 7

A security identity used by applications or services to access specific Azure resources. You can think of it as a user identity (username and password or certificate) for an application.

Question 8

PKCE

Answer 8

Proof of Key Exchange - useful for mobile apps