Azure AD Authentication Flashcards
What is authentication?
The process of verifying an identity to be legitimate.
What is authorization?
Verifying what access a user has.
What is MFA?
Multi-factor authentication (MFA) is an authentication method that requires two of the following:
- Something you know (Ex: password)
- Something you have (phone, hardware key)
- Something you are (biometrics)
What are the four additional authN methods Azure AD provides?
Microsoft Authenticator app
OATH Hardware token
SMS
Voice Call
Can admins disable certain authN methods?
Yes.
What is passwordless authN?
A authN method based on something you are.
What are the three passwordless options?
- Microsoft Authenticator Fingerprint Scan
- FIDO2 Security Key
- Windows Hello
What is Windows Hello?
A authN feature built in Windows 10 that uses biometric verification (fingerprint, face) or Pin.
Windows hello lets users authenticate to a microsoft account, an AD account, an Azure AD account, or an identity provider service
Its safer than a password because it is tied to a device, not profile, and authenticates to MS Accounts, AD/ Azure AD accounts or/and Any Identity Provider that supports FIDOv2.0
Why is Windows Hello secure?
Because the biometric/Pin is tied to the device, so a bad actor would need hardware and pin/biometric proof to unlock.
In addition, the Biometric data/pin is stored on the local device so a hacker can’t intercept it over the network.
Is the Windows Hello pin backed by a Trusted Platform Module (TPM) chip?
Yes.
What are the key features of Windows Hello for Business?
- Configured by group policy or MDM
- Always uses key-based or certificate-based authentication
- Pin authentication is disabled by default.
What is TPM and how does it make Windows Hello secure?
Trusted Platform Module is integrated with the device and cannot be separated from the device.
A reason why some laptops cannot be upgraded to Windows 11 which requires TPM 2.0 compliance.