Azure Services 2.4 Flashcards
identity, access, and security
Identity Service AuthN and AuthZ
Authentication (AuthN) is the process of
proving that you are who you say you are.
Authorization (AuthZ) is the act of granting an
authenticated party permission to do something.
Identity Service Entra ID
Entra is Microsoft’s cloud-based identity
and access management service
which helps your employees sign in and access resources, including:
Internal resources, such as apps on your
corporate network or custom cloud apps.
External resources, such as Microsoft 365,
the Azure portal, and many SaaS apps.
Authentication methods in azure
Single Signon (SSO
MFA
Conditional Access
Single Sign on (SSO
Single sign-on means a user doesn’t have
to sign into every application they use.
The user logs in once and that credential is
used for multiple apps.
Single sign-on based authentication systems
are often called “modern authentication”.
MFA
MFA in Entra ID works by requiring
two or more of the following
authentication methods:
Something you know (pin or password)
Something you have (trusted device)
Something you are (biometric)
MICROSOFT AUTHENTICATOR APP
The Microsoft Authenticator app can be used as a primary form
of authentication to sign into any Entra ID account.
Can also be used as an additional verification option during
self-service password reset (SSPR) or Entra ID MFA events.
To use Microsoft Authenticator
a user must download the
phone app and register their account.
Additional verification
2nd factor of authentication
What is an OATH token
OATH (Open Authentication) is an open standard that specifies how time-based, one-time password (TOTP) codes are generated.
Software OATH tokens
Are typically applications. Entra ID generates the secret key, or seed, that’s input into the app and used to generate each OTP.
EXAMPLE: Microsoft Authenticator App
Hardware OATH tokens
Small hardware devices that look like a key fob that displays a code that refreshes every 30 or 60 seconds, with secret key/seed pre-programmed.
What is FIDO2
Uses public-key (asymmetric) cryptography for user
authentication.
User has a physical device (USB or NFC).
FIDO Authentication sequence
Provide username
Cryptographic challenge
Use FIDO2 key to sign challenge
Service verifies response and grants access
Windows Hello for Business
An authentication feature built into Windows 10, replaces passwords with strong two-factor authentication on PCs and mobile devices.
Windows Hello for Business authenticates to
A Microsoft account.
An Active Directory account.
An Entra ID account.
Identity Provider Services OR .
Relying party services that support Fast ID Online (FIDO) v2.0 authentication.