Identity and Authorization Flashcards
What is Authentication?
The process to determine the identity of a user and that they are who they say they are when accessing a resource. This can be requesting credentials.
What is Authorization?
The process of checking the users permissions and authorization levels of access for the data/resource. It defines what data they can access and what they can do with it.
What does Azure Multi-Factor Authentication do?
It provides additional security for your identities by requiring two or more elements/steps for full authentication.
Why is MFA used?
Because even if a malicious actor gets hold of one part of your authentication (e.g. password), they might not have the other requested authentication tool (e.g. SMS code). Its more difficult to acquire both.
What is Azure Active Directory (AAD)?
It is azure’s cloud-based identity and access management service. It is used for authentication and authorization of Azure resources, and stores all valid users that are part of a given organization.
What are the list of services/features of AAD?
- Authentication
- Single Sign On (SSO)
- Application management
- Business to Business security (B2B)
- Business to Customer (B2C) identity services
- Device management
TRUE OR FALSE: Users on on prem resources can be connected to users in AAD.
TRUE
What are the two types of External Identities?
B2B
B2C
What is the B2B external identity?
An identity used to share access to external users to your internal data/services. It allows them to collaborate as a guest, you still have full control over access and management of the data.
An example of this could be a contractor for your organization.
What is the B2C external identity?
An identity used to let external users access your data/services/application as consumers/customers. It lets these customers sign up to your as a user, but you still have full control.
An example of this is Facebook users.
What is conditional access in AAD?
A tool used to help decide what users can access what data at what time and in what conditions/contexts. It uses rules, and policies to help decide and enforce security.
What is an example of full access in conditional access?
When a user is logged into a company computer at their company office, they might have full access of data.
What is an example of some access in conditional access?
When a user is logged into a personal computer on the corporate network. They might need to complete multifactor authentication, then they will have access (But perhaps not all).
What is an example of no access in conditional access?
If a user is logged into a specific unknown computer on a non corporate network, they may be automatically blocked completely as it isn’t trusted.
What are the features of Azure Role-based access control (RBAC)?
- Fine-grained access management
- Segregate duties within the team and grant only the amount of access to users that they need to perform their jobs
- Enables access to the Azure portal and controlling access to resources
