Module 5a - Identity, Governance, Privacy and Compliance - Azure Identity Services Flashcards
What is Identity and why has it become so prominent w.r.t. online security?
It’s the Primary Security Boundary.
Everyone needs to prove they are a valid user of a system and be given the bare minimum level of access to do their job.
The Identity layer is more often targeted for attack than the actual network is
What’s a tenant?
A representation of an organization, typically separated from OTHER tenants and has its own Identity
What is Authentication?
Proving who you are
What is Authorization?
Establishing level of access in a system once you’ve proven who you are
What’s the relationship between Authentication and Authorization?
A user logs into a system and provides credentials proving who they are (authentication), then the system responds with access and whatever applications, services and data the user has permission to use (authorization).
What is Multifactor Authentication and what are the benefits of using it over traditional authentication?
A process where the user is prompted for multiple data points to prove identity (phone number, selected image, fingerprint scan, etc.). Like when you need to provide a code that was emailed or sent to your phone before logging in~ or verifying on a downloaded app
Benefits - increased identity security in the event of compromised credentials (i.e. they may have your password but they won’t have your phone or access to your email!)
What are the three (3) categories of Multi-Auth Elements?
Something the user …
KNOWS (your mother’s maiden name, pet’s first name, etc.)
HAS (you have a phone or email, we send a code)
IS (biometrics. your fingerprint, facial scan, etc.)
What is a Managed Device?
A device that meets your standard for security compliance
What’s the one major difference between Active Directory and Azure Active Directory?
On-Prem vs Global capability
Though both provide identity management. The former only monitors On-Prem identities; the latter Microsoft ensures the service is available globally i.e. WHEREVER you sign on, Azure can log it and detect it.
Azure AD can also detect UNAUTH’ed sign-in attempts from unrecognized locations or devices
Hint: these are PEOPLE, not Entities
What four (4) Roles would interact with Azure AD?
IT Admins
- Admins who control application access and resources based on biz reqs
App Devs
- Devs can use it to implement a standards-based approach for SSO integration or credentials processing
Users
- Users can manage their own Identities (self-service password reset for example)
Online Service Subscribers
- Basically SaaS app that need to authenticate
- SaaS apps like MS365, Azure itself, MS Dynamics, any tenant of MS365, MS Dynamics, etc are automatically an Azure AD Tenant
What four (4) Services does Azure Active Directory provide?
Authentication
- The heart of all that AD does! Verifying identity to access apps and resources, providing functionality like self-service pwd reset, multifactor auth, custom list of banned passwords and smart lockout
Single Sign-On
- SSO == 1 name + 1 pwd to access everything on your network that requires auth. Since one identity is then used to access stuff, it’s easy to manage when a person leaves the company (instead of multiple logons and such)
Application Management
- Cloud and On-Prem app mgmt for apps using Azure AD. Features like App Proxy, SaaS apps, My Apps portal (Access Panel), all with access to SSO
Device Management
- *Azure AD supports device registration*, enabling them to be managed through tools like MS Intune, device-based Conditional Access policies (i.e. restrict access to “known devices” … we see this alot when we log into Google or OneDrive from an unrecognized device)
Azure AD helps to secure both External and Internal Applications. What are some examples those?
External are apps used by your organization but are sourced OUTSIDE of it. SaaS apps mostly, like Azure Portal or MS 365 (online)
Internal are apps on your corporate network…for us that means Grafana or MS Teams, Outlook (installed), etc.
What is Azure AD Connect and what two (2) things make it advantageous to use?
A service that allows you to connect your On-Prem Active Directory to Azure Active Directory.
- Integrating AD in Azure AD creates a consistent access model for your organization and simplifies access management
- Synced Identities can be shared with both instances, which enables SSO, Self-Service Pwd Reset, Multifactor Auth, etc.
Hint: Literally…
What does Azure AD Multi-Factor Authentication do?
Provides Multifactor Authentication for any application using Azure Active Directory, including SaaS offerings like Office 365 (comes as part of the subscription to 365)
How does Azure Active Directory provide Multifactor Authentication for:
- Azure AD Free Edition?
- Premium P1 or P2?
For Azure AD Free Edition - Microsoft Authenticator App
- Globally enabled for admins, uses phone call or SMS Code
- Enforce auth for all users via App by enabling security defaults in your Azure AD tenant
For Premium P1 or P2 - Conditional Access for granular configs (i.e. Gather Signals, Make Decision, Enforce Decision)
