Part 5: Identity/Governance Flashcards
Authentication
Authorization
Authentication is the process of establishing the identity of a person or service that wants to access a resource.
Authorization is the process of establishing what level of access an authenticated person or service has.
Azure Active Directory
Azure AD is Microsoft’s cloud-based identity and access management service.
Single sign-on
Single sign-on enables a user to sign in one time and use that credential to access multiple resources and applications from different providers.
Azure AD Connect
Azure AD services
Authentication
Single sign-on
Application management
Device management
Multifactor Authentication
Something the user knows
This might be an email address and password.
Something the user has
This might be a code that’s sent to the user’s mobile phone.
Something the user is
This is typically some sort of biometric property, such as a fingerprint or face scan that’s used on many mobile devices.
Conditional Access (Premium P1 or P2)
Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals.
Signals
who the user is
where the user is
what device the user is requesting access from.
Cloud Adoption Framework
The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey.
Stages (DeePRAG)
Define,Plan,Ready,Adopt,Govern
Subscription Strategy
Billing
Access control
Subscription limits
Role Based Access Control (RBAC)
Scope
Management group
Subscription
Resource group
Resource
How is RBAC enforced?
Azure RBAC is enforced on any action that’s initiated against an Azure resource that passes through Azure Resource Manager.
Who does Azure RBAC apply to?
person
group
special identity types, such as service principals and managed identities.
How do I manage Azure RBAC permissions?
The Access control (IAM) pane in the Azure portal.
What is a Resource Lock?
A resource lock prevents resources from being accidentally deleted or changed.
How do I manage resource locks?
Azure portal
PowerShell
Azure CLI
Azure Resource Manager template.