Introduction
Authentication technologies are used to control who can access a system. When a process or user tries to access a system, the authentication scheme identifies if the requesting process or user is recognized by the system. When a user or process is allowed access, they're referred to as authenticated. Authentication helps to protect unwanted access to a system by allowing access only to users or processes that are authenticated.
Authorization mechanisms provide a more granular level of access control by guarding access to specific resources. When an authenticated process or user tries to access a particular resource, the authorization scheme verifies if the user or process has been granted permission to access the requested resource. Authorization also considers the type of access requested, such as read-only, write, or administrate.
Authentication and authorization work together to help you manage your corporate identities, and ensure strong protection for your organization. With these technologies, you can:
Control access to your organization and corporate resources.
Store corporate passwords and secrets in a secure manner.
Integrate your identity solution for users and applications into Microsoft Entra ID.
Meet Tailwind Traders
Tailwind Traders is a fictitious home improvement retailer. The company operates retail hardware stores across the globe and online.
As you work through this lesson, suppose you're the CTO for Tailwind Traders. You're aware of the opportunities offered by Azure and understand the importance of authentication and authorization. Without strong identity mechanisms, the company might experience a data access breach or compromised information security. You're interested in understanding how Azure can help you manage and enforce your corporate identities.
You ask the question, "What is the Tailwind Traders identity solution?" At first, this question might seem too simple. But managing and protecting your corporate identities requires planning and careful design.
In this lesson, we answer these questions:
What identity providers does Azure offer?
What identity protections are available?
Learning objectives
In this module, you learn how to:
Design for identity and access management.
Design for Microsoft Entra ID.
Design for Microsoft Entra business-to-business (Microsoft Entra B2B).
Design for Azure Active Directory B2C (Azure AD B2C, business-to-customer).
Design for conditional access.
Design for identity protection.
Design for access reviews.
Design for managed identities.
Design for service principals for applications.
Design for Azure Key Vault.
Skills measured
The content in the module helps you prepare for Exam AZ-305: Designing Microsoft Azure infrastructure solutions. The module concepts are covered in:
Design authentication and authorization solutions
Recommend an identity solution
Recommend an access control solution for identities
Recommend an authorization solution
Design identities and access for applications
Recommend a solution that securely stores passwords and secrets
Recommend solutions to allow applications to access Azure resources
Recommend a solution for integrating applications into Microsoft Entra ID
Recommend a user consent solution for applications
Prerequisites
Conceptual knowledge of identity assignment solutions, role-based access control (RBAC), and identity protection methods.
Working experience creating, assigning, and securing corporate identities.