Traditionally, protecting access to systems and data involved the on-premises network perimeter and physical access controls.

With people increasingly able to work from anywhere, plus the rise of bring your own device (BYOD) strategies, mobile applications, and cloud applications, many of those access points are now outside the company's physical networks.

Identity has become the new primary security boundary. Accurately proving that someone is a valid user of your system, with an appropriate level of access, is critical to maintaining control of your data. This identity layer is now more often the target of attack than the network is.

Meet Tailwind Traders

Tailwind Traders is a fictitious home improvement retailer. It operates retail hardware stores across the globe and online.

The Tailwind Traders logo.

Tailwind Traders specializes in competitive pricing, fast shipping, and a large range of items. It's looking at cloud technologies to improve business operations and support growth into new markets. By moving to the cloud, the company plans to enhance its shopping experience to further differentiate itself from competitors.

How will Tailwind Traders secure access to its cloud applications?

The mobile workforce of Tailwind Traders is increasing, as are the number of applications that the company runs in the cloud.

Retail employees located around the world are issued tablet devices from which they can create orders for customers, track delivery schedules, and plan their work schedules.

Delivery drivers can use their own mobile devices to access scheduling and logistics applications. Some delivery drivers are permanent employees of Tailwind Traders. Others work on short-term contract.

Tailwind Traders uses Active Directory to secure its on-premises environment. It needs to ensure that only employees can sign in and access the company's business applications. It also needs to ensure that short-term staff can access these applications only when they're under active contract.

How can Azure Active Directory (Azure AD) help Tailwind Traders consistently secure all of its applications accessed from the intranet and from public networks?

Learning objectives

After completing this module, you'll be able to:

  • Explain the difference between authentication and authorization.
  • Describe how Azure AD provides identity and access management.
  • Explain the role that single sign-on (SSO), multifactor authentication, and Conditional Access play in managing user identity.


  • You should be familiar with basic computing concepts and terminology.
  • Familiarity with cloud computing is helpful but isn't necessary.