2 Securing identities in Azure: The four pillars of identity and Azure Active Directory

 

This chapter covers

  • The four pillars of identity
  • Authentication
  • Authorization
  • Custom roles
  • Identity governance
NOTE

Microsoft has recently renamed Azure Active Directory to Microsoft Entra ID and the Azure Active Directory Premium P2 plan to Microsoft Entra ID P2. See http://mng.bz/yQXB for more information.

Securing identities is a fundamental building block of securing any Azure environment. Yet, many application developers and IT managers I talk to say they often lose track of who has access and to what. This problem is further compounded by the fact that people responsible for giving access to users don’t always know what resources users actually need (or don’t need) access to. When there is little to no automation, this process can easily become error prone and difficult to manage.

Have you ever found yourself needing to provide secure access to users in your organization? How did you go about doing this? Luckily, you’re not alone. Providing secure access to users is exactly what’s top of mind for Alice, too. She’s one of the fictional characters whose help I rely on (with the occasional guest appearances by Bob and Eve) to make it easier to explain how to provide secure access to users in Azure. Along the way, I’ll introduce you to a couple of additional models and concepts, which make it easier to understand how identities are secured in Azure.

2.1 Four pillars of identity

2.1.1 What is Azure Active Directory?

2.1.2 What is an identity?

2.1.3 Azure AD user identities in action

2.1.4 Azure AD service principals in action

2.1.5 Managed identity in Azure AD

2.1.6 Managed identity in action

2.2 Authentication