2 Securing identities in Azure: The four pillars of identity and Azure AD

Securing identities is a fundamental building block of securing any Azure environment. Yet, many application developers and IT managers I talk to say they often lose sight of who has access, and to what. This problem is further compounded by the fact that people responsible for giving access to users don’t always have insights as to what resources the users they’re providing access to actually need (or don’t need) access to. When there is little to no automation, this process can easily become error prone and difficult to manage. Now that you know about some of the challenges, I have a question for you. Have you ever found yourself in a situation where you needed to provide secure access to users in your organization? How did you go about doing this? Luckily, you’re not alone. Providing secure access to users, is exactly what’s top of mind for Alice too. She’s one of the fictional characters on whose help I rely on (with the occasional guest appearances of Bob and Eve), to make it easier to explain how to provide secure access to users in Azure. Along the way, I introduce you to a couple of additional models and concepts, which make it easier to understand how identities are secured in Azure.

2.1 Four pillars of identity

2.1.1 What is Azure Active Directory, actually?

2.1.2 What is actually an identity?

2.1.3 Azure AD user identities in action

2.1.4 Azure AD service principals in action

2.1.5 Managed identity in Azure AD

2.1.6 Managed identity in action

2.2 Authentication

2.2.1 Azure AD as an IAM service

2.2.2 Importance of multi-factor authentication

2.2.3 Azure MFA

2.2.4 Security defaults in Azure AD

2.2.5 Identity protection

2.2.6 Identity Protection in action

2.2.7 Conditional Access in Azure AD

2.2.8 Conditional access in action

2.3 Authorization

2.3.1 Azure role-based access control

2.3.2 How does Azure RBAC work?

2.3.3 Security principal

2.3.4 Role definitions

2.3.5 Control and data plane