Azure identity services and access control

Understanding Microsoft Azure Architecture and Services

Florin Angelescu

Azure Architect

Azure authentication methods

  • Authentication = Verifying the identity of an individual, service, or device
  • Presenting credentials to prove who they are
Understanding Microsoft Azure Architecture and Services

Multi-factor authentication (MFA)

Multi-factor authentication

  • Requires an additional form of identification during sign-in
  • Safeguards against unauthorized access, even when password has been compromised
  • Provides additional security by requiring two or more elements to fully authenticate
Understanding Microsoft Azure Architecture and Services

Multi-factor authentication

Multi-factor authentication

  • Code sent to a user's phone
  • Biometric property
  • Respond to a challenge question
Understanding Microsoft Azure Architecture and Services

Passwordless authentication

Passwordless authentication

  • Eliminate the need for passwords
  • Devices need to be registered and associated with a user
  • Authentication can occur using something the user has, knows, or is
Understanding Microsoft Azure Architecture and Services

Windows Hello for Business

Windows Hello for Business

  • Ideal for individuals with Windows computer
  • Users can access their computer using:
    • Fingerprint
    • Face recognition
    • PIN code
  • Prevents unauthorized access by others
Understanding Microsoft Azure Architecture and Services

Microsoft Authenticator App

Microsoft Authenticator App

  • Mobile app that offers a MFA options
  • Can transform any phone into a secure passwordless tool
  • Sign in by:
    • Receiving a notification
    • Matching displayed numbers
    • Confirming with biometric
    • PIN code
Understanding Microsoft Azure Architecture and Services

FIDO2 security keys

FIDO2 security keys

  • Secure and passwordless authentication method
  • Open standard by the FIDO Alliance
  • Key is available in different forms, including USB devices
Understanding Microsoft Azure Architecture and Services

Conditional access

Conditional access

  • Resource access based on:
    • User identity
    • Location
    • Device
  • Collects and analyzes such details at login
  • Decides to:
    • Allow access
    • Deny access
    • Enforce MFA
Understanding Microsoft Azure Architecture and Services

Conditional access use cases

Conditional access use cases

  • Enforce MFA based on:
    • Roles
    • Location
    • Network
Understanding Microsoft Azure Architecture and Services

Conditional access use cases

Conditional access use cases

  • Allow access to services exclusively through approved client applications
  • Control which applications can connect to specific services
Understanding Microsoft Azure Architecture and Services

Conditional access use cases

  • Restrict application access to users on managed devices that meet security and compliance standards
Understanding Microsoft Azure Architecture and Services

Conditional access use cases

Conditional access use cases

  • Prevent access from untrusted sources, including unknown or unexpected locations
Understanding Microsoft Azure Architecture and Services

Let's practice!

Understanding Microsoft Azure Architecture and Services

Preparing Video For Download...