Azure identity services and access control

Comprendere l'architettura e i servizi di Microsoft Azure

Florin Angelescu

Azure Architect

Azure authentication methods

  • Authentication = Verifying the identity of an individual, service, or device
  • Presenting credentials to prove who they are
Comprendere l'architettura e i servizi di Microsoft Azure

Multi-factor authentication (MFA)

Multi-factor authentication

  • Requires an additional form of identification during sign-in
  • Safeguards against unauthorized access, even when password has been compromised
  • Provides additional security by requiring two or more elements to fully authenticate
Comprendere l'architettura e i servizi di Microsoft Azure

Multi-factor authentication

Multi-factor authentication

  • Code sent to a user's phone
  • Biometric property
  • Respond to a challenge question
Comprendere l'architettura e i servizi di Microsoft Azure

Passwordless authentication

Passwordless authentication

  • Eliminate the need for passwords
  • Devices need to be registered and associated with a user
  • Authentication can occur using something the user has, knows, or is
Comprendere l'architettura e i servizi di Microsoft Azure

Windows Hello for Business

Windows Hello for Business

  • Ideal for individuals with Windows computer
  • Users can access their computer using:
    • Fingerprint
    • Face recognition
    • PIN code
  • Prevents unauthorized access by others
Comprendere l'architettura e i servizi di Microsoft Azure

Microsoft Authenticator App

Microsoft Authenticator App

  • Mobile app that offers a MFA options
  • Can transform any phone into a secure passwordless tool
  • Sign in by:
    • Receiving a notification
    • Matching displayed numbers
    • Confirming with biometric
    • PIN code
Comprendere l'architettura e i servizi di Microsoft Azure

FIDO2 security keys

FIDO2 security keys

  • Secure and passwordless authentication method
  • Open standard by the FIDO Alliance
  • Key is available in different forms, including USB devices
Comprendere l'architettura e i servizi di Microsoft Azure

Conditional access

Conditional access

  • Resource access based on:
    • User identity
    • Location
    • Device
  • Collects and analyzes such details at login
  • Decides to:
    • Allow access
    • Deny access
    • Enforce MFA
Comprendere l'architettura e i servizi di Microsoft Azure

Conditional access use cases

Conditional access use cases

  • Enforce MFA based on:
    • Roles
    • Location
    • Network
Comprendere l'architettura e i servizi di Microsoft Azure

Conditional access use cases

Conditional access use cases

  • Allow access to services exclusively through approved client applications
  • Control which applications can connect to specific services
Comprendere l'architettura e i servizi di Microsoft Azure

Conditional access use cases

  • Restrict application access to users on managed devices that meet security and compliance standards
Comprendere l'architettura e i servizi di Microsoft Azure

Conditional access use cases

Conditional access use cases

  • Prevent access from untrusted sources, including unknown or unexpected locations
Comprendere l'architettura e i servizi di Microsoft Azure

Let's practice!

Comprendere l'architettura e i servizi di Microsoft Azure

Preparing Video For Download...