azure:az-500:alt:identity_and_access_management

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:alt:identity_and_access_management [2023/02/02 15:54] – [Guest Access] mmuzeazure:az-500:alt:identity_and_access_management [2023/02/11 21:02] (current) – [Identity and Access Management] mmuze
Line 1: Line 1:
 ====== Identity and Access Management ====== ====== Identity and Access Management ======
 +  * [[https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles]]
   * [[azure:az-500:alt:role_based_access_control|Role Based Access Control/RBAC]]   * [[azure:az-500:alt:role_based_access_control|Role Based Access Control/RBAC]]
   * [[azure:az-500:alt:hybrid_identity|Hybrid Identity]]   * [[azure:az-500:alt:hybrid_identity|Hybrid Identity]]
Line 7: Line 8:
   * Because Azure AD is HTTP/HTTPS based, it does not use Kerberos authentication. Instead, it uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for authentication (and OAuth for authorization).   * Because Azure AD is HTTP/HTTPS based, it does not use Kerberos authentication. Instead, it uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for authentication (and OAuth for authorization).
   * MFA is supported for free tier AAD by way of //Security Defaults//.   * MFA is supported for free tier AAD by way of //Security Defaults//.
-      * //Security Defaults// is a built-in set of protections against identity based attacks.+      * //Security Defaults// is a built-in set of protections against identity-based attacks. 
 +  * **//[[https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-delegated-administration-primer|delegated administration]]//** is the term for how a //CSP (Cloud Solution Provider)// can be given roles that allow them to administer services on behalf of the customer. 
 + 
 + 
 +==== Security Principle ==== 
 +> Security principal: An Azure security principal is a security identity that user-created apps, services, and automation tools use to access specific Azure resources. Think of it as a "user identity" (username and password or certificate) with a specific role, and tightly controlled permissions. A security principal should only need to do specific things, unlike a general user identity. It improves security if you grant it only the minimum permission level that it needs to perform its management tasks. A security principal used with an application or service is called a service principal. 
  
 ===== Authentication Methods ===== ===== Authentication Methods =====
Line 97: Line 104:
  
 ====== Passwordless authentication ====== ====== Passwordless authentication ======
 +
 +====== User Management ======
 +  * Deleted users and M365 groups can be restored (undeleted) for up to 30 days.
 +  * Deleted Security Groups cannot be restored.
  
 ====== Guest Access ====== ====== Guest Access ======
  • azure/az-500/alt/identity_and_access_management.1675353268.txt.gz
  • Last modified: 2023/02/02 15:54
  • by mmuze