Differences

This shows you the differences between two versions of the page.

--- azure:az-500:alt:identity_and_access_management [2023/02/07 13:00] – [Azure AD] mmuze
+++ azure:az-500:alt:identity_and_access_management [2023/02/11 21:02] (current) – [Identity and Access Management] mmuze
@@ Line 1: / Line 1: @@
 ====== Identity and Access Management ======
+  * [[https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles]]
   * [[azure:az-500:alt:role_based_access_control|Role Based Access Control/RBAC]]
   * [[azure:az-500:alt:hybrid_identity|Hybrid Identity]]
@@ Line 9: / Line 10: @@
       * //Security Defaults// is a built-in set of protections against identity-based attacks.
   * **//[[https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-delegated-administration-primer|delegated administration]]//** is the term for how a //CSP (Cloud Solution Provider)// can be given roles that allow them to administer services on behalf of the customer.
+==== Security Principle ====
+> Security principal: An Azure security principal is a security identity that user-created apps, services, and automation tools use to access specific Azure resources. Think of it as a "user identity" (username and password or certificate) with a specific role, and tightly controlled permissions. A security principal should only need to do specific things, unlike a general user identity. It improves security if you grant it only the minimum permission level that it needs to perform its management tasks. A security principal used with an application or service is called a service principal.
 ===== Authentication Methods =====