azure:az-500:identity_access_management

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:identity_access_management [2022/07/21 12:46] – [Identity Protection] mmuzeazure:az-500:identity_access_management [2022/07/23 12:50] (current) mmuze
Line 6: Line 6:
 > Identity is the new perimeter. > Identity is the new perimeter.
  
-====== Identity Protection ====== 
-  * Identity Protection provides policies for a few common scenarios. 
-  * These policies require an AAD P2 license 
-  * [[https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies]] 
-  * These are under ''Azure AD/Manage/Security/Identity Protection/Protect'' and include these: 
-    * **Azure AD MFA registration policy** - requires users to register for MFA 
-    * **Sign-in risk policy** - a risk score is calculated to indicate the likelihood that a sign-in was not performed by the user. Based on this score administrators can choose to block access, allow access or allow access but require multi-factor authentication. 
-    * **User risk policy** - a risk score is calculate to indicate the likelihood that a user account has been compromised. Based on this score administrators can choose to block access, allow access or allow access but require a password change. 
  
 +===== Topics =====
 +  * Azure AD
 +  * Role Based Access Controls (RBAC)
  
  
Line 31: Line 26:
  
 ===== Azure AD roles vs. Azure Resource Manager (ARM) roles ===== ===== Azure AD roles vs. Azure Resource Manager (ARM) roles =====
-  * AAD Roles vs. ARM Roles+  * AAD Roles vs. ARM/Azure Roles
   * [[https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-roles-and-azure-ad-roles/ba-p/2363647]]   * [[https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-roles-and-azure-ad-roles/ba-p/2363647]]
  
Line 37: Line 32:
  
   * [[https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin]]   * [[https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin]]
-  * RBAC is generally thought of as being used to apply to the control plane, but it can also be used to apply to data plane operations.+  * RBAC is generally thought of as being used to apply to the control plane, but it can also be used to apply to data plane operations.  
  
 ==== Azure AD Roles ==== ==== Azure AD Roles ====
 +  * [[https://docs.microsoft.com/en-us/azure/active-directory/roles/]]
 +
 The following are the four fundamental Azure AD administrator roles. The following are the four fundamental Azure AD administrator roles.
   * Global Administrator   * Global Administrator
Line 57: Line 55:
  
 {{:azure:az-500:roles.png|}} {{:azure:az-500:roles.png|}}
 +
  
  • azure/az-500/identity_access_management.1658407615.txt.gz
  • Last modified: 2022/07/21 12:46
  • by mmuze