SlideShare a Scribd company logo

SC-900 Capabilities of Microsoft Identity and Access Management Solutions

F
FredBrandonAuthorMCP

SC-900 Capabilities of Microsoft Identity and Access Management Solutions

Technology
1 of 30
© Copyright Microsoft Corporation. All rights reserved. SC-900T00-A Module 2: Describe the Capabilities of Microsoft Identity and Access Management Solutions
© Copyright Microsoft Corporation. All rights reserved. Module Agenda Explore the services and identity types of Azure Active Directory Explore the authentication capabilities of Azure Active Directory Explore the access management capabilities of Azure Active Directory Describe identity protection governance capabilities of Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 1: Explore the services and identity types in Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 1 Introduction After completing this module, you’ll be able to: • Describe what is Azure AD • Describe the identity types that Azure AD supports
© Copyright Microsoft Corporation. All rights reserved. Azure Active Directory Azure AD is Microsoft’s cloud-based identity and access management service. Capabilities of Azure AD include: • Organizations can enable their employees, guests, and others to sign in and access the resources they need. • Provide a single identity system for their cloud and on- premises applications. • Protect user identities and credentials and to meet an organization’s access governance requirements. • Each Microsoft 365, Office 365, Azure, and Dynamics 365 Online subscription automatically use an Azure AD tenant.
© Copyright Microsoft Corporation. All rights reserved. Azure AD identity types Azure AD manages different types of identities: users, service principals, managed identities, and devices. User – Generally speaking, a user is a representation of an individual’s identity that's managed by Azure AD. Employees and guests are represented as users in Azure AD. Device - A piece of hardware, such as mobile devices, laptops, servers, or printer. Device identities can be set up in different ways in Azure AD, to determine properties such as who owns the device. Service principal - You can think of it as an identity for an application. A service principal is created in every tenant the application is used & defines who can access the app, what resources the app can access, and more. Managed identity – A type of service principal, a managed identity provides an identity for applications to use when connecting to resources that support Azure AD authentication.
© Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory user settings
© Copyright Microsoft Corporation. All rights reserved. External identities in Azure AD Two different Azure AD External Identities: B2B collaboration B2B collaboration allows you to share your apps and resources with external users B2C access management B2C is an identity management solution for consumer and customer facing apps
© Copyright Microsoft Corporation. All rights reserved. The concept of hybrid identities Hybrid identities Hybrid identity model • With the hybrid model, users accessing both on-premises and cloud apps are hybrid users managed in the on-premises Active Directory. • When you make an update in your on- premises AD DS, all updates to user accounts, groups, and contacts are synchronized to your Azure AD with Azure AD Connect
© Copyright Microsoft Corporation. All rights reserved. Lesson 2: Explore the authentication capabilities of Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 2 Introduction After completing this module, you’ll be able to: • Describe the secure authentication methods of Azure AD • Describe the password protection and management capabilities of Azure AD
© Copyright Microsoft Corporation. All rights reserved. Authentication methods of Azure AD Multifactor authentication (MFA) & Security Defaults MFA requires more than one form of verification: • Something you know • Something you have • Something you are Security defaults: • A set of basic identity security mechanisms recommended by Microsoft. • A great option for organizations that want to increase their security posture but don’t know where to start, or for organizations using the free tier of Azure AD licensing.
© Copyright Microsoft Corporation. All rights reserved. Multi-factor authentication (MFA) in Azure AD Different authentication methods that can be used with MFA Passwords Password & additional verification • Phone (voice or SMS) • Microsoft Authenticator • Open Authentication (OATH) with software or hardware tokens Passwordless • Biometrics (Windows Hello) • Microsoft Authenticator • FIDO2
© Copyright Microsoft Corporation. All rights reserved. Windows Hello for Business Windows Hello lets users authenticate to: • A Microsoft account • An Active Directory account • An Azure Active Directory (Azure AD) account • Identity Provider Services or Relying Party Services that support Fast ID Online v2.0 authentication Why is Windows Hello safer than a password? Because it's tied to the specific device on which it was set up. Without the hardware, the PIN is useless
© Copyright Microsoft Corporation. All rights reserved. Self-service password reset (SSPR) in Azure AD Benefits of Self-service password reset: • It increases security. • It saves the organization money by reducing the number of calls and requests to help desk staff. • It increases productivity, allowing the user to return to work faster. Self-service password reset works in the following scenarios: • Password change • Password reset • Account unlock Authentication method of SSPR: • Mobile app notification • Mobile app code • Email
© Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory self-service password reset (SSPR)
© Copyright Microsoft Corporation. All rights reserved. Password protection & management capabilities in Azure AD Global banned password list Custom banned password lists Protecting against password spray Hybrid security
© Copyright Microsoft Corporation. All rights reserved. Lesson 3: Explore the access management capabilities of Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 3 Introduction After this module, you’ll be able to:
© Copyright Microsoft Corporation. All rights reserved. Conditional access Conditional Access signals: • User or group membership • Named location information • Device • Application • Real-time sign-in risk detection • Cloud apps or actions • User risk Access controls: • Block access • Grant access • Require one or more conditions to be met before granting access • Control user access based on session controls to enable limited experiences within specific cloud applications
© Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory Conditional Access
© Copyright Microsoft Corporation. All rights reserved. Azure AD role-based access control (RBAC) Azure AD roles control permissions to manage Azure AD resources. Built-in roles Custom roles Azure AD role-based access control Only grant the access users need
© Copyright Microsoft Corporation. All rights reserved. Lesson 4: Describe the identity protection and governance capabilities of Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 4 Introduction
© Copyright Microsoft Corporation. All rights reserved. Identity governance in Azure AD The tasks of Azure AD identity governance • Govern the identity lifecycle. • Govern access lifecycle. • Secure privileged access for administration. Identity lifecycle • Join: A new digital identity is created. • Move: Update access authorizations. • Leave: Access may need to be removed.
© Copyright Microsoft Corporation. All rights reserved. Entitlement management and access reviews Entitlement management • It is an identity governance feature that enables organizations to manage identity and access lifecycle at scale. • It automates access request workflows, access assignments, reviews, and expiration. Access reviews • Enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignment. • Ensure that only the right people have access to resources • Used to review and manage access for both users and guests Terms of use • Allow information to be presented to users, before they access data or an application. • Ensure users read relevant disclaimers for legal or compliance requirements.
© Copyright Microsoft Corporation. All rights reserved. Privileged Identity Management (PIM) PIM enables you to manage, control, and monitor access to important resources in your organization. Just in time, providing privileged access only when needed, and not before. Time-bound, by assigning start and end dates that indicate when a user can access resources. Approval-based, requiring specific approval to activate privileges. Visible, sending notifications when privileged roles are activated. Auditable, allowing a full access history to be downloaded.
© Copyright Microsoft Corporation. All rights reserved. Azure Identity Protection Enables organizations to accomplish three key tasks: • Automate the detection and remediation of identity-based risks. • Investigate risks using data in the portal. • Export risk detection data to third-party utilities for further analysis. It can categorize and calculate risk: • Categorize risk into three tiers: low, medium, and high. • Calculate the sign-in risk, and user identity risk. It provides organizations with three reports: • Risky users • Risky sign-ins • Risk detections
© Copyright Microsoft Corporation. All rights reserved. Module Summary Azure AD and services and identity types Azure AD supports • Explore the authentication capabilities of Azure AD, including MFA • Explore the access management capabilities of Azure AD with Conditional Access and Azure AD RBAC • Describe identity protection and governance capabilities of Azure AD, including PIM, entitlement management, and access reviews.
© Copyright Microsoft Corporation. All rights reserved.

Recommended

SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
 
SC-900 Intro
SC-900 IntroSC-900 Intro
SC-900 IntroFredBrandonAuthorMCP
 
SC-900+2022.pdf
SC-900+2022.pdfSC-900+2022.pdf
SC-900+2022.pdfRitish H
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedAlbert Hoitingh
 
AWS Security Hub Deep Dive
AWS Security Hub Deep DiveAWS Security Hub Deep Dive
AWS Security Hub Deep DiveNagesh Ramamoorthy
 

Recommended

SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
 
SC-900 Intro
SC-900 IntroSC-900 Intro
SC-900 IntroFredBrandonAuthorMCP
 
SC-900+2022.pdf
SC-900+2022.pdfSC-900+2022.pdf
SC-900+2022.pdfRitish H
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedAlbert Hoitingh
 
AWS Security Hub Deep Dive
AWS Security Hub Deep DiveAWS Security Hub Deep Dive
AWS Security Hub Deep DiveNagesh Ramamoorthy
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceVignesh Ganesan I Microsoft MVP
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security OverviewRobert Crane
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementMario Worwell
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewDavid J Rosenthal
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at RestAmazon Web Services
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
original.pdf
original.pdforiginal.pdf
original.pdfPranavUndre1
 

More Related Content

What's hot

Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceVignesh Ganesan I Microsoft MVP
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security OverviewRobert Crane
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementMario Worwell
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewDavid J Rosenthal
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at RestAmazon Web Services
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 

What's hot (20)

Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity Management
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity Protection
 

Similar to SC-900 Capabilities of Microsoft Identity and Access Management Solutions

Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0Huy Pham
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...UiPathCommunity
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...CoLaboraDK
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active DirectoryEng Teong Cheah
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 

Similar to SC-900 Capabilities of Microsoft Identity and Access Management Solutions (20)

Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
 
original.pdf
original.pdforiginal.pdf
original.pdf
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptxAbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 

More from FredBrandonAuthorMCP

Savings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptxSavings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptxFredBrandonAuthorMCP
 
Investing and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptxInvesting and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptxFredBrandonAuthorMCP
 
Exploring Blockchain in the Enterprise
Exploring Blockchain in the EnterpriseExploring Blockchain in the Enterprise
Exploring Blockchain in the EnterpriseFredBrandonAuthorMCP
 
Business Automation - Intro to the Power Platform
Business Automation - Intro to the Power PlatformBusiness Automation - Intro to the Power Platform
Business Automation - Intro to the Power PlatformFredBrandonAuthorMCP
 
Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI FredBrandonAuthorMCP
 
Automation for Small Business using the Power Platform
Automation for Small Business using the Power PlatformAutomation for Small Business using the Power Platform
Automation for Small Business using the Power PlatformFredBrandonAuthorMCP
 
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...FredBrandonAuthorMCP
 

More from FredBrandonAuthorMCP (7)

Savings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptxSavings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptx
 
Investing and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptxInvesting and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptx
 
Exploring Blockchain in the Enterprise
Exploring Blockchain in the EnterpriseExploring Blockchain in the Enterprise
Exploring Blockchain in the Enterprise
 
Business Automation - Intro to the Power Platform
Business Automation - Intro to the Power PlatformBusiness Automation - Intro to the Power Platform
Business Automation - Intro to the Power Platform
 
Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI
 
Automation for Small Business using the Power Platform
Automation for Small Business using the Power PlatformAutomation for Small Business using the Power Platform
Automation for Small Business using the Power Platform
 
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
 

Recently uploaded

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 

SC-900 Capabilities of Microsoft Identity and Access Management Solutions

  • 1. © Copyright Microsoft Corporation. All rights reserved. SC-900T00-A Module 2: Describe the Capabilities of Microsoft Identity and Access Management Solutions
  • 2. © Copyright Microsoft Corporation. All rights reserved. Module Agenda Explore the services and identity types of Azure Active Directory Explore the authentication capabilities of Azure Active Directory Explore the access management capabilities of Azure Active Directory Describe identity protection governance capabilities of Azure Active Directory
  • 3. © Copyright Microsoft Corporation. All rights reserved. Lesson 1: Explore the services and identity types in Azure Active Directory
  • 4. © Copyright Microsoft Corporation. All rights reserved. Lesson 1 Introduction After completing this module, you’ll be able to: • Describe what is Azure AD • Describe the identity types that Azure AD supports
  • 5. © Copyright Microsoft Corporation. All rights reserved. Azure Active Directory Azure AD is Microsoft’s cloud-based identity and access management service. Capabilities of Azure AD include: • Organizations can enable their employees, guests, and others to sign in and access the resources they need. • Provide a single identity system for their cloud and on- premises applications. • Protect user identities and credentials and to meet an organization’s access governance requirements. • Each Microsoft 365, Office 365, Azure, and Dynamics 365 Online subscription automatically use an Azure AD tenant.
  • 6. © Copyright Microsoft Corporation. All rights reserved. Azure AD identity types Azure AD manages different types of identities: users, service principals, managed identities, and devices. User – Generally speaking, a user is a representation of an individual’s identity that's managed by Azure AD. Employees and guests are represented as users in Azure AD. Device - A piece of hardware, such as mobile devices, laptops, servers, or printer. Device identities can be set up in different ways in Azure AD, to determine properties such as who owns the device. Service principal - You can think of it as an identity for an application. A service principal is created in every tenant the application is used & defines who can access the app, what resources the app can access, and more. Managed identity – A type of service principal, a managed identity provides an identity for applications to use when connecting to resources that support Azure AD authentication.
  • 7. © Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory user settings
  • 8. © Copyright Microsoft Corporation. All rights reserved. External identities in Azure AD Two different Azure AD External Identities: B2B collaboration B2B collaboration allows you to share your apps and resources with external users B2C access management B2C is an identity management solution for consumer and customer facing apps
  • 9. © Copyright Microsoft Corporation. All rights reserved. The concept of hybrid identities Hybrid identities Hybrid identity model • With the hybrid model, users accessing both on-premises and cloud apps are hybrid users managed in the on-premises Active Directory. • When you make an update in your on- premises AD DS, all updates to user accounts, groups, and contacts are synchronized to your Azure AD with Azure AD Connect
  • 10. © Copyright Microsoft Corporation. All rights reserved. Lesson 2: Explore the authentication capabilities of Azure Active Directory
  • 11. © Copyright Microsoft Corporation. All rights reserved. Lesson 2 Introduction After completing this module, you’ll be able to: • Describe the secure authentication methods of Azure AD • Describe the password protection and management capabilities of Azure AD
  • 12. © Copyright Microsoft Corporation. All rights reserved. Authentication methods of Azure AD Multifactor authentication (MFA) & Security Defaults MFA requires more than one form of verification: • Something you know • Something you have • Something you are Security defaults: • A set of basic identity security mechanisms recommended by Microsoft. • A great option for organizations that want to increase their security posture but don’t know where to start, or for organizations using the free tier of Azure AD licensing.
  • 13. © Copyright Microsoft Corporation. All rights reserved. Multi-factor authentication (MFA) in Azure AD Different authentication methods that can be used with MFA Passwords Password & additional verification • Phone (voice or SMS) • Microsoft Authenticator • Open Authentication (OATH) with software or hardware tokens Passwordless • Biometrics (Windows Hello) • Microsoft Authenticator • FIDO2
  • 14. © Copyright Microsoft Corporation. All rights reserved. Windows Hello for Business Windows Hello lets users authenticate to: • A Microsoft account • An Active Directory account • An Azure Active Directory (Azure AD) account • Identity Provider Services or Relying Party Services that support Fast ID Online v2.0 authentication Why is Windows Hello safer than a password? Because it's tied to the specific device on which it was set up. Without the hardware, the PIN is useless
  • 15. © Copyright Microsoft Corporation. All rights reserved. Self-service password reset (SSPR) in Azure AD Benefits of Self-service password reset: • It increases security. • It saves the organization money by reducing the number of calls and requests to help desk staff. • It increases productivity, allowing the user to return to work faster. Self-service password reset works in the following scenarios: • Password change • Password reset • Account unlock Authentication method of SSPR: • Mobile app notification • Mobile app code • Email
  • 16. © Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory self-service password reset (SSPR)
  • 17. © Copyright Microsoft Corporation. All rights reserved. Password protection & management capabilities in Azure AD Global banned password list Custom banned password lists Protecting against password spray Hybrid security
  • 18. © Copyright Microsoft Corporation. All rights reserved. Lesson 3: Explore the access management capabilities of Azure Active Directory
  • 19. © Copyright Microsoft Corporation. All rights reserved. Lesson 3 Introduction After this module, you’ll be able to:
  • 20. © Copyright Microsoft Corporation. All rights reserved. Conditional access Conditional Access signals: • User or group membership • Named location information • Device • Application • Real-time sign-in risk detection • Cloud apps or actions • User risk Access controls: • Block access • Grant access • Require one or more conditions to be met before granting access • Control user access based on session controls to enable limited experiences within specific cloud applications
  • 21. © Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory Conditional Access
  • 22. © Copyright Microsoft Corporation. All rights reserved. Azure AD role-based access control (RBAC) Azure AD roles control permissions to manage Azure AD resources. Built-in roles Custom roles Azure AD role-based access control Only grant the access users need
  • 23. © Copyright Microsoft Corporation. All rights reserved. Lesson 4: Describe the identity protection and governance capabilities of Azure Active Directory
  • 24. © Copyright Microsoft Corporation. All rights reserved. Lesson 4 Introduction
  • 25. © Copyright Microsoft Corporation. All rights reserved. Identity governance in Azure AD The tasks of Azure AD identity governance • Govern the identity lifecycle. • Govern access lifecycle. • Secure privileged access for administration. Identity lifecycle • Join: A new digital identity is created. • Move: Update access authorizations. • Leave: Access may need to be removed.
  • 26. © Copyright Microsoft Corporation. All rights reserved. Entitlement management and access reviews Entitlement management • It is an identity governance feature that enables organizations to manage identity and access lifecycle at scale. • It automates access request workflows, access assignments, reviews, and expiration. Access reviews • Enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignment. • Ensure that only the right people have access to resources • Used to review and manage access for both users and guests Terms of use • Allow information to be presented to users, before they access data or an application. • Ensure users read relevant disclaimers for legal or compliance requirements.
  • 27. © Copyright Microsoft Corporation. All rights reserved. Privileged Identity Management (PIM) PIM enables you to manage, control, and monitor access to important resources in your organization. Just in time, providing privileged access only when needed, and not before. Time-bound, by assigning start and end dates that indicate when a user can access resources. Approval-based, requiring specific approval to activate privileges. Visible, sending notifications when privileged roles are activated. Auditable, allowing a full access history to be downloaded.
  • 28. © Copyright Microsoft Corporation. All rights reserved. Azure Identity Protection Enables organizations to accomplish three key tasks: • Automate the detection and remediation of identity-based risks. • Investigate risks using data in the portal. • Export risk detection data to third-party utilities for further analysis. It can categorize and calculate risk: • Categorize risk into three tiers: low, medium, and high. • Calculate the sign-in risk, and user identity risk. It provides organizations with three reports: • Risky users • Risky sign-ins • Risk detections
  • 29. © Copyright Microsoft Corporation. All rights reserved. Module Summary Azure AD and services and identity types Azure AD supports • Explore the authentication capabilities of Azure AD, including MFA • Explore the access management capabilities of Azure AD with Conditional Access and Azure AD RBAC • Describe identity protection and governance capabilities of Azure AD, including PIM, entitlement management, and access reviews.
  • 30. © Copyright Microsoft Corporation. All rights reserved.