Feel free to check the previous post (Part 1\/12<\/a>) if you did not look into it yet \ud83d\ude42 <\/p>\n\n\n\n
Table of content (blog series)<\/h3>\n\n\n\n- *** Design Identity, Governance, and Monitoring Solutions ***<\/strong><\/li>
- Part 1: Design a governance solution<\/a><\/li>
- Part 2: Design Authentication and Authorization Solutions<\/a><\/li>
- Part 3: Design a solution to log and monitor Azure resources<\/a><\/li>
- *** Design Infrastructure Solutions ***<\/strong><\/li>
- Part 4: Design a compute solution<\/a><\/li>
- Part 5: Design an application architecture solution<\/a><\/li>
- Part 6: Design a network infrastructure solution<\/a><\/li>
- Part 7: Design a migration solution<\/a><\/li>
- *** Design Data Storage Solutions ****<\/strong><\/li>
- Part 8: Design a non-relational data storage solution<\/a><\/li>
- Part 9: Design a data storage solution for relational data<\/a><\/li>
- Part 10: Design a data integration solution<\/a><\/li>
- *** Design Business Continuity Solutions ***<\/strong><\/strong><\/li>
- Part 11: Design a solution for Business Continuity, backup and disaster recovery<\/a> <\/li>
- Part 12: Design for high availability<\/a><\/li><\/ul>\n\n\n\n
What is the Authentication and Authorization?<\/h3>\n\n\n\n
To put it in plain English language, authentication is the process of verifying who someone is, where as authorization is the process of verifying what specific applications, files, and data a user has access to.<\/p>\n\n\n\n
To relate these concepts to a real-world scenarious, you may think about your airport access and on-boarding to the plane experience. Thus, when you go through the security in an airport, you are required to show your ID to authenticate your identity. Then, you proceed and arrive at the gate, you present your boarding pass to the flight attendant, so they can authorize you to board your flight and allow access to your assigned seat.<\/p>\n\n\n\n![\"Authentication](\"https:\/\/miro.medium.com\/max\/1400\/0*Ggee4mghBiY6OxJV\")
<\/figure>\n\n\n\nWHAT YOU CAN DO WITH Authentication and Authorization?<\/h4>\n\n\n\n
The authentication and authorization services are part of the Microsoft’s identity platform<\/a>.<\/p>\n\n\n\nThe Authentication sometimes shortened to ‘AuthN’<\/strong>.
The Microsoft identity platform uses the OpenID Connect<\/a> protocol for handling authentication. On the other hand, Authorization sometimes shortened to ‘AuthZ<\/strong>‘. The Microsoft identity platform uses the OAuth 2.0<\/a> protocol for handling authorization.<\/p>\n\n\n\nIn Microsoft Azure your authentication and authorization is delegated to Azure Active Directory (Azure AD). By using this centralized identity provider you can enable following secure workflows for your business:<\/p>\n\n\n\n
- Conditional Access policies – that require a user to be in a specific location.<\/li>
- The use of multi-factor authentication<\/a>, which is sometimes called two-factor authentication or 2FA.<\/li>
- Enabling a user to sign in once and then be automatically signed in to all of the web apps that share the same centralized directory. This capability is called single sign-on (SSO)<\/em>.<\/li><\/ul>\n\n\n\n
![\"From](\"https:\/\/newsignature.com\/wp-content\/uploads\/2019\/05\/5030991-637118249809250355-16x9-1-1024x683.jpg\")
<\/figure>\n\n\n\n<\/p>\n\n\n\n
Part 2: Designing Authentication and Authorization solutions<\/h4>\n\n\n\n
The references below are taken from official Microsoft docs and focused on designing Azure Authentication and Authorization solutions. You could also find it helpful to check the Microsoft docs and learning paths with [Tutorials] below \ud83d\ude42<\/p>\n\n\n\n
This collection of links is gathered with a focus on the exam objectives of the AZ-305 certification exam.<\/p>\n\n\n\n
Azure identity management security overview<\/a>
Azure Identity Management and access control security best practices<\/a>
Five steps to securing your identity infrastructure<\/a>
What is Azure Active Directory?<\/a>
Compare Active Directory to Azure Active Directory<\/a>
Azure Active Directory B2B best practices<\/a>
Overview: Cross-tenant access with Azure AD External Identities (Preview)<\/a>
Identity Providers for External Identities<\/a>
Authentication and Conditional Access for External Identities<\/a>
What is Azure Active Directory B2C?<\/a>
Technical and feature overview of Azure Active Directory B2C<\/a>
What is Conditional Access?<\/a>
Plan a Conditional Access deployment<\/a>
[Tutorial]: Secure user sign-in events with Azure AD Multi-Factor Authentication<\/a>
[Tutorial]: Enable users to unlock their account or reset passwords using Azure AD self-service password reset (SSPR)<\/a>
[Tutorial]: Enable Azure Active Directory self-service password reset writeback to an on-premises environment<\/a><\/p>\n\n\n\nWhat is Identity Protection?<\/a>
What is risk?<\/a>
Azure Active Directory Identity Protection – Security overview <\/a>
Identity Protection policies<\/a>
What are Azure AD access reviews?<\/a>
What are managed identities for Azure resources?<\/a>
What is identity lifecycle management?<\/a>
Microsoft Azure Well-Architected Framework – Security<\/a>
Authenticate apps to Azure services by using service principals and managed identities for Azure resources<\/a>
Application and service principal objects in Azure AD<\/a>
Azure Key Vault basic concepts<\/a>
Best practices for using Azure Key Vault<\/a>
Azure Key Vault logging<\/a>
Virtual network service endpoints for Azure Key Vault<\/a>
Monitoring Key Vault with Azure Event Grid<\/a> <\/p>\n\n\n\nSUMMARY<\/h4>\n\n\n\n
Thank you for visiting the AZ-305 Study Guide and checking the Part 2 \u2013 <\/strong>Designing Authentication and Authorization Solutions<\/a><\/em>.
The next blog will cover the Part 3: Design a solution to log and monitor Azure resources<\/em><\/em><\/a>.<\/p>\n<\/div>
What is the Authentication and Authorization?<\/h3>\n\n\n\n
To put it in plain English language, authentication is the process of verifying who someone is, where as authorization is the process of verifying what specific applications, files, and data a user has access to.<\/p>\n\n\n\n
To relate these concepts to a real-world scenarious, you may think about your airport access and on-boarding to the plane experience. Thus, when you go through the security in an airport, you are required to show your ID to authenticate your identity. Then, you proceed and arrive at the gate, you present your boarding pass to the flight attendant, so they can authorize you to board your flight and allow access to your assigned seat.<\/p>\n\n\n\n The authentication and authorization services are part of the Microsoft’s identity platform<\/a>.<\/p>\n\n\n\n The Authentication sometimes shortened to ‘AuthN’<\/strong>. In Microsoft Azure your authentication and authorization is delegated to Azure Active Directory (Azure AD). By using this centralized identity provider you can enable following secure workflows for your business:<\/p>\n\n\n\n <\/p>\n\n\n\n The references below are taken from official Microsoft docs and focused on designing Azure Authentication and Authorization solutions. You could also find it helpful to check the Microsoft docs and learning paths with [Tutorials] below \ud83d\ude42<\/p>\n\n\n\n This collection of links is gathered with a focus on the exam objectives of the AZ-305 certification exam.<\/p>\n\n\n\n Azure identity management security overview<\/a> What is Identity Protection?<\/a> Thank you for visiting the AZ-305 Study Guide and checking the Part 2 \u2013 <\/strong>Designing Authentication and Authorization Solutions<\/a><\/em>.<\/figure>\n\n\n\n
WHAT YOU CAN DO WITH Authentication and Authorization?<\/h4>\n\n\n\n
The Microsoft identity platform uses the OpenID Connect<\/a> protocol for handling authentication. On the other hand, Authorization sometimes shortened to ‘AuthZ<\/strong>‘. The Microsoft identity platform uses the OAuth 2.0<\/a> protocol for handling authorization.<\/p>\n\n\n\n<\/figure>\n\n\n\nPart 2: Designing Authentication and Authorization solutions<\/h4>\n\n\n\n
Azure Identity Management and access control security best practices<\/a>
Five steps to securing your identity infrastructure<\/a>
What is Azure Active Directory?<\/a>
Compare Active Directory to Azure Active Directory<\/a>
Azure Active Directory B2B best practices<\/a>
Overview: Cross-tenant access with Azure AD External Identities (Preview)<\/a>
Identity Providers for External Identities<\/a>
Authentication and Conditional Access for External Identities<\/a>
What is Azure Active Directory B2C?<\/a>
Technical and feature overview of Azure Active Directory B2C<\/a>
What is Conditional Access?<\/a>
Plan a Conditional Access deployment<\/a>
[Tutorial]: Secure user sign-in events with Azure AD Multi-Factor Authentication<\/a>
[Tutorial]: Enable users to unlock their account or reset passwords using Azure AD self-service password reset (SSPR)<\/a>
[Tutorial]: Enable Azure Active Directory self-service password reset writeback to an on-premises environment<\/a><\/p>\n\n\n\n
What is risk?<\/a>
Azure Active Directory Identity Protection – Security overview <\/a>
Identity Protection policies<\/a>
What are Azure AD access reviews?<\/a>
What are managed identities for Azure resources?<\/a>
What is identity lifecycle management?<\/a>
Microsoft Azure Well-Architected Framework – Security<\/a>
Authenticate apps to Azure services by using service principals and managed identities for Azure resources<\/a>
Application and service principal objects in Azure AD<\/a>
Azure Key Vault basic concepts<\/a>
Best practices for using Azure Key Vault<\/a>
Azure Key Vault logging<\/a>
Virtual network service endpoints for Azure Key Vault<\/a>
Monitoring Key Vault with Azure Event Grid<\/a> <\/p>\n\n\n\nSUMMARY<\/h4>\n\n\n\n
The next blog will cover the Part 3: Design a solution to log and monitor Azure resources<\/em><\/em><\/a>.<\/p>\n