I am currently studying for the AZ500 exam which focuses on Microsoft Azure Security Technologies. This is the first blog post in that series.
The first major section in the AZ500 exam is focused on managing identity and access. The goal of this post is to provide a basic understanding of what is Azure active directory.
What is Azure Active Directory?
Azure Active Directory (Azure AD) is a cloud-based SaaS platform designed to help companies manage identities and access across numerous on-premises and cloud based services. Because Azure AD is designed as a service, you get many benefits simply by using the platform. This includes architectural components such as:
The following chart provides a good overview of all the different areas of Azure Active Directory.
On the main page for Azure Active Directory documentation, it lists 3 uses (or, as I like to refer to them, intentions) for Azure AD. They list the 3 as IT Admins, App Developers, and Office/Azure/Dynamics Customers. Let’s start with the last one first.
Most organizations are using Azure AD because it comes as the authentication service that backs other Microsoft services such as office 365 and Azure. From an authentication standpoint, Azure effectively passes off the authentication process of a user to the Azure AD service, which authenticates the user, and then returns a set of claims/permissions that can then be consumed by Office 365/Azure/Dynamics in authorization decisions.
Since Azure AD is a stand-alone identity service (IDaaS), it can be used to offline authentication considerations for custom built applications (and by extension, other SaaS applications). Azure AD is an Oauth 2.0 and OpenID Connect compliant authentication service.
There are a couple of different “modes” that Azure AD can be configured in to allow for more complex authentication scenarios. For example, Azure business-to-business (B2B) can be used by organizations to provide “advanced trust relationships” so they can share data and services while separating the identity management concerns.
Lastly, Azure B2C (business-to-consumer) can be used to connect directly with customers either by allowing them to use their social logins or by managing a user store for you.
IT admins are going to mostly be interested in the management functionality of Azure AD as it relates to their organization. This includes features such as:
Now that we have a basic understanding of what is Azure Active directory, we are ready to move on to talk about app registrations.