Manage Users and Access with Azure Active Directory

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 51 minutes
Difficulty
Beginner
CEU/CPE
4
Video Transcription
00:00
Yeah,
00:01
Let's see how we can manage users in azure.
00:04
Authentication and authorization are the fundamental concepts. When discussing identity and access management.
00:11
Let's take a look at what the differences between those
00:14
authentication is. The process of establishing the identity of a person or an application looking to gain access to a resource or data.
00:21
In essence, it confirms that they are who they claim they are.
00:25
Authentication is not new to the digital world, either.
00:28
The use of passports, driving licenses or other identification methods are all examples for authentication. In the offline world,
00:37
authentication is the basis for creating a security principle that can be used to access a resource.
00:44
Authorization, on the other hand, is the process of establishing the level of access the principal has.
00:52
It determines what data and resources they are allowed to access.
00:56
For example, an employee can access their own payroll information while the accountant can access the payroll. For the whole company,
01:03
authentication and authorization are often abbreviated as off and and off easy.
01:10
We've already had a brief discussion of azure active directory, but let's take a look a bit deeper into it
01:17
as your active directory or a D is a cloud based identity service that you can use to synchronize your on premises identities or to use with other enterprise services from Microsoft, like Office 3 65 and Dynamics 3 65.
01:32
This means that you can use the same identity across applications.
01:36
A. A D provides services like authentication, single sign on business to business and business to consumer identity management application and the device management.
01:48
The more identities a user has to manage the greater risk of credential related security incidents.
01:53
Different applications have different password policies. And with the growth of complexity, remembering those becomes hard.
02:00
On the other hand, if a user leaves an organization, removing those from every application is a tedious task.
02:08
With single sign on, users need to remember only one password that will simplify the security model
02:15
by using Azure active directory for SSO. You also have the ability to create an intelligent security graph that you can use to do a threat analysis and offer real time identity protection for all your users.
02:29
Another technology that improves the protection of users identities is multi factor identification, or MFA.
02:37
MFA is also known as two factor authentication, or TF because it requires two or more elements for full authentication.
02:46
Those elements fall into the following categories.
02:50
Something you know, like a password or the answer to a security question.
02:54
Something you possess, like an authenticator app on your phone or a hardware security token
03:00
and something you are like your fingerprint iris or your face.
03:05
MFA increases the security of users accounts because the probability a hacker has access to multiple of these factors is low,
03:14
as your body has built in capabilities for multi factor authentication and can integrate with external MFA providers.
03:22
The functionality is free of charge for users who are designated global administrators in Azure a deep because those are highly sensitive accounts.
03:30
Other user accounts can have MFA enabled after purchasing a license.
03:37
As your active directory also allows you to create service identities,
03:42
service identities are kept in azure and eliminate the need to store those in configuration files, thus reducing the exposure of the credentials.
03:52
A D has two ways to handle service identities.
03:55
The first one is the use of a service principle
03:59
to understand what a service principle is. Let's look at the difference between identity and principle,
04:05
an identity is something that can be authenticated. This can be a user who has a user name and password, but it can also be an application or service that can authenticate with certificates and keys.
04:17
A principal is an identity that has certain claims and roles assigned to it.
04:23
A service principle is a service identity that can be assigned roles.
04:28
The creation of a service principle requires configuration steps that make this a tedious process.
04:33
You need to create the principal, configure the server or the application to use it. Then you have to maintain the principle throughout the application lifecycle.
04:43
The use of managed service identities is much easier because of all the work of creation, configuration and maintenance is done by azure.
04:50
The infrastructure is responsible for establishing the identity and authenticating with the service
04:57
within your application, you can use this identity as any other as your a D user identity.
05:02
Note that not all azure services and azure support the managed services identity as of now, but the list is constantly growing.
05:13
We've mentioned the roles in the previous slide, but
05:15
what are they really useful for?
05:17
Well, rules are a set of granular permissions to resources and data that can be assigned to users.
05:24
Azure has built in roles like reader contributor or global administrator,
05:29
but you can create custom ones if neither of the built in one satisfies your need.
05:34
Identities are mapped to roles either directly or through a group. Membership
05:39
rolls can be granted at the individual resource level, but they can also flow down the azure hierarchy.
05:46
A role assigned to a higher level in the azure hierarchy is also considered in effect at the lower levels.
05:53
As your doesn't only give you the tools to manage the role based access for your users, but also a tool to monitor and audit the role members.
06:01
As you're privileged, identity management completes the set of tools you need to achieve a high level of regulatory compliance for your workloads. In Azure
06:12
as you're privileged, identity management is a paid offering to customers who purchase as your A D premium P two or Enterprise Mobility and Security E five or Microsoft 3 65 M five.
06:25
In our next video, we'll see how you can leverage encryption in azure to protect your data.
Up Next