SlideShare uma empresa Scribd logo

SC-900 Capabilities of Microsoft Identity and Access Management Solutions

F
FredBrandonAuthorMCP

SC-900 Capabilities of Microsoft Identity and Access Management Solutions

Tecnologia
1 de 30
© Copyright Microsoft Corporation. All rights reserved. SC-900T00-A Module 2: Describe the Capabilities of Microsoft Identity and Access Management Solutions
© Copyright Microsoft Corporation. All rights reserved. Module Agenda Explore the services and identity types of Azure Active Directory Explore the authentication capabilities of Azure Active Directory Explore the access management capabilities of Azure Active Directory Describe identity protection governance capabilities of Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 1: Explore the services and identity types in Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 1 Introduction After completing this module, you’ll be able to: • Describe what is Azure AD • Describe the identity types that Azure AD supports
© Copyright Microsoft Corporation. All rights reserved. Azure Active Directory Azure AD is Microsoft’s cloud-based identity and access management service. Capabilities of Azure AD include: • Organizations can enable their employees, guests, and others to sign in and access the resources they need. • Provide a single identity system for their cloud and on- premises applications. • Protect user identities and credentials and to meet an organization’s access governance requirements. • Each Microsoft 365, Office 365, Azure, and Dynamics 365 Online subscription automatically use an Azure AD tenant.
© Copyright Microsoft Corporation. All rights reserved. Azure AD identity types Azure AD manages different types of identities: users, service principals, managed identities, and devices. User – Generally speaking, a user is a representation of an individual’s identity that's managed by Azure AD. Employees and guests are represented as users in Azure AD. Device - A piece of hardware, such as mobile devices, laptops, servers, or printer. Device identities can be set up in different ways in Azure AD, to determine properties such as who owns the device. Service principal - You can think of it as an identity for an application. A service principal is created in every tenant the application is used & defines who can access the app, what resources the app can access, and more. Managed identity – A type of service principal, a managed identity provides an identity for applications to use when connecting to resources that support Azure AD authentication.
© Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory user settings
© Copyright Microsoft Corporation. All rights reserved. External identities in Azure AD Two different Azure AD External Identities: B2B collaboration B2B collaboration allows you to share your apps and resources with external users B2C access management B2C is an identity management solution for consumer and customer facing apps
© Copyright Microsoft Corporation. All rights reserved. The concept of hybrid identities Hybrid identities Hybrid identity model • With the hybrid model, users accessing both on-premises and cloud apps are hybrid users managed in the on-premises Active Directory. • When you make an update in your on- premises AD DS, all updates to user accounts, groups, and contacts are synchronized to your Azure AD with Azure AD Connect
© Copyright Microsoft Corporation. All rights reserved. Lesson 2: Explore the authentication capabilities of Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 2 Introduction After completing this module, you’ll be able to: • Describe the secure authentication methods of Azure AD • Describe the password protection and management capabilities of Azure AD
© Copyright Microsoft Corporation. All rights reserved. Authentication methods of Azure AD Multifactor authentication (MFA) & Security Defaults MFA requires more than one form of verification: • Something you know • Something you have • Something you are Security defaults: • A set of basic identity security mechanisms recommended by Microsoft. • A great option for organizations that want to increase their security posture but don’t know where to start, or for organizations using the free tier of Azure AD licensing.
© Copyright Microsoft Corporation. All rights reserved. Multi-factor authentication (MFA) in Azure AD Different authentication methods that can be used with MFA Passwords Password & additional verification • Phone (voice or SMS) • Microsoft Authenticator • Open Authentication (OATH) with software or hardware tokens Passwordless • Biometrics (Windows Hello) • Microsoft Authenticator • FIDO2
© Copyright Microsoft Corporation. All rights reserved. Windows Hello for Business Windows Hello lets users authenticate to: • A Microsoft account • An Active Directory account • An Azure Active Directory (Azure AD) account • Identity Provider Services or Relying Party Services that support Fast ID Online v2.0 authentication Why is Windows Hello safer than a password? Because it's tied to the specific device on which it was set up. Without the hardware, the PIN is useless
© Copyright Microsoft Corporation. All rights reserved. Self-service password reset (SSPR) in Azure AD Benefits of Self-service password reset: • It increases security. • It saves the organization money by reducing the number of calls and requests to help desk staff. • It increases productivity, allowing the user to return to work faster. Self-service password reset works in the following scenarios: • Password change • Password reset • Account unlock Authentication method of SSPR: • Mobile app notification • Mobile app code • Email
© Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory self-service password reset (SSPR)
© Copyright Microsoft Corporation. All rights reserved. Password protection & management capabilities in Azure AD Global banned password list Custom banned password lists Protecting against password spray Hybrid security
© Copyright Microsoft Corporation. All rights reserved. Lesson 3: Explore the access management capabilities of Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 3 Introduction After this module, you’ll be able to:
© Copyright Microsoft Corporation. All rights reserved. Conditional access Conditional Access signals: • User or group membership • Named location information • Device • Application • Real-time sign-in risk detection • Cloud apps or actions • User risk Access controls: • Block access • Grant access • Require one or more conditions to be met before granting access • Control user access based on session controls to enable limited experiences within specific cloud applications
© Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory Conditional Access
© Copyright Microsoft Corporation. All rights reserved. Azure AD role-based access control (RBAC) Azure AD roles control permissions to manage Azure AD resources. Built-in roles Custom roles Azure AD role-based access control Only grant the access users need
© Copyright Microsoft Corporation. All rights reserved. Lesson 4: Describe the identity protection and governance capabilities of Azure Active Directory
© Copyright Microsoft Corporation. All rights reserved. Lesson 4 Introduction
© Copyright Microsoft Corporation. All rights reserved. Identity governance in Azure AD The tasks of Azure AD identity governance • Govern the identity lifecycle. • Govern access lifecycle. • Secure privileged access for administration. Identity lifecycle • Join: A new digital identity is created. • Move: Update access authorizations. • Leave: Access may need to be removed.
© Copyright Microsoft Corporation. All rights reserved. Entitlement management and access reviews Entitlement management • It is an identity governance feature that enables organizations to manage identity and access lifecycle at scale. • It automates access request workflows, access assignments, reviews, and expiration. Access reviews • Enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignment. • Ensure that only the right people have access to resources • Used to review and manage access for both users and guests Terms of use • Allow information to be presented to users, before they access data or an application. • Ensure users read relevant disclaimers for legal or compliance requirements.
© Copyright Microsoft Corporation. All rights reserved. Privileged Identity Management (PIM) PIM enables you to manage, control, and monitor access to important resources in your organization. Just in time, providing privileged access only when needed, and not before. Time-bound, by assigning start and end dates that indicate when a user can access resources. Approval-based, requiring specific approval to activate privileges. Visible, sending notifications when privileged roles are activated. Auditable, allowing a full access history to be downloaded.
© Copyright Microsoft Corporation. All rights reserved. Azure Identity Protection Enables organizations to accomplish three key tasks: • Automate the detection and remediation of identity-based risks. • Investigate risks using data in the portal. • Export risk detection data to third-party utilities for further analysis. It can categorize and calculate risk: • Categorize risk into three tiers: low, medium, and high. • Calculate the sign-in risk, and user identity risk. It provides organizations with three reports: • Risky users • Risky sign-ins • Risk detections
© Copyright Microsoft Corporation. All rights reserved. Module Summary Azure AD and services and identity types Azure AD supports • Explore the authentication capabilities of Azure AD, including MFA • Explore the access management capabilities of Azure AD with Conditional Access and Azure AD RBAC • Describe identity protection and governance capabilities of Azure AD, including PIM, entitlement management, and access reviews.
© Copyright Microsoft Corporation. All rights reserved.

Recomendados

SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
 
SC-900 Intro
SC-900 IntroSC-900 Intro
SC-900 IntroFredBrandonAuthorMCP
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 

Recomendados

SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
 
SC-900 Intro
SC-900 IntroSC-900 Intro
SC-900 IntroFredBrandonAuthorMCP
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Govern your Azure environment through Azure Policy
Govern your Azure environment through Azure PolicyGovern your Azure environment through Azure Policy
Govern your Azure environment through Azure PolicyMicrosoft Tech Community
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat ProtectionThierry DEMAN
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDrew Madelung
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 
Microsoft Security Overview
Microsoft Security OverviewMicrosoft Security Overview
Microsoft Security OverviewDavid J Rosenthal
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint ManagerGeorge Grammatikos
 
Microsoft Azure - Introduction
Microsoft Azure - IntroductionMicrosoft Azure - Introduction
Microsoft Azure - IntroductionPranav Ainavolu
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Azure-AD.pptx
Azure-AD.pptxAzure-AD.pptx
Azure-AD.pptxssuser9dddf7
 
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptxConfidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptxCarlo Sacchi
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
original.pdf
original.pdforiginal.pdf
original.pdfPranavUndre1
 

Mais conteúdo relacionado

Mais procurados

Govern your Azure environment through Azure Policy
Govern your Azure environment through Azure PolicyGovern your Azure environment through Azure Policy
Govern your Azure environment through Azure PolicyMicrosoft Tech Community
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat ProtectionThierry DEMAN
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDrew Madelung
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint ManagerGeorge Grammatikos
 
Microsoft Azure - Introduction
Microsoft Azure - IntroductionMicrosoft Azure - Introduction
Microsoft Azure - IntroductionPranav Ainavolu
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptxConfidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptxCarlo Sacchi
 

Mais procurados (20)

Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Govern your Azure environment through Azure Policy
Govern your Azure environment through Azure PolicyGovern your Azure environment through Azure Policy
Govern your Azure environment through Azure Policy
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat Protection
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity Protection
 
Microsoft Security Overview
Microsoft Security OverviewMicrosoft Security Overview
Microsoft Security Overview
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft Defender
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
 
Microsoft Azure - Introduction
Microsoft Azure - IntroductionMicrosoft Azure - Introduction
Microsoft Azure - Introduction
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Azure-AD.pptx
Azure-AD.pptxAzure-AD.pptx
Azure-AD.pptx
 
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptxConfidential Computing in Azure - SlideShare Ed Dec 2022.pptx
Confidential Computing in Azure - SlideShare Ed Dec 2022.pptx
 

Semelhante a SC-900 Capabilities of Microsoft Identity and Access Management Solutions

Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0Huy Pham
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...UiPathCommunity
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...CoLaboraDK
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active DirectoryEng Teong Cheah
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
MSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information ProtectionMSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information ProtectionKesavan Munuswamy
 

Semelhante a SC-900 Capabilities of Microsoft Identity and Access Management Solutions (20)

Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
 
original.pdf
original.pdforiginal.pdf
original.pdf
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
MSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information ProtectionMSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information Protection
 
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptxAbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 

Mais de FredBrandonAuthorMCP

Savings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptxSavings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptxFredBrandonAuthorMCP
 
Investing and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptxInvesting and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptxFredBrandonAuthorMCP
 
Exploring Blockchain in the Enterprise
Exploring Blockchain in the EnterpriseExploring Blockchain in the Enterprise
Exploring Blockchain in the EnterpriseFredBrandonAuthorMCP
 
Business Automation - Intro to the Power Platform
Business Automation - Intro to the Power PlatformBusiness Automation - Intro to the Power Platform
Business Automation - Intro to the Power PlatformFredBrandonAuthorMCP
 
Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI FredBrandonAuthorMCP
 
Automation for Small Business using the Power Platform
Automation for Small Business using the Power PlatformAutomation for Small Business using the Power Platform
Automation for Small Business using the Power PlatformFredBrandonAuthorMCP
 
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...FredBrandonAuthorMCP
 

Mais de FredBrandonAuthorMCP (7)

Savings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptxSavings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptx
 
Investing and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptxInvesting and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptx
 
Exploring Blockchain in the Enterprise
Exploring Blockchain in the EnterpriseExploring Blockchain in the Enterprise
Exploring Blockchain in the Enterprise
 
Business Automation - Intro to the Power Platform
Business Automation - Intro to the Power PlatformBusiness Automation - Intro to the Power Platform
Business Automation - Intro to the Power Platform
 
Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI
 
Automation for Small Business using the Power Platform
Automation for Small Business using the Power PlatformAutomation for Small Business using the Power Platform
Automation for Small Business using the Power Platform
 
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
 

Último

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

SC-900 Capabilities of Microsoft Identity and Access Management Solutions

  • 1. © Copyright Microsoft Corporation. All rights reserved. SC-900T00-A Module 2: Describe the Capabilities of Microsoft Identity and Access Management Solutions
  • 2. © Copyright Microsoft Corporation. All rights reserved. Module Agenda Explore the services and identity types of Azure Active Directory Explore the authentication capabilities of Azure Active Directory Explore the access management capabilities of Azure Active Directory Describe identity protection governance capabilities of Azure Active Directory
  • 3. © Copyright Microsoft Corporation. All rights reserved. Lesson 1: Explore the services and identity types in Azure Active Directory
  • 4. © Copyright Microsoft Corporation. All rights reserved. Lesson 1 Introduction After completing this module, you’ll be able to: • Describe what is Azure AD • Describe the identity types that Azure AD supports
  • 5. © Copyright Microsoft Corporation. All rights reserved. Azure Active Directory Azure AD is Microsoft’s cloud-based identity and access management service. Capabilities of Azure AD include: • Organizations can enable their employees, guests, and others to sign in and access the resources they need. • Provide a single identity system for their cloud and on- premises applications. • Protect user identities and credentials and to meet an organization’s access governance requirements. • Each Microsoft 365, Office 365, Azure, and Dynamics 365 Online subscription automatically use an Azure AD tenant.
  • 6. © Copyright Microsoft Corporation. All rights reserved. Azure AD identity types Azure AD manages different types of identities: users, service principals, managed identities, and devices. User – Generally speaking, a user is a representation of an individual’s identity that's managed by Azure AD. Employees and guests are represented as users in Azure AD. Device - A piece of hardware, such as mobile devices, laptops, servers, or printer. Device identities can be set up in different ways in Azure AD, to determine properties such as who owns the device. Service principal - You can think of it as an identity for an application. A service principal is created in every tenant the application is used & defines who can access the app, what resources the app can access, and more. Managed identity – A type of service principal, a managed identity provides an identity for applications to use when connecting to resources that support Azure AD authentication.
  • 7. © Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory user settings
  • 8. © Copyright Microsoft Corporation. All rights reserved. External identities in Azure AD Two different Azure AD External Identities: B2B collaboration B2B collaboration allows you to share your apps and resources with external users B2C access management B2C is an identity management solution for consumer and customer facing apps
  • 9. © Copyright Microsoft Corporation. All rights reserved. The concept of hybrid identities Hybrid identities Hybrid identity model • With the hybrid model, users accessing both on-premises and cloud apps are hybrid users managed in the on-premises Active Directory. • When you make an update in your on- premises AD DS, all updates to user accounts, groups, and contacts are synchronized to your Azure AD with Azure AD Connect
  • 10. © Copyright Microsoft Corporation. All rights reserved. Lesson 2: Explore the authentication capabilities of Azure Active Directory
  • 11. © Copyright Microsoft Corporation. All rights reserved. Lesson 2 Introduction After completing this module, you’ll be able to: • Describe the secure authentication methods of Azure AD • Describe the password protection and management capabilities of Azure AD
  • 12. © Copyright Microsoft Corporation. All rights reserved. Authentication methods of Azure AD Multifactor authentication (MFA) & Security Defaults MFA requires more than one form of verification: • Something you know • Something you have • Something you are Security defaults: • A set of basic identity security mechanisms recommended by Microsoft. • A great option for organizations that want to increase their security posture but don’t know where to start, or for organizations using the free tier of Azure AD licensing.
  • 13. © Copyright Microsoft Corporation. All rights reserved. Multi-factor authentication (MFA) in Azure AD Different authentication methods that can be used with MFA Passwords Password & additional verification • Phone (voice or SMS) • Microsoft Authenticator • Open Authentication (OATH) with software or hardware tokens Passwordless • Biometrics (Windows Hello) • Microsoft Authenticator • FIDO2
  • 14. © Copyright Microsoft Corporation. All rights reserved. Windows Hello for Business Windows Hello lets users authenticate to: • A Microsoft account • An Active Directory account • An Azure Active Directory (Azure AD) account • Identity Provider Services or Relying Party Services that support Fast ID Online v2.0 authentication Why is Windows Hello safer than a password? Because it's tied to the specific device on which it was set up. Without the hardware, the PIN is useless
  • 15. © Copyright Microsoft Corporation. All rights reserved. Self-service password reset (SSPR) in Azure AD Benefits of Self-service password reset: • It increases security. • It saves the organization money by reducing the number of calls and requests to help desk staff. • It increases productivity, allowing the user to return to work faster. Self-service password reset works in the following scenarios: • Password change • Password reset • Account unlock Authentication method of SSPR: • Mobile app notification • Mobile app code • Email
  • 16. © Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory self-service password reset (SSPR)
  • 17. © Copyright Microsoft Corporation. All rights reserved. Password protection & management capabilities in Azure AD Global banned password list Custom banned password lists Protecting against password spray Hybrid security
  • 18. © Copyright Microsoft Corporation. All rights reserved. Lesson 3: Explore the access management capabilities of Azure Active Directory
  • 19. © Copyright Microsoft Corporation. All rights reserved. Lesson 3 Introduction After this module, you’ll be able to:
  • 20. © Copyright Microsoft Corporation. All rights reserved. Conditional access Conditional Access signals: • User or group membership • Named location information • Device • Application • Real-time sign-in risk detection • Cloud apps or actions • User risk Access controls: • Block access • Grant access • Require one or more conditions to be met before granting access • Control user access based on session controls to enable limited experiences within specific cloud applications
  • 21. © Copyright Microsoft Corporation. All rights reserved. Demo Azure Active Directory Conditional Access
  • 22. © Copyright Microsoft Corporation. All rights reserved. Azure AD role-based access control (RBAC) Azure AD roles control permissions to manage Azure AD resources. Built-in roles Custom roles Azure AD role-based access control Only grant the access users need
  • 23. © Copyright Microsoft Corporation. All rights reserved. Lesson 4: Describe the identity protection and governance capabilities of Azure Active Directory
  • 24. © Copyright Microsoft Corporation. All rights reserved. Lesson 4 Introduction
  • 25. © Copyright Microsoft Corporation. All rights reserved. Identity governance in Azure AD The tasks of Azure AD identity governance • Govern the identity lifecycle. • Govern access lifecycle. • Secure privileged access for administration. Identity lifecycle • Join: A new digital identity is created. • Move: Update access authorizations. • Leave: Access may need to be removed.
  • 26. © Copyright Microsoft Corporation. All rights reserved. Entitlement management and access reviews Entitlement management • It is an identity governance feature that enables organizations to manage identity and access lifecycle at scale. • It automates access request workflows, access assignments, reviews, and expiration. Access reviews • Enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignment. • Ensure that only the right people have access to resources • Used to review and manage access for both users and guests Terms of use • Allow information to be presented to users, before they access data or an application. • Ensure users read relevant disclaimers for legal or compliance requirements.
  • 27. © Copyright Microsoft Corporation. All rights reserved. Privileged Identity Management (PIM) PIM enables you to manage, control, and monitor access to important resources in your organization. Just in time, providing privileged access only when needed, and not before. Time-bound, by assigning start and end dates that indicate when a user can access resources. Approval-based, requiring specific approval to activate privileges. Visible, sending notifications when privileged roles are activated. Auditable, allowing a full access history to be downloaded.
  • 28. © Copyright Microsoft Corporation. All rights reserved. Azure Identity Protection Enables organizations to accomplish three key tasks: • Automate the detection and remediation of identity-based risks. • Investigate risks using data in the portal. • Export risk detection data to third-party utilities for further analysis. It can categorize and calculate risk: • Categorize risk into three tiers: low, medium, and high. • Calculate the sign-in risk, and user identity risk. It provides organizations with three reports: • Risky users • Risky sign-ins • Risk detections
  • 29. © Copyright Microsoft Corporation. All rights reserved. Module Summary Azure AD and services and identity types Azure AD supports • Explore the authentication capabilities of Azure AD, including MFA • Explore the access management capabilities of Azure AD with Conditional Access and Azure AD RBAC • Describe identity protection and governance capabilities of Azure AD, including PIM, entitlement management, and access reviews.
  • 30. © Copyright Microsoft Corporation. All rights reserved.