Azure Identity, Access and Security
Table of Contents
Identity
In computing, “identity” is a representation of a person, application or device.
“Identity systems” get hacked all the time.
- Storing password in plain text
- Using outdated (easily broken) encryption like MD5
- Storing the salt with the data
- Not enforcing proper password complexity
- Not enforcing password change policies
Microsoft is a worldwide leader in enterprise identity management with: Active Directory
They extend their lead in the cloud with: Microsoft Entra ID (used to be called Azure Active Directory).
Active Directory and Microsoft Entra are not direct replacements of each other.
Active Directory uses protocols such as LDAP and Kerberos for communication.
Entra ID uses protocols such as SAML and OAuth for communication.
Instead of coding your own security backend, you can use APIs to Entra ID to handle authentication and authorization.
Benefits of Azure AD
- Security
- Reduced development time, easier support
- More features
- Centralized administration
- Only one user ID and password
- Single Sign-on
- Integration with other Azure services
Azure AD Conditional Access
https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
Azure Multi Factor authentication
- Something you know - password
- Something you have - mobile phone, access to email account
- Something you are - fingerprint