Fundamentals of Cloud Identity
Azure AD is identity provider which is used for Exchange online.
A security token is signed set of claims related to an authenticated user.
Azure Active Directory
- Azure Active Directory
- Azure AD User Types
- Hybird Identity
Azure Active Directory
- Cloud-Based authentication and identity provider
- Integrates with over 3,300 cloud apps
- Ecery Azure subscription is tied to a “primary” Azure AD tenant
- Synchronizes with on-premises Active Directory
- Offers a wide range of identity and security services
- Multiple feature tires
Azure AD User Types
- Each Azure AD tenant can have its own cloud users.
- Can grant an identity for thay cloud user(to Guest User) in my Azure AD tenant.
- Each Azure AD tenant can be associated with multiple subscriptions
- Azure AD provides authentication for cloud-based applications
- An Azure AD guest user is a user reference added to an Azure AD tenant that is defined in a different Azure AD tenant
Azure MFA in Practice
- Cloud and on-premises MFA
- Availablefor different Azure AD pricing tiers
- Free – limited functionality available for global admin
- Basic – theoretically available
- Office 365 – limited functionality available to each licensed Office 365 user
- Premium – full functionality
- Combine with conditional access
Multi-Factor Authentication
https://docs.microsoft.com/zh-tw/azure/active-directory/authentication/concept-mfa-howitworks
Available verification methods
- Microsoft Authenticator app
- OATH Hardware token (preview)
- OATH Software token
- SMS
- Voice call
