Professional Documents
Culture Documents
vs.
Authorization
Authentification vs. Authorization
Authentification
Are you who you say you are? Proving that you are who you say
Multi-factor authentification
Authorization
Microsoft 365
Azure portal
Users
Credentials
Manged by Groups
Resources Identities
Azure AD
Multi-factor
Authentification authentification
Guest access
Azure Active Directory (Azure AD)
Azure's identity and access management service
Sync
Active Directory Azure Active Directory
On-premises Cloud
Plans
Software 1 Authentification
Software 2 Authentification
Insecure + Inconvenient
Software 1
Sign-in once Azure AD
(Single Sign-On) Software 2
Username: nikolai.schuler@[...].com
********** Authentication
Password:
One way:
Password can get found out!
Conditional Access
… Have
… Are
Passwordless
authentication
Passwordless authentication
Secure
Multi-factor Passwordless
Inconvenient Convenient
Password
Insecure
Passwordless authentication
More secure + more convenient
3 passwordless options
Guest users
Resources
Conditional
access
Conditional access
Including intelligent signals in access control decisions
Acess allowed
Block access
SIGNALS DECISION
Conditional access
Including intelligent signals in access control decisions
Examples:
Example: Allow one user to manage all SQL databases in a resource group.
Examples:
o One user gets assigned the role Reader to an entire resource group.
o One user group gets assigned the role Storage account contributor to three storage accounts.
o Assume breach
End-to-end encryption, network segmentation, analytics, threat detection, continuous monitoring, updates
o Verify explicitly
Use all data points and every opportunity to authenticate and authorize
DDos Protection,
Perimeter Perimeter firewalls
Azure Account
Management groups
IT Department HR Department Finance Department
Subscriptions
Subscription 1 Subscription 2
Resource groups
Resources
Microsoft Defender
for Cloud
Microsoft Defender for Cloud
Security tools for cloud and on-premises
CWPP
Alerts Defends in real-time and Defend Cloud Workload Protection
sends alerts Platform
Paid service
Microsoft Defender for Cloud
Security tools for cloud and on-premises
o Security alerts
Alerts Defend o Defends and detects
o Intelligent threat detection
Paid service
Summary
Summary
Multi-factor Authentication
Authentication Authorization
Proving that you are who you say Granting permission to an Additional method of authentication
authenticated party Biometrics or trusted device
to do something
Single sign-on
Azure AD
One set of credentionals to sign in to multiple systems
Manged service for identity and access management (Azure & O365)
Zero Trust
Security principals: Assume breach, never trust, always verify! Microsoft Defender for cloud