Unit 4 of 4
Identity, Access, and Security
15 min
+150 points
Learning objectives
When you finish this unit, you will be able to:
- Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services.
- Describe authentication methods in Azure, including single sign-on (SSO), multi-factor authentication (MFA), and passwordless.
- Describe external identities in Azure, including business-to-business (B2B) and business-to-customer (B2C).
- Describe Microsoft Entra Conditional Access.
- Describe Azure role-based access control (RBAC).
- Describe the concept of Zero Trust.
- Describe the purpose of the defense-in-depth model.
- Describe the purpose of Microsoft Defender for Cloud.
Identity and security in Azure
Directory services
- Microsoft Entra ID (formerly Azure AD): cloud-based identity and access management.
- Microsoft Entra Domain Services: managed domain services for lift-and-shift scenarios.
Authentication
- Single sign-on (SSO): one set of credentials for multiple applications.
- Multi-factor authentication (MFA): requires two or more verification methods.
- Passwordless: authenticate using biometrics, security keys, or mobile apps.
External identities
- B2B: collaborate with external partners and guests.
- B2C: authenticate customers in consumer-facing applications.
Access control and security models
- Conditional Access: enforce access policies based on user, device, location, and risk.
- Azure RBAC: assign roles to users, groups, and service principals at defined scopes.
- Zero Trust: verify explicitly, use least privilege, and assume breach.
- Defense-in-depth: layered security controls across physical, network, identity, and data layers.
- Microsoft Defender for Cloud: unified security management and threat protection for cloud workloads.
Exam focus: match identity, authentication, and security concepts to the Azure service or model described in each question.