From the course: Career Essentials in System Administration by Microsoft and LinkedIn

On-premises and cloud identity services

From the course: Career Essentials in System Administration by Microsoft and LinkedIn

On-premises and cloud identity services

- When you log into an active directory domain, either on-premises or in the Azure cloud, this is called authentication. It uses your credentials to say, you are who you say you are. And now you're in the door. When you go to access a shared file, the same AD will check to see if you're authorized to access it. Authentication and authorization are the two processes that make up identity services, where identity management is performed. Microsoft identity management protects access to applications and resources across on-premises and the cloud. Such protection enables additional levels of validation, such as multifactor authentication and conditional access policies. Identity services create and manage a single identity for each user across your hybrid enterprise, keeping users, groups, and devices in sync. It provides single sign-on access to your applications, including thousands of pre-integrated software as a service apps. It enables multifactor authentication for both on-premises and cloud applications. It also provisions secure remote access to on-premises web applications through Azure AD Application Proxy. Not everyone is completely in the cloud. Hybrid identity contains both on-premises and Azure cloud services for authenticating and authorizing users, no matter where they are. Microsoft's identity solutions create a single user identity for authentication and authorization to all resources, regardless of location. We call this hybrid identity. This allows you to provide a common identity for your users for Microsoft 365, Azure, and software as a service applications integrated with Azure AD. The users are synced between on-premises and cloud, and uses Azure AD Connect. This is a tool that resides on an on-premises server and synced to Azure AD. The pass through authentication allows for a single sign-on from local AD to cloud resources, such as applications, email, and others. You can also monitor logins and permissions from the Azure portal. Users sometimes need to carry out privileged operations in Azure or Microsoft 365 resources as a type of administrator using role-based access. This need often means that organizations have to give users permanent privileged access in Azure AD. Such access is a growing security risk for cloud-hosted resources because organizations can't sufficiently monitor what the users are doing with their administrative privileges. If a user account with privileged access is compromised, that one breach could affect the organization's overall cloud security. Azure AD privileged identity management helps to mitigate this risk. Identity services and management from Microsoft adds additional security to your identity requests, no matter where you are.

Contents