2.5.1. π‘ First Principle: Microsoft Entra ID (formerly Azure AD)
First Principle: Microsoft Entra ID is Microsoftβs cloud-based identity and access management service. Its core purpose is to provide a centralized platform for managing user identities and enabling secure access to applications and resources in the cloud and on-premises.
What It Is: A comprehensive identity and access management service that provides single sign-on, multi-factor authentication, and conditional access to protect against cybersecurity attacks.
Key Concepts:
- Identity Management: Manages users, groups, and device identities.
- Authentication: Verifies user identity. Supports methods like passwords, MFA, and passwordless options.
- Single Sign-On (SSO): Allows users to sign in once and access many applications.
- Authorization: Works with Azure RBAC to control what authenticated users can do.
Scenario: An organization wants its employees to use their single corporate login to securely access all their applications, including Microsoft 365, Azure, and other third-party SaaS apps.
Reflection Question: How does Microsoft Entra ID simplify identity management and improve security for this organization by providing a single, unified identity platform?
π‘ Tip: Microsoft Entra ID is the backbone of identity for Microsoft's cloud services. It's not a cloud version of Windows Server Active Directory; it's a modern identity provider built for the cloud.