Azure identity, access, and security
📘Microsoft Certified: Azure Fundamentals (AZ-900)
Overview
Authentication is how Azure verifies that a user is who they say they are. This is the first step in securing access to resources. Azure provides several methods to make authentication secure and convenient for users in an IT environment.
Three main methods to know for AZ-900 are:
- Single Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- Passwordless Authentication
1. Single Sign-On (SSO)
Definition:
SSO allows a user to log in once and access multiple applications and services without needing to sign in again for each one.
How it works in an IT environment:
- An organization uses Azure Active Directory (Azure AD) to manage user identities.
- When a user signs in to their Azure AD account, SSO automatically grants access to other connected applications like Microsoft 365, SharePoint, Teams, or third-party SaaS apps.
- The user doesn’t need to remember multiple usernames or passwords for different apps.
Key Points for Exam:
- SSO improves user productivity by reducing repeated logins.
- Helps IT teams control access centrally.
- Azure supports SSO with Microsoft apps and third-party apps (like Salesforce, Dropbox, or Zoom).
2. Multi-Factor Authentication (MFA)
Definition:
MFA adds a second layer of security to the login process. Even if a password is stolen, the second factor prevents unauthorized access.
Factors in MFA:
- Something you know → Password, PIN
- Something you have → Mobile phone, authentication app
- Something you are → Fingerprint, face scan
How it works in an IT environment:
- A user logs in with their username and password.
- Azure AD then asks for a second verification, like:
- A code from Microsoft Authenticator app
- A text message to the registered phone
- A biometric check like a fingerprint or facial recognition
- Only after the second factor is verified, access is granted.
Key Points for Exam:
- MFA is critical for security and often required for sensitive apps.
- Azure AD can enforce MFA policies per user, group, or application.
- MFA reduces the risk of unauthorized access due to compromised passwords.
3. Passwordless Authentication
Definition:
Passwordless authentication allows users to log in without using a password at all.
How it works in an IT environment:
- Users authenticate using strong alternatives:
- Biometrics: Fingerprint, face scan
- Security keys: Physical USB or NFC keys
- Authenticator apps: Mobile app notifications or one-time codes
- Azure AD ensures the authentication is secure and compliant.
Benefits:
- Eliminates the risk of stolen or weak passwords.
- Users have a faster and easier login experience.
- Works seamlessly with Azure AD integrated applications.
Key Points for Exam:
- Passwordless authentication is supported by Azure AD.
- Can be combined with MFA for extra security.
- Often uses FIDO2 security keys or Microsoft Authenticator app.
Summary Table for Easy Exam Recall
| Authentication Type | What it Does | Azure Tool/Feature | Key Exam Points |
|---|---|---|---|
| Single Sign-On (SSO) | Login once, access multiple apps | Azure AD SSO | Centralized access, productivity, supports SaaS apps |
| Multi-Factor Authentication (MFA) | Adds a second verification step | Azure AD MFA | Reduces password risk, configurable per user/group |
| Passwordless Authentication | Login without a password | Azure AD, FIDO2, Authenticator App | More secure, faster login, can combine with MFA |
Exam Tip
- Remember that SSO is about convenience, MFA is about security, and Passwordless is both secure and convenient.
- Questions often ask:
- “Which Azure feature allows access to multiple apps with one login?” → SSO
- “Which feature prevents unauthorized access if a password is stolen?” → MFA
- “Which login method removes the need for passwords entirely?” → Passwordless
