Course 29 - AZ-500 Microsoft Azure Security Technologies | Episode 3: Mastering Azure Identity and Access Management
In this lesson, you’ll learn about managing identity and access in Microsoft Azure, aligned with the AZ-500 certification, with a strong focus on security and privileged access control:Azure Active Directory Identity Protection
Detecting and responding to risky sign-ins and accounts, such as:
Logins from anonymous IPs (e.g., via Tor)
Unusual behavior or leaked credentials
Identifying vulnerabilities like:
Users without Multi-Factor Authentication (MFA)
Weak or exposed credentials
Using automated policies to:
Trigger alerts
Enforce remediation (e.g., force password reset or MFA)
Tenants, Subscriptions, and Roles
Understanding structure:
Azure AD Tenant → Identity layer
Azure Subscription → Resource management layer
Differentiating roles:
Azure AD roles → Manage users, groups, identities
Azure RBAC roles → Manage cloud resources
Core RBAC roles:
Owner → Full control
Contributor → Modify resources (no access control)
Reader → View-only access
Assigning roles to:
Users
Groups
Service principals
Privileged Identity Management (PIM)
Using Azure AD Privileged Identity Management (PIM) to reduce risk from privileged accounts
Key concepts:
Just-In-Time (JIT) access → No permanent admin rights
Course 29 - AZ-500 Microsoft Azure Security Technologies | Episode 3: Mastering Azure Identity and Access Management
In this lesson, you’ll learn about managing identity and access in Microsoft Azure, aligned with the AZ-500 certification, with a strong focus on security and privileged access control:Azure Active Directory Identity Protection
Detecting and responding to risky sign-ins and accounts, such as:
Logins from anonymous IPs (e.g., via Tor)
Unusual behavior or leaked credentials
Identifying vulnerabilities like:
Users without Multi-Factor Authentication (MFA)
Weak or exposed credentials
Using automated policies to:
Trigger alerts
Enforce remediation (e.g., force password reset or MFA)
Tenants, Subscriptions, and Roles
Understanding structure:
Azure AD Tenant → Identity layer
Azure Subscription → Resource management layer
Differentiating roles:
Azure AD roles → Manage users, groups, identities
Azure RBAC roles → Manage cloud resources
Core RBAC roles:
Owner → Full control
Contributor → Modify resources (no access control)
Reader → View-only access
Assigning roles to:
Users
Groups
Service principals
Privileged Identity Management (PIM)
Using Azure AD Privileged Identity Management (PIM) to reduce risk from privileged accounts
Key concepts:
Just-In-Time (JIT) access → No permanent admin rights