Azure Series #1: Security Layer — 1. Identity & Login
Identity and Login is essentially the entry-point to any server or system. Azure provides a sophisticated IAM (Identity and Access Management) but it is also the responsibility of user to make sure that the password and keys are set with required level of difficultly and secured well. We do not want the Identity impersonation or hackers to hack / wrong users to enter into our system. The IAM in Azure is achieved via Azure Active Directory.
Identity & Login Core services: IAM — Azure AD, AIP, Azure Sentinel & Identity Governance.
Azure Active Directory:
What is Azure AD:
It is the cloud based Identity and Access Management Service in Microsoft Azure. In order to access the resources, the essential first step is to sign-in to the account.
Azure AD is used by
- IT administrators
- Application Developers
- Microsoft Online (Microsoft 365, Office 365, Azure, Dynamics CRM etc.)
Azure Licenses related
Below are some of the Azure Licenses available that can be used by the organization based on the need. Depends on which services are being licensed, in addition to the free services, additional protection / risk coverage would be enabled. Most of these features are Pay As You Go (PAYG) feature licenses.
- Azure AD Free and Premium
- Azure AD Security
- Azure AD Connect health
- Azure AD Connect
- Azure AD Identity Protection
- Azure AD Identity Secure Score
- Azure AD Authentication methods
- Azure AD Conditional Access
- Azure AD Risky users
- Azure AD Risky sign-ins
- Azure AD Risk Detections
- Azure AD Named locations
- Azure AD Password Protection
- Azure AD Privileged Identity management
- Create custom Azure AD roles
- Azure AD B2C
- Multi Factor Authentication (MFA)
How does it work:
Azure AD needs Admin account to be created and all associated Azure AD features. Organizations should always follow the conservative least-priveleged approach to all user access. Azure IAM (Azure AD) performs three key things
Authentication: Login / Sign up into external resources, Microsoft 365, Azure portal and other SaaS applications.
Authorization: Check for permissions to access the Azure resources
Scope / Custom Role definitions: What is the scope / which all actions are permitted within that accessible resource.
Once the user is created and depends on what has been licensed, Azure AD enables the below features
- Application Management
- Hybrid identity
- Identity Governance
- Azure Active Directory for developers
- Business to Business — management for guest users
- Business to consumer — customize and control management
- Conditional access
- Domain services
- Privileged identity
- Reporting and monitoring
Azure Information Protection (AIP):
Azure Information Protection (AIP) enables organiztions to (1) Classify (2) Discover (3) Protect information assets of your organization on cloud and you can apply labels to those assets. It is part of Microsoft Information Protection solution (MIP).
There is also AIP On-premise scanner that enables to scan the on-premise information assets. It can be installed using PowerShell or using Azure portal or MIP SDK.
Azure Sentinel is a cloud-based
- Security Orchestration Automated Response (SOAR) &
- Security Information Event Management (SIEM) solution.
It also performs efficient (1) Security analytics (2) Threat Intelligence across your organization and provides a single-window solution for the threat related proactive identification and response. It enables you to collect and gather data across any source from cloud.
- Collect data across all the devices and services / products offered by Azure, On-Premises or even multi-cloud.
- Detect all the threats proactively which was not detected earlier and improve threat intelligence.
- Investigate — use AI/ML to get better analytics and trap suspicious / mallicious activities.
- Respond to any cyber threat incidents more rapidly.
Azure Sentinel helps to improve the Identity Governance.
Parent Article: Azure Multi part series.