Authentication vs Authorization

The difference between Authentication and Authorization

• Authentication is a user proving who they are - user id and password

• Authorization is ensuring that a user is permitted to perform an action

Move away from all authenticated users having admin access

Azure Active Directory

• Microsoft's preferred solution for identity management

• Powers other Microsoft Services:

  • Azure

  • Skype

  • Outlook

  • OneDrive

  • Xbox

  • Office 365 - Teams, SharePoint, PowerBI, etc

• Complete solution for managing users, groups, roles

• Single-sign on - Synchronization with your corporate AD

• Conditional access:

  • Detect unusual activity

  • Examples:

    • User A attempts to log in to the app from within the company office

    • User B attempts to log in to the app for the first time in 4 months

    • Administrator C attempts to log in to the app from their phone

    • Administrator D attempts to log in to the app from a location 1200km from the office

  • You can treat some access attempts as "routine", and some as "not normal"

  • Signal --> Decision --> Enforcement