> For the complete documentation index, see [llms.txt](https://docs.arkannis.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.arkannis.net/cloud/azure/courses/az900-course/azure-identity-services/overview.md). # Overview ## Describe Identity, Governance, Privacy and Compliance Features (20-25%) ## Describe core Azure Identity Services * Explain the difference between authentication and authorization * Define Azure Active Directory * Describe the functionality and usage of Azure Active Directory * Describe the functionality and usage of Conditional Access, Multi-Factor Authentication (MFA) and Single Sign-On (SSO) ## Describe Azure governance features * Describe the functionality and usage of Role-Based Access Control (RBAC) * Describe the functionality and usage of resource locks * Describe the functionality and usage of tags * Describe the functionality and usage of Azure Policy * Describe the functionality and usage of Azure Blueprints * Describe the Cloud Adoption Framework for Azure ## Describe privacy and compliance resources * Describe the Microsoft core tenets of Security, Privacy and Compliance * Describe the purpose of the Microsoft Privacy Statement, Online Service Terms (OST) and Data Protection Amendment (DPA) * Describe the purpose of the Trust Center * Describe the purpose of the Azure compliance documentation * Describe the purpose of Azure Sovereign Regions (Azure Government cloud services and Azure China cloud Services) ## Identity * In computing "identity" is a representation of a person, application or device Examples of Identity: * John Henry Doe * * Monthly Payroll Application * The laser printer at 6th Floor West Usually requires a password, secret key or a certificate to prove that you are who you say you are Many Applications require you to log in to use some of its functionality ## How it's traditionally handled Client App/Web Browser/Mobile App --> USER ID, PASSWORD --> Server/Web Site --> DB * Traditionally, companies have written their own code to handle this * Some of the more famous "hacks" have been on custom created identity systems **Hacks:** * were storing passwords in plain text * were using a simple, reversible hash algorithm (MD5) * were storing the salt along with the data * not enforcing password change policies * not enforcing password complexity policies #### Azure provides an identity management system based on their popular "Active Directory" ## Azure Active Directory (Azure AD or AAD) * It's not the same as Active Directory * Traditional AD does not work with Internet Protocols (LDAP = does not work on internet) * Azure AD provides "identity as a service" * Instead of having to write code to handle users, passwords, passwords reset you have a middleman * Open Standards that work over internet: (SAML, OpenID, WS Federation) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.arkannis.net/cloud/azure/courses/az900-course/azure-identity-services/overview.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.