Identity & Access Management

6.1 Microsoft Entra ID (Azure AD)

Overview

Cloud identity platform providing SSO, MFA, and access control.

Key Concepts

Tenant
Users & Groups
App Registrations
Enterprise Applications
Managed Identities

Authentication

Password + MFA
Passwordless (FIDO2, Authenticator)
Conditional Access
Identity Protection

Permissions

Delegated Permissions
Application Permissions

Key Features

SSO
B2B / B2C
PIM
Access Reviews
SSPR

Editions

Feature	Free	P1	P2
Conditional Access	No	Yes	Yes
PIM	No	No	Yes

6.2 Entra External ID (B2C)

Customer identity platform with social login and custom flows.

6.3 Entra Domain Services

Managed domain services (LDAP, Kerberos, NTLM) for legacy apps.

6.4 Role-Based Access Control (RBAC)

Overview

Controls access to Azure resources.

Key Concepts

Security Principal
Role Definition
Scope
Assignment

Built-in Roles

Role	Description
Owner	Full access
Contributor	Manage resources
Reader	View only

Principles

Least privilege
Use built-in roles
Use PIM for admin access

6.5 Azure Key Vault

Overview

Secure storage for secrets, keys, and certificates.

Stores

Secrets
Keys
Certificates

Access Models

RBAC (recommended)
Access Policies (legacy)

Key Features

Soft delete
Purge protection
Private endpoint
HSM-backed keys

PART 6: IDENTITY & ACCESS MANAGEMENT

6.1 Microsoft Entra ID (Azure AD)

Overview

Key Concepts

Authentication

Permissions

Key Features

Editions

6.2 Entra External ID (B2C)

6.3 Entra Domain Services

6.4 Role-Based Access Control (RBAC)

Overview

Key Concepts

Built-in Roles

Principles

6.5 Azure Key Vault

Overview

Stores

Access Models

Key Features