Skip to content
Microsoft Sovereign Cloud Brain Trek

Identity and Access Basics

Overview

Section titled “Overview”

Identity and Access Management (IAM) is the foundation of cloud security, controlling who can access what resources and under what conditions.

Authentication vs Authorization Flow

Authentication vs Authorization Flow Figure: Authentication verifies identity; Authorization determines permissions

Core Concepts

Section titled “Core Concepts”

Authentication vs Authorization

Section titled “Authentication vs Authorization”
  • Authentication: Verifying identity (“Who are you?”)
  • Authorization: Determining permissions (“What can you do?”)

Identity Types

Section titled “Identity Types”
  • Human Identities: Users, administrators, developers
  • Service Identities: Applications, services, APIs
  • Device Identities: Computers, mobile devices, IoT devices

Authentication Methods

Section titled “Authentication Methods”

Single-Factor Authentication

Section titled “Single-Factor Authentication”
  • Passwords, PINs, security questions
  • Vulnerable to compromise
  • Not recommended for sensitive systems

Multi-Factor Authentication (MFA)

Section titled “Multi-Factor Authentication (MFA)”
  • Knowledge: Something you know (password)
  • Possession: Something you have (phone, token)
  • Inherence: Something you are (biometrics)

Modern Authentication

Section titled “Modern Authentication”
  • OAuth 2.0 and OpenID Connect protocols
  • Token-based authentication
  • Single sign-on (SSO) capabilities

Access Control Models

Section titled “Access Control Models”

Role-Based Access Control (RBAC)

Section titled “Role-Based Access Control (RBAC)”
  • Permissions assigned to roles
  • Users assigned to roles
  • Simplifies permission management

Attribute-Based Access Control (ABAC)

Section titled “Attribute-Based Access Control (ABAC)”
  • Dynamic permissions based on attributes
  • Context-aware access decisions
  • Fine-grained control capabilities

Just-in-Time (JIT) Access

Section titled “Just-in-Time (JIT) Access”
  • Temporary elevated permissions
  • Time-bound access grants
  • Reduces standing privileges

Identity Governance

Section titled “Identity Governance”

Access Reviews

Section titled “Access Reviews”
  • Regular review of user permissions
  • Removal of unused access
  • Compliance with least privilege

Lifecycle Management

Section titled “Lifecycle Management”
  • User onboarding and offboarding
  • Role changes and transitions
  • Automated provisioning and deprovisioning

Cloud Identity Considerations

Section titled “Cloud Identity Considerations”

Federation

Section titled “Federation”
  • Trust relationships between identity providers
  • Single sign-on across multiple systems
  • Centralized identity management

Zero Trust Architecture

Section titled “Zero Trust Architecture”
  • Never trust, always verify
  • Continuous authentication and authorization
  • Assume breach mentality

Next Steps

Section titled “Next Steps”

Complete the Security & Compliance Knowledge Check to test your understanding.

Last Updated: November 2025