Azure identity services overview
Azure identity services are part of the broader concepts of IAM (Identity and Access Management). Also given the zero trust nature of the cloud, the new SCI (Security, Compliance and Identity) concept has risen, since identity is now the new security boundary of hybrid cloud systems.
The current post presents an Azure identity services overview, as of late March 2023. Given the dynamic nature of public clouds, this list will most likely change soon in the near future but nevertheless acts as a general point of reference when discussing Azure hybrid and multicloud services. You find an overview of all Azure service categories at https://stefanos.cloud/blog/azure-service-categories/.
Azure identity services
Azure offers the following hybrid and multicloud services to allow infrastructure engineers, architects and developers to configure and manage hybrid and multicloud architectures.
Synchronize on-premises directories and enable single sign-on
Manage your domain controllers in the cloud
Better protect your sensitive information—anytime, anywhere
Consumer identity and access management in the cloud
Microsoft is now merging and expanding its cloud identity service portfolio via the Microsoft Entra suite. Explore the Microsoft Entra management portal today at https://entra.microsoft.com for more details.
Becoming Azure-certified identity services engineer
As per the Microsoft official certification poster (https://aka.ms/TrainCertPoster), the following certifications are available in the fields of identity services.
- SC-900 (Microsoft Certified: Security, Compliance, and Identity Fundamentals). The Microsoft Certified: Security, Compliance, and Identity Fundamentals certification could be a great fit if you would like to demonstrate your knowledge of Microsoft Security, compliance, and identity (SCI) solutions. It is recommended to have familiarity with networking and cloud computing concepts, general IT knowledge or any general experience working in an IT environment, general understanding of Microsoft Azure and Microsoft 365.
- SC-100 (Microsoft cybersecurity architect expert). The Microsoft cybersecurity architect has subject matter expertise in designing and evolving the cybersecurity strategy to protect an organization’s mission and business processes across all aspects of the enterprise architecture. The cybersecurity architect designs a Zero Trust strategy and architecture, including security strategies for data, applications, access management, identity, and infrastructure. The cybersecurity architect also evaluates Governance Risk Compliance (GRC) technical strategies and security operations strategies. The cybersecurity architect continuously collaborates with leaders and practitioners in IT security, privacy, and other roles across an organization to plan and implement a cybersecurity strategy that meets the business needs of an organization. A candidate for this certification should have advanced experience and knowledge in a wide range of security engineering areas including identity and access, platform protection, security operations, securing data and securing applications. They should also have experience with hybrid and cloud implementations.
- AZ-500 (Microsoft Certified: Azure Security Engineer Associate). The Azure security engineer implements, manages, and monitors security for resources in Azure, multi-cloud, and hybrid environments as part of an end-to-end infrastructure. They recommend security components and configurations to protect identity & access, data, applications, and networks. Responsibilities for an Azure security engineer include managing the security posture, identifying and remediating vulnerabilities, performing threat modelling, and implementing threat protection. They may also participate in responding to security incidents. Azure security engineers work with architects, administrators, and developers to plan and implement solutions that meet security and compliance requirements. The Azure security engineer should have practical experience in administration of Microsoft Azure and hybrid environments. The Azure security engineer should have a strong familiarity with compute, network, and storage in Azure, as well as Azure Active Directory, part of Microsoft Entra.
- SC-300 (Microsoft Certified: Identity and Access Administrator Associate). The Microsoft identity and access administrator designs, implements, and operates an organization’s identity and access management systems by using Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. They configure and manage authentication and authorization of identities for users, devices, Azure resources, and applications. The identity and access administrator provides seamless experiences and self-service management capabilities for all users. They ensure that identity is verified explicitly to support Zero Trust principles. They automate management of Azure AD by using PowerShell and analyze events by using Kusto Query Language (KQL). They are also responsible for troubleshooting, monitoring, and reporting for the identity and access environment. The identity and access administrator collaborates with many other roles in the organization to drive strategic identity projects, to modernize identity solutions, to implement hybrid identity solutions, and to implement identity governance. They should be familiar with Azure and Microsoft 365 services and workloads.
- AI-102 (Microsoft 365 Certified: Security Administrator Associate). Candidates for this certification plan, implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 security administrator proactively secures identity and access, implements threat protection, manages information protection, and enforces compliance. The Microsoft 365 security administrator collaborates with the Microsoft 365 enterprise administrator, business stakeholders, and other workload administrators to plan and implement security strategies. Candidates for this certification have functional experience with Microsoft 365 workloads and with Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. They have implemented security for Microsoft 365 environments, including hybrid environments. They have a working knowledge of Windows clients, Windows servers, Active Directory, and PowerShell.
- SC-200 (Microsoft Certified: Security Operations Analyst Associate). The Microsoft security operations analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. Since the security operations analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.