Microsoft 365 / Azure – Exploring concept – Identity Provider and Modern Authentication

Hi All,

Greetings for the day!!!

Continuing series with Security articles, today discussing concept Identity Provider

What are Identity providers

• In last article we discussed about Identity. If you didn’t got a chance to read yet, please have a look. Microsoft 365 / Azure – Exploring Identity – Identity is the new security perimeter
• Identity –
  • A thing that can be authenticated.
  • An Identity can be user with user name and password
  • An Identity can be application which require authentication through secret keys or certifications
• An Identity provider manages four pillars of Identity – Administration, Authentication, Authorisation and Auditing. We discussed these in last article
• An Identity provider creates, maintains, and manages Identity details and offers authentication, authorization and auditing services – 4 pillars of Identity
• Identity provider provides authentication services to the applications
• There is term we called “Modern Authentication” which is the term for authentication and authorization between our client (phone / laptop / any device) and a server
• Identity provider plays very important role in modern authentication
• Example of Identity Providers are – Microsoft Azure Active Directory – cloud based Identity provider
• Some other examples are – Google, Twitter, LinkedIn, GitHub etc.

Modern Authentication

• Legacy Authentication
  • Basic authentication is the less secure method used by older client applications
  • ‎Microsoft‎ recommends that we turn off basic authentication for your organization.
  • We can use enable security defaults in the ‎Azure‎ portal to turn off basic authentication for all protocols
  • Legacy authentication is authentication that relies on legacy protocols such as Kerberos and RADIUS to protect the traditional network perimeter
  • Legacy authentication does not support Multi Factor Authentication (MFA)
  • Legacy authentication was not designed to support authentication to cloud and web-based services and apps
  • Legacy authentication is the traditional way of authenticating, using only a username, password, and IP address
• Identity provider plays important role in modern authentication
• Once authenticated, the user can access all systems, protocols, and information protected by that password
• Client communicate with Identity Provider by giving an identity (user, application , device can be anything – as discussed in previous article) which needs to be authenticated
• When Identity is verified by Identity Provider, Identity provider issues token – security token and this token client sends to server
• The server validates the security token through its trust relationship with the identity provider.
• By using the security token and the information that’s contained within it, the user or application (Identity) accesses the required resources on the server.
• In this scenario, the token and the information it contains is stored and managed by the identity provider.
• The centralized identity provider is supplying the authentication service.

Modern authentication settings in Microsoft 365 admin center

• Navigate to Microsoft 365 admin center – https://admin.microsoft.com/
• From left pane, navigate to Settings >> Org settings

• From “Org settings” navigate to “Modern authentication” settings

• On click of “Modern authentication” settings , right pane will open with the respective settings as shown in below fig

Thanks for reading !!! Please feel free to discuss / suggestions / share thoughts !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂