Microsoft 365 / Azure – Exploring concept – Identity Provider and Modern Authentication

fig : Microsoft 365 - Modern Authentication - Enabling modern authentication
fig : Microsoft 365 - Modern Authentication - Enabling modern authentication

Hi All,

Greetings for the day!!!

Continuing series with Security articles, today discussing concept Identity Provider

What are Identity providers

  • In last article we discussed about Identity. If you didn’t got a chance to read yet, please have a look. Microsoft 365 / Azure – Exploring Identity – Identity is the new security perimeter
  • Identity
    • A thing that can be authenticated.
    • An Identity can be user with user name and password
    • An Identity can be application which require authentication through secret keys or certifications
  • An Identity provider manages four pillars of Identity – Administration, Authentication, Authorisation and Auditing. We discussed these in last article
  • An Identity provider creates, maintains, and manages Identity details and offers authentication, authorization and auditing services – 4 pillars of Identity
  • Identity provider provides authentication services to the applications
  • There is term we called “Modern Authentication” which is the term for authentication and authorization between our client (phone / laptop / any device) and a server
  • Identity provider plays very important role in modern authentication
  • Example of Identity Providers are – Microsoft Azure Active Directory – cloud based Identity provider
  • Some other examples are – Google, Twitter, LinkedIn, GitHub etc.

Modern Authentication

  • Legacy Authentication
    • Basic authentication is the less secure method used by older client applications
    • ‎Microsoft‎ recommends that we turn off basic authentication for your organization.
    • We can use enable security defaults in the ‎Azure‎ portal to turn off basic authentication for all protocols
    • Legacy authentication is authentication that relies on legacy protocols such as Kerberos and RADIUS to protect the traditional network perimeter
    • Legacy authentication does not support Multi Factor Authentication (MFA)
    • Legacy authentication was not designed to support authentication to cloud and web-based services and apps
    • Legacy authentication is the traditional way of authenticating, using only a username, password, and IP address
  • Identity provider plays important role in modern authentication
  • Once authenticated, the user can access all systems, protocols, and information protected by that password
  • Client communicate with Identity Provider by giving an identity (user, application , device can be anything – as discussed in previous article) which needs to be authenticated
  • When Identity is verified by Identity Provider, Identity provider issues token – security token and this token client sends to server
  • The server validates the security token through its trust relationship with the identity provider.
  • By using the security token and the information that’s contained within it, the user or application (Identity) accesses the required resources on the server.
  • In this scenario, the token and the information it contains is stored and managed by the identity provider.
  • The centralized identity provider is supplying the authentication service.

Modern authentication settings in Microsoft 365 admin center

fig : Microsoft 365 admin center - navigating to "Org settings"
fig : Microsoft 365 admin center – navigating to “Org settings”
  • From “Org settings” navigate to “Modern authentication” settings
fig : Microsoft 365 - Org settings - Modern authentication
fig : Microsoft 365 – Org settings – Modern authentication
  • On click of “Modern authentication” settings , right pane will open with the respective settings as shown in below fig
fig : Microsoft 365 - Modern Authentication - Enabling modern authentication
fig : Microsoft 365 – Modern Authentication – Enabling modern authentication

Thanks for reading !!! Please feel free to discuss / suggestions / share thoughts !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: