Tutorial / Cram Notes
Cloud Identity
Cloud identity refers to identity management that is hosted entirely on cloud-based platforms. In this model, user accounts and identities are managed in the cloud, without any reliance on on-premises directory services. A popular example of cloud identity is Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service.
Services like Azure AD offer features such as single sign-on (SSO), multi-factor authentication (MFA), and conditional access policies that provide secure access to both cloud and on-premises applications.
Example:
An organization using Microsoft 365 services relies exclusively on Azure AD for user authentication when accessing services like Outlook, SharePoint, and OneDrive.
On-Premises Identity
On-premises identity refers to identity management systems that are hosted within an organization’s local network infrastructure. The most common on-premises identity system is Active Directory Domain Services (AD DS), which serves as a centralized directory for managing network resources such as user accounts, groups, computers, and more.
The primary characteristic of on-premises identity is that all identity information is stored within the physical confines of the company’s data center, and administrators have full control over the identity infrastructure and security protocols.
Example:
A company running Windows Server with AD DS might manage user accounts, enforce password policies, and permissions for file shares within their own data center.
Hybrid Identity
Hybrid identity bridges the gap between cloud identity and on-premises identity, allowing for a more fluid and interoperable approach. In a hybrid identity setup, identities from an on-premises AD DS are synchronized with a cloud service like Azure AD. This ensures that users have a common identity for accessing resources across both environments.
Hybrid identity solutions like Azure AD Connect sync enable synchronization and provide features such as password hash synchronization, pass-through authentication, and federation with AD FS (Active Directory Federation Services).
Example:
An employee can log into their computer using AD DS credentials (on-premises) and access both local applications and cloud services like Microsoft Teams or Dynamics 365 without needing separate logins. This creates a seamless user experience.
Comparison
| Aspect | Cloud Identity | On-Premises Identity | Hybrid Identity |
|---|---|---|---|
| Location | Cloud-based (e.g., Azure AD) | Local network infrastructure (e.g., AD DS) | Combination of both |
| Accessibility | Accessible from anywhere with internet access | Typically accessible only within the network | Cloud resources and internal systems are accessible |
| Cost Efficiency | OPEX model, pay-as-you-go | CAPEX model, involves hardware investments | Can be optimized by leveraging existing infrastructure |
| Scalability | Easily scalable | Limited by physical server capacity | Scalable through the cloud component |
| Maintenance | Managed by cloud provider | Maintained by the organization’s IT staff | Shared responsibility |
| Disaster Recovery | Often included as a service | Requires a separate DR plan | Can rely on cloud for backup and DR solutions |
| Security | Advanced security features integrated | Depends on in-house security measures | Benefits from advanced cloud-based security and on-prem |
| Examples | Microsoft 365, Salesforce, AWS | Local Exchange server, In-house applications | Using Azure AD Connect with local AD DS |
Understanding these identity concepts is critical for anyone preparing for the MS-900 Microsoft 365 Fundamentals exam, as they form the foundation for how organizations manage their user identities and secure their IT resources in various deployment scenarios.
Practice Test with Explanation
True or False: Cloud identity refers to identity management that is handled entirely within a cloud-based platform without any linkage to an organization’s on-premises infrastructure.
- True
Answer: True
Cloud identity is managed fully in the cloud and does not rely on any on-premises servers or infrastructure for authentication or identity management.
Which of the following is a characteristic of an on-premises identity model?
- A) Relies on cloud-based services exclusively
- B) Requires internet connectivity to authenticate users
- C) Manages users and groups within an organization’s internal network
- D) Automatically scales with organizational growth
Answer: C
On-premises identity model manages users and groups within the confines of an organization’s internal IT infrastructure, typically without requiring internet connectivity.
True or False: Hybrid identity requires synchronization between on-premises directories and cloud-based directories.
- True
Answer: True
Hybrid identity solutions involve synchronization and potentially federation between on-premises directories (such as Active Directory) and cloud-based directories (such as Azure Active Directory).
Which of the following is NOT a benefit of a cloud identity model?
- A) Reduced hardware maintenance
- B) No internet dependency
- C) Scalability
- D) Rapid provisioning of access
Answer: B
Cloud identity models are dependent on internet connectivity as they are hosted on cloud services, which is not seen as a benefit but rather a requirement.
In the context of Microsoft 365, what does Azure Active Directory (Azure AD) primarily provide?
- A) File storage services
- B) Email services
- C) Identity and access management services
- D) Database management services
Answer: C
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which is a cornerstone of the Microsoft 365 identity model.
True or False: With hybrid identity, users can have different passwords for their on-premises and cloud resources.
- False
Answer: False
A key goal of hybrid identity is to provide a seamless user experience, so password synchronization (or single sign-on) is implemented, allowing users to use the same credentials for both on-premises and cloud services.
What is the main purpose of federated identity in a hybrid scenario?
- A) To create separate identities for cloud and on-premises environments
- B) To allow users to maintain multiple passwords
- C) To enable users to have a single identity across on-premises and cloud environments
- D) To isolate cloud identity from on-premises identity
Answer: C
Federated identity is used in hybrid scenarios to provide a seamless user authentication experience, allowing users to authenticate across on-premises and cloud environments using a single identity.
True or False: SaaS applications like Office 365 can be integrated with on-premises identity through Azure AD Connect.
- True
Answer: True
Azure AD Connect is a tool that can synchronize and manage identities between on-premises environments and Azure AD, thus integrating SaaS applications like Office 365 with on-premises identity.
Which of the following components is needed to implement a hybrid identity with Azure AD?
- A) Azure Service Fabric
- B) Azure AD Connect
- C) Azure Blob Storage
- D) Azure Machine Learning Service
Answer: B
Azure AD Connect is the essential component used to integrate on-premises directories with Azure AD, enabling a hybrid identity model.
True or False: Hybrid identity models are less secure than on-premises identity models because they rely on cloud services.
- False
Answer: False
Hybrid identity models can be very secure and often feature enhanced security measures, as they benefit from the advanced security capabilities provided by cloud services like Azure AD.
What is the primary role of Active Directory Federation Services (AD FS) in a hybrid identity configuration?
- A) To provide data storage solutions
- B) To manage virtual machine deployments
- C) To enforce multi-factor authentication
- D) To facilitate single sign-on and identity federation
Answer: D
AD FS supports single sign-on and identity federation in hybrid identity configurations, allowing secure sharing of identity information between trusted business partners.
Interview Questions
What is cloud identity?
Cloud identity refers to using cloud-based identity and access management services to manage user identities, access, and security.
What is on-premises identity?
On-premises identity refers to managing user identities, access, and security on local servers or domain controllers, typically using Active Directory (AD).
What is hybrid identity?
Hybrid identity refers to a combination of cloud and on-premises identity and access management services, providing a seamless experience for users regardless of where their identities are stored.
What are the benefits of cloud identity management?
Cloud identity management can provide easier management, scalability, and mobility for modern workplaces, while reducing the need for on-premises infrastructure and improving security.
What is Azure AD Connect?
Azure AD Connect is a tool that enables hybrid identity integration between on-premises Active Directory and Azure Active Directory.
What is federation?
Federation is a mechanism that enables organizations to share identity information across different systems and services, allowing users to access resources across organizational boundaries.
What are some common hybrid identity scenarios?
Some common hybrid identity scenarios include password synchronization, pass-through authentication, and federation.
What is password synchronization?
Password synchronization is a hybrid identity scenario where the user’s password is synchronized between on-premises Active Directory and Azure Active Directory, enabling a single sign-on experience for users.
What is pass-through authentication?
Pass-through authentication is a hybrid identity scenario where the user’s on-premises Active Directory credentials are validated by Azure Active Directory, providing secure authentication without storing passwords in the cloud.
What is identity federation?
Identity federation is a hybrid identity scenario where user identities are securely shared between organizations, enabling users to access resources across organizational boundaries without needing separate accounts.
How can organizations manage user access in a hybrid identity environment?
Organizations can use identity and access management tools such as Azure AD to manage user access across hybrid environments, ensuring consistent security policies and access controls.
What is multi-factor authentication (MFA)?
Multi-factor authentication (MFA) is a security mechanism that requires users to provide multiple forms of authentication, such as a password and a phone number, to access resources, providing an additional layer of security beyond passwords.
How can organizations manage identities in a cloud environment?
Organizations can use cloud-based identity and access management services such as Azure AD to manage user identities, access, and security in the cloud, providing a seamless experience for users across multiple devices and applications.
What is the difference between cloud identity and on-premises identity?
Cloud identity refers to managing user identities, access, and security using cloud-based identity and access management services, while on-premises identity refers to managing user identities, access, and security on local servers or domain controllers, typically using Active Directory (AD).
How can organizations achieve a seamless user experience across hybrid environments?
Organizations can use hybrid identity solutions such as Azure AD to achieve a seamless user experience across hybrid environments, providing a single identity for users and enabling access to resources across organizational boundaries.
Cloud identity is where all user accounts and identity are managed in the cloud, which makes it easier to handle remote workforces.
On-premises identity means that the user credentials are stored in a local server, like using Active Directory.
Hybrid identity blends both cloud and on-premises identities, allowing for flexible management and synchronization.
MS-900 exam often tests on your understanding of these identity concepts among other Microsoft 365 services.
Appreciate the blog post!
One downside to on-premises identity is the hardware costs and the need for physical security.
Thanks for the detailed explanations!
Hybrid identity management can benefit from tools like Azure AD Connect, which sync your on-prem AD with Azure AD.