Managed Identity
This type of Azure AD identity eliminates the need for developers to manage credentials when connecting to Azure services.
What is a Managed Identity?
This is the basic unit of billing and access control in Azure; every resource is tied to one.
What is a Subscription?
This role-based model is used in Azure to control access to resources by assigning permissions to users, groups, or service principals.
What is Role-Based Access Control (RBAC)?
This is the core identity service in Microsoft Entra that provides authentication and authorization for users, groups, and applications.
What is Azure Active Directory (Azure AD)?
This is the most common authentication method, where a user provides a username and password to access Azure resources.
What is Password-based authentication?
This type of Managed Identity is created directly on an Azure resource, and its lifecycle is tied to that resource.
What is a System-assigned Managed Identity?
Azure resources can be grouped together under these, which allow organizations to manage access, policies, and compliance at scale across subscriptions.
What are Management Groups?
This built-in role grants full access to all resources, including the ability to delegate access.
What is the Owner role?
In Entra ID, these objects represent individual people, service accounts, or applications that can sign in and be assigned access.
What are Users?
This method strengthens password security by requiring an additional factor such as SMS, phone call, or an authenticator app.
What is Multi-Factor Authentication (MFA)?
This type of Managed Identity can be created independently of resources, reused across multiple resources, and managed separately.
What is a User-assigned Managed Identity?
This licensing model lets you pay only for what you use, with no upfront costs or long-term commitment.
What is Pay-As-You-Go?
This built-in role can create and manage all types of Azure resources, but cannot grant access to others.
What is the Contributor role?
These collections of users can be used to assign licenses or permissions in bulk, simplifying access management.
What are Groups?
This passwordless method allows users to sign in using something they have, like a phone or security key, instead of a password.
What is Passwordless Authentication (e.g., Windows Hello, Authenticator App, FIDO2 keys)?
When using Managed Identities, applications authenticate to other Azure services by retrieving a token from this special local endpoint.
What is the Azure Instance Metadata Service (IMDS)?
This enterprise-level agreement allows organizations to commit to Azure usage in exchange for lower prices and additional benefits.
What is an Enterprise Agreement (EA)?
This role is focused on granting read-only access to all resources, but does not allow changes.
What is the Reader role?
This type of group membership automatically adds or removes users based on rules and attributes, reducing administrative overhead.
What is a Dynamic Group?
This protocol is used by Azure AD to enable single sign-on (SSO) between applications and identity providers.
What is SAML (Security Assertion Markup Language)?
Managed Identities work only with this identity provider and cannot be used for external authentication scenarios.
What is Azure Active Directory (Azure AD)?
Azure provides these tools and services to help estimate, track, and optimize cloud spend.
What are the Azure Pricing Calculator and Cost Management + Billing?
These roles are defined by administrators to provide fine-grained access tailored to an organization’s needs.
What are Custom Roles?
This role can create and manage users and groups, including resetting passwords for non-admin users.
What is the User Administrator role?
This modern authentication protocol is preferred in Azure for token-based authentication and authorization, often used by applications and APIs.
What is OAuth 2.0 / OpenID Connect (OIDC)?