Versions Compared

Version Old Version 22 New Version 23
Changes made by

thierry sinassamy

thierry sinassamy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

...

Using Service Principals

  1. Authentication with a client secret which is similar to a password for a user.

  2. Authentication with a certificate (recommended by Microsoft) : Considered more secure than a client secret, an app can also authenticate with a certificate.

  3. Authorization with RBAC works similar to user accounts, leveraging RBAC (role-based access control).

...

Using Managed Identities

It’s similar to service principals. We want the platform to manage for us the process of authentication (Microsoft is taking care of that client secret / certificate type of data). So, we can move the app into a resource group in Azure and the platform AUTH will tkae care of that. Andm, we don’t have to keep this info in code.

...

Tip

For system assigned, that means it directly tied to a resource. If we delete the resource, we delete ID.

API Security & OAuth 2.0

Microsoft ARM API

...

Microsoft Graph API

...

OAuth 2.0 Authentication Flow

...

Delegated permissions and consent

...

Azure Key Vault

When securing apps, we often have to store secret info that an app needs to access programmatically via a REST endpoint.

...