In this video, we’ll look at the difference between Authentication and Authorization.
Authentication
Authentication (AuthN) answers the question: “Who are you?”
In Azure, authentication is typically handled using Microsoft Entra ID. This identity service allows users to sign in securely to Azure services. To further increase security, Multi-factor Authentication (MFA) can be used. MFA requires a second form of identification beyond just a password, such as a mobile app confirmation or a code sent by SMS.
Authorization
Authorization (AuthZ), on the other hand, answers the question: “What are you allowed to do?”
In Azure, authorization is managed using Role-Based Access Control (RBAC). RBAC assigns roles to users, groups, or managed identities, determining what resources they can access and what actions they can perform.
This separation between authentication and authorization ensures both secure sign-ins and controlled access to resources.
Conclusion
Want to learn more about authentication methods? Start learning in our AZ-900 video course – or click here to go back to the AZ-900 list of requirements.
Please click here to find out more about Microsoft’s AZ-900 exam.
