Identity is a significant aspect of your organization’s security strategy. In the context of Microsoft 365, this comes down to three distinct types of identities: cloud identities, on-premises identities, and hybrid identities. Understanding these is essential for the MS-900 Microsoft 365 Fundamentals exam.
Cloud Identity
A cloud identity is a user identity that is stored in Azure Active Directory (Azure AD), not connected to an on-premises directory. These identities are used solely for cloud services and not tied to a network. This means a company doesn’t need servers for identity management. Users authenticate directly with Azure AD, which makes this the simplest identity model to manage.
For example, suppose you run a small or medium business without previous investment in on-premise servers or identity solutions. In that case, you could opt to use Azure AD to manage your user identities, giving users the convenience of single sign-on (SSO) to multiple applications from
anywhere.
On-Premises Identity
On-premises identities are maintained on a company’s local servers. This could include a legacy system, such as Active Directory Domain Services (AD DS). Essentially, these identities exist on-site within the business’ network infrastructure.
The primary advantage of on-premises identity is the total control it offers over your infrastructure. For instance, if you run a large enterprise with multiple integrated applications and services running on local servers, an on-premises identity could be ideal.
Hybrid Identity
Hybrid identity is a blend of cloud and on-premises identities. A hybrid identity environment allows for a seamless user experience across a broad range of devices and applications, no matter where they’re hosted. One of the most common solutions for hybrid identity is Azure AD Connect, which synchronizes user identities from on-premises AD to Azure AD.
Imagine a scenario where a company initially used on-premise AD DS for local application access but then expanded to cloud-based applications requiring Azure AD. That’s where a hybrid identity model would come into play.
A tabulated comparison of these three identities:
| Cloud Identity | On-Premises Identity | Hybrid Identity | |
| Integration | Cloud Services | Local infrastructure | Both |
| Authentication | Azure AD | On-premises AD | Both |
| SSO support | Yes | Depends on setup | Yes |
| Management | Simplest | Complete Control | Moderate |
In conclusion, deciding which identity type to use in your organization depends heavily on your application requirements, infrastructure, and IT strategy. For MS-900 Microsoft 365 Fundamentals exam preparation, it’s crucial to grasp these concepts, their functions, use-cases, and pros and cons.
Practice Test
True or False: Cloud identity is a model that enables users to access resources within their own infrastructure.
- True
- False
Answer: False
Explanation: Cloud identity is a model that allows users to access resources located in the cloud, not their own infrastructure.
True or False: An on-premises identity is managed in-house by using Windows Active Directory.
- True
- False
Answer: True
Explanation: On-premises identity is typically managed in-house through Windows Server Active Directory (AD).
Multiple Select: What are the characteristics of cloud identity?
- A) It’s stored in Azure AD
- B) It allows access to resources located in the cloud
- C) It manages user access to resources and applications locally
- D) It’s managed by organizational staff
Answer: A, B
Explanation: Cloud identity is stored in Azure AD and allows users to access cloud-located resources.
Single Select: Which of the following is a characteristic of an on-premises identity?
- A) Access to cloud resources
- B) Access to on-site resources
- C) Stored in Azure AD
- D) Managed by third-party vendors
Answer: B
Explanation: An on-premises identity is used to enable users to access resources located in their own infrastructure or physical location.
True or False: In a hybrid identity, user identities can exist in both on-premises and cloud environments.
- True
- False
Answer: True
Explanation: The hybrid identity model allows users to access both their locally-hosted and cloud-based resources using the same set of credentials.
Multiple Select: What are the components of a hybrid identity?
- A) Azure AD Connect
- B) Azure AD
- C) Windows Server Active Directory
- D) Cloud Connect
Answer: A, B, C
Explanation: Azure AD Connect is used to sync on-premises AD identities with Azure AD for a seamless user experience in a hybrid environment.
Single Select: What identity tool or service does Microsoft provide for managing cloud identities?
- A) Google Cloud Identity
- B) Azure Active Directory
- C) Amazon Cognito
- D) Firebase Authentication
Answer: B
Explanation: Microsoft provides Azure Active Directory (Azure AD) to manage cloud identities.
True or False: The three types of identity models in Microsoft 365 are cloud identity, on-premises identity, and hybrid identity.
- True
- False
Answer: True
Explanation: Microsoft 365 offers these three models to manage identities and resources.
Multiple Select: What are some of the benefits of using a hybrid identity model?
- A) Reduced costs
- B) Increased complexity
- C) Centralized management
- D) Seamless user experience
Answer: A, C, D
Explanation: Hybrid identity allows cost savings, centralized management of identities, and a seamless user experience across on-premises and cloud environments.
Single Select: Which identity model requires the most administrative overhead?
- A) Cloud Identity
- B) On-Premises Identity
- C) Hybrid Identity
- D) All are the same
Answer: C
Explanation: Hybrid Identity requires the management of both on-premises and cloud identities which increases administrative overheads.
True or False: An on-premises identity does not support single sign-on.
- True
- False
Answer: False
Explanation: On-premises identities can also support the concept of single sign-on, especially when it is integrated with other active directory based services.
Multiple Select: Which scenarios are the best suited for a hybrid identity?
- A) Organizations with multi-cloud strategy
- B) Businesses looking for cost optimizations
- C) Companies handling sensitive data
- D) Start-ups with no IT infrastructure
Answer: A, B, C
Explanation: In a hybrid identity approach, organizations can leverage multi-cloud strategies, optimize costs and handle sensitive data in-premise.
Single Select: Which of the following is not a service provided by Azure Active Directory?
- A) Multi-Factor Authentication
- B) Device registration
- C) Virtual network configuration
- D) Self-service password management
Answer: C
Explanation: Azure AD does not provide virtual network configuration. This service is offered by Azure networking service.
True or False: Azure Active Directory is an identity as a service (IDaaS) provider.
- True
- False
Answer: True
Explanation: Azure Active Directory, also known as Azure AD, is a cloud-based identity as a service provider.
Multiple Select: What benefits does Azure AD bring to cloud-based identities?
- A) Scalability
- B) Single sign-on to any cloud and on-premises web app
- C) Data encryption
- D) User provisioning
Answer: A, B, D
Explanation: Azure AD brings scalability, single-sign on across various applications and automatic user provisioning among other functionalities to cloud-based identities. While it provides data protection features, encryption is a part of data storage.
Interview Questions
What is cloud identity?
Cloud Identity is a type of identity management model that provides access management capability and user data storage on a cloud computing platform. It offers the ability to manage identities on the cloud.
Can you provide an example of cloud identity?
An example of a cloud identity is Microsoft Azure Active Directory which is a multi-tenant, cloud-based directory, and identity management service.
What is on-premises identity?
On-premises identity refers to an identity management system that is physically located within an entity’s properties. The system is hosted on the owned servers and managed by its own IT staff.
What is a well-known example of an on-premises identity system?
Active Directory Domain Services (AD DS) by Microsoft is a popular on-premises identity system.
What is a hybrid identity?
Hybrid identity is a method of managing both cloud identity and on-premises identity. It integrates on-premises directories with a cloud-based identity provider like Azure AD.
What is the main benefit of the hybrid identity concept?
Hybrid identity allows for consistent identity management regardless of whether the service the user is accessing is on-premises or in the cloud.
Can you provide an example of a tool used for deploying hybrid identity?
An example would be Azure Active Directory Connect, which integrates your on-premises directories with Azure Active Directory.
What is the purpose of Azure Active Directory (Azure AD)?
Azure AD is a cloud-based identity and access management service by Microsoft. It helps your employees sign in and access resources in Office 365 or other Microsoft cloud services.
What’s the primary function of Active Directory Domain Services (AD DS)?
AD DS is mostly used to manage and store information about network resources across a domain and allowing administrators to manage user data and security.
How does the hybrid identity concept affect password policies?
With Azure AD, IT administrators have the option to enforce cloud-based password policies, which can provide an extra layer of security compared to traditional on-premises password policies.
What is Azure AD Connect?
Azure AD Connect is a Microsoft tool that helps you integrate your on-premises directories with Azure Active Directory.
What is the purpose of Azure AD Connect sync?
Azure AD Connect sync is part of Azure AD Connect that ensures your on-premises and cloud directories remain in sync.
What kind of authentication does a hybrid identity support?
A hybrid identity supports federated authentication and password hash synchronization.
What is federated authentication in terms of hybrid identity?
Federated authentication is a type of single sign-on (SSO) that enables users to authenticate across multiple IT systems and applications using a single set of credentials.
What is password hash synchronization in terms of hybrid identity?
Password hash synchronization is a sign-in method used as part of a hybrid identity solution. With password hash synchronization, hash versions of user passwords are synchronized from an on-premises Active Directory instance to a cloud-based Azure AD instance.
extutorials.com