AZ-305 Designing Microsoft Azure Infrastructure Solutions Exam

Venture into the world of Azure Infrastructure, where design meets functionality. Harness your skills and gain mastery over complex cloud structures to ace the AZ-305 Designing Microsoft Azure Infrastructure Solutions exam!

Practice Test

Expert
Exam

Recommend a solution for authorizing access to on-premises resources

Design authentication and authorization solutions

Authorize On-Premises Access via Hybrid Identity

Hybrid Identity in Microsoft Entra ID provides seamless and secure access to on-premises resources from the cloud. Key solutions include Azure AD Connect, Pass-through Authentication (PTA), and Active Directory Federation Services (AD FS).

Azure AD Connect

Azure AD Connect is a tool used to sync on-premises Active Directory (AD) with Microsoft Entra ID. It supports several authentication methods:

  • Password Hash Synchronization (PHS): Synchronizes password hashes from on-premises AD to the cloud, allowing users to use the same password for cloud and on-premises resources.
  • Pass-through Authentication (PTA): Uses an agent to validate passwords directly against on-premises AD without storing password hashes in the cloud.
  • Federation with AD FS: Provides single sign-on (SSO) capabilities, redirecting authentication requests to on-premises AD FS.

Authentication Methods

Students should understand the differences between these authentication methods:

  • PHS: Simple to deploy, requires no additional infrastructure beyond Azure AD Connect.
  • PTA: Requires installation of agents on-premises, good for environments with strict compliance requirements.
  • AD FS: Complex and resource-intensive, suitable for organizations already using AD FS or needing advanced features like multi-site deployment.

Conditional Access

Conditional Access policies help enforce security by allowing only authenticated and compliant devices and users to access resources. Key uses include:

  • Enforcing multifactor authentication (MFA).
  • Restricting access based on location and device compliance.
  • Implementing policies to monitor and control access to critical applications.

Secure Hybrid Access

Microsoft Entra Application Proxy and Secure Hybrid Access partners facilitate secure access to on-premises applications using modern authentication protocols:

  • Microsoft Entra Application Proxy: Publishes on-premises applications securely without requiring a VPN.
  • Secure Hybrid Access: Integrates with third-party tools like F5 BIG-IP and Zscaler to enhance security and simplify access management.

In summary, hybrid identity solutions in Microsoft Entra ID provide flexible options for authenticating and authorizing access to on-premises resources. Understanding these solutions, their deployment scenarios, and best practices is crucial for securing hybrid environments effectively.

Recommend a solution for authorizing access to Azure resourcesRecommend a solution to manage secrets, certificates, and keys