Identity Concepts
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Microsoft Certified: Security, Compliance, and Identity Fundamentals premium course — no separate purchase.
14-day money-back guarantee — no questions asked.
Included in this chapter:
- Why identity is the primary security perimeter
- The four pillars, and authentication before authorization
- Identity providers, tokens, and single sign-on
- Directory services: AD DS versus Microsoft Entra ID
- Federation across trust boundaries
- Exam-pattern recognition: SC-900's confusable pairs
AD DS versus Microsoft Entra ID
| Aspect | AD DS (on-premises) | Microsoft Entra ID (cloud) |
|---|---|---|
| Deployment model | On-premises directory on domain controllers you run | Cloud identity service (IDaaS) that Microsoft operates |
| Structure | Hierarchical: forests, domains, and organizational units (OUs) | Flat: no OUs, users and groups in one directory |
| Policy enforcement | Group Policy pushed to domain-joined devices | Conditional Access and Intune, with no Group Policy |
| Protocols | Kerberos, LDAP, NTLM | SAML, WS-Federation, OpenID Connect, OAuth 2.0 over HTTP/HTTPS |
| Access delegation | Domains, OUs, and groups delegate rights | Microsoft Entra role-based access control (RBAC) and groups |
| Best fit | On-premises Windows servers and legacy line-of-business apps | Cloud and SaaS apps, mobile and remote users |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- Define identity as the primary security perimeter (SC-900 learning module)
- Define authentication and authorization (SC-900 learning module)
- Describe the role of the identity provider (SC-900 learning module)
- Describe the concept of directory services and Active Directory (SC-900 learning module)
- Compare Active Directory to Microsoft Entra ID
- Describe the concept of federation (SC-900 learning module)