Study Azure AZ-900 Identity and Security: key concepts, common traps, and exam decision cues.
This part of AZ-900 tests whether you can separate identity from broader governance and monitoring. Microsoft wants you to know the core access and protection concepts, not write advanced policy logic.
Microsoft Entra ID: Microsoft’s cloud identity and access platform, formerly known as Azure Active Directory.
RBAC: Role-based access control, which grants permissions based on assigned roles.
| Topic | Best mental label |
|---|---|
| Microsoft Entra ID | identity directory and access layer |
| Microsoft Entra Domain Services | managed domain-services lane for Azure workloads |
| SSO, MFA, passwordless | authentication methods |
| Conditional Access | policy-driven access decisions |
| RBAC | authorization and permission scope |
| Zero Trust | “never trust, always verify” security model |
| Defense in depth | layered security model |
| Defender for Cloud | cloud security posture and protection tooling |
| If the stem is really about… | Strongest first reading |
|---|---|
| directory users, groups, and identities | Microsoft Entra ID |
| how a user proves identity | SSO, MFA, or passwordless |
| whether a sign-in should be allowed under conditions | Conditional Access |
| what someone can do after sign-in | RBAC |
| broader security philosophy | Zero Trust or defense in depth |
| posture and recommendations across cloud resources | Defender for Cloud |