← Back to Labs Starter Track

Azure · Identity · Entra ID

Azure Entra ID Basics

Starter LAB for Microsoft Entra ID identity flow, Conditional Access, RBAC concepts, federation, and enterprise identity governance.

Status Starter
Cloud Azure
Domain Identity
Future Track Federation

Overview

This starter lab introduces Entra ID as the identity control plane for Azure and Microsoft cloud access.

Starter Identity-first Federation-ready No live mutation

Concept Deep Dives

Expand these concepts when introducing Microsoft Entra ID and Azure identity governance.

What is Microsoft Entra ID?

Microsoft Entra ID is the identity control plane for Microsoft cloud access. It manages users, groups, applications, service principals, authentication, and access decisions across Microsoft services.

What is Conditional Access?

Conditional Access evaluates sign-in and access context such as user, device, location, risk, application, and authentication strength before allowing or blocking access.

What is Azure RBAC?

Azure RBAC controls management-plane access to Azure resources. It defines who can perform actions against subscriptions, resource groups, and individual resources.

Why does federation matter?

Federation connects identity providers and relying services. It is essential for enterprise SSO, workload identity, partner access, and future ASO or cross-cloud identity labs.

Core Concepts

Tenants

Identity boundary for users, groups, applications, and service principals.

Conditional Access

Policy engine for access decisions based on identity, device, risk, and context.

RBAC

Azure authorization model for resource access and administrative permissions.

Federation

Identity trust patterns that will support future ASO and enterprise federation labs.

Learning Outcomes

  • Understand Entra ID tenant and identity structure
  • Explain Conditional Access and RBAC basics
  • Prepare for future Azure federation and workload identity labs

Future Expansion

This starter lane remains reserved for Azure federation, ASO identity, Conditional Access drift, and enterprise identity governance labs.

Azure is intentionally retained as a future Principal LAB track.

Governance Boundary

  • Does not mutate Azure resources
  • Does not execute remediation
  • Does not claim Shield or Aegis linkage until explicitly mapped

Source Artifacts

metadata.jsonLab identity and starter metadata
index.htmlRendered starter lab page