DEV Community

Cover image for My First Lesson in Cloud Security.
Lawson Peters
Lawson Peters

Posted on

My First Lesson in Cloud Security.

#azure #beginners #cybersecurity #learning

Why Identity Matters More Than Firewalls

When I started learning cloud and network security using Microsoft Azure, I observed a common denominator across Microsoft Learn and official Microsoft documentation:

“Identity.”

Like many beginners, cybersecurity was mainly about firewalls, networks, IP addresses, and blocking traffic and offcource 'hacking'.

As knowledge of Azure increased, and while appreciating the concept of Microsoft’s Zero Trust security model-one thing was clear and inevitable:

If you lose your identity to an attacker, you are in big soup, and no level of firewalls will help you quick enough before some damages are done

It explains why Microsoft Entra ID sits at the center of almost everything security-related in Azure.

This article documents my learning journey as an aspiring Azure Security Engineer, preparing for entry-level or internship roles, and is written for others who are just starting out in the Microsoft Azure ecosystem.

Everything explained here is based on Microsoft Learn and official Microsoft documentation.

What Is Microsoft Entra ID?

Microsoft Entra ID is Microsoft’s cloud-based Identity and Access Management (IAM) service.

Important clarification:
Azure Active Directory (Azure AD) was officially rebranded as Microsoft Entra ID in 2023. Today, Microsoft Entra ID is the correct and current name.

In simple terms, Microsoft Entra ID helps organizations securely answer four critical security questions:

  • Who are you? => Identity
  • How do we verify you? => Authentication
  • What are you allowed to do? => Authorization
  • Under what conditions should access be allowed or blocked?Access control

Microsoft Entra ID is used to:

  • Secure access to the Azure portal
  • Protect Microsoft 365 (Outlook, Teams, OneDrive, etc.)
  • Control access to cloud and on-premises applications
  • Enforce security features like Multi-Factor Authentication (MFA) and Conditional Access

From a security perspective, identity is the first line of defense-and Entra ID is where that defense begins.

Microsoft Entra ID vs On-Premises Active Directory (Beginner View)

Before cloud computing became popular, organizations relied on on-premises Active Directory, running on physical Windows servers inside company networks.

Microsoft Entra ID is not simply a cloud copy of that system.

Key differences beginners should understand:

  • On-prem Active Directory was built for internal networks
  • Microsoft Entra ID is built for internet-facing, cloud-first environments
  • So Entra ID assumes users may be anywhere, on any device

Understanding Tenants in Microsoft Entra ID

One of the earliest concepts I had to understand in Azure was a tenant.

A tenant is:

A dedicated instance of Microsoft Entra ID that are created, that represents an organization and acts as its identity and security boundary.

When you sign up for Azure:

  • A tenant is automatically created
  • All users, groups, roles, and identity policies exist inside that tenant

From a security perspective, this means:

  • Identities are isolated per organization
  • Security policies apply only within that tenant
  • Cross-tenant access must be explicitly configured

This isolation is a key reason Azure can securely support millions of organizations worldwide.

Users, Groups, and Roles - Explained Clearly

Users

Users represent identities such as:

  • Employees
  • Administrators
  • External guest users
  • Service or application identities

Every user is a potential attack surface, which is why identity protection is so critical.

Groups

Groups are collections of users.

Instead of assigning permissions one-by-one:

  • Users are added to groups
  • Permissions are assigned to the group

Security benefit:
This reduces mistakes and supports least privilege, a core Microsoft security principle.

Roles: Entra ID Roles vs Azure RBAC Roles (Very Important)

Microsoft Entra ID Roles

These control identity-related actions.

Examples include:

  • Global Administrator
  • User Administrator
  • Security Administrator

They define what you can do within Entra ID itself.

Azure RBAC Roles

These control access to Azure resources.

Examples include:

  • Reader
  • Contributor
  • Owner
  • Security Reader

They define what you can do to Azure resources, such as virtual machines or storage accounts.

Key lesson:

  • Entra ID roles = identity management
  • Azure RBAC roles = resource management

Authentication vs Authorization (A Core Security Concept)

Microsoft emphasizes this distinction throughout Microsoft Learn.

Authentication - Who are you?

Authentication verifies identity using:

  • Username and password
  • Multi-Factor Authentication (MFA)
  • Biometrics
  • Security keys

Microsoft strongly recommends MFA, especially for administrator accounts.

Authorization - What are you allowed to do?

Authorization determines access after authentication.

Examples:

  • Can you view a virtual machine?
  • Can you create resources?
  • Can you change security settings?

Authorization in Azure is enforced using Azure RBAC.

👉 Easy rule to remember:
Authentication proves who you are
Authorization controls what you can do

Why Identity Is the New Security Perimeter

Microsoft’s Zero Trust model(one of my favorite concepts of security) is built on one principle:

Never trust. Always verify.

In today’s environment:

  • Users work remotely
  • Devices may be unmanaged
  • Applications are internet-facing
  • Network boundaries are unreliable

Because of this, Microsoft treats identity as the primary security control.

Microsoft Entra ID enables Zero Trust by supporting:

  • Multi-Factor Authentication
  • Conditional Access policies
  • Least-privilege access
  • Risk-based sign-in decisions

As an aspiring Azure Security Engineer, I’ve learned that protecting identities comes before protecting networks.

Where Microsoft Entra ID Fits in AZ-900 and AZ-500

AZ-900 (Azure Fundamentals)

Microsoft expects you to understand:

  • What Microsoft Entra ID is
  • Basic authentication and authorization concepts
  • High-level security and shared responsibility principles

AZ-500 (Azure Security Engineer Associate)

Identity becomes hands-on and critical:

  • Securing users and administrators
  • Implementing MFA and Conditional Access
  • Managing Entra ID roles and Azure RBAC
  • Integrating identity with monitoring and threat detection

Microsoft Entra ID is foundational to this certification.

Final Thoughts From My Learning Journey

As someone preparing for entry-level or internship roles in Azure security, learning Microsoft Entra ID taught me a core truth:

  • Cloud security starts with identity
  • Azure security tools depend on Entra ID
  • Weak identity security eventually breaks everything else

If you’re new to Azure, it simple:

Don’t rush past identity concepts. Master them.

It will make every other Azure security concept easier to understand.

Microsoft-Based Learning Sources

  • Microsoft Learn — Introduction to Microsoft Entra ID
  • Microsoft Learn — Secure identities with Microsoft Entra ID
  • Microsoft Learn — Zero Trust security model

What’s Next?

In my next project, I’ll document a hands-on project on concepts that was explained in this article, to be published on my GitHub.

See you!!!

Top comments (0)