There are two aspects to securing any system: authentication and authorization.
authentication versus authorization
Authentication is the process of determining the identity of a principal (a person trying to log in to your environment). When a principal tries to authenticate to a system, credentials are provided (such as a password) to verify the principal’s identity.
Authorization is the process of verifying an authenticated user’s access to a system. This access is usually associated with some sort of ACL.
When a user tries to access SharePoint Online, the user name is checked against the permissions of the site (either as an individual or as a member of a permissions group). If no permissions have been granted, access is denied to the site.
Office 365 authentication
There are two distinct authentication methods present in Office 365: Microsoft Online IDs and Federated IDs.
Microsoft IDs are issued and maintained by Microsoft—you might already have one of these in the form of an Office 365, Hotmail, SkyDrive, or Xbox Live account.
Using a Microsoft ID, a user can authenticate to multiple systems (Office 365 included) using a single user name and password.
Identity federation (also called single sign-on) is a mechanism for enabling users within your organization to use their standard Active Directory corporate user name and password to access Office 365.
Federation with Office 365 requires the use of Active Directory Federation Services (ADFS) 2.0. After this configuration has been completed, all identities are managed only on-premises.
| EXAM TIP |
| authentication is the process of determining the identity of a principal; authorization is the |
| process of verifying an authenticated user’s access to a system. |
