{"id":90676,"date":"2020-03-02T09:00:54","date_gmt":"2020-03-02T17:00:54","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90676"},"modified":"2023-05-15T23:05:36","modified_gmt":"2023-05-16T06:05:36","slug":"microsoft-identity-acronyms-what-they-mean-how-they-relate","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/03\/02\/microsoft-identity-acronyms-what-they-mean-how-they-relate\/","title":{"rendered":"Microsoft identity acronyms\u2014what do they mean and how do they relate to each other?"},"content":{"rendered":"

As a security advisor working with one to three Chief Information Security Officers (CISOs) each week, the topic of identity comes up often. These are smart people who have often been in industry for decades. They have their own vocabulary of acronyms that only security professionals know such as DDoS, CEH, CERT, RAT, and 0-Day (if you don\u2019t know one or several of these terms, I encourage you to look them up to build your vocabulary), but they often find themselves confused by Microsoft\u2019s own set of acronyms.<\/p>\n

This is the first in a blog series that aims to lessen some confusion around identity by sharing with you some of the terms used at Microsoft. Terms like MFA, PIM, PAM, MIM, MAM, MDM, and a few others. What do they mean and how do they relate to each other?<\/p>\n

Multi-Factor Authentication or MFA<\/h3>\n

Let\u2019s start with what identity means to Microsoft. Identity is the ability to clearly and without doubt ensure the identification of a person, device, location, or application. This is done by establishing trust verification and identity verification using what Microsoft calls Multi-Factor Authentication or MFA<\/strong><\/a>. This is a combination of capabilities that allow the entity to establish trust and verify who or what they are.<\/p>\n

MFA is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: something the user and only the user knows (such as a password or PIN), something the user and only the user has (such as a mobile device or FIDO key), and something the user and only the user is (a biometric such as a fingerprint or iris scan).<\/p>\n

Microsoft does this with technologies such as Azure Active Directory (Azure AD)<\/a> in the cloud combined with Windows Hello. Azure AD is Microsoft\u2019s identity and access management solution. Windows Hello<\/a> is a Windows capability that allows a user to verify who they are with an image, a pin, or other biometric. The person\u2019s identity is stored via an encrypted hash in the cloud, so it\u2019s never shared in the clear (unencrypted). A cryptographic hash is a checksum that allows someone to proof that they know the original input (e.g., a password) and that the input (e.g., a document) has not been modified.<\/p>\n

Privileged Identity Management or PIM<\/h3>\n

What is Privileged Identity Management or PIM<\/strong><\/a>? Organizations use PIM to assign, activate, and approve privileged identities in Azure AD. PIM provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions to sensitive resources.<\/p>\n

Key features of PIM include:<\/p>\n