Hey folks! I'm diving into Azure's fundamentals and I'm particularly interested in its underlying web standards like OAuth 2.0, OpenID Connect, and JWTs. I'm currently developing Infrastructure as Code (IaC) applications with Terraform, so understanding these standards is crucial for me. However, I've found that AZ-900 materials often use Azure-specific terminology without clearly linking them to these open standards. Plus, I'm not interested in learning about things like SAML, Kerberos, or ARM templates since I want to focus on building forward-facing applications. I'm on the lookout for AZ-900 level resources—like courses, articles, or docs—that connect Azure concepts (like Application IDs, Service Principals, and RBAC roles) directly to those underlying standards. For instance, I'd love a clear explanation of how an OpenID Connect flow works with a Service Principal to get a JWT Access Token for an Azure HTTP/REST API. Any recommendations for these standards-focused resources would be super helpful! Thanks a lot!
2 Answers
I think you might be mixing up open standards with how they're implemented in proprietary systems. SAML is indeed an open standard! As for RBAC, it's more about authorization rather than authentication, which can be quite specific to the application. You can't really separate the implementation from the concepts, so understanding Azure's unique approach is still essential. Just a heads-up, Terraform abstracts a lot, so you're still gonna need to wrap your head around Azure's specific components to make it work!
It sounds like you're aiming for something deeper than the AZ-900 can provide. You might want to check out AZ-104 and AZ-204 because they go more in-depth, although they focus a bit on practical applications. If you only skim through the beginning of those sections, you might still get a good overview without diving into every detail!
I see your point, but I looked at AZ-104 and AZ-204 and they still feel too product-centric for me. I really want to understand Azure through the lens of its foundational standards.
I understand what's being said, but I do think there's a gap in how Microsoft aligns everything with open standards. It feels like they often prioritize their own terminology. My goal is to find resources that blend these two perspectives!