ASD's Blueprint for Secure Cloud

Identity Providers

This section describes the design decisions associated with identity providers for Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

The identity providers section considers the different methods of logging on to the Windows 10 and 11 device. The local administrator account is addressed in a separate section. Windows 10 and 11 provides various user account types or identity providers. This section outlines the identity providers that can be implemented for a Windows 10 and 11 device.

  • Local Accounts - A local account is an account on a single Windows system. Local accounts are not replicated and cannot access corporate resources. They enable access to local storage only. It may be desirable to disable, rename and scramble the passwords for the in-built local accounts.
  • Active Directory Domain - Domain identities are used to grant access to corporate resources and are implemented using Active Directory Domain Services. Administrators manage domain identities and ensure that users have access to the appropriate resources when group policies or any profile management solution is applied to the account. Domain identities are recommended if personalisation data will be stored in a corporate datacentre and will be synchronised to multiple corporate devices.
  • Microsoft Entra ID - Microsoft Entra ID is Microsoft’s cloud directory and identity management service. Microsoft Entra ID includes a full suite of identity management capabilities. Microsoft Entra ID is a prerequisite for Microsoft Intune mobile device management including Conditional Access.
  • Microsoft Account - A Microsoft Account is an email address issued by or linked to a Microsoft authentication service. A Microsoft Account is a public version of a Microsoft Entra ID account. If this account is disabled certain features such as Windows Store cannot function.

Cloud native deployments

Hybrid deployments

Security & Governance

  • None identified

Design

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra