🔐

Overview of Azure Active Directory Features

Nov 14, 2024

Azure Active Directory Lecture Notes

Introduction

  • Instructor: Sushant Suteesh
  • Course: Azure Administrator Associate Examination
  • Lesson focus: Azure Active Directory (AD)

Overview of Azure Active Directory (AD)

  • Azure AD is a multi-tenant, cloud-based directory and identity management service.
  • Provides single sign-on (SSO) access to cloud applications.
  • Integrates with applications like Office 365, Salesforce, Dropbox, Concur, etc.
  • Accessible through the Azure portal.

Benefits and Features

  • Single Sign-On (SSO):
    • Access cloud and on-premises applications securely.
    • Compatible with iOS, Mac, Android, and Windows.
    • Access via personalized web-based application panel or mobile app.
  • Integration with On-Premises:
    • Connect Azure AD with on-premises directories.
  • Security:
    • Identity protection features.
    • Suspicious sign-in activity monitoring.

Key Concepts of Azure AD

  • Identity:
    • Can be a user or application needing authentication.
  • Account:
    • Identity with associated data.
  • Azure AD Account:
    • Created through Azure AD or Microsoft services.
  • Azure Tenant:
    • Dedicated instance of Azure AD for an organization.
  • Azure AD Directory:
    • Contains tenant users, groups, and apps.
  • Azure Subscription:
    • Used for Azure cloud services billing.

Differences: Azure AD vs. Active Directory Domain Services (ADDS)

  • Identity Solution:
    • Azure AD for internet-based applications.
    • Uses HTTP/HTTPS, REST APIs, SAML, WS Federation, OpenID Connect.
  • Management:
    • Azure AD is managed, while ADDS requires more on-premises management.
  • Structure:
    • Azure AD uses a flat structure without Organizational Units (OUs) or Group Policies.

Azure AD Editions

  • Free Edition:
    • User/group management, directory sync, basic reports, SSO.
  • Office 365 Apps Edition:
    • Includes branding, MFA, group access management.
  • Premium P1:
    • Hybrid access, advanced administration features.
  • Premium P2:
    • Additional identity protection, privileged identity management.

Azure AD Join

  • Enables SSO and secure access from any device.
  • Benefits include enterprise-compliant roaming, access to the Microsoft Store, Windows Hello support, and more.

Device Management

  • Registering vs. Joining Devices:
    • Registering provides device identity.
    • Joining allows signing in with work/school accounts and integrates with MDM.

Azure Multi-Factor Authentication (MFA)

  • Importance:
    • Adds security through a second authentication factor.
    • Complies with industry standards like PCI DSS.
  • Authentication Methods:
    • Password, trusted device, biometrics.
  • Features:
    • Real-time monitoring, integration with Office 365, scalable across services.

Self-Service Password Reset (SSPR)

  • Allows users to reset passwords without help desk intervention.
  • Configuration options include enabling for specific users/groups, selecting authentication methods, and setting security questions.

Conclusion

  • Next lesson will cover users and groups.
  • Recap of lesson topics and introduction to next topics.

Full transcript