Azure Notes

Day 02: Introduction to AZURE AD

Day 02: Introduction to AZURE AD

Kamran Arif's photo
Kamran Arif
·

3 min read

Azure Active Directory : It is Microsoft's cloud-based identity and access management service, which help users to sign in and access resources.

We can use Azure AD to implement SSO.

Types of AD:

1) Free

2) Office 365 Apps

3) Premium 1

4) Premium 2

Cannot create a custom access unless you have premium 1 and premium 2.

Azure AD Use Cases:

Azure AD can authorize and authenticate to multiple source.

Active directory vs Azure Active directory:

Active directory terminology:

Tenant: A tenant represented as an organization in Azure Active Directory.

-->A tenant is automatically created when we signup for Microsoft Azure,Microsoft Intune or Microsoft 365.

-->Each tenant is distinct and separate from other azure ad tenants.

Domain services: When moving from on-prem to cloud, AD does not support some domain service. Hence, Azure AD DS provides managed domain service.

AD Connect: is a hybrid service to connect your on-premise Active Directory to your Azure Account.

Features of AD Connect:

a) password has sync:

b) pass-throug authen:

c) federation integration:

d) synchronization:

e) health monitoring: AD connect health

AD - User: It represent an identity for a person or employee in our domain.

User: A user is generated inside a tenant to access azure resource

Guest user: A guest user is an user invited to access the limited resouce of Azure

AD Groups:

AD Assign access rights:

Direct assign

group assign

rule-base assignment

external authority assignment

External AD : it allows users from outside of the org to access our apps and resources.

LAB 01:

Creating a Tenant

Tenant is actually logical division of the users in an organization.

Microsoft Entra Id is new name for active directory.

One cannot create a B2B in Free tier.

Go to configuration

Missed the option of Choosing the user type: Hence B2C is paid and B2B comes with P1, P2 package.

User and group:

Ideally, before you create a user, you need to create a group. There is no hard and fast rule, but during user creation the option is there to choose one group.

deleted user remains in the deleted user list for 30 days before it gets deleted from the tenant, which could restored within 30 days of deletion.

It also has dynamic groups features for P1 and P2.

Guest user :

make us invite user from another tenant.

In order to create a guest user one must invite the user using the email id using create user.

Mass Import:

We can mass import users uploading the CSV template. So to create bulk users at once.

MFA: disabled for free version.

Only available for P1 and P2.

Can create MFA for users for secure login.

Could be done for bulk user, in bulk update.

Self-service password:

User can reset password by themself going to the password reset section.

Can be used using P1 and P2.

AZURE AD Cheat Sheet:

Azure #ActiveDirectory azure-active-directory