Azure Active Directory : It is Microsoft's cloud-based identity and access management service, which help users to sign in and access resources.
We can use Azure AD to implement SSO.
Types of AD:
1) Free
2) Office 365 Apps
3) Premium 1
4) Premium 2
Cannot create a custom access unless you have premium 1 and premium 2.
Azure AD Use Cases:
Azure AD can authorize and authenticate to multiple source.
Active directory vs Azure Active directory:
Active directory terminology:
Tenant: A tenant represented as an organization in Azure Active Directory.
-->A tenant is automatically created when we signup for Microsoft Azure,Microsoft Intune or Microsoft 365.
-->Each tenant is distinct and separate from other azure ad tenants.
Domain services: When moving from on-prem to cloud, AD does not support some domain service. Hence, Azure AD DS provides managed domain service.
AD Connect: is a hybrid service to connect your on-premise Active Directory to your Azure Account.
Features of AD Connect:
a) password has sync:
b) pass-throug authen:
c) federation integration:
d) synchronization:
e) health monitoring: AD connect health
AD - User: It represent an identity for a person or employee in our domain.
User: A user is generated inside a tenant to access azure resource
Guest user: A guest user is an user invited to access the limited resouce of Azure
AD Groups:
AD Assign access rights:
Direct assign
group assign
rule-base assignment
external authority assignment
External AD : it allows users from outside of the org to access our apps and resources.
LAB 01:
Creating a Tenant
Tenant is actually logical division of the users in an organization.
Microsoft Entra Id is new name for active directory.
One cannot create a B2B in Free tier.
Go to configuration
Missed the option of Choosing the user type: Hence B2C is paid and B2B comes with P1, P2 package.
User and group:
Ideally, before you create a user, you need to create a group. There is no hard and fast rule, but during user creation the option is there to choose one group.
deleted user remains in the deleted user list for 30 days before it gets deleted from the tenant, which could restored within 30 days of deletion.
It also has dynamic groups features for P1 and P2.
Guest user :
make us invite user from another tenant.
In order to create a guest user one must invite the user using the email id using create user.
Mass Import:
We can mass import users uploading the CSV template. So to create bulk users at once.
MFA: disabled for free version.
Only available for P1 and P2.
Can create MFA for users for secure login.
Could be done for bulk user, in bulk update.
Self-service password:
User can reset password by themself going to the password reset section.
Can be used using P1 and P2.
AZURE AD Cheat Sheet:
