AZURE ACTIVE DIRECTORY

Ashwin
0

 What is Azure Active Directory?

Use A Service for managing identities and access in the cloud is called Azure Active Directory (Azure AD). This solution facilitates access to hundreds of additional SaaS apps, the Azure portal, and external resources like Microsoft 365 for your staff members. Additionally, Azure Active Directory enables them to access internal assets like applications on your company intranet network and any cloud apps created for your business.

A Who uses Azure AD?

IT Admin: Based on a company's needs, utilize Azure AD to limit access to your applications and app resources as an IT administrator. For instance, you may utilize Azure AD to make it mandatory for users to provide two-factor authentication before accessing crucial corporate resources.  Additionally, you may automate user provisioning across your current Windows Server AD and your cloud apps, such as Microsoft 365, using Azure AD. Last but not least, Azure AD provides you with strong features to automatically assist in protecting user identities and credentials as well as to satisfy your access governance needs.

App developers: As an app developer, you may utilize Azure AD to provide single sign-on (SSO) to your app, allowing it to interact with a user's pre-existing credentials. Azure AD also has APIs that can be used to build customized app experiences based on existing corporate data.

Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers: You already use Azure AD as a subscriber. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is immediately an Azure AD tenant. You can start managing access to your connected cloud apps right now.

What are the Azure AD licenses?

Azure AD is required for sign-in activities and identity security in Microsoft Online business services such as Microsoft 365 or Microsoft Azure. If you subscribe to any Microsoft Online business service, you will receive Azure AD with all of its complimentary features. Upgrade to Azure Active Directory Premium P1 or Premium P2 licenses to add premium functionality to your Azure AD deployment. The commercial licenses for Azure AD are built on top of your current free directory. For your mobile users, the licenses enable self-service, increased monitoring, security reporting, and safe access.

Free Azure Active Directory. User and group administration, on-premises directory synchronization, basic reporting, self-service password reset for cloud users, and single sign-on across Azure, Microsoft 365, and many popular SaaS apps are all available.

Premium Azure Active Directory P1. In addition to the Free features, P1 provides hybrid users with access to both on-premises and cloud resources. It also supports sophisticated administration features including dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities, which enable on-premises users to change their own passwords.

• Premium Azure Active Directory P2. In addition to the Free and P1 capabilities, P2 includes Azure Active Directory Identity Protection to assist give risk-based Conditional Access to your apps and important enterprise data, as well as Privileged Identity Management to help find, limit, and monitor administrators and their access to resources, as well as just-in-time access when needed.

• Licenses for "pay as you go" features. Additional feature licenses, such as Azure Active Directory Business-to-Customer, are also available (B2C). Identity and access management solutions for customer-facing apps can be provided by B2C

Which features work in Azure AD?

After selecting your Azure AD license, your business will have access to some or all of the following features:

Category

Description

Application management use

Use Application Proxy, single sign-on, the My Apps interface, and Software as a Service (SaaS) apps to manage your cloud and on-premises apps. For further information, read the Application Management documents and How to enable secure remote access to on-premises apps.

Authentication

Manage self-service password reset, Multi-Factor Authentication, a custom prohibited password list, and smart lockout in Azure Active Directory. 

Azure Active Directory for developers creates Create

Create apps that sign in with all Microsoft identities and obtain tokens to use with Microsoft Graph, other Microsoft APIs, or custom APIs. See Microsoft identity platform for further details (Azure Active Directory for developers). 

Business-to-Business (B2B)

Manage your external partners and guest users while preserving control over your business data. 

Business-to-Customer (B2C)

Customize and control how users sign up, sign in, and manage their profiles when using your apps. 

Conditional Access

Manage access to your cloud application.

Device Management

Control how your cloud and on-premises devices access company data. 

Domain services without without

Without the use of domain controllers, add Azure virtual machines to a domain. For further information. 

Enterprise users using

Using groups and administrator roles, you may manage license allocations, app access, and delegation. For further information, visit hybrid hybrid hybrid

Hybrid identity Use

Use Azure Active Directory Connect and Connect Health to offer a single user identity for all resources, independent of location, for authentication and permission (cloud or on-premises). For further information.

Identity governance control control

Control employee, business partner, vendor, service, and app access to manage your organization's identity. You can also conduct access audits. For further information, visit Identity

protection detection detects

Detect possible vulnerabilities impacting the identities of your business, set policies to respond to suspicious acts, and then take necessary measures to remedy them. For further information. 

Managed identities for Azure resources

Give your Azure services an automatically maintained Azure AD identity that can authenticate any Azure AD-supported authentication service, including Key Vault. For further information, please visit. 

Privileged identity management (PIM)

Access inside your business should be managed, controlled, and monitored. This feature provides access to Azure AD and Azure resources, as well as other Microsoft Online Services such as Microsoft 365 or Intune. 

Reports and monitoring

Learn about the security and use patterns in your environment. For further information, please visit.

Terminology:

We recommend examining the following terminologies to better understand Azure AD and its documentation

Term or concept

Description

Identity

Something that can be verified. A user with a username and password is an identity. Applications or other servers that require authentication via secret keys or certificates are also considered identities.

Account

An identity that is linked to data. You can't have an account unless you have an identity. 

Azure AD account sure

Azure AD or another Microsoft cloud service, such as Microsoft 365, is used to generate an identity. Identities are maintained in Azure AD and are available to cloud service subscriptions in your business. This account is also known as a Work or School account.

Account Administrator

This traditional subscription administrator function is the billing owner of a subscription. This position gives you the ability to manage all subscriptions in an account.

Service Administrator

This traditional subscription administrator position grants you access to all Azure resources. This position has the same access as a user with the Owner role at the subscription scope.

Owner

This position assists you in managing all Azure resources, including access. This role is based on a newer authorization mechanism known as Azure role-based access control (Azure RBAC), which allows for fine-grained access management to Azure resources.

Azure AD Global administrator

This admin position is given to the person who created the Azure AD tenancy. Although there can be several Global administrators, only Global administrators can assign administrator privileges to users (including assigning other Global administrators).

Azure subscription

Payment for Azure cloud services. You can have many subscriptions, each of which is tied to a credit card.

Azure tenant

Azure AD instance that is dedicated and trustworthy. When your company joins up for a Microsoft cloud service subscription, the tenant is instantly formed. Microsoft Azure, Microsoft Intune, and Microsoft 365 are examples of these subscriptions. A single organisation is represented by an Azure tenant.

Single tenant

Single tenants are Azure tenants who use other services in a dedicated environment.

Multi-tenant

Multi-tenant Azure tenants access other services in a shared environment across several enterprises.

Azure AD directory

Each Azure tenant has its own Azure AD directory that is secure. The Azure AD directory contains the tenant's users, groups, and applications and is used to manage tenant resources' identity and access.

Custom domain

Every new Azure AD directory has an initial domain name, such as domainname.onmicrosoft.com. You may also use your organization's domain names in addition to the initial name. To the list of your organization's domain names, add the names you use to do business and the names your users use to access your organization's services. Adding custom domain names allows you to build user names that your users will recognise, such as alain@contoso.com.

Microsoft account (also called, MSA)

Personal accounts that allow you to access your Microsoft consumer goods and cloud services. Outlook, OneDrive, Xbox LIVE, and Microsoft 365 are examples of these goods and services. Microsoft's consumer identity account system creates and stores your Microsoft account.

 

Tags

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !