Identity : Azure AD Flashcards
Azure AD: Identity
An object that can get authenticated
Azure AD: Account
An identity that has data associated with it. You can’t have an account without an identity.
Azure AD: Azure AD Account.
An identity created through Azure AD or another Microsoft cloud service, such as Microsoft 365.
Identities are stored in Azure AD and accessible to your organization’s cloud service subscriptions.
This account is also sometimes called a Work or school account.
Azure AD: Azure subscription.
Azure subscription. Used to pay for Azure cloud services. You can have many subscriptions and they’re linked to a credit card.
Azure AD: Azure tenant/directory.
A dedicated and trusted instance of Azure AD, a Tenant is automatically created when your organization signs up for a Microsoft cloud service subscription.
Azure Directory Domain Services
Is the traditional deployment of Windows Server-based Active directory on a physical or virtual server.
Azure Active Directory (Azure AD) vs Azure Directory Domain Services (AD DS)
Azure AD is a managed service.
You only manage the users, groups, and policies.
Deploying AD DS with virtual machines using Azure means that you manage the deployment, configuration, virtual machines, patching, and other backend tasks.
Azure AD Free Pricing Tier
Provides user and group management (500k directory objects)
SSO
Basic reports
Azure AD: Azure Microsoft 365 Apps Service Pricing Tier
Free + identity & access management of Microsoft 365 apps
Azure Active Directory Premium P1 (pricing tier)
lets your hybrid users access both on-premises and cloud resources.
It also supports advanced administration,
dynamic groups,
self-service group management
Microsoft Identity Manager (an on-premises identity and access management suite)
cloud write-back capabilities, which allow self-service password reset for your on-premises users.
Azure Active Directory Premium P2. (Pricing tier)
In addition to the Free and P1 features, P2 also offers Azure Active Directory Identity Protection to help provide risk-based Conditional Access to your apps and critical company data. Privileged Identity Management is included to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.
Azure AD Join
designed to provide access to organizational apps and resources and to simplify Windows deployments of work-owned devices.
Joining a device
is an extension to registering a device.
Joining provides the benefits of registering and changes the local state of a device.
Changing the local state enables your users to sign-in to a device using an organizational work or school account instead of a personal account.
Self-service Password Reset (SSPR)
gives the users the ability to bypass the helpdesk and reset their own passwords.
Self-Service Password Reset (SSPR) Authentication methods
pick the number of authentication methods required to reset a password and the number of authentication methods available to users.
At least one authentication method is required to reset a password.
You can choose from email notification, a text, or code sent to user’s mobile or office phone, or a set of security questions.
Azure AD Users: Cloud Identities
These users exist only in Azure AD
Examples are administrator accounts and users that you manage yourself
Azure AD Users: Directory-synchronized identities.
These users exist in an on-premises Active Directory.
A synchronization activity that occurs via Azure AD Connect brings these users in to Azure.
Their source is Windows Server AD (WS AD).
Azure AD Users: Guest Users
These users exist outside Azure. (e.g, other cloud provider, Xbox LIVE account).
Their source is Invited user.
This type of account is useful when external vendors or contractors need access to your Azure resources.
Azure AD Bulk User Accounts
Using The Bulk Create option in the portal.
Fill out the CSV template.
Things to Note:
Establish naming conventions. (e.g., Smith.John@contoso.com)
Conventions for initial passwords.
Azure AD Group Accounts: Security Group
Used to manage member and computer access to shared resources for a group of users.
Azure AD Group Accounts: Microsoft 365 groups.
Provide members access to shared mailbox, Calender, files, SharePoint etc.
People outside of the org can have access to this group.
Azure AD: Adding Members to Groups: Assigned (Membership Type)
Lets you add specific users to be members of this group and to have unique permissions
Azure AD: Adding Members to Groups: Dynamic User (Membership Type)
Lets you use dynamic membership rules to automate the adding and removing of members.
Azure AD: Adding Members to Groups: Dynamic Device (Membership Type)
Lets you use dynamic group rules to automatically add and remove devices.
