Overview of Azure Active Directory

In this section, we will learn about Azure Active Directory (Azure AD), its benefits, and features.

What is Azure AD?

• Azure AD is a Microsoft multi-tenant cloud-based directory and identity management service for IT admins.

• It provides an affordable, easy-to-use solution to give employees and business partners single sign-on access to thousands of cloud applications like Office 365, Salesforce, Dropbox, Concur, etc.

• For application developers, Azure AD lets you focus on building your application by making it fast and simple to integrate with world-class identity management solutions used by millions of organizations around the world.

Benefits and Features of Azure AD

Single Sign-On Ability

• One of the cool benefits of Azure AD is the single sign-on ability to log into any cloud or on-premises web application.

• This provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, Box etc.

• Users can launch applications from any personalized web-based application panel or mobile app using their existing work credentials.

Extend Your Active Directory to the Cloud

• Another cool thing about Azure AD is the ability to extend your active directory to the cloud.

• You can connect your Azure ID and other on-premises directories to your Azure Active Directory in just a few clicks and maintain a consistent set of users groups passwords and devices across this environment.

Protection

• You can protect your sensitive data and applications so you can enhance application access security with unique identity protection capabilities that provide a consolidated view into suspicious sign-in activity and potential vulnerabilities.

Where to Find Your Azure Active Directory

• You can find your Azure Active Directory in the Azure portal by going to portal.azure.com and logging in.

• On the left-hand side, you will be able to find Azure Active Directory. If you don't see it over here, you can go to the global search box and type in "Azure Active Directory" and click on select to go inside the Azure Active Directory.

Azure AD Concepts

• Identity is a thing that can get authenticated. An identity can be a user with a username and password. Identities also include applications or other servers that might require authentication through secret keys or certificates.

Azure AD Account and Identity

This section explains what an Azure AD account is, how identities are stored in Azure ID, and the characteristics that make it different from Active Directory Domain Services.

Characteristics of Azure AD

• An Azure tenant is a dedicated instance of an Azure ID that's automatically created when your organization signs up for a Microsoft cloud service subscription.

• Each Azure tenant has a dedicated and trusted Azure AD directory that includes the tenant users, groups, and apps used to perform identity and access management functions for the tenant resources.

• An Azure subscription is used to pay for your Azure cloud services. You can have many subscriptions linked to a credit card or your organization's accounts.

• Using Azure ID is quite different from deploying an Active Directory Domain Controller on an Azure virtual machine and adding it to your on-premises domain controller.

Differences between LDAP vs. Azure AD

• Using HTTP/HTTPS-based communication makes querying through LDAP impossible. Instead, REST APIs over HTTP/HTTPS are used.

• Kerberos authentication isn't used in favor of protocols such as SAML, WS-Federation, and OpenID Connect for authentication.

• There are no organizational units or group policy objects (GPOs), but there are federation services and third-party services such as Facebook, LinkedIn, Twitter, Google etc.

Types of Azure Active Directory Editions

This section explains the four different editions of the Microsoft cloud service subscription: Free, Office 365 Apps, Premium P1 & P2.

Features of each edition

Free Edition

• Provides user and group management, on-premises directory synchronization, basic reports, and single sign-on across Azure, Office 365, and many popular SaaS applications.

Office 365 Apps

• Includes all the features of the free edition plus identity and access management for your Office 365 apps including branding MFA group access management and self-service password reset for cloud users.

Premium P1

• Includes all the features of the free edition plus hybrid user access to both on-premises and cloud resources. It also supports advanced administration such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities which allows self-service password reset for your on-premises users.

Premium P2

• No information provided in this transcript.

Azure Active Directory and Azure AD Join

This section covers the benefits of using Azure Active Directory (AD) and Azure AD Join for single sign-on, enterprise compliant roaming, access to Microsoft Store for Business, Windows Hello support, and restriction of access to apps from only devices. It also explains the difference between registering a device and joining a device.

Benefits of Using Azure AD

• Single sign-on enables users to access work resources without additional authentication prompts.

• Enterprise compliant roaming allows user settings to be observed across join devices without connecting to a Microsoft account.

• Access to Microsoft Store for Business is available by using an Azure AD account.

• Windows Hello support provides secure and convenient access to work resources.

• Restriction of access to apps from only devices enforces compliance policy.

Registering vs Joining Devices

• Registering a device enables management of its identity for authentication purposes when signing in to Azure Ready.

• Joining a device extends registration by changing the local state of the device, allowing users to sign in with an organizational account instead of personal accounts.

Azure Multi-Factor Authentication

This section covers what is multi-factor authentication (MFA), its benefits, and how it helps safeguard data and applications while maintaining simplicity for users.

Benefits of MFA

• Provides additional security by requiring a second form of authentication beyond just passwords.

• Delivers strong authentication through easy-to-use methods such as something you know (password), something you have (trusted device), or something you are (biometrics).

• Helps organizations comply with industry standards such as PCI DSS.

• Mitigates credential theft attacks by requiring multiple authentication factors.

Accessing MFA

• Access MFA through the Azure AD portal to see all users who are part of your Azure ID and filter them by enabled or enforced MFA.

Settings for Users

This section covers the settings available for users, including forcing users to provide contact information again, deleting existing app passwords generated for a selected user, and restoring MFA authentication on all remembered devices.

Configuring MFA

• Go to the service settings page to control additional features for MFA.

• Enable app password and whitelist trusted IPs to avoid dual factor authentication prompts.

• Four verification options are available: call to phone, text message to phone, notification through mobile app, and verification code from mobile app or hardware token.

• Hit save after making changes.

Self-service Password Reset

• Enabling self-service password reset allows users to bypass help desk and reset their own password.

• Determine who will be enabled under Azure Active Directory > Password Reset in the portal.

• Three options are available: none selected, specific groups with self-service password reset enabled (recommended), or all users with accounts in your Azure ID tenant.

• Pick the number of authentication methods required to reset the password and choose from email notification, text or code sent to user's mobile or office phone, or security questions.

• Configure security questions by requiring a certain number of questions registered for users in your Azure ID tenant.

Conclusion

The lesson concludes with a summary of what was covered in this lesson and a preview of what will be covered next.

Lesson Summary

• Covered settings for users such as MFA configuration and self-service password reset.

• Four verification options are available for MFA: call to phone, text message to phone, notification through mobile app, and verification code from mobile app or hardware token.

• Three options are available for enabling self-service password reset: none selected, specific groups with self-service password reset enabled, or all users with accounts in your Azure ID tenant.

Preview of Next Lesson

• The next lesson will cover users and groups.