Up:: Microsoft Azure Developer Associate AZ-204 2023
Azure Active Directory
Azure AD
-
06:18:31 Introduction to Azure AD
- Cloud based identity and access management service
- Use Cases
- Terminology
- Domain
- Logical grouping of AD objects
- Domain Controller
- server that authenticates user identities and authorizes their access to resources
- Domain Computer
- registered with a central authentication database.
- AD Object
- AD Objects
- basic element of Active Directory
- Users
- Groups
- Printers
- Computers
- Shared Folders
- basic element of Active Directory
- Group Policy Object (GPO)
- Virtual collection of policy settings.
- Organization Units (OU)
- Subdivision within an active directory which you can place users, groups, computers and other organizational units.
- Directory Service
- Provides methods for storing directory data
- runs on domain controller
- Domain
- Active Directory Tenant
- represents an organization
- is a dedicated Azure AD Service instance
- is automatically created when you sign up for
- Microsoft Azure
- Microsoft Intune
- Microsoft 365
- is distinct and separate from other Azure AD tenants
- Active Directory Domain Services
- Some cases you want to setup your own domain controller
- When doing a lift and shift from on prem to ms azure and migrating AD, Azure AD does not support some domain services
- AD DS provides managed domain services
- Domain joins
- Group Policies
- Lightweight directory access protocol (LDAP)
- Kerberos / NTLM authentication
- use without the need to deploy, manage and patch domain controllers in the cloud
- Azure AD Connect
- Used for connect your on prem AD to your Azure Account
- Features
- Password hash sync - sign-in method, sync a hash of a users on-prem AD password with Azure AD
- Pass-through authentication - sign-in method, allows users to use the same password on prem and in the cloud
- Federation integration - hybrid environment using an on-prem AD FS infrastructure for certificate renewal
- Synchronization - Responsible for creating users, groups and other objects, ensures on prem and cloud data matches.
- Health Monitoring - Azure AD Connect Health
- Active Directory Users
- identity for a person or employee
- has login credentials and can use them to log into the Azure Portal
- You can
- Assign roles and administrative roles to users
- Add users to groups
- enforce authentication methods such as MFA
- track user sign ins
- track devices users logged in from and allow or deny devices
- Assign Microsoft licenses
- Two kinds of users:
- Users
- Guest Users
- Active Directory Groups
- Lets the resource owner assign a set of access permission to all members of a group, instead of having to provide the rights one-by-one.
- Contains:
- Owners - can add and remove users
- Members - permission to do things
- Assignment
- can assign roles directly to a group
- can assign applications directory to a group
- Request to Join Groups
- let users find their own groups to join
- can be set up to require approval or automatically accept all users that join
- AD Assign Access Rights
- Four ways to assign resource access rights
- Direct assignment
- Group assignment
- Rule-based assignment
- External authority assignment
- Four ways to assign resource access rights
- External identities
- allow people outside org to access apps and resources
-
06:31:02 Create a tenant Follow Along
-
06:33:56 Upgrade License Follow Along
-
06:36:41 User and Groups Follow Along
-
06:40:19 Guest Users Follow Along
-
06:42:34 Mass Import Follow Along
-
06:45:27 MFA Follow Along
-
06:49:33 Self-service reset Password Follow Along
-
06:52:04 Azure Active Directory Cheat sheet
Additional Metadata
- Type::#type/note
- Origin:: Microsoft Azure Developer Associate AZ-204 2023
- Status::
- Tags::