Up:: Microsoft Azure Developer Associate AZ-204 2023

Azure Active Directory

Azure AD

  • 06:18:31 Introduction to Azure AD

    • Cloud based identity and access management service
    • Use Cases
    • Terminology
      • Domain
        • Logical grouping of AD objects
      • Domain Controller
        • server that authenticates user identities and authorizes their access to resources
      • Domain Computer
        • registered with a central authentication database.
        • AD Object
      • AD Objects
        • basic element of Active Directory
          • Users
          • Groups
          • Printers
          • Computers
          • Shared Folders
      • Group Policy Object (GPO)
        • Virtual collection of policy settings.
      • Organization Units (OU)
        • Subdivision within an active directory which you can place users, groups, computers and other organizational units.
      • Directory Service
        • Provides methods for storing directory data
        • runs on domain controller
    • Active Directory Tenant
      • represents an organization
      • is a dedicated Azure AD Service instance
      • is automatically created when you sign up for
        • Microsoft Azure
        • Microsoft Intune
        • Microsoft 365
      • is distinct and separate from other Azure AD tenants
    • Active Directory Domain Services
      • Some cases you want to setup your own domain controller
      • When doing a lift and shift from on prem to ms azure and migrating AD, Azure AD does not support some domain services
      • AD DS provides managed domain services
        • Domain joins
        • Group Policies
        • Lightweight directory access protocol (LDAP)
        • Kerberos / NTLM authentication
      • use without the need to deploy, manage and patch domain controllers in the cloud
    • Azure AD Connect
      • Used for connect your on prem AD to your Azure Account
      • Features
        • Password hash sync - sign-in method, sync a hash of a users on-prem AD password with Azure AD
        • Pass-through authentication - sign-in method, allows users to use the same password on prem and in the cloud
        • Federation integration - hybrid environment using an on-prem AD FS infrastructure for certificate renewal
        • Synchronization - Responsible for creating users, groups and other objects, ensures on prem and cloud data matches.
        • Health Monitoring - Azure AD Connect Health
    • Active Directory Users
      • identity for a person or employee
      • has login credentials and can use them to log into the Azure Portal
      • You can
        • Assign roles and administrative roles to users
        • Add users to groups
        • enforce authentication methods such as MFA
        • track user sign ins
        • track devices users logged in from and allow or deny devices
        • Assign Microsoft licenses
      • Two kinds of users:
        • Users
        • Guest Users
    • Active Directory Groups
      • Lets the resource owner assign a set of access permission to all members of a group, instead of having to provide the rights one-by-one.
      • Contains:
        • Owners - can add and remove users
        • Members - permission to do things
      • Assignment
        • can assign roles directly to a group
        • can assign applications directory to a group
      • Request to Join Groups
        • let users find their own groups to join
        • can be set up to require approval or automatically accept all users that join
    • AD Assign Access Rights
      • Four ways to assign resource access rights
        • Direct assignment
        • Group assignment
        • Rule-based assignment
        • External authority assignment
    • External identities
      • allow people outside org to access apps and resources
  • 06:31:02 Create a tenant Follow Along

  • 06:33:56 Upgrade License Follow Along

  • 06:36:41 User and Groups Follow Along

  • 06:40:19 Guest Users Follow Along

  • 06:42:34 Mass Import Follow Along

  • 06:45:27 MFA Follow Along

  • 06:49:33 Self-service reset Password Follow Along

  • 06:52:04 Azure Active Directory Cheat sheet


Additional Metadata