Microsoft Azure Security Technologies (AZ-500): Azure Active Directory
Introduction to Azure Active Directory (Azure AD)
Official AAD URL: login.microsoftonline.com
Azure Active Directory (Azure AD) is Microsoft’s cloud-based directory and identity management service that allows us to use single sign-on (SSO) access to thousands of cloud SaaS applications like Office365.
What kind of identities we can create on Azure?
- Cloud only (identities are created on cloud)
- Sync from Windows Server AD (on-premise or hybrid)
- Guest users (@gmail, @outlook, etc.)
- Federated or SSO (Users can use same identity on Azure and AWS)
What can you do under Azure AD?
- Configure per-user MFA [1], additional cloud-based MFA settings [2], self-password reset (including authentication methods like email, mobile app notification, security questions), add new user and check user’s identity under “Users” section.
- Create custom domain under “Custom Domain Names”.
- Check a device state if it is AzureAdJoined, EnterpriseJoined or DomainJoined under “Devices”. [3]
- Create or assign custom administrative roles under “Roles and Administrators”.
- Create user group where we can assign license and set expiration time under “Group” for “Security Group” and “O365 Group”. [4]
References
[1] Enable per-user Multi-Factor Authentication — Azure Active Directory | Microsoft Docs
[3] Troubleshoot using the dsregcmd command — Azure Active Directory | Microsoft Docs