Microsoft Azure Security Technologies (AZ-500): Azure Active Directory

aDZwk.png (1458×1121) (imgur.com)

Introduction to Azure Active Directory (Azure AD)

Official AAD URL: login.microsoftonline.com

Azure Active Directory (Azure AD) is Microsoft’s cloud-based directory and identity management service that allows us to use single sign-on (SSO) access to thousands of cloud SaaS applications like Office365.

What kind of identities we can create on Azure?

• Cloud only (identities are created on cloud)
• Sync from Windows Server AD (on-premise or hybrid)
• Guest users (@gmail, @outlook, etc.)
• Federated or SSO (Users can use same identity on Azure and AWS)

What can you do under Azure AD?

• Configure per-user MFA [1], additional cloud-based MFA settings [2], self-password reset (including authentication methods like email, mobile app notification, security questions), add new user and check user’s identity under “Users” section.
• Create custom domain under “Custom Domain Names”.
• Check a device state if it is AzureAdJoined, EnterpriseJoined or DomainJoined under “Devices”. [3]
• Create or assign custom administrative roles under “Roles and Administrators”.
• Create user group where we can assign license and set expiration time under “Group” for “Security Group” and “O365 Group”. [4]

References

[1] Enable per-user Multi-Factor Authentication — Azure Active Directory | Microsoft Docs

[2]Microsoft Azure Security Technologies (AZ-500): Additional Cloud-Based MFA Settings — goay xuan hui — Medium

[3] Troubleshoot using the dsregcmd command — Azure Active Directory | Microsoft Docs

[4] Microsoft Azure Security Technologies (AZ-500): Azure AD Group Accounts | by goay xuan hui | Jun, 2021 | Medium