Interested in a private company training? Request it here.
Azure AD is a modern authentication service that allows you to implement identity and access control solutions for your cloud environment.
You can now use a single identity service for Azure, Office 365, Dynamics 365, Intune and thousands of other (non-)Microsoft applications.
Azure AD is an identity provider in the cloud that can easily be integrated with your on-prem Active Directory deployment.
Azure AD is part of Microsoft Entra, a new product family that combines all Microsoft's identity and access capabilities: Azure AD, Permissions Management and Verified ID.
Different types of objects can be created and managed in Azure AD. User accounts are required for people to gain access to Microsoft online services. Groups can be used to control permissions to various resources. Devices allow you to manage your Windows and mobile systems.
MFA is a very effective method to protect your user accounts. By implementing this feature you will make it
a lot harder for hackers to compromise credentials.
Users can be granted the permission to reset their own password in a secure way.
Roles allow you to control who is allowed to perform admin tasks in your cloud subscriptions.
Azure AD contains a whole list of built-in roles and custom roles can be created. Users can be added to
a role directly or you can use PIM to make them eligible for a role. In this case the user can request
to be added to the role when needed, but acts as a normal, non-admin user otherwise.
Administrative units allow you to organize your directory and limit the number of objects that can
be managed by a specific admin.
As a company you can give external users access to your Microsoft services. These people can sign in with a Azure AD account from their organization or with an Internet identity, like a Facebook or Google account. You can control the identity providers you want to support and what external users can do in your environment.
Securing your identities is a very important aspect of Azure AD management. Identities are the new perimeter and should be protected as such. Azure AD provides various mechanisms to protect your accounts. Conditional access allows you to control under what circumstances users are allowed to access your resources. Identity Protection identifies risky users and risky sign-ins in your organization.
With Azure AD Connect, you can synchronize your on-premises AD accounts to Azure.
Once connected to your on-prem AD, Azure AD supports various sign-in options. This module will give you an overview of the possibilities and takes a closer look at the pros and cons of each method.
Azure AD provides a SSO experience for your users. They can access any application that is registered with Azure AD by signing in only once. Any application can be registered: Gallery applications, on-prem applications, custom developed apps. With Azure AD Application Proxy you can publish on-prem web applications, providing secure access to these webapps from the Internet.
Managing both internal and external users while keeping your data safe can be a very difficult and complex task. With identity governance in Azure AD you can make sure that the right people have the right access to the right resources. You can control and follow up on both the identity and access lifecycle.
Azure Active Directory is a cloud identity solution that provides a set of capabilities to manage users and groups. Azure AD helps secure access to applications such as Microsoft online services (Office 365, Azure, Microsoft Intune, Power BI, ...) and a world of non-Microsoft SaaS applications.
Azure AD can be integrated with your on-prem Active Directory to simplify user management and provide a Single Sign-On experience. Multi-factor authentication adds an extra layer of security to the authentication process. Conditional access policies allow you to control under what circumstances users are allowed to access your resources.
IT Administrators responsible for user management in cloud services like Office 365, Azure, Intune and Dynamics 365.