Azure Active Directory Identity Management

Azure Active Directory Overview

Azure AD is a modern authentication service that allows you to implement identity and access control solutions for your cloud environment. You can now use a single identity service for Azure, Office 365, Dynamics 365, Intune and thousands of other (non-)Microsoft applications. Azure AD is an identity provider in the cloud that can easily be integrated with your on-prem Active Directory deployment.
Azure AD is part of Microsoft Entra, a new product family that combines all Microsoft's identity and access capabilities: Azure AD, Permissions Management and Verified ID.

• Microsoft Entra Overview
• Azure AD Overview
• Azure AD Editions
• Directories and Domains
• Add a custom domain to Azure AD
• LAB: Azure Active Directory Overview

Azure AD Users, Groups and Devices

Different types of objects can be created and managed in Azure AD. User accounts are required for people to gain access to Microsoft online services. Groups can be used to control permissions to various resources. Devices allow you to manage your Windows and mobile systems.

• User Management
• Group Management
• Dynamic Groups
• Role Assignable Groups
• Group Settings
• Device Management
• LAB: Azure AD Users, Groups and Devices

Azure AD Features

MFA is a very effective method to protect your user accounts. By implementing this feature you will make it a lot harder for hackers to compromise credentials.
Users can be granted the permission to reset their own password in a secure way.

• Multi-Factor Authentication
• Password Management
• Company Branding
• LAB: Azure AD Features

Azure AD Roles

Roles allow you to control who is allowed to perform admin tasks in your cloud subscriptions. Azure AD contains a whole list of built-in roles and custom roles can be created. Users can be added to a role directly or you can use PIM to make them eligible for a role. In this case the user can request to be added to the role when needed, but acts as a normal, non-admin user otherwise.
Administrative units allow you to organize your directory and limit the number of objects that can be managed by a specific admin.

• Azure AD Roles
• Administrative Units
• Privileged Identity Management
• LAB: Azure AD Roles

Azure AD External Identities

As a company you can give external users access to your Microsoft services. These people can sign in with a Azure AD account from their organization or with an Internet identity, like a Facebook or Google account. You can control the identity providers you want to support and what external users can do in your environment.

• External Identities Overview
• Identity Providers
• B2B Collaboration
• Manage B2B Access
• B2B Direct Connect
• Azure AD B2C
• LAB: Azure AD External Identities

Azure AD Securing Identities

Securing your identities is a very important aspect of Azure AD management. Identities are the new perimeter and should be protected as such. Azure AD provides various mechanisms to protect your accounts. Conditional access allows you to control under what circumstances users are allowed to access your resources. Identity Protection identifies risky users and risky sign-ins in your organization.

• Single Sign On
• Identity Protection
• Conditional Access
• LAB: Azure AD Securing Identities

Azure AD Connect

With Azure AD Connect, you can synchronize your on-premises AD accounts to Azure.

• Directory Synchronization
• Azure AD Connect
• Azure AD Sync Options
• Azure AD Connect Health
• LAB: Azure AD Connect

Azure AD Authentication Options

Once connected to your on-prem AD, Azure AD supports various sign-in options. This module will give you an overview of the possibilities and takes a closer look at the pros and cons of each method.

• Password Hash Sync
• Pass-Through Authentication
• Seamless Single Sign On
• Federation
• Compare Authentication Solutions
• LAB: Azure AD Authentication Options

Azure AD Application Management

Azure AD provides a SSO experience for your users. They can access any application that is registered with Azure AD by signing in only once. Any application can be registered: Gallery applications, on-prem applications, custom developed apps. With Azure AD Application Proxy you can publish on-prem web applications, providing secure access to these webapps from the Internet.

• Application Management Overview
• Gallery Applications
• Azure AD Application Proxy
• Custom Developed Applications
• Managed Identities
• LAB: Azure AD Application Management

Azure AD Identity Governance

Managing both internal and external users while keeping your data safe can be a very difficult and complex task. With identity governance in Azure AD you can make sure that the right people have the right access to the right resources. You can control and follow up on both the identity and access lifecycle.

• Azure AD Identity Governance Overview
• Azure AD Entitlement Management
• Access Packages
• Connected Organizations
• Access Reviews
• LAB: Azure AD Identity Governance