Azure Active Directory Overview
Azure AD is a modern authentication service that allows you to implement identity and access control solutions for your cloud environment.
You can now use a single identity service for Azure, Office 365, Dynamics 365, Intune and thousands of other (non-)Microsoft applications.
Azure AD is an identity provider in the cloud that can easily be integrated with your on-prem Active Directory deployment.
Azure AD is part of Microsoft Entra, a new product family that combines all Microsoft's identity and access capabilities: Azure AD, Permissions Management and Verified ID.
- Microsoft Entra Overview
- Azure AD Overview
- Azure AD Editions
- Directories and Domains
- Add a custom domain to Azure AD
- LAB: Azure Active Directory Overview
Azure AD Users, Groups and Devices
Different types of objects can be created and managed in Azure AD. User accounts are required for people to gain access to Microsoft online services.
Groups can be used to control permissions to various resources. Devices allow you to manage your Windows and mobile systems.
- User Management
- Group Management
- Dynamic Groups
- Role Assignable Groups
- Group Settings
- Device Management
- LAB: Azure AD Users, Groups and Devices
Azure AD Features
MFA is a very effective method to protect your user accounts. By implementing this feature you will make it
a lot harder for hackers to compromise credentials.
Users can be granted the permission to reset their own password in a secure way.
- Multi-Factor Authentication
- Password Management
- Company Branding
- LAB: Azure AD Features
Azure AD Roles
Roles allow you to control who is allowed to perform admin tasks in your cloud subscriptions.
Azure AD contains a whole list of built-in roles and custom roles can be created. Users can be added to
a role directly or you can use PIM to make them eligible for a role. In this case the user can request
to be added to the role when needed, but acts as a normal, non-admin user otherwise.
Administrative units allow you to organize your directory and limit the number of objects that can
be managed by a specific admin.
- Azure AD Roles
- Administrative Units
- Privileged Identity Management
- LAB: Azure AD Roles
Azure AD External Identities
As a company you can give external users access to your Microsoft services. These people can sign in
with a Azure AD account from their organization or with an Internet identity, like a Facebook or Google account.
You can control the identity providers you want to support and what external users can do in your environment.
- External Identities Overview
- Identity Providers
- B2B Collaboration
- Manage B2B Access
- B2B Direct Connect
- Azure AD B2C
- LAB: Azure AD External Identities
Azure AD Securing Identities
Securing your identities is a very important aspect of Azure AD management. Identities are the new perimeter
and should be protected as such. Azure AD provides various mechanisms to protect your accounts.
Conditional access allows you to control under what circumstances users are allowed to access your resources.
Identity Protection identifies risky users and risky sign-ins in your organization.
- Single Sign On
- Identity Protection
- Conditional Access
- LAB: Azure AD Securing Identities
Azure AD Connect
With Azure AD Connect, you can synchronize your on-premises AD accounts to Azure.
- Directory Synchronization
- Azure AD Connect
- Azure AD Sync Options
- Azure AD Connect Health
- LAB: Azure AD Connect
Azure AD Authentication Options
Once connected to your on-prem AD, Azure AD supports various sign-in options. This module will give you
an overview of the possibilities and takes a closer look at the pros and cons of each method.
- Password Hash Sync
- Pass-Through Authentication
- Seamless Single Sign On
- Compare Authentication Solutions
- LAB: Azure AD Authentication Options
Azure AD Application Management
Azure AD provides a SSO experience for your users. They can access any application that is registered with Azure AD by signing in only once.
Any application can be registered: Gallery applications, on-prem applications, custom developed apps.
With Azure AD Application Proxy you can publish on-prem web applications, providing secure access to these webapps from the Internet.
- Application Management Overview
- Gallery Applications
- Azure AD Application Proxy
- Custom Developed Applications
- Managed Identities
- LAB: Azure AD Application Management
Azure AD Identity Governance
Managing both internal and external users while keeping your data safe can be a very difficult and complex task.
With identity governance in Azure AD you can make sure that the right people have the right access to the right resources.
You can control and follow up on both the identity and access lifecycle.
- Azure AD Identity Governance Overview
- Azure AD Entitlement Management
- Access Packages
- Connected Organizations
- Access Reviews
- LAB: Azure AD Identity Governance
Azure Active Directory is a cloud identity solution that provides a set of capabilities to manage users and groups. Azure AD helps secure access to applications such as
Microsoft online services (Office 365, Azure, Microsoft Intune, Power BI, ...) and a world of non-Microsoft SaaS applications.
Azure AD can be integrated with your on-prem Active Directory to simplify user management and provide a Single Sign-On experience.
Multi-factor authentication adds an extra layer of security to the authentication process.
Conditional access policies allow you to control under what circumstances users are allowed to access your resources.
IT Administrators responsible for user management in cloud services like Office 365, Azure, Intune and Dynamics 365.