Document Details

InvigoratingCarnelian5090

Uploaded by InvigoratingCarnelian5090

null

Tags

azure administration microsoft cloud identity management

Full Transcript

MST400: Introduction to Microsoft Azure Administration Module 1: Users, Groups and Identities Dr. Hooshang Kazemi Did you already pass the MST300 course? 1. Use your Smartphones or Mobile Devices 2. Go to (https://www.menti.com) 3. Use code 9482169 Which one? A). Yes B). No C). Maybe What...

MST400: Introduction to Microsoft Azure Administration Module 1: Users, Groups and Identities Dr. Hooshang Kazemi Did you already pass the MST300 course? 1. Use your Smartphones or Mobile Devices 2. Go to (https://www.menti.com) 3. Use code 9482169 Which one? A). Yes B). No C). Maybe What is Identity? • Identity is that object or service that gets authenticated. • Can be a User with a username and password, or • An Application or a Services with Secret Key or Certificates. MST400 MST400 Authentication by traditional methods Server MST400 Database MST400 Challenges facing the traditional methods - Security Risks - The need for implementing extensive security features. - Time consuming procedures - Unique user credentials for each application MST400 MST400 Authentication by an Identity Provider Client Azure AD Server MST400 MST400 Azure AD and Personal Applications User MST400 Azure AD MST400 Azure AD and Business Applications User MST400 Azure AD MST400 Azure AD and Azure Resources User MST400 Azure AD MST400 Azure Active Directory MST400 Azure AD is an Identity Provider & Manager Benefits and features: • Single sign-on to any cloud or on-premises web app • Works with iOS, macOS, Android, and Windows devices • Protect on-premises web applications with secure remote access • Easily extend Active Directory to the cloud • Protect sensitive data and applications • Reduce costs and enhance security with self-service capabilities MST400 MST400 Benefits of using an Identity Provider - Centralized management - Lower risk by using additional features like MFA, conditional access, etc. Azure AD Client MST400 MST400 Azure Concepts: What is Account? • An identity that has data associated with it. • You can't have an account without an identity. Azure AD Account: • An identity created through Azure AD or another Microsoft cloud service, such as Microsoft 365. • Identities are stored in Azure AD and accessible to your organization's cloud service subscriptions. • This account is also sometimes called a Work or school account. MST400 MST400 Azure Concepts: What are Tenant and Subscriptions? • Azure tenant/directory: • A default Tenant is automatically created when your organization signs up for a Microsoft cloud services. • More instances of Tenants can be created by creating additional Azure AD. • The term Tenant means a single instance of Azure AD representing a single organization. • The terms Tenant and Directory are often used interchangeably. • Azure subscription: • Used to pay for Azure cloud services. You can have many subscriptions and they're linked to a credit card. MST400 MST400 Azure Active Directory Editions MST400 What are some of the differences between AD and Azure AD? 1. Use your Smartphones or Mobile Devices 2. Go to (https://www.menti.com) 3. Use code 9482169 Which one? A). Yes B). No C). Maybe Difference between AD, Azure AD & Azure AD Services Benefits of Azure AD and On-premises AD Join Single-Sign-On (SSO) to your Azure-managed SaaS apps and services. Your users won't have additional authentication prompts when accessing work resources. The SSO functionality is available even when users are not connected to the domain network. Enterprise compliant roaming of user settings across joined devices. Users don’t need to connect to a Microsoft account (for example, Hotmail) to observe settings across devices. Access to Microsoft Store for Business using an Azure AD account. Your users can choose from an inventory of applications pre-selected by the organization. Windows Hello support for secure and convenient access to work resources. Restriction of access to apps from only devices that meet compliance policy. Seamless access to on-premise resources when the device has line of sight to the on-premises domain controller. MST400 MST400 Self-Service Password Reset (SSPR) • Many helpdesk calls are requests to reset passwords for users. Enabling Self-service password reset • (SSPR) gives the users the ability to bypass the helpdesk and reset their own passwords. MST400 Azure AD defines users in three ways 1. Cloud identities. These users exist only in Azure AD. 2. Directory-synchronized identities. These users exist in an on-premises Active Directory. A synchronization activity that occurs via Azure AD Connect brings these users in to Azure. Their source is Windows Server AD. 3. Guest users. These users exist outside Azure. Examples are accounts from other cloud providers and Microsoft accounts such as an Xbox LIVE account. Their source is Invited user. MST400 Group Accounts in Azure • Azure AD allows you to define two different types of groups: • Security groups. Security groups are used to manage member and computer access to shared resources for a group of users. • Microsoft 365 groups. Microsoft 365 groups provide collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, and more. MST400 Explore PowerShell for group management Create a new group called Developers. New-AzADGroup -DisplayName Developers -MailNickname Developers Retrieve the Developers group ObjectId. Get-AzADGroup Retrieve the user ObjectId for the member to add. Get-AzADUser Add the user to the group. Replace groupObjectId and userObjectId. Add-AzADGroupMember -MemberUserPrincipalName ""[email protected]"" -TargetGroupDisplayName ""MyGroupDisplayName"" Verify the members of the group. Replace groupObjectId. Get-AzADGroupMember -GroupDisplayName "MyGroupDisplayName" MST400 MST400 Thank you! MST400

Use Quizgecko on...
Browser
Browser