🔥 Check out my documented journey on how to set up Configuration Manager (MECM) and my updated notes on the Azure AZ-104 Exam! 🔥
Posts
Microsoft
Azure
AZ-104
AZ-104 Certification Notes
ExamPro Course Notes
Chapter 2 - Azure Active Directory (Entra ID)
Chapter 2.12 - Azure AD CheatSheet

AZ-104 Certification Notes

Chapter 2.12 - Azure AD CheatSheet

Azure Active Directory CheatSheet

  • Active Directory (AD) is Microsoft's identity and access management service. Helps your employees sign in and access resources
  • Azure Active Directory (Azure AD) is Microsoft's cloud-based version of AD Identity as a Service (IDaaS)
  • Azure Active Directory comes in 4 editions:
    • Free: MFA, SSO, Basic Security and Usage Reports, User Management
    • Office 365 Apps: Company Branding, SLA, Two-Sync between On-Premise and Cloud
    • Premium 1 (P1): Hybrid Architecture, Advanced Group Access, Conditional Access
    • Premium 2 (P2): Identity Protection, Identity Governance
  • Azure AD can authorize and authenticate to multiple sources
    • To your on-premise AD via Azure AD Connect
    • To your web-application via App Registrations
    • Allow users to login with their IpD eg. Facebook or Google via External Identities
    • To Office 365 or Azure Microsoft
  • Active Directory Terminology:
    • Domain: A domain is an area of a network organized by a single authentication database
    • An Active Directory domain: is a logical grouping of AD objects on a network
    • Domain Controller (DC): A domain controller is a server that authenticates user identities and authorizes their access to resources
    • Domain Computer: A computer that is registered with a central authentication database. A domain computer would be an AD Object
    • AD Object: An AD Object is the basic element of Active Directory such as: Users, Groups, Printers, Computers, Shared folders
    • Group Policy Object (GPO): A virtual collection of policy settings. It controls what AD Objects have access to
    • Organization Units (OU): A subdivision within an AD into which you can place users, groups, computers, and other organizational units
    • Directory Service: A directory service, such as Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators. A Directory service runs on a Domain Controller
  • A tenant represents an organization in Azure Active Directory. A tenant is a dedicated Azure AD Service instance. A tenant is automatically created when you sign up for either: Microsoft Azure, Microsoft Intune, Microsoft 365
  • When performing a lift-and-shift of AD to Azure, not all AD features are supported and in that case you need to us AD DS
  • Active Directory Domain Services (AD DS) provides managed domain services (features) such as:
    • Domain joins, Group policies, Lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication
  • Azure AD Connect has the following features:
    • Password hash synchronization - sign-in method, synchronizes a hash of a users on-premises AD password with Azure AD
    • Pass-through authentication — sign-in method, allows users to use the same password on-premises and in the cloud​
    • Federation integration — hybrid environment using an on-premises AD FS infrastructure, for certificate renewal ​
    • Synchronization — Responsible for creating users, groups, and other objects, ensures on-prem and cloud data matches​
    • Health Monitoring — robust monitoring and provide a central location in the Azure portal ← (Azure AD Connect Health) to view this activity​
  • Users represent an identity for a person or employee in your domain. A users has login credentials and can use them to log into the Azure Portal. Azure AD has two kinds of users:
    • Users - A user belongs to your organization
    • Guest Users - A guest user belongs to another organization
  • Groups let the resource owner (or Azure AD directory owner), assign a set of access permissions to all the members of the group, instead of having to provide the rights on-by-one. Groups contain:
    • Owners - has permissions to add and remove members
    • Members - Have permissions to do things
  • Assignment
    • You can assign roles directly to a group
    • You can assign applications directory to a group
  • Request to Join Groups: The group owner can let users find their own groups to join, instead of assigning them. The owner can also set up the group to automatically accept all users that join or to require approval
  • There are four ways to assign resource access rights to your users:
    • Direct assignment: The resource owner directly assigns the user to the resource
    • Group assignment: The resource owner assigns an Azure AD group to the resource, which automatically gives all of the group members access to the resource
    • Rule-based assignment: The resource owner creates a group and uses a rule to define which users are assigned to a specific resource
    • External authority assignment: Access comes from ana external source, such as an on-premises directory or a SaaS app
Chapter 2.11 - External IdentitiesChapter 3 - Introduction to Device Management