Scribd
Upload
62 views14 pages

Az 104t00a Enu Powerpoint 01

Uploaded by

trtr5150
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views14 pages

Az 104t00a Enu Powerpoint 01

Uploaded by

trtr5150
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

AZ-104T00A

Module 01: Identity

© Copyright Microsoft Corporation. All rights reserved.


Lesson 01: Azure Active Directory

© Copyright Microsoft Corporation. All rights reserved.


Azure Active Directory

Azure AD Concepts

AD DS vs. Azure Active Directory


Azure Active
Directory Azure Active Directory Editions
Overview
Azure AD Join

Self-Service Password Reset

Review
© Copyright Microsoft Corporation. All rights reserved.
Azure Active Directory

A cloud-based suite of
identity management
capabilities that enables you
to securely manage access to
Azure services and resources
for your users

Provides application
management, authentication,
device management, and
hybrid identity

© Copyright Microsoft Corporation. All rights reserved.


Azure AD Concepts
Concept Description

Identity An object that can be authenticated

Account An identity that has data associated with it

Azure AD account An identity created through Azure AD or another Microsoft cloud service

A dedicated and trusted instance of Azure AD, a Tenant is automatically created when
your organization signs up for a Microsoft cloud service subscription

Azure AD • Additional instances of Azure AD can be created


tenant/directory • Azure AD is the underlying product providing the identity service
• The term Tenant means a single instance of Azure AD representing a single
organization
• The terms Tenant and Directory are often used interchangeably

Azure subscription Used to pay for Azure cloud services


© Copyright Microsoft Corporation. All rights reserved.
AD DS vs Azure Active Directory

Azure AD is primarily an identity solution, and designed for HTTP and HTTPS communications

Queried using the REST API over HTTP and HTTPS. Instead of LDAP

Uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for
authentication (and OAuth for authorization). Instead of Kerberos

Includes federation services, and many third-party services (such as Facebook)

Azure AD users and groups are created in a flat structure, and there are no Organizational
Units (OUs) or Group Policy Objects (GPOs)
© Copyright Microsoft Corporation. All rights reserved.
Azure Active Directory Editions
Feature Free Microsoft 365 Apps Premium P1 Premium P2
Directory Objects 500,000 objects No object limit No object limit No object limit
Single Sign-On Unlimited Unlimited Unlimited Unlimited
Core Identity and Access X X X X
B2B Collaboration X X X X

Identity & Access for O365 X X X

Premium Features X X
Hybrid Identities X X
Advanced Group Access X X
Conditional Access X X
Identity Protection X
Identity Governance X

© Copyright Microsoft Corporation. All rights reserved.


Azure AD Join

Single-Sign-On to your Enterprise state


Azure managed SaaS roaming of user settings
apps and services across joined devices

Access to Microsoft
Windows Hello support
Store for Business

Restriction of access
Seamless access to
to apps from only
on-premises resources
compliant devices

© Copyright Microsoft Corporation. All rights reserved.


Self-Service Password Reset

1. Determine who can use self-service


password reset
1
2
3

2. Choose the number of authentication


methods required and the methods
available (email, phone, questions)

3. You can require users to register for


SSPR (same process as MFA)

© Copyright Microsoft Corporation. All rights reserved.


Lesson 02: Users and groups

© Copyright Microsoft Corporation. All rights reserved.


User Accounts

All users must The account is used for Each user account has additional
have an account authentication and authorization properties

© Copyright Microsoft Corporation. All rights reserved.


Managing User Accounts

Must be Global
User profile Deleted users Sign in and audit
Administrator or User
(picture, job, contact can be restored log information
Administrator to
info) is optional for 30 days is available
manage users
© Copyright Microsoft Corporation. All rights reserved.
Bulk User Accounts

Create the comma-separated Must be signed in as a Global


Azure AD supports bulk user
values (CSV) template you administrator or User
create, delete, and list
can download from the Portal administrator

© Copyright Microsoft Corporation. All rights reserved.


Group Accounts

Group Types Assignment Types


• Security groups • Assigned
• Microsoft 365 groups • Dynamic User
• Dynamic Device (Security groups only)
© Copyright Microsoft Corporation. All rights reserved.

You might also like