Module 1
Module 1
Azure Administrator
Module 1 Identity
AZ-900
Contents
Module 1 Identity
Azure Active Directory
Users and Groups
Module 01 Lab and Review
4
AZ-900
Azure AD Concepts
Identity. A thing that can get authenticated.
An identity can be a user with a username and password.
Identities also include secret keys or certificates.
Account. An identity that has data associated with it.
You cannot have an account without an identity.
Azure AD Concepts
Azure subscription. Used to pay for Azure cloud services.
You can have many subscriptions and they're linked to a credit card.
Azure tenant. A dedicated and trusted instance of Azure AD that's automatically
created when your organization signs up for a Microsoft cloud service subscription,
such as Microsoft Azure, Microsoft Intune, or Office 365.
An Azure tenant represents a single organization.
Azure AD Concepts
Azure AD directory. Each Azure tenant has a dedicated and trusted Azure AD
directory.
The Azure AD directory includes the tenant's users, groups, and apps and is used
to perform identity and access management functions for tenant resources.
Azure AD Join
Azure Active Directory (Azure AD) enables single sign-on to devices, apps, and
services from anywhere.
Azure AD Join is designed provide access to organizational apps and resources
and to simply Windows deployments of work-owned devices.
Azure AD Join
AD Join has these benefits.
● Single-Sign-On (SSO) to your Azure managed SaaS apps and services.
Your users will not have additional authentication prompts when accessing work
resources.
The SSO functionality is available even when users are not connected to the
domain network.
Azure AD Join
AD Join has these benefits.
● Enterprise compliant roaming of user settings across joined devices.
Users don’t need to connect to a Microsoft account (for example, Hotmail) to
observe settings across devices.
● Access to Microsoft Store for Business using an Azure AD account. Your users
can choose from an inventory of applications pre-selected by the organization.
Azure AD Join
● Windows Hello support for secure and convenient access to work resources.
● Restriction of access to apps from only devices that meet compliance policy.
Connection options
To get a device under the control of Azure AD, you have two options:
● Registering a device to Azure AD enables you to manage a device’s identity.
When a device is registered, Azure AD device registration provides the device with
an identity that is used to authenticate the device when a user signs-in to Azure
AD.
You can use the identity to enable or disable a device.
Connection options
To get a device under the control of Azure AD, you have two options:
● Joining a device is an extension to registering a device.
This means, it provides you with all the benefits of registering a device and in
addition to this, it also changes the local state of a device.
Changing the local state enables your users to sign-in to a device using an
organizational work or school account instead of a personal account.
MFA Features
• Get more security with less complexity.
• Mitigate threats with real-time monitoring and alerts.
• Use with Office 365, Salesforce, and more.
• Add protection for Azure administrator accounts. MFA adds a layer of security
to your Azure administrator account at no additional cost.
When it's turned on, you need to confirm your identity to create a virtual
machine, manage storage, or use other Azure services.
Authentication Methods
Authentication Methods
Authentication methods
After enabling password reset for user and groups, you pick the number of
authentication methods required to reset a password and the number of
authentication methods available to users.
At least one authentication method is required to reset a password.
Authentication methods
Group Accounts
Azure AD allows you to define two different types of groups.
Security groups.
These are the most common and are used to manage member and computer access
to shared resources for a group of users.
For example, you can create a security group for a specific security policy.
By doing it this way, you can give a set of permissions to all the members at once,
Group Accounts
Office 365 groups.
These groups provide collaboration opportunities by giving members access to a
shared mailbox, calendar, files, SharePoint site, and more.
This option also lets you give people outside of your organization access to the
group.
This option is available to users as well as admins.
Azure AD Connect
Azure AD Connect will integrate your on-premises directories with Azure Active
Directory.
This allows you to provide a common identity for your users for Office 365, Azure,
and SaaS applications integrated with Azure AD.
Module 01 Lab
Lab 01 - Manage Azure Active Directory Identities.
Objectives
In this lab, you will:
● Task 1: Create and configure Azure AD users.
● Task 2: Create Azure AD groups with assigned and dynamic membership.
● Task 3: Create an Azure Active Directory (AD) tenant.
● Task 4: Manage Azure AD guest users.
Thanks!
Any questions?
You can find me at:
[email protected]
+93 784670845
50