Microsoft Azure Active Directory

Azure Active Directory

Azure AD is a cloud-based identity and access management service.
Purpose: Provides secure access to resources and applications, both on-premises and in the
cloud.
Key Features of Azure AD

Multi-Factor Authentication (MFA): Adds an

extra layer of security by requiring multiple forms
of verification.
Single Sign-On (SSO): Allows users to access
multiple applications with one set of credentials.
Conditional Access: Controls access based on
specific conditions like user location, device state,
etc.
Self-Service Password Reset: Enables users to
reset their passwords without IT assistance.

Device Management: Manages and secures

devices accessing corporate resources.
Authentication
Protocols
OAuth 2.0
A protocol used for token-based authentication.
Allows applications to access resources on behalf of a user.
Widely used for authorizing third-party services without exposing
credentials.
OpenID Connect
An identity layer built on top of OAuth 2.0.
Adds user authentication to OAuth 2.0, providing user identity
data.
Commonly used in apps for login purposes (like "Sign in with
Google").
SAML 2.0
A standard for single sign-on (SSO) between identity and service
providers.
Uses XML-based messages to exchange authentication and
authorization data.
WS- Federation: Lets you log in once and use several websites
Integration Capabilities

MICROSOFT 365 INTEGRATION: SEAMLESS

INTEGRATION WITH MICROSOFT 365 SERVICES.

THIRD-PARTY APPLICATIONS: SUPPORTS

THOUSANDS OF THIRD-PARTY APPLICATIONS.
ON-PREMISES INTEGRATION: INTEGRATES WITH ON-
PREMISES ACTIVE DIRECTORY USING AZURE AD
CONNECT.
Security Features

01 02 03
Identity Privileged Access Reviews:
Protection: Uses Identity Regularly reviews
machine learning Management and certifies
to detect and (PIM): Manages, access to
respond to controls, and resources.
identity-based monitors access to
threats. critical resources.
Deployment and
Management

Azure AD Connect: Tool to

synchronize on-premises directories
with Azure AD.
Admin Portal: Centralized
management through the Azure
portal.
APIs and SDKs: Provides APIs and
SDKs for custom application
development.
Azure AD is Microsoft Intune: Provides mobile device and application
management for enforcing security policies and
Essential for the
configurations.
Windows Autopilot: Enables the automated provisioning
Following Services
and configuration of new Windows devices for users.

Microsoft 365: Manages user identities and access for

applications like Outlook, Teams, and SharePoint.

Azure Information Protection: Protects sensitive data by

managing user access and implementing encryption policies.
Azure AD B2C: Allows businesses to manage customer
identities and provide secure authentication for their
applications.
Microsoft Defender for Identity: Detects and
investigates suspicious activities related to user identities
and access.
Conditional Access: Implements policies to control user
access based on conditions such as location and device
compliance.
Identity Protection: Monitors user identities for potential
vulnerabilities and provides risk-based conditional access
Summary

Scalability: Easily scalable to meet

organizational needs.
Security: Advanced security features to
protect identities and data.
Integration: Extensive integration
capabilities with various applications and
services.