Identity Security - Azure Active Directory
0 likes•126 views
This document provides an overview of Azure Active Directory (Azure AD) and identity security features in Microsoft 365. It defines Azure AD as Microsoft's cloud-based identity and access management service. It describes key differences between Azure AD and on-premises Active Directory, covers various Azure AD administrative roles, and explains concepts of multi-factor authentication and how to enable it for users in Azure AD.
Identity Security - Azure Active Directory
- 1. Identity Security Azure Active Directory
- 2. Hello! I am Eng Teong Cheah Microsoft MVP 2
- 4. Azure Active Directory(AD) Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in: ◎ External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. ◎ Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization. 4
- 5. Azure AD ◎ Cloud ◎ Designed for HTTP & HTTPS ◎ Queried via REST API’s ◎ Uses SAML, WS-Federation, or OpenID for authentication ◎ Uses OAuth for authentication ◎ Includes federation services ◎ Flat Structure Azure AD vs Active Directory Active Directory ◎ On-Premises ◎ Query via LDAP ◎ Used Kerberos for Authentication ◎ No Federated Services ◎ Organizational Units(OU’s) ◎ Group Policy Object(GPO’s) 5
- 6. Roles for Azure AD Global Administrator Users with this role have access to all administrative features in Azure Active Directory Security Administrator Users with this role have permissions to manage security- related features in the Microsoft 365 Security Center, Security Center, Azure Active Directory Identity Protection, Azure Information Protection and Office 365 Security & Compliance Center. Global Reader Useers in this role can read settings and administrative information across Microsoft 365 services but can’t take management actions. Directory Reader Makes purchases, manage subscriptions, manages support tickets, and monitors service health 6
- 7. Azure AD Domain Services (Azure AD DS) Provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication that is fully compatible with Windows Server Active Directory. 7
- 8. Azure AD Users 8 All users must have an account The account is used for authentication and authorization Types of users: Azure AD, Active Directory, Guest, B2C, and B2B
- 9. Azure AD Groups Group Types ◎ Security groups ◎ Office 365 groups Assignment Types ◎ Assigned ◎ Dynamic User ◎ Dynamic Device (Security groups only) 9
- 10. Azure MFA Concepts Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan. 10
- 11. Azure MFA Concepts Authentication methods include: ◎ Something you know (typically a password) ◎ Something you have (a trusted device that is not easily duplicated, like phone) ◎ Something you are (biometrics) 11
- 12. Enabling MFA Select the users that you want to modify and enable for MFA User states can be Enabled, Enforced, or Disabled On first-time sign-in, after MFA has been enabled, users are prompted to configure their MFA settings 12 Azure MFA is included free of charge for global administrator security
- 13. MFA Settings Trusted IPs – Allows federated users or IP address ranges to bypass two-step authentication One-time Bypass – Allows a user to authenticate a single time without performing two-step verification Fraud Alerts – Users can report fraudlent attempts to access their resources 13
- 15. Thanks! Any questions? You can find me at: @walkercet 15