In this post, I am going to share some quick tips, including Q/A’s and useful links from Day 1 of our recently launched new batch of Microsoft Azure Solutions Architect(AZ-303), in which we have 25+ hands-on labs of AZ-303 and 12+ hands-on labs of AZ-304 in the course.
On our Day 1 Live Session, we covered Azure Active Directory, Azure AD Concepts, Azure AD Join, Azure AD Connect, Azure Identity Protection, Azure Conditional Access, Azure Multi-Factor Authentication.
We also covered hands-on Lab 2 out of our 25+ extensive labs(AZ-303).
So, here are some of the Q/A asked during the Live session from Module 1: Implement Azure Active Directory and Implement Storage Accounts.
Azure Active Directory
Azure Active Directory is a Microsoft cloud-based identity and access management service, which helps your employees sign in and access resources in:
- External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
- Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.
Check More on: Azure Active Directory.
Azure AD Concepts
Identity: Anything that can be authenticated. It can be a user with a username & password, applications, or other services that require authentication.
Account: Identity with data associated.
Azure AD Account: Identity created using Azure AD or other Microsoft cloud services.
Azure Tenant: An Instance of Azure AD created when an organization signs up for a Microsoft Cloud service subscription.
Azure AD Directory: Each Azure Tenant has a dedicated and trusted Azure AD Directory.
Users: Azure AD defines users in three ways:
- Cloud identities: These users exist only in Azure AD. Examples are administrator accounts and users that you manage yourself.
- Directory-synchronized identities: These users exist in an on-premises Active Directory. A synchronization activity that occurs via Azure AD Connect brings these users into Azure.
- Guest users: These users exist outside Azure. This type of account is proper when external vendors or contractors need access to your Azure resources.
Groups: Azure AD Groups is a collection of Users which helps the resource owner assign a set of access permissions to all the members of the group instead of having to provide the rights one by one.
User Subscription: To pay for Azure cloud services used.
Q1: What is a Tenant in Azure Active Directory?
Ans: A tenant represents an organization in Azure Active Directory. It’s a dedicated Azure AD service instance that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Microsoft 365. Each Azure AD tenant is distinct and separate from other Azure AD tenants.
Q2: Can Azure AD be used with AWS?
Ans: Yes, you can use it with AWS or any other cloud provider. Azure AD is just an identity provider. As long as your application can communicate with Azure AD, you be used as an authentication provider.
We also have Azure Active Directory single sign-on (SSO) integration with AWS Single-Account Access.
Q3: What is the pricing for Azure Active Directory?
Ans: Azure Active Directory comes in four editions—Free, Office 365 apps, Premium P1, and Premium P2. The Free edition is included with a subscription to a commercial online service, e.g. Azure, Dynamics 365, Intune and Power Platform. The other three editions have their different features, and pricing is different for them also.
Azure AD comparison with Active Directory
Azure Active Directory is a cloud-based identity solution that helps you manage users and applications, Where Active Directory manages objects, like devices and users, on your on-premises network.
Check more on: Azure AD vs Active Directory
Q4: How Active Directory is different from Azure AD? Can you specify key differences?
Answer: Key Differences between Azure AD and Active Directory:
LDAP (Lightweight Directory Access Protocol) is used in Active Directory to make queries, and HTTP/HTTPS is used in Azure Active Directory.
For Authentication, we use Kerberos in On-Prem AD and OAuth or Open ID in Azure Active Directory.
Q5: Can Azure AD be integrated with another Authentication provider like OAuth?
Ans: Yes, Azure Active Directory (Azure AD) supports all OAuth 2.0 flows. Auth 2.0 is directly related to OpenID Connect (OIDC). Since OIDC is an authentication and authorization layer built on top of OAuth 2.0, it isn’t backwards compatible with OAuth 1.0.
Azure AD registered devices
Azure AD registered devices are signed in to using a local account like a Microsoft account on a Windows 10 device. These devices have an Azure AD account for access to organizational resources.
Azure AD Join
Azure AD join allows you to join devices directly to Azure AD without the need to join to on-premises Active Directory while keeping your users productive and secure. Azure AD join is enterprise-ready for both at-scale and scoped deployments.
Azure AD joined devices can still maintain single sign-on access to on-premises resources when they are on the organization’s network.
Check more on Azure AD Join.
Q6: Can a disabled or deleted user sign in to an Azure AD joined device?
Ans: Yes, but only for a limited time. When a user is deleted or disabled in Azure AD, it’s not immediately known to the Windows device. So users who signed in previously can access the desktop with the cached username and password.
Azure AD Connect
It is used to integrate the on-premise directories (Active Directories) with Azure Active Directory, which provides a common identity for accessing both cloud and on-premise resources.
There are various features of Azure AD Connect:
- Password Hash Synchronization.
- Pass-through authentication.
- Synchronization.
- Health Monitoring
Q7: Does Azure AD Connect support syncing from two domains to an Azure AD?
Ans: Yes, We have Multiple Domain Support for Federating with Azure AD.
Azure Identity Protection
Azure Active Directory (Azure AD) Identity Protection helps keep you informed of suspicious users and sign-in behaviour in your environment. Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure AD, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users.
Q8: What is a risky user?
Ans: A user risk or risky user represents the probability that a given identity or account is compromised. You can gauge the probability of compromised user accounts in your environment. A user flagged for risk is an indicator for a user account that might have been compromised.
Q9: Which licensing plan supports Identity Protection?
Ans: You need Azure Active Directory Premium P2 to use Identity Protection.
Conditional Access
Conditional Access is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies. Conditional Access is at the heart of the new identity-driven control plane. Conditional Access policies, at their simplest, are if-then statements. If a user wants to access a resource, then they must complete an action.
Q10: Are Conditional Access policies enforced for B2B collaboration and guest users?
Ans: Policies are enforced for business-to-business (B2B) collaboration users. However, in some cases, a user might not be able to satisfy the policy requirements.
For example, a guest user’s organization might not support multi-factor authentication.
Multi-Factor Authentication(MFA)
Azure Multi-Factor Authentication(MFA) is an addition to a two-step verification process. This becomes quite a challenge for attackers to hack into someone’s ID. Even if the hacker or attacker knows the user ID and password, it is useless without an additional authentication method. This is a trusted security feature that can guarantee the solid security of your accounts. Various methods such as facial recognition, fingerprint access, registered mobile number, etc., are helpful in Multi-Factor Authentication.
Check More on Azure MFA.
Q11: Is there a free version of Azure AD Multi-Factor Authentication?
Ans: Security defaults can be enabled in the Azure AD Free tier. With security defaults, all users are enabled for multi-factor authentication using the Microsoft Authenticator app. There’s no ability to use text message or phone verification with security defaults, just the Microsoft Authenticator app.
Quiz Time (Sample Exam Questions)!
With our Microsoft Azure Solutions Architect training program, we cover 220+ [AZ-303] & 200+[AZ-304] sample exam questions to help you prepare for the certification AZ-303 & AZ-304.
Note: Download the 25 Sample Exam Questions of Microsoft Azure Solutions Architect.
Check out one of the questions and see if you can crack this…
Ques: What is a tenant in Azure AD?
A. A Tenant represents an entire organization.
B. A Tenant represents a user in an organization.
C. A Tenant represents a geographic location in an organization.
The right answer will be revealed in my next week’s blog.
Feedback
We always work on improving and being the best version of ourselves from the previous session hence constantly ask feedback from our attendees.
Here’s the feedback that we received from our trainees who had attended the session…
Related/References
- Azure Firewall vs Azure Network Security Group
- Introduction to ARM Templates: Learn, Create and Deploy in Azure
- Top 10 Best Practices for Azure Security in 2021
- Tips To Prepare Exam AZ-304: Microsoft Azure Architect Design
Next Task For You
Are you still feeling confused about where to start or which certification is right for you? Just click on the register now button below to register for a Free Masterclass on Microsoft Azure Solutions Architect Certification, Live Demo & Q/A, which will help you better understand to choose the right path and clear certification exam.
The post [Recap] Day 1: Azure Active Directory [Azure Solutions Architect] [AZ-303/304] appeared first on Cloud Training Program.
