AAD Flashcards
AAD SKU
- FREE
- OFFICE 365 Apps
- Premium P1
- Premium P2
AAD Principals
User Principal
Service Principal - access is restricted by the roles
Managed Identity
Azure Management Groups
7 levels of hierarchy
Comes on top of Subscriptions
Each management group and subscription can only support one parent.
Each management group can have many children.
By default, the root management group’s display name is Tenant root group
Root management group can’t be moved or deleted, unlike other management groups.
Azure AD Global Administrators can elevate the access to RMG
Azure Hierarchy
- RMG
- Management Groups
- Subscriptions
- Resource Groups
- Resources
Azure RBAC/Policies and Mgmt Groups
All subscription objects within a management group receives a copy of the role-based access control and policy settings applied to the management group.
Azure Subscription
Logical entity that provides entitlement to deploy and consume Azure resources
Logical collection of Azure resources.
Each asset in Azure is deployed to a single subscription.
Administrative security boundary that supports Role-Based Access Control.
Each Azure Subscription has its own Administrators
Global and can contain resources from multiple regions
Azure subscription types
- EA (Enterprise Agreement ) - Volume licensing
program, 3 years , > 500 users - Enterprise Dev/Test
- Pay as you go
- Free Trial
- Cloud Solutions Partner (CSP)
AAD Premium P1 SKU
- Cost
Cost : $6 user/month
- SSO & MFA
- Advanced group access management
- Sync to on-premises AD
AAD Premium P2 SKU
- Cost
Cost : $9 user/month
Azure Identity Protection
- Risky Account Detection
- Risk Investigation
- Risk based Conditional Access
Azure Identity Governance.
- PIM
- Access Reviews
- Entitlement Management
Add custom domains
Initial domain name (immutable) : domainname.onmicrosoft.com.
Can add custom domain names.
Requires setting a TXT/MX record for the domain
- TXT Record with Alias (@), Destination and TTL
- MX Record with Alias (@), Destination, TTL and Priority
Verify from Azure portal
Azure AD Roles - WHO CAN DO IT
Azure Roles
Owner : Can assign users
Contributor : Cannot assign users
Reader
..
Backup Operator
Security Reader