Chapter 5: Identity Flashcards
What are the 3 components of Azure AD Identity?
Principal - unauthenticated entity that seeks authentication
Identity - identity profile that is authenticated using credentials
Authorization - actions that are permitted for an identity to perform
What is an Azure AD tenant?
A reserved Azure AD instance.
An individual tenant must be part of a single geography
You can have different tenants span different geographies.
Every tenant gets its own domain name - @microsoft.com
Organization = Tenant = Directory
Who are the ‘people’ in a tenant? What do they do?
Identity and access management resources
They perform actions on the resources within the subscriptions associated with an Azure AD tenant.
What is the relationship of a tenant to a subscription?
A subscription can be associated with only a single Azure AD tenant at a time.
One tenant can be associated with multiple subscriptions at the same time.
What are the features of Azure AD?
IAM Platform - i identity and access management
Identify Security - multi-factor auth, conditional access policies PIM (assume higher level of privileges for a point in time)
Collaboration & Development - B2B and B2C collaboration
Monitoring - audit logging, security monitoring, identity protection, risk management
Identity integration - SSO, Azure AD Connect, Azure AD Domain Services
Enterprise Access - control access to applications and devices in the cloud
What is the difference between Azure AD and AD?
Azure AD
Uses SAML, OAuth, WS-Federation
Global service
Cloud-based solution
Flat directory structure
AD
Uses Kerberos, LDAP, NTML
Hierarchical
On-premises
What are the steps for designing a Tenant?
Build security foundations - MFA, privileged users, etc.
Populate identity resources - add users, create groups, add devices, setup hybrid identity.
Manage Apps - identify apps to be used from the app gallery, and register apps from on prem.
Monitor and Automate - perform access reviews, automate user lifecycles, monitor admins.
What are the types of users in Azure AD?
Admins - native users with admin role assigned
Members - regular users native to Azure AD
Guest Members - external users invited to Azure AD tenant
All have a set of default permissions
What are the four main methods of creating and managing users?
Create/add users via Azure AD
Bulk add users - using CSV file or bulk add in Azure AD
Update user properties
Invite a guest account
What are the 3 steps to creating and managing users?
Create your type of user
Define role assignment - permissions and access
Define object ownership - apps, devices, groups, resources that are owned
What are user groups?
User groups have similar permissions, licenses, role assignments, etc.
What is the role of the group owner?
Owners manage the group itself
What are the 2 major group types?
Security groups, Microsoft 365 groups
What is a security group?
Used to manage access to shared resources for a group of users
What is a 365 group?
Shared access to give members access to shared mailbox, calendar, files, etc.