Understand Microsoft Entra ID Flashcards
When comparing AD DS with Microsoft Entra ID, it’s important to note the following characteristics of AD DS:
AD DS is a true directory service, with a hierarchical X.500-based structure.
AD DS uses Domain Name System (DNS) for locating resources such as domain controllers.
You can query and manage AD DS by using Lightweight Directory Access Protocol (LDAP) calls.
AD DS primarily uses the Kerberos protocol for authentication.
AD DS uses OUs and GPOs for management.
AD DS includes computer objects, representing computers that join an Active Directory domain.
AD DS uses trusts between domains for delegated management.
When comparing Microsoft Entra ID with AD DS, it’s important to note the following characteristics of Microsoft Entra ID:
Microsoft Entra ID is primarily an identity solution, and it’s designed for internet-based applications by using HTTP (port 80) and HTTPS (port 443) communications.
Microsoft Entra ID is a multi-tenant directory service.
Microsoft Entra users and groups are created in a flat structure, and there are no OUs or GPOs.
You can’t query Microsoft Entra ID by using LDAP; instead, Microsoft Entra ID uses the REST API over HTTP and HTTPS.
Microsoft Entra ID doesn’t use Kerberos authentication; instead, it uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for authentication, and uses OAuth for authorization.
Microsoft Entra ID includes federation services, and many third-party services such as Facebook are federated with and trust Microsoft Entra ID.
The Microsoft Entra ID P1 or P2 tier
provides extra functionality as compared to the Free and Office 365 editions. However, premium versions require additional cost per user provisioning. Microsoft Entra ID P1 or P2 comes in two versions P1 and P2. You can procure it as an extra license or as a part of the Microsoft Enterprise Mobility + Security, which also includes the license for Azure Information Protection and Intune.
Entra ID P1 Self-service group management
It simplifies the administration of groups where users are given the rights to create and manage the groups. End users can create requests to join other groups, and group owners can approve requests and maintain their groups’ memberships.
Entra ID P1 Advanced security reports and alerts.
You can monitor and protect access to your cloud applications by viewing detailed logs that show advanced anomalies and inconsistent access pattern reports. Advanced reports are machine learning based and can help you gain new insights to improve access security and respond to potential threats.
Entra ID P1 Multi-factor authentication.
Full multi-factor authentication (MFA) works with on-premises applications (using virtual private network [VPN], RADIUS, and others), Azure, Microsoft 365, Dynamics 365, and third-party Microsoft Entra gallery applications. It doesn’t work with non-browser off-the-shelf apps, such as Microsoft Outlook. Full multi-factor authentication is covered in more detail in the following units in this lesson.
Entra ID P1 Microsoft Identity Manager (MIM) licensing.
MIM integrates with Microsoft Entra ID P1 or P2 to provide hybrid identity solutions. MIM can bridge multiple on-premises authentication stores such as AD DS, LDAP, Oracle, and other applications with Microsoft Entra ID. This provides consistent experiences to on-premises line-of-business (LOB) applications and SaaS solutions.
Entra ID P1 Enterprise SLA of 99.9%.
You’re guaranteed at least 99.9% availability of the Microsoft Entra ID P1 or P2 service. The same SLA applies to Microsoft Entra Basic.
Entra ID P1 Password reset with writeback.
Self-service password reset follows the Active Directory on-premises password policy.
Entra ID P1 Cloud App Discovery feature of Microsoft Entra ID.
This feature discovers the most frequently used cloud-based applications.
Entra ID P1 Conditional Access based on device, group, or location.
This lets you configure conditional access for critical resources, based on several criteria.
Entra ID P1 Microsoft Entra Connect Health.
You can use this tool to gain operational insight into Microsoft Entra ID. It works with alerts, performance counters, usage patterns, and configuration settings, and presents the collected information in the Microsoft Entra Connect Health portal.
Entra ID P2 Microsoft Entra ID Protection.
This feature provides enhanced functionalities for monitoring and protecting user accounts. You can define user risk policies and sign-in policies. In addition, you can review users’ behavior and flag users for risk.
Entra ID P2 Microsoft Entra Privileged Identity Management.
This functionality lets you configure additional security levels for privileged users such as administrators. With Privileged Identity Management, you define permanent and temporary administrators. You also define a policy workflow that activates whenever someone wants to use administrative privileges to perform some task.
Microsoft Entra Domain Services provides several benefits for organizations, such as:
Administrators don’t need to manage, update, and monitor domain controllers.
Administrators don’t need to deploy and manage Active Directory replication.
There’s no need to have Domain Admins or Enterprise Admins groups for domains that Microsoft Entra ID manages.