User identities ( How ? )
Using Technologies such as MFA and conditional access.
Azure AD PIM ( Privileged Identity Management ) : Restricted evaluated privileges as needed bases.
Azure Monitor (formerly in some ways known as the Log Analytics as well as the vulnerability scanning)
Azure Information Protection : This is a data securing tool ( I can say this in short and easy to remember). Encryption of storages and databases and Azure KeyVault.
Configuring Active Directory:
1. AD Users
2. AAD Connect
3. AD Groups
4. Application Security (Registration, Permissions, Scopes and Consent).
5. Authentication (Password sync, pass-through authentication)
6. Azure MFA
7. Conditional Access
8. Azure Active Directory Identity Protection.
Azure AD PIM
1. Overall and Activation
2. Configuration, Access requests and approval (security wizard, role settings and more).
3. Reviewing access (auditing and access reviews).
Active Directory User management:
Azure AD or Azure Active Directory is the Microsoft cloud based identity and access management service.
As a App developer Azure AD gives you a standard base approach for Adding Single Sign on to your app allowing it to work with your pre-existing credentials.
User Account can be any one of the following types:
A cloud-based user account (Azure Active Directory) otherwise knows as the cloud account.
A synchronized on-prem directory account ( AD ---> AAD ) via Azure AD Connect.
A guest user, also known as a B2B collaboration guest.
We can also gives this User an elevated directory role.
what is directory role ?
some of the example of directory role,
1) User
2) Global administrator
3) Limited administrator.
User can be assigned to any directory role based on the organization level decision.
Azure Active Directory (AD) groups:
Groups examining group and membership types.
There are two types of groups,
1. Security groups ( This way you can give a set of permission to all members at once instead of having to individually add permissions to each member ).
2. Office365 ( provide collaboration by giving members access to a shared mailbox, calendar, sharepoint site, files and more.
When we create a group, we have further options which we can configure.
Specifically, it is membership type, there are three types of the membership types:
1. Assigned
2. Dynamic User
3. Dynamic Device ( security groups only ).
Assigned membership types are static in nature,. The administrator determines group membership. To add or remove members from the group.
with the dynamic membership type,
we can determine group membership by the attribute values or a set of attribute values that exist on a user or a device. We can inbuilt build the queries inside the active directory groups. that determines who will become the member of that group.
if a user or device matches that query, its added to that group. if the attribute changes or removed then the account is removed from the group.
we have to add the query and show that how our membership is built.
we can write/frame using two kinds of the ruler editors,
1. Simple rule
2. advanced rule
Basic points,
1. when using dynamic user or dynamic device membership types, you can only use one at a time.
2. when creating a dynamic device membership type, attributes for the specific devices are examined to determine membership, not the attributes for the devices owner.
what is nested group ?
add a security group to another security group.
there are few limitations for the nested groups.
if you have an existing group with the Assigned membership type
can be converted to the dynamic user membership type.
for example :
you have a group named kaushik
when you click on properties,
group name : kaushik
group type : security group
membership type : Assigned
How to create a group ?
New-AzADGroup -DisplayName "kaushik" -MailNickname "kaushik"
az ad group create --display-name "kaushik" --mail-nickname "kaushik"
we can create group in many ways.
No comments:
Post a Comment