2.14 Introduction to Azure Active Directory

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
18 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
9
Video Transcription
00:00
>> Welcome back. This is the first episode in the series of
00:00
episodes talking about Identity
00:00
and Azure Active Directory.
00:00
My objectives include understanding
00:00
Azure Active Directory and then
00:00
going over some key terminology.
00:00
We'll also jump out to the Azure portal
00:00
and take a look at a quick demo.
00:00
What is Azure Active Directory?
00:00
It's going to be very similar to
00:00
the Active Directory environment
00:00
you might be used to in your on-premises datacenter.
00:00
It is Microsoft's Cloud-based
00:00
Identity and Access Management Service.
00:00
It hosts your user IDs and passwords for
00:00
authenticating to resources that
00:00
your users need access to.
00:00
Those resources could be internal,
00:00
such as corporate applications or the intranet,
00:00
or they could be external resources such as Office 365,
00:00
Azure or other SaaS applications.
00:00
If you already have a subscription to
00:00
another Microsoft services like
00:00
Office 365 or Dynamics CRM Online,
00:00
then you're already using Azure Active Directory.
00:00
Each of these services automatically comes with
00:00
an Azure AD tenant thus the
00:00
core and backbone of the service.
00:00
Azure AD requires licenses
00:00
in order to use the service for sign-in.
00:00
Services like Office 365 automatically come with
00:00
Azure AD licenses to get access to the free features.
00:00
You can then enhance your Azure AD deployment
00:00
by adding paid upgrades.
00:00
The first of these is the Azure AD P1 license,
00:00
which will provide additional features like
00:00
dynamic groups or self-service group management.
00:00
One tier above that is the Azure AD P2 license,
00:00
which includes additional features such as risk-based,
00:00
conditional access or Privileged Identity Management.
00:00
We'll be covering some of these
00:00
concepts in later episodes.
00:00
The important thing to note is that there are
00:00
several tiers of Azure Active Directory,
00:00
and additional capabilities can be added
00:00
on through the purchase of additional licenses.
00:00
There are a couple of key terms I want
00:00
to cover that we haven't discussed yet.
00:00
The first is subscription.
00:00
I've mentioned subscription quite a few
00:00
times when deploying resources,
00:00
but these are important as they are
00:00
how we pay for Azure services.
00:00
Subscriptions are backed by
00:00
credit card and can be used to
00:00
divide up who pays for
00:00
the different resources inside of Azure.
00:00
The next is domains or custom domains.
00:00
When you first create an Azure Active Directory tenant
00:00
or an Office 365 tenant,
00:00
a domain name is created for
00:00
you based on your organization name.
00:00
For this course, we're given
00:00
the name of CybraryAZ300outlook.onmicrosoft.com,
00:00
which ties back to
00:00
the MSA account were created in earlier episodes.
00:00
Every tenant will include
00:00
the.onmicrosoft.com domain name,
00:00
but you can add on your own custom domain names to match
00:00
what you're already using in
00:00
your on-premises environment.
00:00
Finally, there's Global Administrator account.
00:00
This account has all the admin functions
00:00
for Azure AD, and other services.
00:00
This is the account that was
00:00
used when signing up for the service,
00:00
but additional admins can be added to the group later on.
00:00
However, not everyone needs to be
00:00
a global admin and have all that power,
00:00
so there are additional role-based admin groups
00:00
you can place other administrators in.
00:00
We'll take a look at these more in later episodes.
00:00
That does it for a couple of our key concepts.
00:00
Let's jump out to our demo where we're going to
00:00
add a custom domain name to our tenant.
00:00
Here we are back in our Azure portal,
00:00
and if you notice under our Favorites,
00:00
we already have Azure Active Directory fielded so
00:00
let's go in and check out how to add a custom domain.
00:00
Under Manage, we're going to go down to Custom domains.
00:00
You can see the default one here that
00:00
we talked about inside of our slides.
00:00
It is currently available and it is our primary one.
00:00
Let's go ahead and add a custom domain.
00:00
I have a domain here that I want
00:00
to add called AZ300tech.com.
00:00
Before this domain is added,
00:00
we have to verify that we actually own this domain.
00:00
This prevents anyone from
00:00
just adding any domain that they
00:00
may not own to their Azure AD tenant.
00:00
What we get here is a couple of options.
00:00
First, we can create a text record using
00:00
the values provided here by the portal,
00:00
or we can use an MX record to verify our identity.
00:00
Let's go back to the text record.
00:00
I'm going to pause the video for a second to go create
00:00
this record with my DNS registrar,
00:00
where I registered the domain name.
00:00
On the screen, you should be seeing
00:00
the DNS record that I created.
00:00
Now, once this is created,
00:00
it can take a little while to
00:00
propagate before you can verify your domain.
00:00
Let's go ahead and try it real quick,
00:00
and it was successful so we now have
00:00
this custom domain added to our Azure Active Directory.
00:00
We go back, we can see that it is now
00:00
verified, and if we wanted to,
00:00
we could select it and go
00:00
ahead and make it at our primary
00:00
domain name for our tenant.
00:00
There it is. It is now the
00:00
primary for our Azure AD tenant.
00:00
That does it for this demo.
00:00
Let's jump back to the slides so we can wrap this up.
00:00
Coming up next we're going to discuss how we get
00:00
our on-premises identities out
00:00
into Azure AD by using Azure AD Connect.
00:00
See you in the next episode.
Up Next