Hello and welcome back to Cyber Aires. Microsoft Azure Administrator A Z 103 course. I'm Will Carlson, your instructor. And this is Episode 47 as your active directory.
In today's episode, we're gonna talk about what as your a d really is and what some of the benefits are of deploying and using Azure 80.
We're also gonna talk about some of the differences between what you may be more familiar with an active directory. Domain service is running in your on premise environment versus what's available to us and what azure A. D. It's actually all about.
We're also gonna go through and talk about the different skews or versions available of Azure 80 that are available to us and what some of the benefits and advantages of each of those versions is going to be.
The first thing we're gonna talk about is what, exactly is as your active directory,
essentially, as your actor directory is going to be Microsoft's multi tenant, cloud based
directory and identity management service.
Now, this is a little bit different from what you're familiar with an active directory domain service's most of us know at a D. D s as a an identity management service. But there are a whole host of other functionalities that come along with active directory. Domain service is
and those functionalities air not gonna be present in Azure A. D. Because at its core, as your active directory is a cloud based directory and identity management service on Lee, that's its primary goal. Think of things like Single Sign On and Federated Service's That's what, as your 80 is really all about.
So if you already have actor directory, domain service is in your environment than what are the benefits of using Azure A. D at all. Why do we need to bother right?
Well again, one of the primary benefits here is going to be single sign on, and it's going to allow you to single sign on to a whole host of Microsoft Service's
Think Microsoft Dynamics and Office 3 65
And it's also going to allow us to single sign on to multiple different Third party service is as well,
all the way from box to Dropbox sales force, and a whole host of other third party providers can be leveraged using azure, a D single sign on.
In addition, to this as your A D is going to be cross platform. Your users can take advantage of the benefits of Azure 80 regardless of the operating system or the device that they currently use.
You can also use Azure Adie to protect and authenticate two on premise applications from the cloud so you don't have to expose your active directory domain service's environment in order for user's to authenticate to your on premise for clothes.
Another really great feature for any admin is that have worked the help desk or have any contact with the help desk is gonna be the fact that Azure A D allows some self service capabilities both for device registration and even for password resets.
And Grady is also going to help us increase the security and audit ability of our identity. Service is, especially as it leverages and dovetails in with things that we're doing and that our users are attempting to do in the clout as rate. He's gonna help us as administrators keep tabs on all those authentication attempts
and make sure that what's going on is really what we want tohave happening.
One last benefit here of Azure I D is that we simply don't have to recreate the wheel if you already have active directory. Domain service is in your environment. You can extend those service is in tow, azure a D in a secure manner without exposing your active directory. Roaming service is to the public Internet
but still leverage availability of the cloud and the fact that you may have hundreds or even thousands of users and groups already created in your active directory. Domain service is in your on premise infrastructure.
Now that begs the question of what are the differences between azure A. D and what we may already have running in our environment through active directory. Domain service is,
and the first of these is gonna be that Azure A D is a fully managed service.
So think back when you may have had to spin up that initial domain and that domain controller and configure everything and set your group policies and set up your groups and all the O use and setting up active directory. Domain Service's is no small administrative task that requires a lot of planning and time to get implemented an inappropriate way.
Where is azure? A. D is a simply a managed service. We don't have to worry about the hardware that it runs on. We don't have to worry about setting it up. All we have to worry about is getting our users and groups in there. And Microsoft even allows us a number of tools to simplify that workload as well.
But active directory domain service is on prim is something that we have to set up and manage all the way from start to finish as your a d. Being a man service dramatically reduces the amount of work load required to leverage that particular technology.
As your 80 also supports, Federation service is out of the box,
and that's going to allow us to authenticate to various third party solutions. Facebook would be an example. We already talked about sales Forest, Dropbox Box and some of the others as well. We'll look into those single Sign on and Federated Service is in another episode coming up very soon.
But suffice it to say that as your A D supports those things out of the box with very little configuration required on our part as administrators,
it definitely doesn't require us to open out inordinate amount of ports into our public infrastructure because it's all hosted and managed in the cloud by azure A. D.
You also will not find any semblance of curb rose in azure A. D has your a d is going to take advantage of rest a p i queries over http or https. You will not see any instances of L DAP running in Azure a D.
And that's because, as Grady is an identity or is an Internet based identity solution again, has Brady lives in the cloud? It is meant to help us manage and authenticate and authorize cloud based work clothes.
We already talked about the fact that you won't find any l'd up here in Azure a D
now coming up Next. What are the Scuse available to us here in Azure? What are the versions of Azure A. D available to us? And what are the differences between them? Well, we have four skews here of Azure A D,
and the free version is going to be just that. It's a free version of the azure active directory tenant,
and you may already have access to this, and it may already be set up and you might not realize it. If you're using Office 3 65 or Microsoft Dynamics, you already have an azure A D tenants set up, and it's gonna be this free version here. It's going to allow you to manage users and groups.
You're gonna be able to synchronize the azure active directory with your on premise
Service is you're gonna get some basic reports and single sign on across Azure office 3 65 and a host of other software is the service applications. It's really a great tool, but again it is limited being the free version of Azure 80
to step up one. From there, we're gonna begin talking about the basic skew or azure active directory basic. So you're gonna get all the same free features. But you're also going to get some more clouds centric, app accessed, and a really powerful function here is you're gonna be able to assign and do things at the group level.
So in our environment we have office 3 65 And when we were on the free version of Azure Active Directory,
we had to assign licenses to users on an individual basis, and you can probably see how this gets a little bit time consuming.
But with Azure active directory basic, we can assign those licenses based on group membership.
So say, we had some people that just needed the online version of Office 3 65 They could go in one group, and if others needed the client side installs of office 3 65 and a higher licensing level, we could put them in another group. And as your active directory automatically assigns those licenses based on those groups,
we get some additional features here, too, with the basics que of azure active directory.
And it's gonna be self service password reset for Cloud APS.
And you also get the Azure 80 APP proxy. And that's gonna be the piece that lets us publish our on premise Web applications using Azure actor directory as the method to authenticate unauthorized ourselves to those Web app workloads
coming up a level from as Grady Basic, we step into premium P one
again. It's gonna include all of the functions and features of free and basic. But then it adds. On top of that, some more advanced administrations, such as dynamic groups, users, consult service, the groups that their members of, If you allow that,
you're also going to step into the Microsoft Identity Manager, which is an on premise set of tools to help you manage and administer access management on your on premise environment.
And we also added an interesting functionality of cloud right back. So when a user goes in and service is their password, because self service password options as your A D is going to write back that password into your active directory, domain service is on your on premise accounts so that the user's passwords
stay synchronized, even though they've changed them in Azure A. D.
Remember as your A D and active directory Domain service's are separate entities that we have to tie together as administrators. So when a user changes their password and as your a D, it doesn't necessarily change their password in the on premise domain unless we set it up to do so. Using cloud right back.
That leaves us with premium P two, which is the top end offering for Azure A. D. It includes all of the same features is the three packages down below it, But we also get
as your active directory identity protection, which provides some risk based, conditional access controls as two things as such as ah user attempted the law again from a geography that they haven't before, can we go ahead and prompt them at that point to use their multi factor authentication?
We also get access to privilege. Identity management, which, clearly as Pim tends to do,
helps us manage, discover and restrict administrator access into our environment. We also get access here in premium P to two just in time administrative access that can be leveraged across your azure environment to allow administrative access to work loads on a just in time or on an as needed basis.
Coming up in the next videos, we're going to be looking at azure A D and setting up a number of these functions that are offered to us through these different levels of azure active directory. So if these concepts seem a little bit nebulous to you right now, don't fret. We're gonna get our hands in the portal setting some of these things up, and they should become more clear.
I simply wanted to call these things out and more of a slide based format
so you could refer back to these notes and see the overall start structure and architecture of Azure Active directory. It is similar in some ways, toe active directory domain service is, but it is different as well, fundamentally from that previous offering.
So today we talked about the differences between those two. We talked about some of the benefits that Azure Adie allows us to leverage in the cloud, particularly when we also talked about the four skews free basic P one and P two available to us here with Azure active directory
coming up. Next, we're going to go through the relatively basic process of some ways that we can get users and groups created in azure active directory and begin managing as your a D. Thanks so much for joining me today, and I'm looking forward to the next video.