Azure Active Directory Overview

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
19 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:00
>> Hey, everybody. Welcome to
00:00
this module on what I'd like to call Azure IAM,
00:00
otherwise known as identity and access management.
00:00
This is a term that's used
00:00
globally across a lot of different Cloud providers.
00:00
But within Azure specifically,
00:00
the service that predominantly takes
00:00
this role would be Azure Active Directory.
00:00
You might be familiar with Active Directory because
00:00
you work in an environment, and a Windows shop,
00:00
maybe where you have to use
00:00
>> it to manage users, and groups,
00:00
>> and devices that operate
00:00
within that network for that Microsoft environment.
00:00
It's very popular, very common.
00:00
Naturally, Microsoft who created Azure has
00:00
created an environment where
00:00
we can adopt that same concepts.
00:00
But modernize it for the Cloud.
00:00
In this lecture, we're going to be
00:00
covering the basic introduction of what
00:00
Azure Active Directory is, and some of
00:00
the differences that you'll notice between
00:00
Azure Active Directory, and
00:00
the more traditional Active Directory
00:00
that you and I have worked with in the past.
00:00
Few things that we're going to be
00:00
covering are going to be,
00:00
understanding the function and purpose of Azure AD,
00:00
>> understand the key features provided by
00:00
>> Active Directory, and understand
00:00
the purpose of Identity Access Management as a whole.
00:00
Now identity access management
00:00
isn't necessarily a new concept,
00:00
but it may be newer to you.
00:00
It's something that's a lot
00:00
of organizations are leveraging.
00:00
There's a lot of benefits to it, and it allows you to
00:00
scale the management of
00:00
users, and conditional access, and
00:00
such at a very flexible and elastic way.
00:00
Naturally, these two terms do
00:00
work in conjunction with
00:00
>> Cloud technologies quite easily,
00:00
>> the whole idea of the Cloud
00:00
>> is to move very elastically,
00:00
>> to have nimble flexibility,
00:00
and how you grow, and scale things
00:00
to bigger or smaller sizes.
00:00
We want to be able to do that as well for
00:00
our identity management,
00:00
>> for our Active Directory usage.
00:00
>> What is Azure Active Directory?
00:00
Like I said earlier,
00:00
it is Microsoft's Cloud-based identity
00:00
and access management solution.
00:00
It is a more modern version of
00:00
Active Directory for traditional environments
00:00
on-premise are not modern.
00:00
But what I mean by modern, is
00:00
that it is built and retrofitted
00:00
to naturally adopt the Azure Cloud ecosystem.
00:00
The traditional Active Directory
00:00
was not designed to manage cloud services,
00:00
not without something like Azure AD in place.
00:00
We're going to be getting into
00:00
details on that here in a few moments,
00:00
but that's basically what Azure AD is as a whole.
00:00
You're going to be able to use
00:00
it for your organizational management,
00:00
you can manage authentication,
00:00
and authorization just like we
00:00
can typically do that with
00:00
>> traditional Active Directory.
00:00
>> We will still be able to manage corporate resources,
00:00
but here the differentiator would be that we'd
00:00
be able to manage Cloud corporate resources.
00:00
Some features of Azure AD include the IAM platform.
00:00
The identity access management platform.
00:00
We're going to be able to manage Identities Security,
00:00
which is quite nice, because we can detect when things
00:00
are seeming to be a little bit
00:00
funny with particular accounts,
00:00
there are identity scores that
00:00
are embedded in certain security tools within Azure.
00:00
It makes it very easy to detect when
00:00
a particular user might
00:00
be showing indicators of compromise.
00:00
We'll be able to manage Enterprise Access Management,
00:00
Collaboration and Developments,
00:00
Identity Integration, and just overall monitoring.
00:00
Like I said, Azure AD is a very modern tool.
00:00
It does offer a lot of oversight
00:00
>> for the administrators.
00:00
>> You do get a higher level of
00:00
perspective, and the flexibility to zoom in,
00:00
and learn more about
00:00
a particular user or
00:00
group, and how they might have been compromised.
00:00
It's really is a very robust tool.
00:00
I very much enjoy it, and I think you will as well.
00:00
Here are some key differences between
00:00
Azure AD, and traditional Active Directory.
00:00
On the left, we have the key features of Azure AD,
00:00
and on the right, we have Active Directory.
00:00
One thing I do want to note, is that if
00:00
you've worked in an Active Directory environment,
00:00
you've probably heard of a thing called organizational
00:00
units and group policy objects.
00:00
Those do not play a role within Azure AD.
00:00
If you are looking to link in
00:00
a traditional Active Directory and Azure AD,
00:00
you'll still have those
00:00
within your traditional environment,
00:00
but you will not be using those
00:00
necessarily within the Azure AD environment.
00:00
Azure AD does support SaaS app authentication natively.
00:00
Active Directory does not do that natively,
00:00
you do need to integrate with
00:00
Active Directory Federation Service
00:00
to support the SaaS app authentication.
00:00
Active Directory uses
00:00
a hierarchical directory structure which
00:00
allows you to nest different groups within groups.
00:00
You can't necessarily do that with Azure AD.
00:00
That doesn't really provide that feature.
00:00
It's a flat directory structure. You create a group,
00:00
the group has access to
00:00
particular resources, and that's it.
00:00
You can manage access control,
00:00
>> you can assign particular people to
00:00
>> that group, and remove them.
00:00
But there's very much a flat directory structure,
00:00
not necessarily the hierarchy
00:00
structure that you're used to.
00:00
Active Directory resides on-premise,
00:00
which we covered that earlier.
00:00
Azure AD is more of
00:00
a SaaS solution offered by the Azure Cloud.
00:00
>> Also, Azure AD is scalable,
00:00
it's highly available, and it's fault tolerant,
00:00
so it isn't managed solution,
00:00
meaning that Microsoft is going
00:00
to manage the infrastructure, and the software,
00:00
and the entire tech
00:00
stack that makes up the service of Azure AD.
00:00
You don't have to be concerned with anything
00:00
other than, setting up your users,
00:00
setting up your groups,
00:00
your access control policies
00:00
within Azure AD, and that's it's.
00:00
With Active Directory,
00:00
you still have the granular management of a server,
00:00
the software, the updates,
00:00
the patching, and all that.
00:00
You still have to be concerned
00:00
>> about the security of it.
00:00
>> You don't have to be concerned about any of
00:00
that with Azure AD.
00:00
It's all taken care of for you.
00:00
Before we continue, I want to
00:00
touch on Identity and Access Management and
00:00
what that is because I would suspect that maybe
00:00
some of you are not familiar
00:00
>> with what that solution is.
00:00
>> IAM is basically defining and managing the roles,
00:00
and access of different individuals.
00:00
What type of privilege they get to resources,
00:00
to data, to other users whether they get read,
00:00
whether they get rights, stuff like that.
00:00
IAM offers that level of granularity.
00:00
These individuals can be
00:00
employees, or they can be customers.
00:00
You can use a customer IAM solution.
00:00
They can also be contractors.
00:00
You can offer temporary access.
00:00
You can set policies in place
00:00
where, employees or customers only get
00:00
access to this particular data, or services
00:00
during a specific time period
00:00
or based on a specific location.
00:00
It gets very, very detailed as to how you
00:00
allow individuals access to what they need access to.
00:00
Going back to the security principles,
00:00
this is the principle of least privilege.
00:00
This is the principle of separation of duties.
00:00
For those of you that come from
00:00
a cybersecurity background, you
00:00
know what I'm talking about.
00:00
These are some of the core pillars of cybersecurity.
00:00
We want to allow people to do their job.
00:00
But our goal as
00:00
security engineers are to make sure that they do it
00:00
securely, and that we're
00:00
protecting them and we're protecting the organization.
00:00
This is a great way to do that
00:00
>> is using an IAM solution.
00:00
>> In addition, IAM offers identity management at scale.
00:00
We definitely alluded to this earlier.
00:00
IAM is very easy to
00:00
deploy, and manage across your entire organization.
00:00
You can set up tags,
00:00
you can set up roles,
00:00
you can set up groups,
00:00
and you can assign individuals
00:00
into these particular categorization.
00:00
For example, one way that I've used
00:00
personally, is when I'm managing
00:00
multiple development teams, because my role
00:00
is usually leading application security teams.
00:00
Therefore, I have to manage the security for
00:00
large development teams that are dealing with
00:00
all types of applications,
00:00
or the building of applications.
00:00
I may have a development team A,
00:00
that is they're tasked
00:00
with one role and then I have a QA team,
00:00
then I might have a development team B,
00:00
and I may have a DevOps team or some operations team.
00:00
I'm going to need to assign
00:00
particular access and privilege to each of these roles,
00:00
each of these groups.
00:00
What happens if I have people that are being hired?
00:00
What if we just start out a project,
00:00
we have 10 people, but we're trying
00:00
to ramp up this team to 30 people?
00:00
As a security engineer,
00:00
I want to make my job easy.
00:00
With an IAM solution,
00:00
I can create a role assign people
00:00
as they get hired to such roles.
00:00
Therefore, they are now given the policies and
00:00
the privilege of that role and makes it very,
00:00
very easy in this.
00:00
I know I'm talking verbally and it's a lot,
00:00
but it'll make more sense as we go along.
00:00
These are some of the things that you can do with
00:00
IAM and why it's very flexible at scale.
00:00
Naturally with all that being said,
00:00
compliance is a breeze.
00:00
If you're hitting any type of
00:00
regulatory compliance standards that you need to meet,
00:00
you're able to do that very,
00:00
very easily with this type of solution.
00:00
The last thing I want to cover here is
00:00
the basics to how Identity Access Management works.
00:00
Let's say you have the principal.
00:00
Let's say we have a new developer
00:00
>> that's joining my team.
00:00
>> They are unauthenticated, they're new obviously,
00:00
so they don't have access,
00:00
but they seek authentication
00:00
and we need to give that to them.
00:00
They're going to seek authentication
00:00
in order to perform the task.
00:00
Let's say they're going to build
00:00
an application or they want to
00:00
commit some code to a Git repository,
00:00
we want them to do that too,
00:00
because that's their job.
00:00
What we're going to do is we're going
00:00
to seek for a way for them to authenticate.
00:00
Let's say they go through the authentication process,
00:00
they log in, it checks out.
00:00
They got their work email, their password,
00:00
they did their multi-factor authentication
00:00
, we're good to go guys.
00:00
We can go ahead and move forward.
00:00
Now the principle,
00:00
>> has now been an authenticated entity,
00:00
>> and now they're able to perform
00:00
the tasks they need to perform.
00:00
The next thing that we want to do is give them
00:00
the authorization of the lists of
00:00
things that they need to have access to.
00:00
The lists of things an identity can perform,
00:00
now that they have been authenticated.
00:00
What we've done here is we have the principle.
00:00
They're going to authenticate.
00:00
Now they're an identity that's been authenticated,
00:00
and now we can go ahead and authorize
00:00
them to do such things.
00:00
We don't want to give them everything.
00:00
We don't want to give them the keys to the kingdom.
00:00
We want to restrict that to
00:00
only particular services and maybe
00:00
particular services within certain environments.
00:00
For example, we don't want
00:00
our developers pushing their code to production.
00:00
That's a big no no. We don't do that.
00:00
We want to make sure that they are only pushing
00:00
their code to developments and then
00:00
maybe we allow another person
00:00
to look at it through a peer review.
00:00
Have a few people involved
00:00
in this process before they could
00:00
finally get submitted over
00:00
into their production environments.
00:00
This is the way that we can do that very safely.
00:00
We can manage this type of control
00:00
>> using an IAM solution.
00:00
>> Everyone, this wraps up this lecture.
00:00
I know we covered a lot here,
00:00
but I think that it was super-helpful at laying
00:00
the ground foundation for what you need to
00:00
know in order to understand what Azure AD
00:00
does and why an IAM solution is beneficial.
00:00
We're going to be talking about
00:00
tenant management in here in a second.
00:00
But before we do, I wanted to recap.
00:00
In this video we covered the basics of Azure AD,
00:00
some features of Azure AD,
00:00
and then the principles of IAM.
00:00
If you found this video to be helpful,
00:00
super awesome, please reach out. Let me know.
00:00
If you have questions,
00:00
again reach out and let me know.
00:00
If not, I will see you guys in the next lecture.
Up Next