Azure AD Design Considerations

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

14 hours 28 minutes
Video Transcription
Hello, Siberians. Welcome to lesson 1.9 Off money. One off Discuss titled Is that there's over one Microsoft Azure architect's design
hair the objectives they'll be covering in this lesson.
We'll start by talking about Badger 80 Security. How will be highlighting some of the security best practices off as your lady?
Well, then proceed to talk about your lady monitoring and report where we're looking at a different option to monitor as your a d on to get inside for meat.
Finally, we'll talk about other design considerations like scalability, availability on performance off casual Lady. Let's get into this.
So why don't we talk about Jules 80 Security, One of the first places that wants to start.
It's around the Adnan off default conflagrations,
so we want to start by making sure that we view the default configuration off your a D. On we're line needs to our organization policies.
A good example of that will be the level of access that guests users from order as your a D tenant after wood in your organisation, for example, by default, a guest user can invite other guests into your tenant, so those are some of the access that you want to review and make sure idea properly aligned
with your organizational policies
Next one toe, tightly control as access to a joy D I'll be doing that was in azure. A diva obeys access controversy,
their sudden butin votes that we are familiar with its offense like Global, that mean just user account.
Those are beauts involves that we can assign Tore uses its recommended not sto have more than five global. That means within an agile a deterrent. Otherwise, you can get a bit messy.
We can also create custom beautiful rose now on assigned those to our users. The next best practice is to enable Emma fee for heavy one. This is the principal off mortar factor authentication.
So, according to Microsoft, about 95% off identity security of one of abilities will go away with Emma Fate and nibbled
Andi. It's also very important to note that just simply and nibbling M. F. A. A. Just process different sets off challenges to the bad guys or the bad people that are trying to exploit the organization. One of the things I want to highlight when it comes to Emma Fee
is that if you enable M official, everyone doesn't necessarily mean that they'll be lent for multi factor authentication.
There's the order factors that come seen on whether I use our be challenge for Emma Fay or not. So things like conditional access to comes into play.
Next, want to enable as your 80 conditional access on. This is a feature of Azure Lady that's only available fragile 80 premium P one on premium P two additions
and particularly want to enable conditional access for the as your management layers. So, for example, we can access the azure pato or maybe the AP high so we can enable conditional access for that. And what that's Mrs that were taken into consideration beyond user authentication. Other factors like the network that you're accessing from
off things like the elf
off the end point of their access and with so does that the kind of things that we can take into consideration. So the time in what I used to get access to an application on nuts
next best practice is to implement as your 80 identity protection on identity protection is all about the Texan. If it is, account has been compromised or if a signing attempt is suspicious. No, the world is it being used by someone else. Put it on the designated user
as your 80. Identity protection is a feature. That's only every label for premium P to license addition off Jules Haiti, but one that you want to implement
next. Want to implement privileged identity management on this helps to mitigates the risk off excessive or necessary access right for uses.
So this all seems to be able to see which is, as our signed privilege rose to manage our resources. It enables us to be able to defense, like, just in time, administrative access to Microsoft's online services or even to a jury sources within subscriptions on different resource groups.
It is a feature that's only available in as your lady Premium P, too, but it's one that we want to enable. If we have the licence addition, let's talk about your lady monitoring when we talk about. Actually, the monitoring
a droid is a managed service on that comes into play in himself. Are we monitor fight. So, for example, it's important for us to get visibility into the monitoring the Microsoft of doing what's the status off the actual 87
because in some cases we jump in. And with that, troubleshooting said, in issues or later, find out that there's an existing issue that Microsoft already dealing with in the back end. And maybe that's what's causing the issue that you're seeing.
So I just did us dashboard. It's one of those places that we can go to review the elf off a service in hasher at a particular point in time. We can also view history from there.
The other option is something called as your service elf. Think about it as your own, personalized as just it was dashboard for your organization, so you can configure that within the photo you can tie in a Latin, which that and with with your action groups. Also,
when we talk about actually the reports as ready as a number of reports, that helps us to get inside and understanding into activities that are coming within this service.
They're two men reports. The 1st 1 is as your age. The activity reports on this is talking about fence like audit locks. Administrative event on the tenants will create at the service principle, for example, it also include reports like Sinan reports. You know the what Sinan activity
well performed. The task that's been reported by the ordered audit Logger parts
The next reports that's available. Nigel Haydee something called Azure Lady. Security reports on this is where we'll see some of those information that's been pulled in from as really identity protections. Office, like risky uses off risky signings. Those information We can access the report on the Azure Lady Security reports.
Let's talk about other design considerations off anxiety
unless that falls by talking about scalability
so they're certain limits off the edge of a tea service, for example, a user can belong to a maximum of 500 as your aided the victories, and that can be as a member or as a guest user. So that's the maximum
also a single use that can create maximum of 20 directory. So I think I showed into them away, acquitted on the directory a single use. I can create up to 20 as your 80 directories.
What we talked about a dja lady availability. It's not mainly our responsibility as the cloud customer. It mended Microsoft responsibility as the cloud for Vita off the Spanish service,
but one of the just for friends that it's good for us to know.
It's That's what we talked about, right operations to. As your lady, you create a new service pre support you modify the properties of an existing user. It right to the edge of a disservice is durably committed. Toe at least two Della centers prior to it being acknowledged.
So what does Mrs any right operation in the background we replicated to another data center on on Lee? After that, replication has completed successfully well. On Acknowledgement, Mistress sent back to the clients that made that request. This happens transparently in the background.
Also there multiple secondary replicates when we talk about your lady performance.
The information that we talked about earlier on the availability regard in secondary Replicators does come into play.
So, for example, directory read requests off things like authentication. Request a service from dinner centers that are close to customers on. That helps with the performance. Because we have all the second replicas are spread across different at the center's. Whenever I request, comes in using something similar to
traffic, Manager is gonna vote about the request closest to the user that making that request
Up Next
AZ-301 Microsoft Azure Architect Design

This AZ-301 training covers the skills that are measured in the Microsoft Azure Architect Design certification exam. Learn strategies to plan for the exam, target your areas of study, and gain hands-on experience to prepare for the real world.

Instructed By